package org.wso2.carbon.identity.application.authentication.handler.identifier;

import java.io.IOException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.simple.JSONObject;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorData;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorMessage;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorParamMetadata;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authentication.handler.identifier.IdentifierHandlerConstants;
import org.wso2.carbon.identity.application.authentication.handler.identifier.internal.IdentifierAuthenticatorServiceComponent;
import org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticator;
import org.wso2.carbon.identity.application.authenticator.basicauth.util.AutoLoginUtilities;
import org.wso2.carbon.identity.application.authenticator.basicauth.util.BasicAuthErrorConstants;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityRuntimeException;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.model.IdentityErrorMsgContext;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.multi.attribute.login.mgt.ResolvedUserResult;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.tenant.Tenant;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.DiagnosticLog;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/handler/identifier/IdentifierHandler.class */
public class IdentifierHandler extends AbstractApplicationAuthenticator implements AuthenticationFlowHandler {
    private static final long serialVersionUID = 1819664539416029785L;
    private static final Log log = LogFactory.getLog(IdentifierHandler.class);
    private static final String PROMPT_CONFIRMATION_WINDOW = "promptConfirmationWindow";
    private static final String SKIP_IDENTIFIER_PRE_PROCESS = "skipIdentifierPreProcess";
    private static final String CONTINUE = "continue";
    private static final String RESET = "reset";
    private static final String RE_CAPTCHA_USER_DOMAIN = "user-domain-recaptcha";
    private static final String VALIDATE_USERNAME_ADAPTIVE_SCRIPT_PARAM = "ValidateUsername";
    public static final String USER_PROMPT = "USER_PROMPT";

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        boolean z = (httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME) == null && httpServletRequest.getParameter("identifier_consent") == null && httpServletRequest.getParameter("restart_flow") == null && AutoLoginUtilities.getAutoLoginCookie(httpServletRequest.getCookies()) == null) ? false : true;
        if (LoggerUtils.isDiagnosticLogsEnabled() && z) {
            DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(IdentifierHandlerConstants.LogConstants.IDENTIFIER_AUTH_SERVICE, "handle-authentication-step");
            diagnosticLogBuilder.resultMessage("Identifier Handler is handling the request.").logDetailLevel(DiagnosticLog.LogDetailLevel.INTERNAL_SYSTEM).resultStatus(DiagnosticLog.ResultStatus.SUCCESS);
            LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
        }
        return z;
    }

    public AuthenticatorFlowStatus process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException, LogoutFailedException {
        Cookie autoLoginCookie = AutoLoginUtilities.getAutoLoginCookie(httpServletRequest.getCookies());
        if (authenticationContext.isLogoutRequest()) {
            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
        }
        if (autoLoginCookie != null && !Boolean.TRUE.equals(authenticationContext.getProperty("idfAutoLoginHandled")) && AutoLoginUtilities.isEnableAutoLoginEnabled(authenticationContext, autoLoginCookie)) {
            try {
                authenticationContext.setProperty("idfAutoLoginHandled", true);
                return executeAutoLoginFlow(authenticationContext, autoLoginCookie, httpServletResponse);
            } catch (AuthenticationFailedException e) {
                httpServletRequest.setAttribute("commonAuthHandled", true);
                boolean z = isStepHasMultiOption(authenticationContext) && isRedirectToMultiOptionPageOnFailure();
                if (retryAuthenticationEnabled(authenticationContext) && !z) {
                    authenticationContext.setCurrentAuthenticator(getName());
                    initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
                    return AuthenticatorFlowStatus.INCOMPLETE;
                }
                authenticationContext.setProperty("LastFailedAuthenticator", getName());
                if (log.isDebugEnabled()) {
                    log.debug("Error occurred while executing the Auto Login from Cookie flow: " + e);
                }
                throw e;
            }
        }
        if (authenticationContext.getPreviousAuthenticatedIdPs().get(IdentifierHandlerConstants.LOCAL) != null) {
            AuthenticatedIdPData authenticatedIdPData = (AuthenticatedIdPData) authenticationContext.getPreviousAuthenticatedIdPs().get(IdentifierHandlerConstants.LOCAL);
            if (authenticatedIdPData.getAuthenticators().size() > 0) {
                Iterator it = authenticatedIdPData.getAuthenticators().iterator();
                while (it.hasNext()) {
                    if (((AuthenticatorConfig) it.next()).getApplicationAuthenticator() instanceof BasicAuthenticator) {
                        if (!Boolean.parseBoolean((String) authenticationContext.getAuthenticatorParams(getName()).get(PROMPT_CONFIRMATION_WINDOW))) {
                            authenticationContext.setSubject(authenticatedIdPData.getUser());
                            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
                        }
                        String parameter = httpServletRequest.getParameter("identifier_consent");
                        if (CONTINUE.equals(parameter)) {
                            authenticationContext.setSubject(authenticatedIdPData.getUser());
                            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
                        }
                        if (RESET.equals(parameter)) {
                            initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
                            return AuthenticatorFlowStatus.INCOMPLETE;
                        }
                        if (httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME) != null) {
                            processAuthenticationResponse(httpServletRequest, httpServletResponse, authenticationContext);
                            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
                        }
                        try {
                            httpServletResponse.sendRedirect(ConfigurationFacade.getInstance().getIdentifierFirstConfirmationURL() + "?" + (authenticationContext.getContextIdIncludedQueryParams() + "&username=" + authenticatedIdPData.getUser().toFullQualifiedUsername()));
                            return AuthenticatorFlowStatus.INCOMPLETE;
                        } catch (IOException e2) {
                            throw new AuthenticationFailedException(BasicAuthErrorConstants.ErrorMessages.SYSTEM_ERROR_WHILE_AUTHENTICATING.getCode(), e2.getMessage(), e2);
                        }
                    }
                }
            }
        } else {
            if (httpServletRequest.getParameter("identifier_consent") != null) {
                initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
                return AuthenticatorFlowStatus.INCOMPLETE;
            }
            if (httpServletRequest.getParameter("restart_flow") != null) {
                initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
                return AuthenticatorFlowStatus.INCOMPLETE;
            }
        }
        return super.process(httpServletRequest, httpServletResponse, authenticationContext);
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String str;
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(IdentifierHandlerConstants.LogConstants.IDENTIFIER_AUTH_SERVICE, IdentifierHandlerConstants.LogConstants.ActionIDs.INITIATE_IDENTIFIER_AUTH_REQUEST);
            diagnosticLogBuilder.resultMessage("Initiating identifier first authentication request.").logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).resultStatus(DiagnosticLog.ResultStatus.SUCCESS).inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep())).inputParams(getApplicationDetails(authenticationContext));
            LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
        }
        Map parameterMap = getAuthenticatorConfig().getParameterMap();
        String str2 = null;
        if (parameterMap != null) {
            str2 = (String) parameterMap.get("showAuthFailureReason");
            if (log.isDebugEnabled()) {
                log.debug("showAuthFailureReason has been set as : " + str2);
            }
        }
        String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
        String authenticationEndpointRetryURL = ConfigurationFacade.getInstance().getAuthenticationEndpointRetryURL();
        String contextIdIncludedQueryParams = authenticationContext.getContextIdIncludedQueryParams();
        try {
            DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder2 = null;
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                diagnosticLogBuilder2 = new DiagnosticLog.DiagnosticLogBuilder(IdentifierHandlerConstants.LogConstants.IDENTIFIER_AUTH_SERVICE, IdentifierHandlerConstants.LogConstants.ActionIDs.INITIATE_IDENTIFIER_AUTH_REQUEST);
                diagnosticLogBuilder2.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep())).inputParams(getApplicationDetails(authenticationContext));
            }
            String str3 = "";
            if (authenticationContext.isRetrying()) {
                if (authenticationContext.getProperty("InvalidEmailUsername") == null || !((Boolean) authenticationContext.getProperty("InvalidEmailUsername")).booleanValue()) {
                    str3 = "&authFailure=true&authFailureMsg=username.fail.message";
                } else {
                    str3 = "&authFailure=true&authFailureMsg=emailusername.fail.message";
                    authenticationContext.setProperty("InvalidEmailUsername", false);
                }
            }
            if (authenticationContext.getProperty("UserTenantDomainMismatch") != null && ((Boolean) authenticationContext.getProperty("UserTenantDomainMismatch")).booleanValue()) {
                str3 = "&authFailure=true&authFailureMsg=user.tenant.domain.mismatch.message";
                authenticationContext.setProperty("UserTenantDomainMismatch", false);
            }
            IdentityErrorMsgContext identityErrorMsg = IdentityUtil.getIdentityErrorMsg();
            IdentityUtil.clearIdentityErrorMsg();
            if (identityErrorMsg == null || identityErrorMsg.getErrorCode() == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Identity error message context is null");
                }
                httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + str3);
                if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                    diagnosticLogBuilder2.resultMessage("Redirecting to login page.");
                }
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Identity error message context is not null");
                }
                if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                    diagnosticLogBuilder2.resultStatus(DiagnosticLog.ResultStatus.FAILED);
                }
                String errorCode = identityErrorMsg.getErrorCode();
                if (errorCode.equals("17005")) {
                    String parameter = httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME);
                    Object obj = ((Map) IdentityUtil.threadLocalProperties.get()).get(RE_CAPTCHA_USER_DOMAIN);
                    if (obj != null) {
                        parameter = IdentityUtil.addDomainToName(parameter, obj.toString());
                    }
                    httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(parameter, IdentifierHandlerConstants.UTF_8) + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + "&authFailure=true&authFailureMsg=account.confirmation.pending");
                    if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                        diagnosticLogBuilder2.resultStatus(DiagnosticLog.ResultStatus.FAILED).resultMessage("Account confirmation pending for user.").inputParam("user", LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(parameter) : parameter);
                    }
                    setAuthenticatorMessage(getErrorMessage(errorCode, "The account confirmation is pending."), authenticationContext);
                } else if ("true".equals(str2)) {
                    String str4 = null;
                    if (errorCode.contains(":")) {
                        String[] split = errorCode.split(":");
                        errorCode = split[0];
                        if (split.length > 1) {
                            str4 = split[1];
                        }
                    }
                    int maximumLoginAttempts = identityErrorMsg.getMaximumLoginAttempts() - identityErrorMsg.getFailedLoginAttempts();
                    if (log.isDebugEnabled()) {
                        log.debug("errorCode : " + errorCode);
                        log.debug("username : " + httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME));
                        log.debug("remainingAttempts : " + maximumLoginAttempts);
                    }
                    if (errorCode.equals("17002")) {
                        httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + (str3 + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8) + "&remainingAttempts=" + maximumLoginAttempts));
                        if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                            String parameter2 = httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME);
                            diagnosticLogBuilder2.resultMessage("Invalid credentials.").inputParam("user", LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(parameter2) : parameter2).inputParam("remaining attempts", Integer.valueOf(maximumLoginAttempts));
                        }
                        setAuthenticatorMessage(new AuthenticatorMessage(FrameworkConstants.AuthenticatorMessageType.ERROR, errorCode, "Invalid credentials are provided.", getMessageContext("remainingAttempts", String.valueOf(maximumLoginAttempts))), authenticationContext);
                    } else if (errorCode.equals("17003")) {
                        if (maximumLoginAttempts == 0) {
                            str = StringUtils.isBlank(str4) ? httpServletResponse.encodeRedirectURL(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams) + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8) + "&remainingAttempts=0" : httpServletResponse.encodeRedirectURL(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams) + IdentifierHandlerConstants.ERROR_CODE + errorCode + "&lockedReason=" + str4 + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8) + "&remainingAttempts=0";
                        } else {
                            str = StringUtils.isBlank(str4) ? httpServletResponse.encodeRedirectURL(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams) + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8) : httpServletResponse.encodeRedirectURL(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams) + IdentifierHandlerConstants.ERROR_CODE + errorCode + "&lockedReason=" + str4 + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8);
                            if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                                diagnosticLogBuilder2.inputParam("locked reason", str4);
                            }
                        }
                        httpServletResponse.sendRedirect(str);
                        if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                            String parameter3 = httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME);
                            diagnosticLogBuilder2.resultMessage("User is locked.").inputParam("user", LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(parameter3) : parameter3);
                        }
                        setAuthenticatorMessage(new AuthenticatorMessage(FrameworkConstants.AuthenticatorMessageType.ERROR, errorCode, "The account is locked after multiple incorrect login attempts.", getMessageContext("lockedReason", String.valueOf(str4))), authenticationContext);
                    } else if (errorCode.equals("17001")) {
                        httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + (str3 + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8)));
                        if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                            String parameter4 = httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME);
                            diagnosticLogBuilder2.resultMessage("User does not exist.").inputParam("user", LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(parameter4) : parameter4);
                        }
                        setAuthenticatorMessage(getErrorMessage(errorCode, "Invalid credentials are provided."), authenticationContext);
                    } else if (errorCode.equals("17004")) {
                        httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + (str3 + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8)));
                        if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                            String parameter5 = httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME);
                            diagnosticLogBuilder2.resultMessage("User account is disabled.").inputParam("user", LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(parameter5) : parameter5);
                        }
                        setAuthenticatorMessage(getErrorMessage(errorCode, "The user account is disabled."), authenticationContext);
                    } else {
                        httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + (str3 + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8)));
                        if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                            String parameter6 = httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME);
                            diagnosticLogBuilder2.resultMessage("Unknown error occurred.").inputParam("user", LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(parameter6) : parameter6);
                        }
                    }
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("Unknown identity error code.");
                    }
                    httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + str3);
                    if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                        diagnosticLogBuilder2.resultMessage("Unknown identity error code.");
                    }
                }
            }
            if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder2);
            }
        } catch (IOException e) {
            throw new AuthenticationFailedException(BasicAuthErrorConstants.ErrorMessages.SYSTEM_ERROR_WHILE_AUTHENTICATING.getCode(), e.getMessage(), User.getUserFromUserName(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME)), e);
        }
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        ResolvedUserResult resolveUser;
        DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = null;
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder2 = new DiagnosticLog.DiagnosticLogBuilder(IdentifierHandlerConstants.LogConstants.IDENTIFIER_AUTH_SERVICE, IdentifierHandlerConstants.LogConstants.ActionIDs.PROCESS_AUTHENTICATION_RESPONSE);
            diagnosticLogBuilder2.resultMessage("Processing identifier first authentication response.").logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).resultStatus(DiagnosticLog.ResultStatus.SUCCESS).inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep())).inputParams(getApplicationDetails(authenticationContext));
            LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder2);
            diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(IdentifierHandlerConstants.LogConstants.IDENTIFIER_AUTH_SERVICE, IdentifierHandlerConstants.LogConstants.ActionIDs.PROCESS_AUTHENTICATION_RESPONSE);
            diagnosticLogBuilder.inputParams(getApplicationDetails(authenticationContext)).logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).resultStatus(DiagnosticLog.ResultStatus.SUCCESS).inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep()));
        }
        Map runtimeParams = getRuntimeParams(authenticationContext);
        String parameter = httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME);
        String str = null;
        if (StringUtils.isBlank(parameter)) {
            throw new InvalidCredentialsException(BasicAuthErrorConstants.ErrorMessages.EMPTY_USERNAME.getCode(), BasicAuthErrorConstants.ErrorMessages.EMPTY_USERNAME.getMessage());
        }
        authenticationContext.setProperty(IdentifierHandlerConstants.USERNAME_USER_INPUT, parameter);
        if (runtimeParams != null) {
            String str2 = (String) runtimeParams.get(SKIP_IDENTIFIER_PRE_PROCESS);
            str = (String) runtimeParams.get(VALIDATE_USERNAME_ADAPTIVE_SCRIPT_PARAM);
            if (Boolean.parseBoolean(str2)) {
                persistUsername(authenticationContext, parameter);
                AuthenticatedUser authenticatedUser = new AuthenticatedUser();
                authenticatedUser.setUserName(parameter);
                authenticationContext.setSubject(authenticatedUser);
                if (!LoggerUtils.isDiagnosticLogsEnabled() || diagnosticLogBuilder == null) {
                    return;
                }
                diagnosticLogBuilder.resultMessage("Identifier first authentication successful.").inputParam("user", LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(parameter) : parameter);
                LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
                return;
            }
        }
        String str3 = parameter;
        if (!IdentityUtil.isEmailUsernameValidationDisabled()) {
            FrameworkUtils.validateUsername(parameter, authenticationContext);
            str3 = FrameworkUtils.preprocessUsername(parameter, authenticationContext);
        }
        String tenantDomain = MultitenantUtils.getTenantDomain(str3);
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str3);
        String str4 = null;
        String str5 = null;
        if (IdentifierAuthenticatorServiceComponent.getMultiAttributeLogin().isEnabled(authenticationContext.getTenantDomain()) && (resolveUser = IdentifierAuthenticatorServiceComponent.getMultiAttributeLogin().resolveUser(tenantAwareUsername, tenantDomain)) != null && ResolvedUserResult.UserResolvedStatus.SUCCESS.equals(resolveUser.getResolvedStatus())) {
            tenantAwareUsername = resolveUser.getUser().getUsername();
            str3 = UserCoreUtil.addTenantDomainToEntry(tenantAwareUsername, tenantDomain);
            str4 = resolveUser.getUser().getUserID();
            str5 = resolveUser.getUser().getUserStoreDomain();
            setIsUserResolvedToContext(authenticationContext);
        }
        Map properties = authenticationContext.getProperties();
        if (properties == null) {
            properties = new HashMap();
            authenticationContext.setProperties(properties);
        }
        if (StringUtils.isNotBlank(str)) {
            if (Boolean.parseBoolean(str)) {
                boolean z = false;
                if (authenticationContext.getCallerPath() != null && authenticationContext.getCallerPath().startsWith("/t/")) {
                    String userTenantDomain = authenticationContext.getUserTenantDomain();
                    if (StringUtils.isNotBlank(userTenantDomain) && !"carbon.super".equalsIgnoreCase(userTenantDomain)) {
                        try {
                            Tenant tenant = IdentifierAuthenticatorServiceComponent.getRealmService().getTenantManager().getTenant(IdentityTenantUtil.getTenantId(userTenantDomain));
                            if (tenant != null && StringUtils.isNotBlank(tenant.getAssociatedOrganizationUUID())) {
                                z = true;
                                org.wso2.carbon.user.core.common.User user = (org.wso2.carbon.user.core.common.User) IdentifierAuthenticatorServiceComponent.getOrganizationUserResidentResolverService().resolveUserFromResidentOrganization(tenantAwareUsername, (String) null, tenant.getAssociatedOrganizationUUID()).orElseThrow(() -> {
                                    return new AuthenticationFailedException(BasicAuthErrorConstants.ErrorMessages.USER_NOT_IDENTIFIED_IN_HIERARCHY.getCode());
                                });
                                tenantAwareUsername = user.getUsername();
                                str3 = UserCoreUtil.addTenantDomainToEntry(tenantAwareUsername, user.getTenantDomain());
                                str4 = user.getUserID();
                                str5 = user.getUserStoreDomain();
                            }
                        } catch (OrganizationManagementException e) {
                            if (log.isDebugEnabled()) {
                                log.debug("IdentifierHandler failed while trying to resolving user's resident org.", e);
                            }
                            throw new AuthenticationFailedException(BasicAuthErrorConstants.ErrorMessages.ORGANIZATION_MGT_EXCEPTION_WHILE_TRYING_TO_RESOLVE_RESIDENT_ORG.getCode(), e.getMessage(), User.getUserFromUserName(str3), e);
                        } catch (UserStoreException e2) {
                            if (log.isDebugEnabled()) {
                                log.debug("IdentifierHandler failed while trying to authenticate.", e2);
                            }
                            throw new AuthenticationFailedException(BasicAuthErrorConstants.ErrorMessages.USER_STORE_EXCEPTION_WHILE_TRYING_TO_AUTHENTICATE.getCode(), e2.getMessage(), User.getUserFromUserName(str3), e2);
                        }
                    }
                }
                if (!z) {
                    String[] validateUsername = validateUsername(tenantDomain, str3, tenantAwareUsername, parameter, str4);
                    str4 = validateUsername[0];
                    if (StringUtils.isNotEmpty(validateUsername[1])) {
                        str5 = validateUsername[1];
                    }
                }
                properties.put("user-tenant-domain", tenantDomain);
            }
        } else if (getAuthenticatorConfig().getParameterMap() != null && Boolean.parseBoolean((String) getAuthenticatorConfig().getParameterMap().get(VALIDATE_USERNAME_ADAPTIVE_SCRIPT_PARAM))) {
            String[] validateUsername2 = validateUsername(tenantDomain, str3, tenantAwareUsername, parameter, str4);
            str4 = validateUsername2[0];
            if (StringUtils.isNotEmpty(validateUsername2[1])) {
                str5 = validateUsername2[1];
            }
            properties.put("user-tenant-domain", tenantDomain);
        }
        String prependUserStoreDomainToName = FrameworkUtils.prependUserStoreDomainToName(str3);
        properties.put(IdentifierHandlerConstants.USER_NAME, prependUserStoreDomainToName);
        persistUsername(authenticationContext, prependUserStoreDomainToName);
        if (str5 == null) {
            str5 = IdentityUtil.extractDomainFromName(prependUserStoreDomainToName);
        }
        AuthenticatedUser authenticatedUser2 = new AuthenticatedUser();
        authenticatedUser2.setUserId(str4);
        authenticatedUser2.setUserName(tenantAwareUsername);
        authenticatedUser2.setUserStoreDomain(str5);
        authenticatedUser2.setTenantDomain(tenantDomain);
        authenticationContext.setSubject(authenticatedUser2);
        if (!LoggerUtils.isDiagnosticLogsEnabled() || diagnosticLogBuilder == null) {
            return;
        }
        diagnosticLogBuilder.resultMessage("Identifier first authentication successful.").inputParam("user", LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(prependUserStoreDomainToName) : prependUserStoreDomainToName).inputParam("user store domain", str5).inputParam("user id", str4);
        LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
    }

    private static void setAuthenticatorMessage(AuthenticatorMessage authenticatorMessage, AuthenticationContext authenticationContext) {
        authenticationContext.setProperty("authenticatorMessage", authenticatorMessage);
    }

    private static AuthenticatorMessage getErrorMessage(String str, String str2) {
        return new AuthenticatorMessage(FrameworkConstants.AuthenticatorMessageType.ERROR, str, str2, (Map) null);
    }

    private static Map<String, String> getMessageContext(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put(str, str2);
        return hashMap;
    }

    private void setIsUserResolvedToContext(AuthenticationContext authenticationContext) {
        Map properties = authenticationContext.getProperties();
        if (properties == null) {
            properties = new HashMap();
        }
        properties.put(IdentifierHandlerConstants.IS_USER_RESOLVED, true);
        authenticationContext.setProperties(properties);
    }

    protected boolean retryAuthenticationEnabled() {
        return true;
    }

    protected AuthenticatorFlowStatus executeAutoLoginFlow(AuthenticationContext authenticationContext, Cookie cookie, HttpServletResponse httpServletResponse) throws AuthenticationFailedException {
        JSONObject transformToJSON = AutoLoginUtilities.transformToJSON(new String(Base64.getDecoder().decode(cookie.getValue())));
        String str = (String) transformToJSON.get("signature");
        String str2 = (String) transformToJSON.get("content");
        JSONObject transformToJSON2 = AutoLoginUtilities.transformToJSON(str2);
        try {
            AutoLoginUtilities.validateAutoLoginCookie(authenticationContext, getAuthenticatorConfig(), str2, str);
            String str3 = (String) transformToJSON2.get(IdentifierHandlerConstants.USER_NAME);
            if (log.isDebugEnabled()) {
                log.debug("Started executing Auto Login from Cookie flow.");
            }
            UserCoreUtil.setDomainInThreadLocal(UserCoreUtil.extractDomainFromName(str3));
            authenticationContext.setSubject(AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(FrameworkUtils.prependUserStoreDomainToName(str3)));
            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
        } catch (AuthenticationFailedException e) {
            AutoLoginUtilities.removeAutoLoginCookieInResponse(httpServletResponse, cookie);
            throw e;
        }
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("sessionDataKey");
    }

    public String getFriendlyName() {
        return IdentifierHandlerConstants.HANDLER_FRIENDLY_NAME;
    }

    public String getName() {
        return IdentifierHandlerConstants.HANDLER_NAME;
    }

    private void persistUsername(AuthenticationContext authenticationContext, String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(IdentifierHandlerConstants.USER_NAME, str);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("common", hashMap);
        authenticationContext.getPreviousAuthenticatedIdPs().clear();
        authenticationContext.addAuthenticatorParams(hashMap2);
    }

    private String[] validateUsername(String str, String str2, String str3, String str4, String str5) throws AuthenticationFailedException {
        String str6 = null;
        try {
            int tenantId = IdentifierAuthenticatorServiceComponent.getRealmService().getTenantManager().getTenantId(str);
            UserRealm tenantUserRealm = IdentifierAuthenticatorServiceComponent.getRealmService().getTenantUserRealm(tenantId);
            if (tenantUserRealm == null) {
                throw new AuthenticationFailedException(BasicAuthErrorConstants.ErrorMessages.CANNOT_FIND_THE_USER_REALM_FOR_THE_GIVEN_TENANT.getCode(), String.format(BasicAuthErrorConstants.ErrorMessages.CANNOT_FIND_THE_USER_REALM_FOR_THE_GIVEN_TENANT.getMessage(), Integer.valueOf(tenantId)), User.getUserFromUserName(str2));
            }
            AbstractUserStoreManager userStoreManager = tenantUserRealm.getUserStoreManager();
            if (str5 == null) {
                str5 = userStoreManager.getUserIDFromUserName(str3);
            }
            if (str5 == null && StringUtils.equals(str4, str3)) {
                UserStoreManager secondaryUserStoreManager = userStoreManager.getSecondaryUserStoreManager();
                while (true) {
                    if (secondaryUserStoreManager == null) {
                        break;
                    }
                    String str7 = (String) secondaryUserStoreManager.getRealmConfiguration().getUserStoreProperties().get("DomainName");
                    if (userStoreManager.isExistingUser(str7 + UserCoreConstants.DOMAIN_SEPARATOR + str3)) {
                        str5 = userStoreManager.getUserIDFromUserName(str7 + UserCoreConstants.DOMAIN_SEPARATOR + str3);
                        str6 = str7;
                        break;
                    }
                    secondaryUserStoreManager = secondaryUserStoreManager.getSecondaryUserStoreManager();
                }
            }
            if (str5 != null) {
                return new String[]{str5, str6};
            }
            if (log.isDebugEnabled()) {
                log.debug("User does not exists.");
            }
            if (((Map) IdentityUtil.threadLocalProperties.get()).get(RE_CAPTCHA_USER_DOMAIN) != null) {
                str2 = IdentityUtil.addDomainToName(str2, ((Map) IdentityUtil.threadLocalProperties.get()).get(RE_CAPTCHA_USER_DOMAIN).toString());
            }
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(RE_CAPTCHA_USER_DOMAIN);
            throw new InvalidCredentialsException(BasicAuthErrorConstants.ErrorMessages.USER_DOES_NOT_EXISTS.getCode(), BasicAuthErrorConstants.ErrorMessages.USER_DOES_NOT_EXISTS.getMessage(), User.getUserFromUserName(str2));
        } catch (IdentityRuntimeException e) {
            if (log.isDebugEnabled()) {
                log.debug("IdentifierHandler failed while trying to get the tenant ID of the user " + str2, e);
            }
            throw new AuthenticationFailedException(BasicAuthErrorConstants.ErrorMessages.INVALID_TENANT_ID_OF_THE_USER.getCode(), e.getMessage(), User.getUserFromUserName(str2), e);
        } catch (UserStoreException e2) {
            if (log.isDebugEnabled()) {
                log.debug("IdentifierHandler failed while trying to authenticate.", e2);
            }
            throw new AuthenticationFailedException(BasicAuthErrorConstants.ErrorMessages.USER_STORE_EXCEPTION_WHILE_TRYING_TO_AUTHENTICATE.getCode(), e2.getMessage(), User.getUserFromUserName(str2), e2);
        }
    }

    private Map<String, String> getApplicationDetails(AuthenticationContext authenticationContext) {
        HashMap hashMap = new HashMap();
        FrameworkUtils.getApplicationResourceId(authenticationContext).ifPresent(str -> {
        });
        FrameworkUtils.getApplicationName(authenticationContext).ifPresent(str2 -> {
        });
        return hashMap;
    }

    public boolean isAPIBasedAuthenticationSupported() {
        return true;
    }

    public Optional<AuthenticatorData> getAuthInitiationData(AuthenticationContext authenticationContext) {
        String str = null;
        if (authenticationContext != null && authenticationContext.getExternalIdP() != null) {
            str = authenticationContext.getExternalIdP().getIdPName();
        }
        AuthenticatorData authenticatorData = new AuthenticatorData();
        authenticatorData.setName(getName());
        authenticatorData.setIdp(str);
        authenticatorData.setI18nKey(getI18nKey());
        authenticatorData.setDisplayName(getFriendlyName());
        authenticatorData.setPromptType(FrameworkConstants.AuthenticatorPromptType.USER_PROMPT);
        ArrayList arrayList = new ArrayList();
        arrayList.add(IdentifierHandlerConstants.USER_NAME);
        authenticatorData.setRequiredParams(arrayList);
        setAuthParams(authenticatorData);
        return Optional.of(authenticatorData);
    }

    private static void setAuthParams(AuthenticatorData authenticatorData) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AuthenticatorParamMetadata(IdentifierHandlerConstants.USER_NAME, "Username", FrameworkConstants.AuthenticatorParamType.STRING, 0, Boolean.FALSE.booleanValue(), "username.param"));
        authenticatorData.setAuthParams(arrayList);
    }

    public String getI18nKey() {
        return IdentifierHandlerConstants.LogConstants.ActionIDs.AUTHENTICATOR_IDENTIFIER;
    }
}
