package org.wso2.carbon.identity.application.authenticator.basicauth.util;

import java.util.Arrays;
import java.util.Base64;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import org.wso2.carbon.core.util.SignatureUtil;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.recovery.util.Utils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/basicauth/util/AutoLoginUtilities.class */
public class AutoLoginUtilities {
    public static Cookie getAutoLoginCookie(Cookie[] cookieArr) {
        Optional empty = Optional.empty();
        if (ArrayUtils.isNotEmpty(cookieArr)) {
            empty = Arrays.stream(cookieArr).filter(cookie -> {
                return StringUtils.equalsIgnoreCase(AutoLoginConstant.COOKIE_NAME, cookie.getName());
            }).filter(cookie2 -> {
                return StringUtils.isNotEmpty(cookie2.getValue());
            }).findFirst();
        }
        return (Cookie) empty.orElse(null);
    }

    public static boolean isEnableAutoLoginEnabled(AuthenticationContext authenticationContext, Cookie cookie) throws AuthenticationFailedException {
        String resolveAutoLoginFlow = resolveAutoLoginFlow(cookie.getValue());
        if (AutoLoginConstant.SIGNUP.equals(resolveAutoLoginFlow)) {
            return isEnableSelfRegistrationAutoLogin(authenticationContext);
        }
        if (AutoLoginConstant.RECOVERY.equals(resolveAutoLoginFlow)) {
            return isEnableAutoLoginAfterPasswordReset(authenticationContext);
        }
        return false;
    }

    public static boolean isEnableAutoLoginAfterPasswordReset(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            return Boolean.parseBoolean(Utils.getConnectorConfig(AutoLoginConstant.RECOVERY_ADMIN_PASSWORD_RESET_AUTO_LOGIN, authenticationContext.getLoginTenantDomain()));
        } catch (IdentityEventException e) {
            throw new AuthenticationFailedException("Error occurred while resolving isEnableAutoLogin property.", e);
        }
    }

    public static boolean isEnableSelfRegistrationAutoLogin(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            return Boolean.parseBoolean(Utils.getConnectorConfig(AutoLoginConstant.SELF_REGISTRATION_AUTO_LOGIN, authenticationContext.getLoginTenantDomain()));
        } catch (IdentityEventException e) {
            throw new AuthenticationFailedException("Error occurred while resolving isEnableSelfRegistrationAutoLogin property.", e);
        }
    }

    public static JSONObject transformToJSON(String str) throws AuthenticationFailedException {
        try {
            return (JSONObject) new JSONParser().parse(str);
        } catch (ParseException e) {
            throw new AuthenticationFailedException("Error occurred while parsing the Auto Login Cookie JSON string to a JSON object", e);
        }
    }

    public static void removeAutoLoginCookieInResponse(HttpServletResponse httpServletResponse, Cookie cookie) throws AuthenticationFailedException {
        String str = (String) transformToJSON((String) transformToJSON(new String(Base64.getDecoder().decode(cookie.getValue()))).get(AutoLoginConstant.CONTENT)).get(AutoLoginConstant.DOMAIN);
        if (StringUtils.isNotEmpty(str)) {
            cookie.setDomain(str);
        }
        cookie.setMaxAge(0);
        cookie.setValue("");
        cookie.setPath("/");
        httpServletResponse.addCookie(cookie);
    }

    public static String getSelfRegistrationAutoLoginAlias(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            return Utils.getConnectorConfig(AutoLoginConstant.SELF_REGISTRATION_AUTO_LOGIN_ALIAS_NAME, authenticationContext.getLoginTenantDomain());
        } catch (IdentityEventException e) {
            throw new AuthenticationFailedException("Error occurred while resolving SelfRegistration.AutoLogin.AliasName property.", e);
        }
    }

    public static void validateAutoLoginCookie(AuthenticationContext authenticationContext, AuthenticatorConfig authenticatorConfig, String str, String str2) throws AuthenticationFailedException {
        JSONObject transformToJSON = transformToJSON(str);
        if (transformToJSON.get(AutoLoginConstant.CREATED_TIME) == null) {
            throw new AuthenticationFailedException("The created time is not available in the ALOR cookie content.");
        }
        validateAutoLoginCookieCreatedTime(((Long) transformToJSON.get(AutoLoginConstant.CREATED_TIME)).longValue(), authenticatorConfig);
        String str3 = null;
        if (AutoLoginConstant.SIGNUP.equals((String) transformToJSON.get(AutoLoginConstant.FLOW_TYPE))) {
            str3 = getSelfRegistrationAutoLoginAlias(authenticationContext);
        }
        validateAutoLoginCookieSignature(str, str2, str3);
    }

    private static void validateAutoLoginCookieSignature(String str, String str2, String str3) throws AuthenticationFailedException {
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2)) {
            throw new AuthenticationFailedException("Either 'content' or 'signature' attribute is missing in value of Auto Login Cookie.");
        }
        try {
            if (StringUtils.isEmpty(str3) ? SignatureUtil.validateSignature(str, Base64.getDecoder().decode(str2)) : SignatureUtil.validateSignature(SignatureUtil.getThumbPrintForAlias(str3), str, Base64.getDecoder().decode(str2))) {
            } else {
                throw new AuthenticationFailedException("Signature verification failed in Auto Login Cookie for user: " + str);
            }
        } catch (Exception e) {
            throw new AuthenticationFailedException("Error occurred while validating the signature for the Auto Login Cookie");
        }
    }

    private static void validateAutoLoginCookieCreatedTime(long j, AuthenticatorConfig authenticatorConfig) throws AuthenticationFailedException {
        String str = AutoLoginConstant.DEFAULT_COOKIE_MAX_AGE;
        if (authenticatorConfig.getParameterMap() != null) {
            String str2 = (String) authenticatorConfig.getParameterMap().get("AutoLoginCookieMaxAge");
            if (StringUtils.isNotEmpty(str2)) {
                str = str2;
            }
        }
        if (System.currentTimeMillis() - j > TimeUnit.SECONDS.toMillis(Long.parseLong(str))) {
            throw new AuthenticationFailedException("The Auto Login Cookie expired.");
        }
    }

    private static String resolveAutoLoginFlow(String str) throws AuthenticationFailedException {
        return (String) transformToJSON((String) transformToJSON(new String(Base64.getDecoder().decode(str))).get(AutoLoginConstant.CONTENT)).get(AutoLoginConstant.FLOW_TYPE);
    }
}
