package org.wso2.carbon.identity.oauth2.client.authentication;

import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext;
import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/client/authentication/OAuthClientAuthnService.class */
public class OAuthClientAuthnService {
    private static final Log log = LogFactory.getLog(OAuthClientAuthnService.class);

    public List<OAuthClientAuthenticator> getClientAuthenticators() {
        if (log.isDebugEnabled()) {
            log.debug("Retrieving registered OAuth client authenticator list.");
        }
        return OAuth2ServiceComponentHolder.getAuthenticationHandlers();
    }

    public OAuthClientAuthnContext authenticateClient(HttpServletRequest httpServletRequest, Map<String, List> map) {
        OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
        executeClientAuthenticators(httpServletRequest, oAuthClientAuthnContext, map);
        failOnMultipleAuthenticators(oAuthClientAuthnContext);
        return oAuthClientAuthnContext;
    }

    private void executeAuthenticator(OAuthClientAuthenticator oAuthClientAuthenticator, OAuthClientAuthnContext oAuthClientAuthnContext, HttpServletRequest httpServletRequest, Map<String, List> map) {
        if (isAuthenticatorDisabled(oAuthClientAuthenticator)) {
            if (log.isDebugEnabled()) {
                log.debug("Authenticator " + oAuthClientAuthenticator.getName() + " is disabled. Hence not evaluating");
                return;
            }
            return;
        }
        if (!canAuthenticate(oAuthClientAuthenticator, oAuthClientAuthnContext, httpServletRequest, map)) {
            if (log.isDebugEnabled()) {
                log.debug(oAuthClientAuthenticator.getName() + " authenticator cannot handle this request.");
                return;
            }
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug(oAuthClientAuthenticator.getName() + " authenticator can handle incoming request.");
        }
        if (oAuthClientAuthnContext.isPreviousAuthenticatorEngaged()) {
            if (log.isDebugEnabled()) {
                log.debug("Previously an authenticator is evaluated. Hence authenticator " + oAuthClientAuthenticator.getName() + " is not evaluating");
            }
            addAuthenticatorToContext(oAuthClientAuthenticator, oAuthClientAuthnContext);
        } else {
            addAuthenticatorToContext(oAuthClientAuthenticator, oAuthClientAuthnContext);
            try {
                oAuthClientAuthnContext.setClientId(oAuthClientAuthenticator.getClientId(httpServletRequest, map, oAuthClientAuthnContext));
                authenticateClient(oAuthClientAuthenticator, oAuthClientAuthnContext, httpServletRequest, map);
            } catch (OAuthClientAuthnException e) {
                handleClientAuthnException(oAuthClientAuthenticator, oAuthClientAuthnContext, e);
            }
        }
    }

    private void failOnMultipleAuthenticators(OAuthClientAuthnContext oAuthClientAuthnContext) {
        if (oAuthClientAuthnContext.isMultipleAuthenticatorsEngaged()) {
            if (log.isDebugEnabled()) {
                log.debug(oAuthClientAuthnContext.getExecutedAuthenticators().size() + " Authenticators were executed previously. Hence failing client authentication");
            }
            setErrorToContext("invalid_request", "The client MUST NOT use more than one authentication method in each", oAuthClientAuthnContext);
        }
    }

    private void executeClientAuthenticators(HttpServletRequest httpServletRequest, OAuthClientAuthnContext oAuthClientAuthnContext, Map<String, List> map) {
        if (log.isDebugEnabled()) {
            log.debug("Executing OAuth client authenticators.");
        }
        getClientAuthenticators().forEach(oAuthClientAuthenticator -> {
            executeAuthenticator(oAuthClientAuthenticator, oAuthClientAuthnContext, httpServletRequest, map);
        });
    }

    private void setErrorToContext(String str, String str2, OAuthClientAuthnContext oAuthClientAuthnContext) {
        if (log.isDebugEnabled()) {
            log.debug("Setting error to client authentication context : Error code : " + str + ", Error message : " + str2);
        }
        oAuthClientAuthnContext.setAuthenticated(false);
        oAuthClientAuthnContext.setErrorCode(str);
        oAuthClientAuthnContext.setErrorMessage(str2);
    }

    private boolean isAuthenticatorDisabled(OAuthClientAuthenticator oAuthClientAuthenticator) {
        return !oAuthClientAuthenticator.isEnabled();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void handleClientAuthnException(OAuthClientAuthenticator oAuthClientAuthenticator, OAuthClientAuthnContext oAuthClientAuthnContext, OAuthClientAuthnException oAuthClientAuthnException) {
        if (log.isDebugEnabled()) {
            log.debug("Error while evaluating client authenticator : " + oAuthClientAuthenticator.getName(), oAuthClientAuthnException);
        }
        setErrorToContext(oAuthClientAuthnException.getErrorCode(), oAuthClientAuthnException.getMessage(), oAuthClientAuthnContext);
    }

    private void authenticateClient(OAuthClientAuthenticator oAuthClientAuthenticator, OAuthClientAuthnContext oAuthClientAuthnContext, HttpServletRequest httpServletRequest, Map<String, List> map) throws OAuthClientAuthnException {
        boolean authenticateClient = oAuthClientAuthenticator.authenticateClient(httpServletRequest, map, oAuthClientAuthnContext);
        if (log.isDebugEnabled()) {
            log.debug("Authentication result from OAuth client authenticator " + oAuthClientAuthenticator.getName() + " is : " + authenticateClient);
        }
        oAuthClientAuthnContext.setAuthenticated(authenticateClient);
        if (authenticateClient) {
            return;
        }
        setErrorToContext("invalid_client", "Client credentials are invalid.", oAuthClientAuthnContext);
    }

    private void addAuthenticatorToContext(OAuthClientAuthenticator oAuthClientAuthenticator, OAuthClientAuthnContext oAuthClientAuthnContext) {
        if (log.isDebugEnabled()) {
            log.debug("Authenticator " + oAuthClientAuthenticator.getName() + " can authenticate the client request.  Hence trying to evaluate authentication");
        }
        oAuthClientAuthnContext.addAuthenticator(oAuthClientAuthenticator.getName());
    }

    private boolean canAuthenticate(OAuthClientAuthenticator oAuthClientAuthenticator, OAuthClientAuthnContext oAuthClientAuthnContext, HttpServletRequest httpServletRequest, Map<String, List> map) {
        if (log.isDebugEnabled()) {
            log.debug("Evaluating canAuthenticate of authenticator : " + oAuthClientAuthenticator.getName());
        }
        return oAuthClientAuthenticator.canAuthenticate(httpServletRequest, map, oAuthClientAuthnContext);
    }
}
