package org.wso2.carbon.identity.oauth2.grant.rest.core;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.extension.identity.emailotp.common.EmailOtpService;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorStatus;
import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.event.IdentityEventConstants;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.services.IdentityEventService;
import org.wso2.carbon.identity.multi.attribute.login.mgt.ResolvedUserResult;
import org.wso2.carbon.identity.oauth2.grant.rest.core.constant.Constants;
import org.wso2.carbon.identity.oauth2.grant.rest.core.context.RestAuthenticationContext;
import org.wso2.carbon.identity.oauth2.grant.rest.core.dao.CacheBackedFlowIdDAO;
import org.wso2.carbon.identity.oauth2.grant.rest.core.dao.FlowIdDAOImpl;
import org.wso2.carbon.identity.oauth2.grant.rest.core.dao.FlowIdDO;
import org.wso2.carbon.identity.oauth2.grant.rest.core.dto.AuthStepConfigsDTO;
import org.wso2.carbon.identity.oauth2.grant.rest.core.dto.AuthenticatedAuthenticatorDTO;
import org.wso2.carbon.identity.oauth2.grant.rest.core.dto.AuthenticationFailureReasonDTO;
import org.wso2.carbon.identity.oauth2.grant.rest.core.dto.AuthenticationInitializationResponseDTO;
import org.wso2.carbon.identity.oauth2.grant.rest.core.dto.AuthenticationStepsResponseDTO;
import org.wso2.carbon.identity.oauth2.grant.rest.core.dto.AuthenticatorConfigDTO;
import org.wso2.carbon.identity.oauth2.grant.rest.core.dto.UserAuthenticationResponseDTO;
import org.wso2.carbon.identity.oauth2.grant.rest.core.exception.AuthenticationClientException;
import org.wso2.carbon.identity.oauth2.grant.rest.core.exception.AuthenticationException;
import org.wso2.carbon.identity.oauth2.grant.rest.core.exception.AuthenticationServerException;
import org.wso2.carbon.identity.oauth2.grant.rest.core.handler.OTPHandlerServiceImpl;
import org.wso2.carbon.identity.oauth2.grant.rest.core.internal.AuthenticationServiceDataHolder;
import org.wso2.carbon.identity.oauth2.grant.rest.core.listener.AuthenticationListener;
import org.wso2.carbon.identity.oauth2.grant.rest.core.util.RestAuthUtil;
import org.wso2.carbon.identity.smsotp.common.SMSOTPService;
import org.wso2.carbon.identity.smsotp.common.dto.FailureReasonDTO;
import org.wso2.carbon.identity.smsotp.common.dto.GenerationResponseDTO;
import org.wso2.carbon.identity.smsotp.common.dto.ValidationResponseDTO;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/grant/rest/core/RestAuthenticationServiceImpl.class */
public class RestAuthenticationServiceImpl implements RestAuthenticationService {
    private static final Log LOG = LogFactory.getLog(RestAuthenticationServiceImpl.class);

    @Override // org.wso2.carbon.identity.oauth2.grant.rest.core.RestAuthenticationService
    public AuthenticationStepsResponseDTO getAuthenticationStepsFromSP(String str) throws AuthenticationException {
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.BASIC_AUTH_PARAM_CLIENT_ID, str);
        return buildAuthenticationStepsForSP(new RestAuthenticationContext.Builder(hashMap).serviceProvider(str).buildServiceProviderAuthenticationSteps());
    }

    @Override // org.wso2.carbon.identity.oauth2.grant.rest.core.RestAuthenticationService
    public UserAuthenticationResponseDTO processAuthStepResponse(String str, String str2, String str3) throws AuthenticationException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("authentication flow started with flowId,authenticator name and password");
        }
        OTPHandlerServiceImpl oTPHandlerServiceImpl = new OTPHandlerServiceImpl();
        UserAuthenticationResponseDTO userAuthenticationResponseDTO = null;
        boolean isShowFailureReason = AuthenticationServiceDataHolder.getConfigs().isShowFailureReason();
        if (LOG.isDebugEnabled()) {
            LOG.debug("ShowFailureReason enabled.");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("flowId", str);
        hashMap.put("authenticator", str2);
        hashMap.put(Constants.VALIDATE_PARAM_PASSWORD, str3);
        RestAuthenticationContext buildForAuthStepValidate = new RestAuthenticationContext.Builder(hashMap).buildForAuthStepValidate();
        FlowIdDO flowIdData = CacheBackedFlowIdDAO.getInstance().getFlowIdData(str);
        buildForAuthStepValidate.setUserId(flowIdData.getUserId());
        User userFromUserName = User.getUserFromUserName(flowIdData.getFullQualifiedUserName());
        buildForAuthStepValidate.setUser(userFromUserName);
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setTenantDomain(userFromUserName.getTenantDomain());
        authenticatedUser.setUserStoreDomain(userFromUserName.getUserStoreDomain());
        authenticatedUser.setUserName(userFromUserName.getUserName());
        authenticatedUser.setAuthenticatedSubjectIdentifier(userFromUserName.getUserStoreDomain() + "/" + userFromUserName.getTenantDomain());
        buildForAuthStepValidate.setMultiAttributeLoginClaim(flowIdData.getLoggedUserClaim());
        buildForAuthStepValidate.setAuthenticatedUser(authenticatedUser);
        buildForAuthStepValidate.setServiceProvider(flowIdData.getServiceProviderAppId());
        buildForAuthStepValidate.setAuthenticatedSteps(flowIdData.getAuthenticatedSteps());
        buildForAuthStepValidate.setFlowIdIdentifier(flowIdData.getFlowIdIdentifier());
        buildForAuthStepValidate.setUserTenantId(flowIdData.getUserTenantId());
        buildForAuthStepValidate.setSpTenantId(flowIdData.getSpTenantId());
        validateCrossTenantAccess(buildForAuthStepValidate.getServiceProvider(), buildForAuthStepValidate.getUserTenantId(), buildForAuthStepValidate.getSpTenantId());
        executeListeners(buildForAuthStepValidate, Constants.PRE_AUTHENTICATION);
        if (isValidFlowId(flowIdData) && validateUser(flowIdData, buildForAuthStepValidate.getUserId())) {
            validateAuthStep(buildForAuthStepValidate, str2);
            FailureReasonDTO failureReasonDTO = null;
            String str4 = null;
            if (!Constants.AUTHENTICATOR_NAME_BASIC_AUTH.equals(str2)) {
                str4 = getFederatedIdpChannelName(str2, buildForAuthStepValidate);
            }
            if (StringUtils.isNotEmpty(str4) && Constants.AUTHENTICATOR_NAME_SMSOTP.equals(str4)) {
                ValidationResponseDTO validationResponseDTO = (ValidationResponseDTO) oTPHandlerServiceImpl.getAuthenticatorServiceValidationResponse(getAuthenticatorService(str4), buildForAuthStepValidate, str3);
                buildForAuthStepValidate.setValidPassword(validationResponseDTO.isValid());
                if (validationResponseDTO.isValid()) {
                    updateAuthenticatedSteps(buildForAuthStepValidate.getAuthenticatedSteps(), Integer.valueOf(buildForAuthStepValidate.getAuthenticatedSteps().size() + 1), buildForAuthStepValidate.getCurrentAuthenticator());
                    executeEvent(IdentityEventConstants.EventName.AUTHENTICATION_STEP_SUCCESS.toString(), buildForAuthStepValidate);
                } else {
                    executeEvent(IdentityEventConstants.EventName.AUTHENTICATION_STEP_FAILURE.toString(), buildForAuthStepValidate);
                }
                failureReasonDTO = isShowFailureReason ? validationResponseDTO.getFailureReason() : null;
            } else if (StringUtils.isNotEmpty(str4) && Constants.AUTHENTICATOR_NAME_EMAILOTP.equals(str4)) {
                org.wso2.carbon.extension.identity.emailotp.common.dto.ValidationResponseDTO validationResponseDTO2 = (org.wso2.carbon.extension.identity.emailotp.common.dto.ValidationResponseDTO) oTPHandlerServiceImpl.getAuthenticatorServiceValidationResponse(getAuthenticatorService(str4), buildForAuthStepValidate, str3);
                buildForAuthStepValidate.setValidPassword(validationResponseDTO2.isValid());
                if (validationResponseDTO2.isValid()) {
                    updateAuthenticatedSteps(buildForAuthStepValidate.getAuthenticatedSteps(), Integer.valueOf(buildForAuthStepValidate.getAuthenticatedSteps().size() + 1), buildForAuthStepValidate.getCurrentAuthenticator());
                    executeEvent(IdentityEventConstants.EventName.AUTHENTICATION_STEP_SUCCESS.toString(), buildForAuthStepValidate);
                } else {
                    executeEvent(IdentityEventConstants.EventName.AUTHENTICATION_STEP_FAILURE.toString(), buildForAuthStepValidate);
                }
                failureReasonDTO = isShowFailureReason ? validationResponseDTO2.getFailureReason() : null;
            } else {
                if (!Constants.AUTHENTICATOR_NAME_BASIC_AUTH.equals(str2)) {
                    throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_AUTHENTICATOR_NOT_SUPPORTED, str2);
                }
                boolean validateUserCredentials = validateUserCredentials(str3, buildForAuthStepValidate);
                buildForAuthStepValidate.setValidPassword(validateUserCredentials);
                if (validateUserCredentials) {
                    updateAuthenticatedSteps(buildForAuthStepValidate.getAuthenticatedSteps(), Integer.valueOf(buildForAuthStepValidate.getAuthenticatedSteps().size() + 1), buildForAuthStepValidate.getCurrentAuthenticator());
                    executeEvent(IdentityEventConstants.EventName.AUTHENTICATION_STEP_SUCCESS.toString(), buildForAuthStepValidate);
                } else {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("The given password is not valid.");
                    }
                    executeEvent(IdentityEventConstants.EventName.AUTHENTICATION_STEP_FAILURE.toString(), buildForAuthStepValidate);
                    failureReasonDTO = isShowFailureReason ? new AuthenticationFailureReasonDTO(Constants.INVALID_BASIC_AUTHENTICATOR_PASSWORD_ERROR_CODE, Constants.INVALID_BASIC_AUTHENTICATOR_PASSWORD_ERROR_MESSAGE, Constants.INVALID_BASIC_AUTHENTICATOR_PASSWORD_ERROR_DESCRIPTION) : null;
                }
            }
            userAuthenticationResponseDTO = buildAuthValidationResponse(buildForAuthStepValidate, flowIdData, failureReasonDTO);
        }
        executeListeners(buildForAuthStepValidate, Constants.POST_AUTHENTICATION);
        if (buildForAuthStepValidate.isValidPassword()) {
            CacheBackedFlowIdDAO.getInstance().refreshFlowId(buildForAuthStepValidate.getFlowIdIdentifier(), buildForAuthStepValidate.getFlowId(), flowIdData);
            FlowIdDAOImpl.getInstance().addAuthenticatedStep(buildForAuthStepValidate.getAuthenticatedSteps().size(), str2, flowIdData.getFlowIdIdentifier());
        }
        return userAuthenticationResponseDTO;
    }

    @Override // org.wso2.carbon.identity.oauth2.grant.rest.core.RestAuthenticationService
    public AuthenticationInitializationResponseDTO executeAuthStep(String str, String str2) throws AuthenticationException {
        AuthenticationServiceDataHolder.getInstance().getMultiAttributeLogin();
        OTPHandlerServiceImpl oTPHandlerServiceImpl = new OTPHandlerServiceImpl();
        HashMap hashMap = new HashMap();
        hashMap.put("authenticator", str2);
        hashMap.put("flowId", str);
        RestAuthenticationContext buildForAuthStepInitialize = new RestAuthenticationContext.Builder(hashMap).buildForAuthStepInitialize();
        FlowIdDO flowIdData = CacheBackedFlowIdDAO.getInstance().getFlowIdData(str);
        buildForAuthStepInitialize.setUserId(flowIdData.getUserId());
        buildForAuthStepInitialize.setServiceProvider(flowIdData.getServiceProviderAppId());
        buildForAuthStepInitialize.setFlowIdIdentifier(flowIdData.getFlowIdIdentifier());
        buildForAuthStepInitialize.setUserTenantId(flowIdData.getUserTenantId());
        buildForAuthStepInitialize.setSpTenantId(flowIdData.getSpTenantId());
        validateCrossTenantAccess(buildForAuthStepInitialize.getServiceProvider(), buildForAuthStepInitialize.getUserTenantId(), buildForAuthStepInitialize.getSpTenantId());
        if (isValidFlowId(flowIdData) && validateUser(flowIdData, buildForAuthStepInitialize.getUserId())) {
            buildForAuthStepInitialize.setAuthenticatedSteps(flowIdData.getAuthenticatedSteps());
            validateAuthStep(buildForAuthStepInitialize, str2);
            String str3 = null;
            if (!Constants.AUTHENTICATOR_NAME_BASIC_AUTH.equals(str2)) {
                str3 = getFederatedIdpChannelName(str2, buildForAuthStepInitialize);
            }
            if (StringUtils.isNotEmpty(str3) && Constants.AUTHENTICATOR_NAME_SMSOTP.equals(str3)) {
                GenerationResponseDTO generationResponseDTO = (GenerationResponseDTO) oTPHandlerServiceImpl.getAuthenticatorServiceGenerationResponse(getAuthenticatorService(str3), buildForAuthStepInitialize.getUserId(), IdentityTenantUtil.getTenantDomain(buildForAuthStepInitialize.getUserTenantId()));
                buildForAuthStepInitialize.setNewFlowId(generationResponseDTO.getTransactionId()).setPassword(generationResponseDTO.getSmsOTP());
                buildForAuthStepInitialize.setNotificationTarget(getUserNotificationTargetValue(buildForAuthStepInitialize.getUserId(), buildForAuthStepInitialize.getUserTenantId(), Constants.MOBILE_LOCAL_CLAIM_URI));
            } else if (StringUtils.isNotEmpty(str3) && Constants.AUTHENTICATOR_NAME_EMAILOTP.equals(str3)) {
                org.wso2.carbon.extension.identity.emailotp.common.dto.GenerationResponseDTO generationResponseDTO2 = (org.wso2.carbon.extension.identity.emailotp.common.dto.GenerationResponseDTO) oTPHandlerServiceImpl.getAuthenticatorServiceGenerationResponse(getAuthenticatorService(str3), buildForAuthStepInitialize.getUserId(), IdentityTenantUtil.getTenantDomain(buildForAuthStepInitialize.getUserTenantId()));
                buildForAuthStepInitialize.setNewFlowId(generationResponseDTO2.getTransactionId()).setPassword(generationResponseDTO2.getEmailOTP());
                buildForAuthStepInitialize.setNotificationTarget(getUserNotificationTargetValue(buildForAuthStepInitialize.getUserId(), buildForAuthStepInitialize.getUserTenantId(), Constants.EMAIL_LOCAL_CLAIM_URI));
            } else {
                if (!Constants.AUTHENTICATOR_NAME_BASIC_AUTH.equals(str2)) {
                    LOG.error("The given authenticator is not configured in current step.");
                    throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_AUTHENTICATOR_NOT_SUPPORTED, str2);
                }
                buildForAuthStepInitialize.setNewFlowId(RestAuthUtil.generateUUID());
            }
        }
        flowIdData.setFlowIdIdentifier(buildForAuthStepInitialize.getNewFlowdIdIdentifier());
        flowIdData.setFlowId(buildForAuthStepInitialize.getNewFlowdId());
        CacheBackedFlowIdDAO.getInstance().refreshFlowId(buildForAuthStepInitialize.getFlowIdIdentifier(), str, flowIdData);
        return buildAuthInitializationResponseDTO(buildForAuthStepInitialize);
    }

    @Override // org.wso2.carbon.identity.oauth2.grant.rest.core.RestAuthenticationService
    public UserAuthenticationResponseDTO initializeAuthFlow(String str, String str2, String str3, String str4, String str5) throws AuthenticationException {
        String tenantDomain = str5 == null ? PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain() : str5;
        HashMap<String, String> resolvedUsername = getResolvedUsername(str4, tenantDomain);
        String addTenantDomainToEntry = UserCoreUtil.addTenantDomainToEntry(StringUtils.isBlank(resolvedUsername.get(Constants.BASIC_AUTH_PARAM_USERNAME)) ? str4 : resolvedUsername.get(Constants.BASIC_AUTH_PARAM_USERNAME), tenantDomain);
        User userFromUserName = User.getUserFromUserName(addTenantDomainToEntry);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Full qualified username : " + addTenantDomainToEntry);
        }
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.BASIC_AUTH_PARAM_USERNAME, addTenantDomainToEntry);
        hashMap.put(Constants.BASIC_AUTH_PARAM_CLIENT_ID, str);
        RestAuthenticationContext buildForAuthFlowInitialize = new RestAuthenticationContext.Builder(hashMap).authenticator(str2).userTenantId(IdentityTenantUtil.getTenantId(tenantDomain)).buildForAuthFlowInitialize();
        String str6 = userFromUserName.getUserStoreDomain() + "/" + userFromUserName.getUserName();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Resolved username from user store: " + str6);
        }
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setTenantDomain(userFromUserName.getTenantDomain());
        authenticatedUser.setUserStoreDomain(userFromUserName.getUserStoreDomain());
        authenticatedUser.setUserName(userFromUserName.getUserName());
        authenticatedUser.setAuthenticatedSubjectIdentifier(str6);
        buildForAuthFlowInitialize.setAuthenticatedUser(authenticatedUser);
        buildForAuthFlowInitialize.setUserId(getUserIDFromUserName(str6, buildForAuthFlowInitialize.getUserTenantId(), buildForAuthFlowInitialize));
        if (StringUtils.isEmpty(resolvedUsername.get(Constants.LOGGED_USER_CLAIM))) {
            buildForAuthFlowInitialize.setMultiAttributeLoginClaim(Constants.USERNAME_LOCAL_CLAIM_URI);
        } else {
            buildForAuthFlowInitialize.setMultiAttributeLoginClaim(resolvedUsername.get(Constants.LOGGED_USER_CLAIM));
        }
        validateCrossTenantAccess(buildForAuthFlowInitialize.getServiceProvider(), buildForAuthFlowInitialize.getUserTenantId(), buildForAuthFlowInitialize.getSpTenantId());
        validateAuthStep(buildForAuthFlowInitialize, str2);
        buildForAuthFlowInitialize.setUser(userFromUserName);
        executeListeners(buildForAuthFlowInitialize, Constants.PRE_AUTHENTICATION);
        boolean z = -1;
        switch (str2.hashCode()) {
            case 1588464828:
                if (str2.equals(Constants.AUTHENTICATOR_NAME_IDENTIFIER_FIRST)) {
                    z = false;
                    break;
                }
                break;
            case 1645316101:
                if (str2.equals(Constants.AUTHENTICATOR_NAME_BASIC_AUTH)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case Constants.DEFAULT_FLOW_ID_TIMESTAMP_SKEW /* 0 */:
                try {
                    if (!getUserStoreManager(buildForAuthFlowInitialize.getUserTenantId()).isExistingUserWithID(buildForAuthFlowInitialize.getUserId())) {
                        executeEvent(IdentityEventConstants.EventName.AUTHENTICATION_STEP_FAILURE.toString(), buildForAuthFlowInitialize);
                        throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_INVALID_USER, str4);
                    }
                    getUserStoreManager(buildForAuthFlowInitialize.getUserTenantId());
                    updateAuthenticatedSteps(buildForAuthFlowInitialize.getAuthenticatedSteps(), 1, str2);
                    buildForAuthFlowInitialize.setValidPassword(true);
                    executeEvent(IdentityEventConstants.EventName.AUTHENTICATION_STEP_SUCCESS.toString(), buildForAuthFlowInitialize);
                    break;
                } catch (UserStoreException e) {
                    throw RestAuthUtil.handleServerException(Constants.ErrorMessage.SERVER_AUTHENTICATE_USER_ERROR, String.format("Error while authenticating the user : %s.", str4), e);
                }
            case true:
                if (!validateUserCredentials(str3, buildForAuthFlowInitialize)) {
                    executeEvent(IdentityEventConstants.EventName.AUTHENTICATION_STEP_FAILURE.toString(), buildForAuthFlowInitialize);
                    throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_INCORRECT_USER_CREDENTIALS, str4);
                }
                updateAuthenticatedSteps(buildForAuthFlowInitialize.getAuthenticatedSteps(), 1, str2);
                executeEvent(IdentityEventConstants.EventName.AUTHENTICATION_STEP_SUCCESS.toString(), buildForAuthFlowInitialize);
                break;
        }
        executeListeners(buildForAuthFlowInitialize, Constants.POST_AUTHENTICATION);
        if (buildForAuthFlowInitialize.getAuthenticationSteps().size() == buildForAuthFlowInitialize.getAuthenticatedSteps().size()) {
            buildForAuthFlowInitialize.setAuthFlowCompleted(true);
        }
        CacheBackedFlowIdDAO.getInstance().addFlowIdData(buildFlowIdDO(buildForAuthFlowInitialize));
        return buildAuthResponseDTO(buildForAuthFlowInitialize);
    }

    private HashMap<String, String> getResolvedUsername(String str, String str2) throws AuthenticationException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Revolving user identifier to username");
        }
        HashMap<String, String> hashMap = new HashMap<>();
        if (AuthenticationServiceDataHolder.getInstance().getMultiAttributeLogin().isEnabled(str2)) {
            ResolvedUserResult resolveUser = AuthenticationServiceDataHolder.getInstance().getMultiAttributeLogin().resolveUser(str, str2);
            if (resolveUser != null && ResolvedUserResult.UserResolvedStatus.SUCCESS.equals(resolveUser.getResolvedStatus())) {
                String username = resolveUser.getUser().getUsername();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Username resolved successfully : " + username);
                }
                hashMap.put(Constants.BASIC_AUTH_PARAM_USERNAME, username);
                hashMap.put(Constants.LOGGED_USER_CLAIM, resolveUser.getResolvedClaim());
            } else {
                if (!ResolvedUserResult.UserResolvedStatus.FAIL.equals(resolveUser.getResolvedStatus())) {
                    throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_INVALID_USER, str);
                }
                if (resolveUser.getErrorMessage() != null) {
                    throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_CUSTOM_AUTHENTICATE_USER_ERROR, resolveUser.getErrorMessage());
                }
            }
        } else if (LOG.isDebugEnabled()) {
            LOG.debug("Multi-Attribute login is not enabled.");
        }
        return hashMap;
    }

    private void validateCrossTenantAccess(ServiceProvider serviceProvider, int i, int i2) throws AuthenticationException {
        if (!serviceProvider.isSaasApp() && i != i2) {
            throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_USER_SP_TENANT_MISMATCH);
        }
    }

    private void executeListeners(RestAuthenticationContext restAuthenticationContext, String str) throws AuthenticationException {
        if (LOG.isDebugEnabled()) {
            LOG.debug(str + " listener triggered.");
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case 6932404:
                if (str.equals(Constants.PRE_AUTHENTICATION)) {
                    z = false;
                    break;
                }
                break;
            case 155996151:
                if (str.equals(Constants.POST_AUTHENTICATION)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case Constants.DEFAULT_FLOW_ID_TIMESTAMP_SKEW /* 0 */:
                Iterator<AuthenticationListener> it = AuthenticationListenerServiceImpl.getAuthenticationListeners().iterator();
                while (it.hasNext()) {
                    it.next().doPreAuthenticate(restAuthenticationContext);
                }
                return;
            case true:
                Iterator<AuthenticationListener> it2 = AuthenticationListenerServiceImpl.getAuthenticationListeners().iterator();
                while (it2.hasNext()) {
                    it2.next().doPostAuthenticate(restAuthenticationContext);
                }
                return;
            default:
                return;
        }
    }

    private String getAuthenticatorService(String str) throws AuthenticationException {
        Object oSGiService;
        if (Constants.AUTHENTICATOR_NAME_SMSOTP.equals(str)) {
            oSGiService = PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(SMSOTPService.class, (Hashtable) null);
        } else {
            if (!Constants.AUTHENTICATOR_NAME_EMAILOTP.equals(str)) {
                LOG.error("Authenticator Service is not available : " + str);
                throw RestAuthUtil.handleServerException(Constants.ErrorMessage.SERVER_AUTHENTICATOR_SERVICE_ERROR, String.format("Authenticator Service Object is neither SMSOTP nor EmailOTP.", new Object[0]));
            }
            oSGiService = PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(EmailOtpService.class, (Hashtable) null);
        }
        return oSGiService.getClass().getName();
    }

    private boolean validateUser(FlowIdDO flowIdDO, String str) throws AuthenticationException {
        if (!flowIdDO.getUserId().equals(str)) {
            throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_USERID_FLOWID_MISMATCH, flowIdDO.getFlowId());
        }
        if (!LOG.isDebugEnabled()) {
            return true;
        }
        LOG.debug("Provided flow is valid with the authenticated user.");
        return true;
    }

    private boolean validateUserCredentials(String str, RestAuthenticationContext restAuthenticationContext) throws AuthenticationException {
        try {
            if (!Constants.SUCCESS_AUTHENTICATION_STATUS.equals(getUserStoreManager(restAuthenticationContext.getUserTenantId()).authenticateWithID(restAuthenticationContext.getUserId(), str).getAuthenticationStatus().toString())) {
                return false;
            }
            if (!LOG.isDebugEnabled()) {
                return true;
            }
            LOG.debug(restAuthenticationContext.getUserName() + " : user successfully authenticated.");
            return true;
        } catch (UserStoreException e) {
            LOG.error("User authentication failed from user store.");
            String localizedMessage = e.getCause().getLocalizedMessage();
            if (localizedMessage.contains("disabled")) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Account is disabled for user : " + restAuthenticationContext.getAuthenticatedUser().getUserName());
                }
                throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_DISABLED_ACCOUNT, String.format("Error while checking the account status for the user : %s.", restAuthenticationContext.getAuthenticatedUser().getUserName()), e);
            }
            if (!localizedMessage.contains("locked")) {
                return false;
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Account is locked for user : " + restAuthenticationContext.getAuthenticatedUser().getUserName());
            }
            throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_LOCKED_ACCOUNT, String.format("Error while checking the account status for the user : %s.", restAuthenticationContext.getAuthenticatedUser().getUserName()));
        }
    }

    private AbstractUserStoreManager getUserStoreManager(int i) throws AuthenticationException {
        try {
            return AuthenticationServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(i).getUserStoreManager();
        } catch (UserStoreException e) {
            throw RestAuthUtil.handleServerException(Constants.ErrorMessage.SERVER_USER_STORE_MANAGER_ERROR, "Error while retrieving user store manager.", e);
        }
    }

    private String getUserIDFromUserName(String str, int i, RestAuthenticationContext restAuthenticationContext) throws AuthenticationException {
        try {
            String userIDFromUserName = getUserStoreManager(i).getUserIDFromUserName(MultitenantUtils.getTenantAwareUsername(str));
            if (userIDFromUserName != null) {
                return userIDFromUserName;
            }
            executeEvent(IdentityEventConstants.EventName.AUTHENTICATION_STEP_FAILURE.toString(), restAuthenticationContext);
            throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_INVALID_USER, str);
        } catch (UserStoreException e) {
            throw RestAuthUtil.handleServerException(Constants.ErrorMessage.SERVER_RETRIEVING_USER_ID_ERROR, String.format("Error while retrieving userId for the username : %s.", str), e);
        }
    }

    private int fetchNextAuthStep(LinkedHashMap<Integer, String> linkedHashMap, LinkedHashMap<Integer, List<String>> linkedHashMap2) {
        ArrayList arrayList = new ArrayList(linkedHashMap2.keySet());
        return (linkedHashMap == null || linkedHashMap.size() != linkedHashMap2.size()) ? linkedHashMap != null ? ((Integer) arrayList.get(linkedHashMap.size())).intValue() : ((Integer) arrayList.get(0)).intValue() : -1;
    }

    private void validateAuthStep(RestAuthenticationContext restAuthenticationContext, String str) throws AuthenticationException {
        int fetchNextAuthStep = fetchNextAuthStep(restAuthenticationContext.getAuthenticatedSteps(), restAuthenticationContext.getAuthenticationSteps());
        restAuthenticationContext.setNextAuthenticationStepId(fetchNextAuthStep);
        if (fetchNextAuthStep == -1) {
            LOG.error("Auth Steps out of bound.");
            throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_AUTHSTEP_OUT_OF_BOUNDS, str);
        }
        if (restAuthenticationContext.getAuthenticationSteps().get(Integer.valueOf(fetchNextAuthStep)).contains(str)) {
            return;
        }
        LOG.error("Invalid authenticator : " + str);
        throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_INVALID_AUTHENTICATOR, str);
    }

    private FlowIdDO buildFlowIdDO(RestAuthenticationContext restAuthenticationContext) {
        FlowIdDO flowIdDO = new FlowIdDO();
        flowIdDO.setUserId(restAuthenticationContext.getUserId());
        flowIdDO.setFullQualifiedUserName(User.getUserFromUserName(restAuthenticationContext.getUserName()).toFullQualifiedUsername());
        flowIdDO.setFlowIdIdentifier(restAuthenticationContext.getNewFlowdIdIdentifier());
        flowIdDO.setFlowId(restAuthenticationContext.getNewFlowdId());
        flowIdDO.setFlowIdState(restAuthenticationContext.getFlowIdState());
        flowIdDO.setGeneratedTime(System.currentTimeMillis());
        flowIdDO.setExpiryTime(flowIdDO.getGeneratedTime() + restAuthenticationContext.getFlowIdValidityPeriod());
        flowIdDO.setAuthFlowCompleted(restAuthenticationContext.isAuthFlowCompleted());
        flowIdDO.setServiceProviderAppId(restAuthenticationContext.getServiceProvider().getApplicationID());
        flowIdDO.setAuthenticatedSteps(restAuthenticationContext.getAuthenticatedSteps());
        flowIdDO.setSpTenantId(restAuthenticationContext.getSpTenantId());
        flowIdDO.setUserTenantId(restAuthenticationContext.getUserTenantId());
        flowIdDO.setLoggedUserClaim(restAuthenticationContext.getMultiAttributeLoginClaim());
        return flowIdDO;
    }

    private UserAuthenticationResponseDTO buildAuthResponseDTO(RestAuthenticationContext restAuthenticationContext) {
        UserAuthenticationResponseDTO userAuthenticationResponseDTO = new UserAuthenticationResponseDTO();
        userAuthenticationResponseDTO.setFlowId(restAuthenticationContext.getNewFlowdId());
        userAuthenticationResponseDTO.setAuthenticationSteps(getConfiguredAuthenticationStepsForSP(restAuthenticationContext.getAuthenticationSteps()));
        userAuthenticationResponseDTO.setAuthenticatedSteps(getConfiguredAuthenticatedStepsForSP(restAuthenticationContext.getAuthenticatedSteps()));
        userAuthenticationResponseDTO.setAuthFlowCompleted(restAuthenticationContext.isAuthFlowCompleted());
        userAuthenticationResponseDTO.setNextStep(fetchNextAuthStep(restAuthenticationContext.getAuthenticatedSteps(), restAuthenticationContext.getAuthenticationSteps()));
        userAuthenticationResponseDTO.setValid(true);
        return userAuthenticationResponseDTO;
    }

    private AuthenticationInitializationResponseDTO buildAuthInitializationResponseDTO(RestAuthenticationContext restAuthenticationContext) {
        AuthenticationInitializationResponseDTO authenticationInitializationResponseDTO = new AuthenticationInitializationResponseDTO();
        authenticationInitializationResponseDTO.setFlowId(restAuthenticationContext.getNewFlowdId());
        authenticationInitializationResponseDTO.setAuthenticator(restAuthenticationContext.getCurrentAuthenticator());
        if (shouldSendNotificationTargetInInitializationResponse()) {
            String notificationTarget = restAuthenticationContext.getNotificationTarget();
            if (isMaskingEnabled(restAuthenticationContext)) {
                notificationTarget = getMaskedNotificationTarget(notificationTarget, restAuthenticationContext);
            }
            authenticationInitializationResponseDTO.setNotificationTarget(notificationTarget);
        }
        return authenticationInitializationResponseDTO;
    }

    private UserAuthenticationResponseDTO buildAuthValidationResponse(RestAuthenticationContext restAuthenticationContext, FlowIdDO flowIdDO, Object obj) throws AuthenticationClientException {
        UserAuthenticationResponseDTO userAuthenticationResponseDTO = new UserAuthenticationResponseDTO();
        AuthenticationFailureReasonDTO authenticationFailureReasonDTO = null;
        if (restAuthenticationContext.isValidPassword()) {
            if (restAuthenticationContext.getAuthenticationSteps().size() == restAuthenticationContext.getAuthenticatedSteps().size()) {
                restAuthenticationContext.setAuthFlowCompleted(true);
                flowIdDO.setAuthFlowCompleted(true);
            }
            flowIdDO.setFlowIdIdentifier(restAuthenticationContext.getNewFlowdIdIdentifier());
            flowIdDO.setFlowId(restAuthenticationContext.getNewFlowdId());
        }
        userAuthenticationResponseDTO.setValid(restAuthenticationContext.isValidPassword()).setFlowId(restAuthenticationContext.getNewFlowdId()).setAuthFlowCompleted(restAuthenticationContext.isAuthFlowCompleted()).setAuthenticatedSteps(getConfiguredAuthenticatedStepsForSP(restAuthenticationContext.getAuthenticatedSteps())).setAuthenticationSteps(getConfiguredAuthenticationStepsForSP(restAuthenticationContext.getAuthenticationSteps())).setNextStep(fetchNextAuthStep(restAuthenticationContext.getAuthenticatedSteps(), restAuthenticationContext.getAuthenticationSteps()));
        if (obj != null) {
            if (obj instanceof FailureReasonDTO) {
                FailureReasonDTO failureReasonDTO = (FailureReasonDTO) obj;
                authenticationFailureReasonDTO = new AuthenticationFailureReasonDTO(failureReasonDTO.getCode(), failureReasonDTO.getMessage(), failureReasonDTO.getDescription());
            } else if (obj instanceof org.wso2.carbon.extension.identity.emailotp.common.dto.FailureReasonDTO) {
                org.wso2.carbon.extension.identity.emailotp.common.dto.FailureReasonDTO failureReasonDTO2 = (org.wso2.carbon.extension.identity.emailotp.common.dto.FailureReasonDTO) obj;
                authenticationFailureReasonDTO = new AuthenticationFailureReasonDTO(failureReasonDTO2.getCode(), failureReasonDTO2.getMessage(), failureReasonDTO2.getDescription());
            } else if (obj instanceof FailureReasonDTO) {
                FailureReasonDTO failureReasonDTO3 = (FailureReasonDTO) obj;
                authenticationFailureReasonDTO = new AuthenticationFailureReasonDTO(failureReasonDTO3.getCode(), failureReasonDTO3.getMessage(), failureReasonDTO3.getDescription());
            } else if (obj instanceof AuthenticationFailureReasonDTO) {
                authenticationFailureReasonDTO = new AuthenticationFailureReasonDTO(((AuthenticationFailureReasonDTO) obj).getCode(), ((AuthenticationFailureReasonDTO) obj).getMessage(), ((AuthenticationFailureReasonDTO) obj).getDescription());
            }
            userAuthenticationResponseDTO.setFailureReason(authenticationFailureReasonDTO);
        }
        return userAuthenticationResponseDTO;
    }

    private AuthenticationStepsResponseDTO buildAuthenticationStepsForSP(RestAuthenticationContext restAuthenticationContext) {
        AuthenticationStepsResponseDTO authenticationStepsResponseDTO = new AuthenticationStepsResponseDTO();
        authenticationStepsResponseDTO.setAuthenticationSteps(getConfiguredAuthenticationStepsForSP(restAuthenticationContext.getAuthenticationSteps()));
        if (LOG.isDebugEnabled()) {
            LOG.debug("Authentication steps returned from SP configurations.");
        }
        return authenticationStepsResponseDTO;
    }

    private static List<AuthStepConfigsDTO> getConfiguredAuthenticationStepsForSP(LinkedHashMap<Integer, List<String>> linkedHashMap) {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<Integer, List<String>> entry : linkedHashMap.entrySet()) {
            int intValue = entry.getKey().intValue();
            List<String> value = entry.getValue();
            ArrayList<AuthenticatorConfigDTO> arrayList2 = new ArrayList<>();
            for (String str : value) {
                AuthenticatorConfigDTO authenticatorConfigDTO = new AuthenticatorConfigDTO();
                authenticatorConfigDTO.setAuthenticatorName(str);
                arrayList2.add(authenticatorConfigDTO);
            }
            AuthStepConfigsDTO authStepConfigsDTO = new AuthStepConfigsDTO();
            authStepConfigsDTO.setStepNo(intValue);
            authStepConfigsDTO.setAuthenticatorDetails(arrayList2);
            arrayList.add(authStepConfigsDTO);
        }
        return arrayList;
    }

    private static List<AuthenticatedAuthenticatorDTO> getConfiguredAuthenticatedStepsForSP(LinkedHashMap<Integer, String> linkedHashMap) {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<Integer, String> entry : linkedHashMap.entrySet()) {
            AuthenticatedAuthenticatorDTO authenticatedAuthenticatorDTO = new AuthenticatedAuthenticatorDTO();
            authenticatedAuthenticatorDTO.setStepNo(entry.getKey());
            authenticatedAuthenticatorDTO.setAuthenticatorName(entry.getValue());
            arrayList.add(authenticatedAuthenticatorDTO);
        }
        return arrayList;
    }

    public boolean isValidFlowId(FlowIdDO flowIdDO) throws AuthenticationException {
        boolean z = false;
        if (System.currentTimeMillis() > flowIdDO.getExpiryTime() + AuthenticationServiceDataHolder.getConfigs().getTimestampSkew()) {
            CacheBackedFlowIdDAO.getInstance().updateFlowIdState(flowIdDO.getFlowId(), Constants.FLOW_ID_STATE_EXPIRED);
            flowIdDO.setFlowIdState(Constants.FLOW_ID_STATE_EXPIRED);
        }
        String flowIdState = flowIdDO.getFlowIdState();
        boolean z2 = -1;
        switch (flowIdState.hashCode()) {
            case -591252731:
                if (flowIdState.equals(Constants.FLOW_ID_STATE_EXPIRED)) {
                    z2 = 2;
                    break;
                }
                break;
            case 807292011:
                if (flowIdState.equals(Constants.FLOW_ID_STATE_INACTIVE)) {
                    z2 = true;
                    break;
                }
                break;
            case 1925346054:
                if (flowIdState.equals(Constants.FLOW_ID_STATE_ACTIVE)) {
                    z2 = false;
                    break;
                }
                break;
        }
        switch (z2) {
            case Constants.DEFAULT_FLOW_ID_TIMESTAMP_SKEW /* 0 */:
                z = true;
                break;
            case true:
                throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_INACTIVE_FLOW_ID, flowIdDO.getFlowId());
            case true:
                throw RestAuthUtil.handleClientException(Constants.ErrorMessage.CLIENT_EXPIRED_FLOW_ID, flowIdDO.getFlowId());
        }
        return z;
    }

    private void updateAuthenticatedSteps(LinkedHashMap<Integer, String> linkedHashMap, Integer num, String str) {
        linkedHashMap.put(num, str);
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("Authentication step success and updated for authenticator : %s step : %s", str, num));
        }
    }

    private void executeEvent(String str, RestAuthenticationContext restAuthenticationContext) throws AuthenticationClientException {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        AuthenticationContext authenticationContext = new AuthenticationContext();
        authenticationContext.setContextIdentifier(restAuthenticationContext.getFlowIdIdentifier());
        authenticationContext.setRelyingParty(restAuthenticationContext.getServiceProvider().getApplicationName());
        authenticationContext.setServiceProviderName(restAuthenticationContext.getServiceProvider().getApplicationName());
        authenticationContext.setCurrentAuthenticator(restAuthenticationContext.getCurrentAuthenticator());
        SequenceConfig sequenceConfig = new SequenceConfig();
        sequenceConfig.setApplicationId(authenticationContext.getRelyingParty());
        sequenceConfig.setAuthenticatedUser(restAuthenticationContext.getAuthenticatedUser());
        authenticationContext.setSequenceConfig(sequenceConfig);
        authenticationContext.setRequestType(Constants.REQUEST_TYPE);
        if (IdentityEventConstants.EventName.AUTHENTICATION_STEP_SUCCESS.toString().equals(str)) {
            authenticationContext.setCurrentStep(restAuthenticationContext.getAuthenticatedSteps().size());
            hashMap.put(Constants.AUTHENTICATION_STATUS, AuthenticatorStatus.PASS);
        } else if (IdentityEventConstants.EventName.AUTHENTICATION_STEP_FAILURE.toString().equals(str)) {
            authenticationContext.setCurrentStep(restAuthenticationContext.getAuthenticatedSteps().size() + 1);
            hashMap.put(Constants.AUTHENTICATION_STATUS, AuthenticatorStatus.FAIL);
        }
        hashMap.put(Constants.CONTEXT, authenticationContext);
        hashMap2.put(Constants.USER, restAuthenticationContext.getAuthenticatedUser());
        hashMap2.put(Constants.IS_FEDERATED, false);
        hashMap.put(Constants.PARAMS, hashMap2);
        try {
            ((IdentityEventService) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(IdentityEventService.class, (Hashtable) null)).handleEvent(new Event(str, hashMap));
        } catch (IdentityEventException e) {
            LOG.error(e.getCause());
            throw RestAuthUtil.handleClientException(e.getErrorCode() + ";" + e.getMessage() + ";" + Constants.EVENT_HANDLER_ERROR_DESCRIPTION, restAuthenticationContext.getCurrentAuthenticator());
        }
    }

    private String getFederatedIdpChannelName(String str, RestAuthenticationContext restAuthenticationContext) throws AuthenticationException {
        for (IdentityProvider identityProvider : RestAuthUtil.getFederatedIdentityProviders(restAuthenticationContext.getServiceProvider().getApplicationID()).get(Integer.valueOf(restAuthenticationContext.getNextAuthenticationStepId()))) {
            if (str.equals(identityProvider.getIdentityProviderName())) {
                return identityProvider.getDefaultAuthenticatorConfig().getName();
            }
        }
        return null;
    }

    private String getUserNotificationTargetValue(String str, int i, String str2) throws AuthenticationServerException {
        try {
            Map attributes = AuthenticationServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(i).getUserStoreManager().getUserWithID(str, new String[]{str2}, "default").getAttributes();
            if (LOG.isDebugEnabled()) {
                LOG.debug("User claim " + str2 + " of user Id : " + str + "resolved successfully.");
            }
            return (String) attributes.get(str2);
        } catch (UserStoreException e) {
            throw RestAuthUtil.handleServerException(Constants.ErrorMessage.SERVER_USER_STORE_MANAGER_ERROR, "Error while resolving the user's channel identifier from user store.", e);
        }
    }

    private boolean shouldSendNotificationTargetInInitializationResponse() {
        return AuthenticationServiceDataHolder.getConfigs().isSendNotificationTargetInInitResponse();
    }

    private boolean isMaskingEnabled(RestAuthenticationContext restAuthenticationContext) {
        String currentAuthenticator = restAuthenticationContext.getCurrentAuthenticator();
        try {
            String federatedIdpChannelName = getFederatedIdpChannelName(currentAuthenticator, restAuthenticationContext);
            if (Constants.AUTHENTICATOR_NAME_EMAILOTP.equals(federatedIdpChannelName)) {
                return StringUtils.isNotEmpty(AuthenticationServiceDataHolder.getConfigs().getEmailAddressRegex());
            }
            if (Constants.AUTHENTICATOR_NAME_SMSOTP.equals(federatedIdpChannelName)) {
                return StringUtils.isNotEmpty(AuthenticationServiceDataHolder.getConfigs().getMobileNumberRegex());
            }
            return false;
        } catch (AuthenticationException e) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("Error while checking the masking status for the authenticator: " + currentAuthenticator);
            return false;
        }
    }

    private String getMaskedNotificationTarget(String str, RestAuthenticationContext restAuthenticationContext) {
        String currentAuthenticator = restAuthenticationContext.getCurrentAuthenticator();
        try {
            String federatedIdpChannelName = getFederatedIdpChannelName(currentAuthenticator, restAuthenticationContext);
            return Constants.AUTHENTICATOR_NAME_EMAILOTP.equals(federatedIdpChannelName) ? str.replaceAll(StringEscapeUtils.unescapeHtml(AuthenticationServiceDataHolder.getConfigs().getEmailAddressRegex()), Constants.MASKING_CHARACTER) : Constants.AUTHENTICATOR_NAME_SMSOTP.equals(federatedIdpChannelName) ? str.replaceAll(StringEscapeUtils.unescapeHtml(AuthenticationServiceDataHolder.getConfigs().getMobileNumberRegex()), Constants.MASKING_CHARACTER) : "";
        } catch (AuthenticationException e) {
            if (!LOG.isDebugEnabled()) {
                return "";
            }
            LOG.debug("Error while masking the notification target for the authenticator: " + currentAuthenticator);
            return "";
        }
    }
}
