package org.wso2.carbon.identity.application.authenticator.facebook;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.Charset;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.OAuthAuthzResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.utils.JSONUtils;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.builder.FileBasedConfigurationBuilder;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.ApplicationAuthenticatorException;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
import org.wso2.carbon.identity.application.authentication.framework.model.AdditionalData;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorData;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorMessage;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.facebook.FacebookAuthenticatorConstants;
import org.wso2.carbon.identity.application.authenticator.oidc.util.OIDCErrorConstants;
import org.wso2.carbon.identity.application.authenticator.oidc.util.OIDCTokenValidationUtil;
import org.wso2.carbon.identity.application.common.model.Claim;
import org.wso2.carbon.identity.application.common.model.ClaimConfig;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.IdentityProviderProperty;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.ServiceURLBuilder;
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.util.IdentityIOStreamUtils;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2ClientException;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;
import org.wso2.carbon.utils.DiagnosticLog;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/facebook/FacebookAuthenticator.class */
public class FacebookAuthenticator extends AbstractApplicationAuthenticator implements FederatedApplicationAuthenticator {
    private static final long serialVersionUID = -4844100162196896194L;
    private static final Log log = LogFactory.getLog(FacebookAuthenticator.class);
    private static final String ERROR_REASON = "errorReason";
    private static final String INVALID_REQUEST = "invalid_request";
    private String tokenEndpoint;
    private String oAuthEndpoint;
    private String userInfoEndpoint;
    private static final String AUTHENTICATOR_MESSAGE = "authenticatorMessage";

    protected void initTokenEndpoint() {
        this.tokenEndpoint = (String) getAuthenticatorConfig().getParameterMap().get(FacebookAuthenticatorConstants.FB_TOKEN_URL);
        if (StringUtils.isBlank(this.tokenEndpoint)) {
            this.tokenEndpoint = "https://graph.facebook.com/oauth/access_token";
        }
    }

    protected void initOAuthEndpoint() {
        this.oAuthEndpoint = (String) getAuthenticatorConfig().getParameterMap().get(FacebookAuthenticatorConstants.FB_AUTHZ_URL);
        if (StringUtils.isBlank(this.oAuthEndpoint)) {
            this.oAuthEndpoint = "http://www.facebook.com/dialog/oauth";
        }
    }

    protected void initUserInfoEndPoint() {
        this.userInfoEndpoint = (String) getAuthenticatorConfig().getParameterMap().get(FacebookAuthenticatorConstants.FB_USER_INFO_URL);
        if (StringUtils.isBlank(this.userInfoEndpoint)) {
            this.userInfoEndpoint = "https://graph.facebook.com/me";
        }
    }

    protected String getTokenEndpoint() {
        if (StringUtils.isBlank(this.tokenEndpoint)) {
            initTokenEndpoint();
        }
        return this.tokenEndpoint;
    }

    protected String getAuthorizationServerEndpoint() {
        if (StringUtils.isBlank(this.oAuthEndpoint)) {
            initOAuthEndpoint();
        }
        return this.oAuthEndpoint;
    }

    protected String getUserInfoEndpoint() {
        if (StringUtils.isBlank(this.userInfoEndpoint)) {
            initUserInfoEndPoint();
        }
        return this.userInfoEndpoint;
    }

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        boolean z;
        log.trace("Inside FacebookAuthenticator.canHandle()");
        if (isNativeSDKBasedFederationCall(httpServletRequest)) {
            z = true;
        } else {
            z = isFacebookStateParamExists(httpServletRequest) && (isOauth2CodeParamExists(httpServletRequest) || isErrorParamExists(httpServletRequest));
        }
        if (z && LoggerUtils.isDiagnosticLogsEnabled()) {
            DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(FacebookAuthenticatorConstants.LogConstants.OUTBOUND_AUTH_FACEBOOK_SERVICE, "handle-authentication-step");
            diagnosticLogBuilder.resultStatus(DiagnosticLog.ResultStatus.SUCCESS).logDetailLevel(DiagnosticLog.LogDetailLevel.INTERNAL_SYSTEM).resultMessage("Outbound facebook authenticator handling the authentication.");
            LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
        }
        return z;
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(FacebookAuthenticatorConstants.LogConstants.OUTBOUND_AUTH_FACEBOOK_SERVICE, FacebookAuthenticatorConstants.LogConstants.ActionIDs.INITIATE_OUTBOUND_AUTH_REQUEST);
            diagnosticLogBuilder.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).resultStatus(DiagnosticLog.ResultStatus.SUCCESS).inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep())).inputParam("idp", authenticationContext.getExternalIdP().getIdPName()).inputParams(getApplicationDetails(authenticationContext)).resultMessage("Initiate outbound Facebook authentication request.");
            LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
        }
        try {
            Map<String, String> authenticatorProperties = authenticationContext.getAuthenticatorProperties();
            String str = authenticatorProperties.get(FacebookAuthenticatorConstants.CLIENT_ID);
            String authorizationServerEndpoint = getAuthorizationServerEndpoint();
            String str2 = authenticatorProperties.get(FacebookAuthenticatorConstants.SCOPE);
            if (StringUtils.isEmpty(str2)) {
                str2 = FacebookAuthenticatorConstants.EMAIL;
            }
            String callbackUrl = getCallbackUrl(authenticatorProperties);
            if (Boolean.parseBoolean((String) authenticationContext.getProperty(FacebookAuthenticatorConstants.IS_API_BASED))) {
                callbackUrl = (String) authenticationContext.getProperty(FacebookAuthenticatorConstants.REDIRECT_URL);
            }
            String str3 = FrameworkUtils.isAPIBasedAuthenticationFlow(httpServletRequest) ? UUID.randomUUID() + ",facebook" : authenticationContext.getContextIdentifier() + ",facebook";
            authenticationContext.setProperty("FacebookAuthenticator_state_param", str3);
            OAuthClientRequest buildQueryMessage = OAuthClientRequest.authorizationLocation(authorizationServerEndpoint).setClientId(str).setRedirectURI(callbackUrl).setResponseType(FacebookAuthenticatorConstants.OAUTH2_GRANT_TYPE_CODE).setScope(str2).setState(str3).buildQueryMessage();
            authenticationContext.setProperty("FacebookAuthenticator_redirect_url", buildQueryMessage.getLocationUri());
            httpServletResponse.sendRedirect(buildQueryMessage.getLocationUri());
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder2 = new DiagnosticLog.DiagnosticLogBuilder(FacebookAuthenticatorConstants.LogConstants.OUTBOUND_AUTH_FACEBOOK_SERVICE, FacebookAuthenticatorConstants.LogConstants.ActionIDs.INITIATE_OUTBOUND_AUTH_REQUEST);
                diagnosticLogBuilder2.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).resultStatus(DiagnosticLog.ResultStatus.SUCCESS).inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep())).inputParam("idp", authenticationContext.getExternalIdP().getIdPName()).inputParam("authenticator properties", authenticatorProperties.keySet()).inputParam("scope", str2).inputParams(getApplicationDetails(authenticationContext)).resultMessage("Redirecting to the Facebook login page.");
                LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder2);
            }
        } catch (IOException e) {
            log.error("Exception while sending to the login page.", e);
            throw new AuthenticationFailedException(e.getMessage(), e);
        } catch (OAuthSystemException e2) {
            setAuthenticatorMessageToContext("Exception while building the authorization code request.", INVALID_REQUEST, null, authenticationContext);
            log.error("Exception while building the authorization code request.", e2);
            throw new AuthenticationFailedException(e2.getMessage(), e2);
        }
    }

    public Optional<AuthenticatorData> getAuthInitiationData(AuthenticationContext authenticationContext) {
        AuthenticatorData authenticatorData = new AuthenticatorData();
        authenticatorData.setName(getName());
        authenticatorData.setDisplayName(getFriendlyName());
        authenticatorData.setI18nKey(getI18nKey());
        authenticatorData.setIdp(authenticationContext.getExternalIdP().getIdPName());
        ArrayList arrayList = new ArrayList();
        if (isTrustedTokenIssuer(authenticationContext)) {
            arrayList.add(FacebookAuthenticatorConstants.ACCESS_TOKEN_PARAM);
            arrayList.add(FacebookAuthenticatorConstants.ID_TOKEN_PARAM);
            authenticatorData.setPromptType(FrameworkConstants.AuthenticatorPromptType.INTERNAL_PROMPT);
            authenticatorData.setAdditionalData(getAdditionalData(authenticationContext, true));
        } else {
            arrayList.add(FacebookAuthenticatorConstants.OAUTH2_GRANT_TYPE_CODE);
            arrayList.add(FacebookAuthenticatorConstants.OAUTH2_PARAM_STATE);
            authenticatorData.setPromptType(FrameworkConstants.AuthenticatorPromptType.REDIRECTION_PROMPT);
            authenticatorData.setAdditionalData(getAdditionalData(authenticationContext, false));
        }
        authenticatorData.setRequiredParams(arrayList);
        if (authenticationContext.getProperty(AUTHENTICATOR_MESSAGE) != null) {
            authenticatorData.setMessage((AuthenticatorMessage) authenticationContext.getProperty(AUTHENTICATOR_MESSAGE));
        }
        return Optional.of(authenticatorData);
    }

    private static AdditionalData getAdditionalData(AuthenticationContext authenticationContext, boolean z) {
        AdditionalData additionalData = new AdditionalData();
        if (z) {
            HashMap hashMap = new HashMap();
            hashMap.put(FacebookAuthenticatorConstants.CLIENT_ID_PARAM, authenticationContext.getAuthenticatorProperties().get(FacebookAuthenticatorConstants.CLIENT_ID));
            additionalData.setAdditionalAuthenticationParams(hashMap);
        } else {
            additionalData.setRedirectUrl((String) authenticationContext.getProperty("FacebookAuthenticator_redirect_url"));
            HashMap hashMap2 = new HashMap();
            hashMap2.put(FacebookAuthenticatorConstants.OAUTH2_PARAM_STATE, (String) authenticationContext.getProperty("FacebookAuthenticator_state_param"));
            additionalData.setAdditionalAuthenticationParams(hashMap2);
        }
        return additionalData;
    }

    public String getI18nKey() {
        return FacebookAuthenticatorConstants.AUTHENTICATOR_FACEBOOK;
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String token;
        log.trace("Inside FacebookAuthenticator.authenticate()");
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(FacebookAuthenticatorConstants.LogConstants.OUTBOUND_AUTH_FACEBOOK_SERVICE, FacebookAuthenticatorConstants.LogConstants.ActionIDs.PROCESS_AUTHENTICATION_RESPONSE);
            diagnosticLogBuilder.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).resultStatus(DiagnosticLog.ResultStatus.SUCCESS).inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep())).inputParam("idp", authenticationContext.getExternalIdP().getIdPName()).inputParams(getApplicationDetails(authenticationContext)).resultMessage("Processing outbound Facebook authentication response.");
            LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
        }
        handleErrorResponse(httpServletRequest, httpServletResponse, authenticationContext);
        try {
            Map<String, String> authenticatorProperties = authenticationContext.getAuthenticatorProperties();
            String str = authenticatorProperties.get(FacebookAuthenticatorConstants.CLIENT_ID);
            String str2 = authenticatorProperties.get(FacebookAuthenticatorConstants.CLIENT_SECRET);
            String str3 = authenticatorProperties.get(FacebookAuthenticatorConstants.USER_INFO_FIELDS);
            String tokenEndpoint = getTokenEndpoint();
            String userInfoEndpoint = getUserInfoEndpoint();
            if (isTrustedTokenIssuer(authenticationContext) && isNativeSDKBasedFederationCall(httpServletRequest)) {
                String parameter = httpServletRequest.getParameter(FacebookAuthenticatorConstants.ID_TOKEN_PARAM);
                token = httpServletRequest.getParameter(FacebookAuthenticatorConstants.ACCESS_TOKEN_PARAM);
                try {
                    try {
                        validateJWTToken(authenticationContext, parameter);
                    } catch (IdentityOAuth2Exception e) {
                        throw new AuthenticationFailedException("JWT token validation Failed.", e);
                    }
                } catch (ParseException | IdentityOAuth2ClientException | JOSEException e2) {
                    throw new AuthenticationFailedException("JWT token is invalid.");
                }
            } else {
                String callbackUrl = getCallbackUrl(authenticatorProperties);
                if (Boolean.parseBoolean((String) authenticationContext.getProperty(FacebookAuthenticatorConstants.IS_API_BASED))) {
                    callbackUrl = (String) authenticationContext.getProperty(FacebookAuthenticatorConstants.REDIRECT_URL);
                }
                token = getToken(tokenEndpoint, str, str2, callbackUrl, getAuthorizationCode(httpServletRequest));
            }
            ClaimConfig authenticatorClaimConfigurations = getAuthenticatorClaimConfigurations(authenticationContext);
            if (authenticatorClaimConfigurations == null) {
                throw new AuthenticationFailedException("Authenticator " + getName() + " returned null when obtaining claim configurations");
            }
            if (StringUtils.isNotBlank(str3) && !Arrays.asList(str3.split(",")).contains(FacebookAuthenticatorConstants.DEFAULT_USER_IDENTIFIER)) {
                str3 = str3 + ",id";
            }
            DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder2 = null;
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                diagnosticLogBuilder2 = new DiagnosticLog.DiagnosticLogBuilder(FacebookAuthenticatorConstants.LogConstants.OUTBOUND_AUTH_FACEBOOK_SERVICE, FacebookAuthenticatorConstants.LogConstants.ActionIDs.PROCESS_AUTHENTICATION_RESPONSE);
                diagnosticLogBuilder2.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep())).inputParams(getApplicationDetails(authenticationContext));
                authenticationContext.setProperty(FacebookAuthenticatorConstants.LogConstants.DIAGNOSTIC_LOG_KEY_NAME, diagnosticLogBuilder2);
            }
            buildClaims(authenticationContext, getUserInfoJson(userInfoEndpoint, str3, token), authenticatorClaimConfigurations);
            if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                diagnosticLogBuilder2.resultMessage("Outbound Facebook authentication response processed successfully.").resultStatus(DiagnosticLog.ResultStatus.SUCCESS);
                LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder2);
            }
        } catch (ApplicationAuthenticatorException e3) {
            log.error("Failed to process Facebook Connect response.", e3);
            throw new AuthenticationFailedException(e3.getMessage(), authenticationContext.getSubject(), e3);
        }
    }

    protected String getAuthorizationCode(HttpServletRequest httpServletRequest) throws ApplicationAuthenticatorException {
        try {
            return OAuthAuthzResponse.oauthCodeAuthzResponse(httpServletRequest).getCode();
        } catch (OAuthProblemException e) {
            throw new ApplicationAuthenticatorException("Exception while reading authorization code.", e);
        }
    }

    protected String getToken(String str, String str2, String str3, String str4, String str5) throws ApplicationAuthenticatorException {
        OAuthClientRequest oAuthClientRequest = null;
        try {
            oAuthClientRequest = buidTokenRequest(str, str2, str3, str4, str5);
            String str6 = (String) JSONUtils.parseJSON(sendRequest(oAuthClientRequest.getLocationUri())).get(FacebookAuthenticatorConstants.FB_ACCESS_TOKEN);
            if (StringUtils.isEmpty(str6)) {
                throw new ApplicationAuthenticatorException("Could not receive a valid access token from FB");
            }
            return str6;
        } catch (MalformedURLException e) {
            if (log.isDebugEnabled()) {
                log.debug("URL : " + oAuthClientRequest.getLocationUri());
            }
            throw new ApplicationAuthenticatorException("MalformedURLException while sending access token request.", e);
        } catch (IOException e2) {
            throw new ApplicationAuthenticatorException("IOException while sending access token request.", e2);
        }
    }

    protected OAuthClientRequest buidTokenRequest(String str, String str2, String str3, String str4, String str5) throws ApplicationAuthenticatorException {
        try {
            return OAuthClientRequest.tokenLocation(str).setClientId(str2).setClientSecret(str3).setRedirectURI(str4).setCode(str5).buildQueryMessage();
        } catch (OAuthSystemException e) {
            throw new ApplicationAuthenticatorException("Exception while building access token request.", e);
        }
    }

    protected String getUserInfoString(String str, String str2, String str3) throws ApplicationAuthenticatorException {
        try {
            return StringUtils.isBlank(str2) ? sendRequest(String.format("%s?access_token=%s", str, str3)) : sendRequest(String.format("%s?fields=%s&access_token=%s", str, str2, str3));
        } catch (MalformedURLException e) {
            if (log.isDebugEnabled()) {
                log.debug("URL : " + str, e);
            }
            throw new ApplicationAuthenticatorException("MalformedURLException while sending user information request.", e);
        } catch (IOException e2) {
            throw new ApplicationAuthenticatorException("IOException while sending sending user information request.", e2);
        }
    }

    protected void setSubject(AuthenticationContext authenticationContext, Map<String, Object> map) throws ApplicationAuthenticatorException {
        String str = (String) map.get(FacebookAuthenticatorConstants.DEFAULT_USER_IDENTIFIER);
        if (StringUtils.isEmpty(str)) {
            throw new ApplicationAuthenticatorException("Authenticated user identifier is empty");
        }
        authenticationContext.setSubject(AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier(str));
    }

    protected Map<String, Object> getUserInfoJson(String str, String str2, String str3) throws ApplicationAuthenticatorException {
        String userInfoString = getUserInfoString(str, str2, str3);
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("UserIdToken")) {
            log.debug("UserInfoString : " + userInfoString);
        }
        return JSONUtils.parseJSON(userInfoString);
    }

    protected void buildClaims(AuthenticationContext authenticationContext, Map<String, Object> map) throws ApplicationAuthenticatorException {
        buildClaims(authenticationContext, map, getAuthenticatorClaimConfigurations(authenticationContext));
    }

    protected void buildClaims(AuthenticationContext authenticationContext, Map<String, Object> map, ClaimConfig claimConfig) throws ApplicationAuthenticatorException {
        if (map == null) {
            if (log.isDebugEnabled()) {
                log.debug("Decoded json object is null");
            }
            throw new ApplicationAuthenticatorException("Decoded json object is null");
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String effectiveClaimUri = getEffectiveClaimUri(getClaimDialectURI(), entry.getKey());
            Object value = entry.getValue();
            if (StringUtils.isNotEmpty(effectiveClaimUri) && value != null && StringUtils.isNotEmpty(value.toString())) {
                hashMap.put(buildClaimMapping(effectiveClaimUri), value.toString());
            } else if (log.isDebugEnabled()) {
                log.debug("The key or/and value of user information came from facebook is null or empty for the user " + map.get(FacebookAuthenticatorConstants.DEFAULT_USER_IDENTIFIER));
            }
        }
        if (StringUtils.isBlank(claimConfig.getUserClaimURI())) {
            claimConfig.setUserClaimURI(getEffectiveClaimUri(getClaimDialectURI(), FacebookAuthenticatorConstants.EMAIL));
        }
        if (StringUtils.isNotBlank(claimConfig.getUserClaimURI()) && StringUtils.isNotEmpty(getClaimDialectURI()) && claimConfig.isLocalClaimDialect()) {
            setSubject(authenticationContext, map);
            authenticationContext.getSubject().setUserAttributes(hashMap);
            try {
                String federatedSubjectFromClaims = FrameworkUtils.getFederatedSubjectFromClaims(authenticationContext, getClaimDialectURI());
                if (StringUtils.isNotBlank(federatedSubjectFromClaims)) {
                    authenticationContext.getSubject().setAuthenticatedSubjectIdentifier(federatedSubjectFromClaims);
                }
            } catch (FrameworkException e) {
                if (log.isDebugEnabled()) {
                    log.debug("Couldn't find the subject claim from claim mappings ", e);
                }
            }
        } else {
            String federatedSubjectFromClaims2 = FrameworkUtils.getFederatedSubjectFromClaims(authenticationContext.getExternalIdP().getIdentityProvider(), hashMap);
            if (StringUtils.isNotBlank(federatedSubjectFromClaims2)) {
                authenticationContext.setSubject(AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier(federatedSubjectFromClaims2));
            } else {
                setSubject(authenticationContext, map);
            }
            authenticationContext.getSubject().setUserAttributes(hashMap);
        }
        DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = null;
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            diagnosticLogBuilder = (DiagnosticLog.DiagnosticLogBuilder) authenticationContext.getProperty(FacebookAuthenticatorConstants.LogConstants.DIAGNOSTIC_LOG_KEY_NAME);
            authenticationContext.removeProperty(FacebookAuthenticatorConstants.LogConstants.DIAGNOSTIC_LOG_KEY_NAME);
        }
        if (diagnosticLogBuilder == null || authenticationContext.getSubject().getUserAttributes() == null) {
            return;
        }
        diagnosticLogBuilder.inputParam("user attributes (local claim : remote claim)", getUserAttributeClaimMappingList(authenticationContext.getSubject()));
    }

    private String getEffectiveClaimUri(String str, String str2) {
        return (shouldPrefixClaimDialectUri() && StringUtils.isNotBlank(getClaimDialectURI())) ? str + FacebookAuthenticatorConstants.FORWARD_SLASH + str2 : str2;
    }

    protected boolean shouldPrefixClaimDialectUri() {
        return Boolean.parseBoolean(readParametersFromAuthenticatorConfig().get(FacebookAuthenticatorConstants.PREFIE_CLAIM_DIALECT_URI_PARAMETER));
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        log.trace("Inside FacebookAuthenticator.getContextIdentifier()");
        if (FrameworkUtils.isAPIBasedAuthenticationFlow(httpServletRequest)) {
            return httpServletRequest.getParameter(FacebookAuthenticatorConstants.SESSION_DATA_KEY_PARAM);
        }
        String parameter = httpServletRequest.getParameter(FacebookAuthenticatorConstants.OAUTH2_PARAM_STATE);
        if (parameter != null) {
            return parameter.split(",")[0];
        }
        return null;
    }

    protected String sendRequest(String str) throws IOException {
        BufferedReader bufferedReader = null;
        StringBuilder sb = new StringBuilder();
        try {
            bufferedReader = new BufferedReader(new InputStreamReader(new URL(str).openConnection().getInputStream(), Charset.forName("utf-8")));
            for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                sb.append(readLine).append("\n");
            }
            IdentityIOStreamUtils.closeReader(bufferedReader);
            return sb.toString();
        } catch (Throwable th) {
            IdentityIOStreamUtils.closeReader(bufferedReader);
            throw th;
        }
    }

    protected String getLoginType(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(FacebookAuthenticatorConstants.OAUTH2_PARAM_STATE);
        if (!StringUtils.isNotBlank(parameter) || parameter.split(",").length <= 1) {
            return null;
        }
        return parameter.split(",")[1];
    }

    private Map<String, String> readParametersFromAuthenticatorConfig() {
        AuthenticatorConfig authenticatorBean = FileBasedConfigurationBuilder.getInstance().getAuthenticatorBean(getName());
        if (authenticatorBean != null) {
            return authenticatorBean.getParameterMap();
        }
        if (log.isDebugEnabled()) {
            log.debug("FileBasedConfigBuilder returned null AuthenticatorConfigs for the connector " + getName());
        }
        return Collections.emptyMap();
    }

    private ClaimConfig getAuthenticatorClaimConfigurations(AuthenticationContext authenticationContext) {
        ClaimConfig claimConfig = null;
        if (authenticationContext != null) {
            ExternalIdPConfig externalIdP = authenticationContext.getExternalIdP();
            if (externalIdP != null) {
                IdentityProvider identityProvider = externalIdP.getIdentityProvider();
                if (identityProvider != null) {
                    claimConfig = identityProvider.getClaimConfig();
                } else if (log.isDebugEnabled()) {
                    log.debug("Authenticator " + getName() + " received null IdentityProvider");
                }
            } else if (log.isDebugEnabled()) {
                log.debug("Authenticator " + getName() + " received null ExternalIdPConfig");
            }
        } else if (log.isDebugEnabled()) {
            log.debug("Authenticator " + getName() + " received null AuthenticationContext");
        }
        return claimConfig;
    }

    private void validateJWTToken(AuthenticationContext authenticationContext, String str) throws ParseException, AuthenticationFailedException, JOSEException, IdentityOAuth2Exception {
        SignedJWT parse = SignedJWT.parse(str);
        JWTClaimsSet jWTClaimsSet = parse.getJWTClaimsSet();
        OIDCTokenValidationUtil.validateIssuerClaim(jWTClaimsSet);
        String tenantDomain = authenticationContext.getTenantDomain();
        IdentityProvider identityProvider = getIdentityProvider(OIDCTokenValidationUtil.getIssuer(jWTClaimsSet), tenantDomain);
        OIDCTokenValidationUtil.validateSignature(parse, identityProvider);
        OIDCTokenValidationUtil.validateAudience(jWTClaimsSet.getAudience(), identityProvider, tenantDomain);
    }

    private IdentityProvider getIdentityProvider(String str, String str2) throws AuthenticationFailedException {
        OIDCErrorConstants.ErrorMessages errorMessages = OIDCErrorConstants.ErrorMessages.NO_REGISTERED_IDP_FOR_ISSUER;
        try {
            IdentityProvider idPByMetadataProperty = IdentityProviderManager.getInstance().getIdPByMetadataProperty("idpIssuerName", str, str2, false);
            if (idPByMetadataProperty == null) {
                idPByMetadataProperty = IdentityProviderManager.getInstance().getIdPByName(str, str2);
            }
            if (idPByMetadataProperty != null && StringUtils.equalsIgnoreCase(idPByMetadataProperty.getIdentityProviderName(), "default")) {
                idPByMetadataProperty = getResidentIDPForIssuer(str2, str);
                if (idPByMetadataProperty == null) {
                    throw new AuthenticationFailedException(errorMessages.getCode(), errorMessages.getMessage());
                }
            }
            return idPByMetadataProperty;
        } catch (IdentityProviderManagementException e) {
            throw new AuthenticationFailedException(errorMessages.getCode(), errorMessages.getMessage(), e);
        }
    }

    private IdentityProvider getResidentIDPForIssuer(String str, String str2) throws AuthenticationFailedException {
        try {
            IdentityProvider residentIdP = IdentityProviderManager.getInstance().getResidentIdP(str);
            FederatedAuthenticatorConfig federatedAuthenticator = IdentityApplicationManagementUtil.getFederatedAuthenticator(residentIdP.getFederatedAuthenticatorConfigs(), "openidconnect");
            if (str2.equals(federatedAuthenticator != null ? IdentityApplicationManagementUtil.getProperty(federatedAuthenticator.getProperties(), "IdPEntityId").getValue() : "")) {
                return residentIdP;
            }
            return null;
        } catch (IdentityProviderManagementException e) {
            throw new AuthenticationFailedException(OIDCErrorConstants.ErrorMessages.GETTING_RESIDENT_IDP_FAILED.getCode() + " - " + String.format(OIDCErrorConstants.ErrorMessages.GETTING_RESIDENT_IDP_FAILED.getMessage(), str));
        }
    }

    private void handleErrorResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws InvalidCredentialsException {
        if (isErrorParamExists(httpServletRequest)) {
            StringBuilder sb = new StringBuilder();
            String parameter = httpServletRequest.getParameter(FacebookAuthenticatorConstants.OAUTH2_PARAM_ERROR_CODE);
            String parameter2 = httpServletRequest.getParameter(FacebookAuthenticatorConstants.OAUTH2_PARAM_ERROR);
            String parameter3 = httpServletRequest.getParameter(FacebookAuthenticatorConstants.OAUTH2_PARAM_ERROR_DESCRIPTION);
            String parameter4 = httpServletRequest.getParameter(FacebookAuthenticatorConstants.OAUTH2_PARAM_ERROR_REASON);
            sb.append("errorCode: ").append(parameter).append(", error: ").append(parameter2).append(", error_description: ").append(parameter3).append(", error_reason: ").append(parameter4);
            if (log.isDebugEnabled()) {
                log.debug("Failed to authenticate via Facebook. " + sb.toString());
            }
            setAuthenticatorMessageToContext(parameter2, parameter, parameter4, authenticationContext);
            throw new InvalidCredentialsException(sb.toString());
        }
    }

    private boolean isErrorParamExists(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(FacebookAuthenticatorConstants.OAUTH2_PARAM_ERROR) != null;
    }

    private boolean isOauth2CodeParamExists(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(FacebookAuthenticatorConstants.OAUTH2_GRANT_TYPE_CODE) != null;
    }

    private boolean isFacebookStateParamExists(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(FacebookAuthenticatorConstants.OAUTH2_PARAM_STATE) != null && "facebook".equals(getLoginType(httpServletRequest));
    }

    public String getClaimDialectURI() {
        String str = readParametersFromAuthenticatorConfig().get(FacebookAuthenticatorConstants.CLAIM_DIALECT_URI_PARAMETER);
        if (log.isDebugEnabled()) {
            log.debug("Authenticator " + getName() + " is using the claim dialect uri " + str);
        }
        return str;
    }

    protected ClaimMapping buildClaimMapping(String str) {
        ClaimMapping claimMapping = new ClaimMapping();
        Claim claim = new Claim();
        claim.setClaimUri(str);
        claimMapping.setRemoteClaim(claim);
        claimMapping.setLocalClaim(claim);
        if (log.isDebugEnabled()) {
            log.debug("Adding claim mapping" + str);
        }
        return claimMapping;
    }

    public String getFriendlyName() {
        return "facebook";
    }

    public String getName() {
        return FacebookAuthenticatorConstants.AUTHENTICATOR_NAME;
    }

    public List<Property> getConfigurationProperties() {
        ArrayList arrayList = new ArrayList();
        Property property = new Property();
        property.setName(FacebookAuthenticatorConstants.CLIENT_ID);
        property.setDisplayName("Client Id");
        property.setRequired(true);
        property.setDescription("Enter Facebook client identifier value");
        property.setType("string");
        property.setDisplayOrder(1);
        arrayList.add(property);
        Property property2 = new Property();
        property2.setName(FacebookAuthenticatorConstants.CLIENT_SECRET);
        property2.setDisplayName("Client Secret");
        property2.setRequired(true);
        property2.setDescription("Enter Facebook client secret value");
        property2.setType("string");
        property2.setDisplayOrder(2);
        property2.setConfidential(true);
        arrayList.add(property2);
        Property property3 = new Property();
        property3.setName(FacebookAuthenticatorConstants.SCOPE);
        property3.setDisplayName(FacebookAuthenticatorConstants.SCOPE);
        property3.setRequired(false);
        property3.setDescription("Enter a comma separated list of permissions to request from the user");
        property3.setType("string");
        property3.setDefaultValue(FacebookAuthenticatorConstants.EMAIL);
        property3.setDisplayOrder(3);
        arrayList.add(property3);
        Property property4 = new Property();
        property4.setName(FacebookAuthenticatorConstants.USER_INFO_FIELDS);
        property4.setDisplayName("User Information Fields");
        property4.setRequired(false);
        property4.setDescription("Enter comma-separated user information fields you want to retrieve");
        property4.setType("string");
        property4.setDisplayOrder(4);
        arrayList.add(property4);
        Property property5 = new Property();
        property5.setName(FacebookAuthenticatorConstants.FB_CALLBACK_URL);
        property5.setDisplayName("Callback Url");
        property5.setRequired(false);
        property5.setDescription("Enter value corresponding to callback url");
        property5.setType("string");
        property5.setDisplayOrder(5);
        arrayList.add(property5);
        Property property6 = new Property();
        property6.setName(FacebookAuthenticatorConstants.FB_USER_INFO_URL);
        property6.setDisplayName((String) null);
        property6.setRequired(false);
        property6.setDescription((String) null);
        property6.setType("string");
        property6.setDisplayOrder(0);
        arrayList.add(property6);
        Property property7 = new Property();
        property7.setName(FacebookAuthenticatorConstants.FB_TOKEN_URL);
        property7.setDisplayName((String) null);
        property7.setRequired(false);
        property7.setDescription((String) null);
        property7.setType("string");
        property7.setDisplayOrder(0);
        arrayList.add(property7);
        Property property8 = new Property();
        property8.setName(FacebookAuthenticatorConstants.FB_AUTHZ_URL);
        property8.setDisplayName((String) null);
        property8.setRequired(false);
        property7.setDescription((String) null);
        property8.setType("string");
        property8.setDisplayOrder(0);
        arrayList.add(property8);
        return arrayList;
    }

    public boolean isAPIBasedAuthenticationSupported() {
        return true;
    }

    private Map<String, String> getApplicationDetails(AuthenticationContext authenticationContext) {
        HashMap hashMap = new HashMap();
        FrameworkUtils.getApplicationResourceId(authenticationContext).ifPresent(str -> {
        });
        FrameworkUtils.getApplicationName(authenticationContext).ifPresent(str2 -> {
        });
        return hashMap;
    }

    private static List<String> getUserAttributeClaimMappingList(AuthenticatedUser authenticatedUser) {
        return (List) authenticatedUser.getUserAttributes().keySet().stream().map(claimMapping -> {
            return claimMapping.getLocalClaim().getClaimUri() + " : " + claimMapping.getRemoteClaim().getClaimUri();
        }).collect(Collectors.toList());
    }

    protected String getCallbackUrl(Map<String, String> map) {
        if (StringUtils.isNotEmpty(map.get(FacebookAuthenticatorConstants.FB_CALLBACK_URL))) {
            return map.get(FacebookAuthenticatorConstants.FB_CALLBACK_URL);
        }
        try {
            return ServiceURLBuilder.create().addPath(new String[]{"commonauth"}).build().getAbsolutePublicURL();
        } catch (URLBuilderException e) {
            throw new RuntimeException("Error occurred while building URL.", e);
        }
    }

    private boolean isTrustedTokenIssuer(AuthenticationContext authenticationContext) {
        IdentityProvider identityProvider;
        ExternalIdPConfig externalIdP = authenticationContext.getExternalIdP();
        if (externalIdP == null || (identityProvider = externalIdP.getIdentityProvider()) == null) {
            return false;
        }
        for (IdentityProviderProperty identityProviderProperty : identityProvider.getIdpProperties()) {
            if ("isTrustedTokenIssuer".equals(identityProviderProperty.getName())) {
                return Boolean.parseBoolean(identityProviderProperty.getValue());
            }
        }
        return false;
    }

    private boolean isNativeSDKBasedFederationCall(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getParameter(FacebookAuthenticatorConstants.ACCESS_TOKEN_PARAM) == null || httpServletRequest.getParameter(FacebookAuthenticatorConstants.ID_TOKEN_PARAM) == null) ? false : true;
    }

    private static void setAuthenticatorMessageToContext(String str, String str2, String str3, AuthenticationContext authenticationContext) {
        HashMap hashMap = new HashMap();
        if (StringUtils.isNotEmpty(str3)) {
            hashMap.put(ERROR_REASON, str3);
        }
        authenticationContext.setProperty(AUTHENTICATOR_MESSAGE, new AuthenticatorMessage(FrameworkConstants.AuthenticatorMessageType.ERROR, str2, str, hashMap));
    }
}
