package org.wso2.carbon.identity.application.authenticator.basicauth;

import java.io.IOException;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.basicauth.internal.BasicAuthenticatorServiceComponent;
import org.wso2.carbon.identity.base.IdentityRuntimeException;
import org.wso2.carbon.identity.core.model.IdentityErrorMsgContext;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticator.class */
public class BasicAuthenticator extends AbstractApplicationAuthenticator implements LocalApplicationAuthenticator {
    private static final long serialVersionUID = 1819664539416029785L;
    private static final Log log = LogFactory.getLog(BasicAuthenticator.class);

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getParameter(BasicAuthenticatorConstants.USER_NAME) == null || httpServletRequest.getParameter(BasicAuthenticatorConstants.PASSWORD) == null) ? false : true;
    }

    public AuthenticatorFlowStatus process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException, LogoutFailedException {
        return authenticationContext.isLogoutRequest() ? AuthenticatorFlowStatus.SUCCESS_COMPLETED : super.process(httpServletRequest, httpServletResponse, authenticationContext);
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        Map parameterMap = getAuthenticatorConfig().getParameterMap();
        String str = null;
        if (parameterMap != null) {
            str = (String) parameterMap.get("showAuthFailureReason");
            if (log.isDebugEnabled()) {
                log.debug("showAuthFailureReason has been set as : " + str);
            }
        }
        String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
        String authenticationEndpointRetryURL = ConfigurationFacade.getInstance().getAuthenticationEndpointRetryURL();
        String contextIdIncludedQueryParams = authenticationContext.getContextIdIncludedQueryParams();
        try {
            String str2 = authenticationContext.isRetrying() ? "&authFailure=true&authFailureMsg=login.fail.message" : "";
            if (authenticationContext.getProperty("UserTenantDomainMismatch") != null && ((Boolean) authenticationContext.getProperty("UserTenantDomainMismatch")).booleanValue()) {
                str2 = "&authFailure=true&authFailureMsg=user.tenant.domain.mismatch.message";
                authenticationContext.setProperty("UserTenantDomainMismatch", false);
            }
            IdentityErrorMsgContext identityErrorMsg = IdentityUtil.getIdentityErrorMsg();
            IdentityUtil.clearIdentityErrorMsg();
            if (str == null || !"true".equals(str)) {
                String errorCode = identityErrorMsg != null ? identityErrorMsg.getErrorCode() : null;
                if (errorCode == null || !errorCode.equals("17003")) {
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(authenticationEndpointURL + "?" + contextIdIncludedQueryParams) + BasicAuthenticatorConstants.AUTHENTICATORS + getName() + ":" + BasicAuthenticatorConstants.LOCAL + str2);
                } else {
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams) + BasicAuthenticatorConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(BasicAuthenticatorConstants.USER_NAME), BasicAuthenticatorConstants.UTF_8));
                }
            } else if (identityErrorMsg != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Identity error message context is not null");
                }
                String errorCode2 = identityErrorMsg.getErrorCode();
                int maximumLoginAttempts = identityErrorMsg.getMaximumLoginAttempts() - identityErrorMsg.getFailedLoginAttempts();
                if (log.isDebugEnabled()) {
                    log.debug("errorCode : " + errorCode2);
                    log.debug("username : " + httpServletRequest.getParameter(BasicAuthenticatorConstants.USER_NAME));
                    log.debug("remainingAttempts : " + maximumLoginAttempts);
                }
                if (errorCode2.equals("17002")) {
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(authenticationEndpointURL + "?" + contextIdIncludedQueryParams) + BasicAuthenticatorConstants.AUTHENTICATORS + getName() + ":" + BasicAuthenticatorConstants.LOCAL + (str2 + BasicAuthenticatorConstants.ERROR_CODE + errorCode2 + BasicAuthenticatorConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(BasicAuthenticatorConstants.USER_NAME), BasicAuthenticatorConstants.UTF_8) + "&remainingAttempts=" + maximumLoginAttempts));
                } else if (errorCode2.equals("17003")) {
                    httpServletResponse.sendRedirect(maximumLoginAttempts == 0 ? httpServletResponse.encodeRedirectURL(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams) + BasicAuthenticatorConstants.ERROR_CODE + errorCode2 + BasicAuthenticatorConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(BasicAuthenticatorConstants.USER_NAME), BasicAuthenticatorConstants.UTF_8) + "&remainingAttempts=0" : httpServletResponse.encodeRedirectURL(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams) + BasicAuthenticatorConstants.ERROR_CODE + errorCode2 + BasicAuthenticatorConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(BasicAuthenticatorConstants.USER_NAME), BasicAuthenticatorConstants.UTF_8));
                } else if (errorCode2.equals("17001")) {
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(authenticationEndpointURL + "?" + contextIdIncludedQueryParams) + BasicAuthenticatorConstants.AUTHENTICATORS + getName() + ":" + BasicAuthenticatorConstants.LOCAL + (str2 + BasicAuthenticatorConstants.ERROR_CODE + errorCode2 + BasicAuthenticatorConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(BasicAuthenticatorConstants.USER_NAME), BasicAuthenticatorConstants.UTF_8)));
                }
            } else {
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(authenticationEndpointURL + "?" + contextIdIncludedQueryParams) + BasicAuthenticatorConstants.AUTHENTICATORS + getName() + ":" + BasicAuthenticatorConstants.LOCAL + str2);
            }
        } catch (IOException e) {
            throw new AuthenticationFailedException(e.getMessage(), e);
        }
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String str;
        String parameter = httpServletRequest.getParameter(BasicAuthenticatorConstants.USER_NAME);
        String parameter2 = httpServletRequest.getParameter(BasicAuthenticatorConstants.PASSWORD);
        try {
            int tenantIdOfUser = IdentityTenantUtil.getTenantIdOfUser(parameter);
            UserRealm tenantUserRealm = BasicAuthenticatorServiceComponent.getRealmService().getTenantUserRealm(tenantIdOfUser);
            if (tenantUserRealm == null) {
                throw new AuthenticationFailedException("Cannot find the user realm for the given tenant: " + tenantIdOfUser);
            }
            UserStoreManager userStoreManager = tenantUserRealm.getUserStoreManager();
            if (!userStoreManager.authenticate(MultitenantUtils.getTenantAwareUsername(parameter), parameter2)) {
                if (log.isDebugEnabled()) {
                    log.debug("User authentication failed due to invalid credentials");
                }
                throw new InvalidCredentialsException("User authentication failed due to invalid credentials");
            }
            Map properties = authenticationContext.getProperties();
            String tenantDomain = MultitenantUtils.getTenantDomain(parameter);
            if (properties == null) {
                properties = new HashMap();
                authenticationContext.setProperties(properties);
            }
            properties.put("user-tenant-domain", tenantDomain);
            String prependUserStoreDomainToName = FrameworkUtils.prependUserStoreDomainToName(parameter);
            if (getAuthenticatorConfig().getParameterMap() != null && (str = (String) getAuthenticatorConfig().getParameterMap().get("UserNameAttributeClaimUri")) != null && str.trim().length() > 0) {
                String domainFromThreadLocal = UserCoreUtil.getDomainFromThreadLocal();
                if ((domainFromThreadLocal == null || domainFromThreadLocal.trim().length() <= 0) ? Boolean.parseBoolean(userStoreManager.getRealmConfiguration().getUserStoreProperty("MultipleAttributeEnable")) : Boolean.parseBoolean(userStoreManager.getSecondaryUserStoreManager(domainFromThreadLocal).getRealmConfiguration().getUserStoreProperty("MultipleAttributeEnable"))) {
                    try {
                        if (log.isDebugEnabled()) {
                            log.debug("Searching for UserNameAttribute value for user " + prependUserStoreDomainToName + " for claim uri : " + str);
                        }
                        String userClaimValue = userStoreManager.getUserClaimValue(MultitenantUtils.getTenantAwareUsername(prependUserStoreDomainToName), str, (String) null);
                        if (userClaimValue != null && userClaimValue.trim().length() > 0) {
                            prependUserStoreDomainToName = FrameworkUtils.prependUserStoreDomainToName(userClaimValue) + "@" + MultitenantUtils.getTenantDomain(prependUserStoreDomainToName);
                            if (log.isDebugEnabled()) {
                                log.debug("UserNameAttribute is found for user. Value is :  " + prependUserStoreDomainToName);
                            }
                        }
                    } catch (UserStoreException e) {
                        if (log.isDebugEnabled()) {
                            log.debug("Error while retrieving UserNameAttribute for user : " + prependUserStoreDomainToName, e);
                        }
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("MultipleAttribute is not enabled for user store domain : " + domainFromThreadLocal + " Therefore UserNameAttribute is not retrieved");
                }
            }
            authenticationContext.setSubject(AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(prependUserStoreDomainToName));
            String parameter3 = httpServletRequest.getParameter("chkRemember");
            if (parameter3 == null || !"on".equals(parameter3)) {
                return;
            }
            authenticationContext.setRememberMe(true);
        } catch (org.wso2.carbon.user.api.UserStoreException e2) {
            if (log.isDebugEnabled()) {
                log.debug("BasicAuthentication failed while trying to authenticate", e2);
            }
            throw new AuthenticationFailedException(e2.getMessage(), e2);
        } catch (IdentityRuntimeException e3) {
            if (log.isDebugEnabled()) {
                log.debug("BasicAuthentication failed while trying to get the tenant ID of the user " + parameter, e3);
            }
            throw new AuthenticationFailedException(e3.getMessage(), e3);
        }
    }

    protected boolean retryAuthenticationEnabled() {
        return true;
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("sessionDataKey");
    }

    public String getFriendlyName() {
        return BasicAuthenticatorConstants.AUTHENTICATOR_FRIENDLY_NAME;
    }

    public String getName() {
        return BasicAuthenticatorConstants.AUTHENTICATOR_NAME;
    }
}
