package org.wso2.carbon.identity.application.authenticator.fido;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.yubico.u2f.data.messages.AuthenticateRequestData;
import com.yubico.u2f.data.messages.AuthenticateResponse;
import java.io.IOException;
import java.net.URLEncoder;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authenticator.fido.dto.FIDOUser;
import org.wso2.carbon.identity.application.authenticator.fido.u2f.U2FService;
import org.wso2.carbon.identity.application.authenticator.fido.util.FIDOAuthenticatorConstants;
import org.wso2.carbon.identity.application.authenticator.fido.util.FIDOUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/fido/FIDOAuthenticator.class */
public class FIDOAuthenticator extends AbstractApplicationAuthenticator implements LocalApplicationAuthenticator {
    private static Log log = LogFactory.getLog(FIDOAuthenticator.class);
    private static FIDOAuthenticator instance = new FIDOAuthenticator();

    public AuthenticatorFlowStatus process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException, LogoutFailedException {
        return super.process(httpServletRequest, httpServletResponse, authenticationContext);
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String parameter = httpServletRequest.getParameter("tokenResponse");
        if (parameter == null || parameter.contains("errorCode")) {
            if (log.isDebugEnabled()) {
                log.debug("FIDO authentication filed : " + parameter);
            }
            throw new InvalidCredentialsException("FIDO device authentication failed ");
        }
        String origin = FIDOUtil.getOrigin(httpServletRequest);
        AuthenticatedUser username = getUsername(authenticationContext);
        U2FService u2FService = U2FService.getInstance();
        FIDOUser fIDOUser = new FIDOUser(username.getUserName(), username.getTenantDomain(), username.getUserStoreDomain(), AuthenticateResponse.fromJson(parameter));
        fIDOUser.setAppID(origin);
        u2FService.finishAuthentication(fIDOUser);
    }

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        return null != httpServletRequest.getParameter("tokenResponse");
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("sessionDataKey");
    }

    public String getName() {
        return FIDOAuthenticatorConstants.AUTHENTICATOR_NAME;
    }

    public String getFriendlyName() {
        return FIDOAuthenticatorConstants.AUTHENTICATOR_FRIENDLY_NAME;
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        U2FService u2FService = U2FService.getInstance();
        try {
            String replace = ConfigurationFacade.getInstance().getAuthenticationEndpointURL().replace("login.do", "authentication.jsp");
            AuthenticatedUser username = getUsername(authenticationContext);
            AuthenticateRequestData startAuthentication = u2FService.startAuthentication(new FIDOUser(username.getUserName(), username.getTenantDomain(), username.getUserStoreDomain(), FIDOUtil.getOrigin(httpServletRequest)));
            if (startAuthentication != null) {
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(replace + "?") + "&authenticators=" + getName() + ":LOCAL&type=fido&sessionDataKey=" + httpServletRequest.getParameter("sessionDataKey") + "&data=" + startAuthentication.toJson());
            } else {
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(replace.replace("authentication.jsp", "retry.do") + "?") + "&failedUsername=" + URLEncoder.encode(username.getUserName(), FIDOAuthenticatorConstants.UTF_8) + "&statusMsg=" + URLEncoder.encode(FIDOAuthenticatorConstants.AUTHENTICATION_ERROR_MESSAGE, FIDOAuthenticatorConstants.UTF_8) + "&status=" + URLEncoder.encode(FIDOAuthenticatorConstants.AUTHENTICATION_STATUS, FIDOAuthenticatorConstants.UTF_8));
            }
        } catch (IOException e) {
            throw new AuthenticationFailedException("Could not initiate FIDO authentication request", e);
        }
    }

    protected boolean retryAuthenticationEnabled() {
        return false;
    }

    private AuthenticatedUser getUsername(AuthenticationContext authenticationContext) {
        AuthenticatedUser authenticatedUser = null;
        int i = 1;
        while (true) {
            if (i > authenticationContext.getSequenceConfig().getStepMap().size()) {
                break;
            }
            if (((StepConfig) authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(i))).getAuthenticatedUser() == null || !(((StepConfig) authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(i))).getAuthenticatedAutenticator().getApplicationAuthenticator() instanceof LocalApplicationAuthenticator)) {
                i++;
            } else {
                authenticatedUser = ((StepConfig) authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(i))).getAuthenticatedUser();
                if (authenticatedUser.getUserStoreDomain() == null) {
                    authenticatedUser.setUserStoreDomain(FIDOAuthenticatorConstants.PRIMARY_USER_DOMAIN);
                }
                if (log.isDebugEnabled()) {
                    log.debug("username :" + JsonProperty.USE_DEFAULT_NAME);
                }
            }
        }
        return authenticatedUser;
    }

    public static FIDOAuthenticator getInstance() {
        return instance;
    }
}
