package org.wso2.carbon.identity.application.authenticator.social.facebook;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.Charset;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.amber.oauth2.client.request.OAuthClientRequest;
import org.apache.amber.oauth2.client.response.OAuthAuthzResponse;
import org.apache.amber.oauth2.common.exception.OAuthProblemException;
import org.apache.amber.oauth2.common.exception.OAuthSystemException;
import org.apache.amber.oauth2.common.utils.JSONUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.codehaus.jettison.json.JSONException;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.ApplicationAuthenticatorException;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.core.util.IdentityUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/social/facebook/FacebookAuthenticator.class */
public class FacebookAuthenticator extends AbstractApplicationAuthenticator implements FederatedApplicationAuthenticator {
    private static final long serialVersionUID = 1;
    private static final Log log = LogFactory.getLog(FacebookAuthenticator.class);

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        log.trace("Inside FacebookAuthenticator.canHandle()");
        return (httpServletRequest.getParameter(FacebookAuthenticatorConstants.OAUTH2_GRANT_TYPE_CODE) == null || httpServletRequest.getParameter(FacebookAuthenticatorConstants.OAUTH2_PARAM_STATE) == null || !FacebookAuthenticatorConstants.FACEBOOK_LOGIN_TYPE.equals(getLoginType(httpServletRequest))) ? false : true;
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            Map authenticatorProperties = authenticationContext.getAuthenticatorProperties();
            String str = (String) authenticatorProperties.get(FacebookAuthenticatorConstants.CLIENT_ID);
            String str2 = (String) authenticatorProperties.get("AuthnEndpoint");
            String str3 = (String) authenticatorProperties.get(FacebookAuthenticatorConstants.SCOPE);
            if (StringUtils.isEmpty(str3)) {
                str3 = FacebookAuthenticatorConstants.EMAIL;
            }
            httpServletResponse.sendRedirect(OAuthClientRequest.authorizationLocation(str2).setClientId(str).setRedirectURI(IdentityUtil.getServerURL("commonauth")).setResponseType(FacebookAuthenticatorConstants.OAUTH2_GRANT_TYPE_CODE).setScope(str3).setState(authenticationContext.getContextIdentifier() + "," + FacebookAuthenticatorConstants.FACEBOOK_LOGIN_TYPE).buildQueryMessage().getLocationUri());
        } catch (IOException e) {
            log.error("Exception while sending to the login page.", e);
            throw new AuthenticationFailedException(e.getMessage(), e);
        } catch (OAuthSystemException e2) {
            log.error("Exception while building authorization code request.", e2);
            throw new AuthenticationFailedException(e2.getMessage(), e2);
        }
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        log.trace("Inside FacebookAuthenticator.authenticate()");
        try {
            Map authenticatorProperties = authenticationContext.getAuthenticatorProperties();
            String str = (String) authenticatorProperties.get(FacebookAuthenticatorConstants.CLIENT_ID);
            String str2 = (String) authenticatorProperties.get(FacebookAuthenticatorConstants.CLIENT_SECRET);
            String str3 = (String) authenticatorProperties.get(FacebookAuthenticatorConstants.USER_INFO_FIELDS);
            String str4 = (String) authenticatorProperties.get("AuthTokenEndpoint");
            String str5 = (String) authenticatorProperties.get("UserInfoEndpoint");
            String token = getToken(str4, str, str2, IdentityUtil.getServerURL("commonauth"), getAuthorizationCode(httpServletRequest));
            if (!StringUtils.isBlank(str3)) {
                if (authenticationContext.getExternalIdP().getIdentityProvider().getClaimConfig() != null && !StringUtils.isBlank(authenticationContext.getExternalIdP().getIdentityProvider().getClaimConfig().getUserClaimURI())) {
                    String userClaimURI = authenticationContext.getExternalIdP().getIdentityProvider().getClaimConfig().getUserClaimURI();
                    if (!Arrays.asList(str3.split(",")).contains(userClaimURI)) {
                        str3 = str3 + "," + userClaimURI;
                    }
                } else if (!Arrays.asList(str3.split(",")).contains(FacebookAuthenticatorConstants.DEFAULT_USER_IDENTIFIER)) {
                    str3 = str3 + ",id";
                }
            }
            buildClaims(authenticationContext, getUserInfoJson(str5, str3, token));
        } catch (ApplicationAuthenticatorException e) {
            log.error("Failed to process Facebook Connect response.", e);
            throw new AuthenticationFailedException(e.getMessage(), e);
        }
    }

    private String getAuthorizationCode(HttpServletRequest httpServletRequest) throws ApplicationAuthenticatorException {
        try {
            return OAuthAuthzResponse.oauthCodeAuthzResponse(httpServletRequest).getCode();
        } catch (OAuthProblemException e) {
            throw new ApplicationAuthenticatorException("Exception while reading authorization code.", e);
        }
    }

    private String getToken(String str, String str2, String str3, String str4, String str5) throws ApplicationAuthenticatorException {
        OAuthClientRequest oAuthClientRequest = null;
        try {
            oAuthClientRequest = buidTokenRequest(str, str2, str3, str4, str5);
            String sendRequest = sendRequest(oAuthClientRequest.getLocationUri());
            if (!sendRequest.startsWith("{")) {
                return sendRequest;
            }
            if (log.isDebugEnabled()) {
                log.debug("Received token: " + sendRequest + " for code: " + str5);
            }
            throw new ApplicationAuthenticatorException("Received access token is invalid.");
        } catch (MalformedURLException e) {
            if (log.isDebugEnabled()) {
                log.debug("URL : " + oAuthClientRequest.getLocationUri());
            }
            throw new ApplicationAuthenticatorException("MalformedURLException while sending access token request.", e);
        } catch (IOException e2) {
            throw new ApplicationAuthenticatorException("IOException while sending access token request.", e2);
        }
    }

    private OAuthClientRequest buidTokenRequest(String str, String str2, String str3, String str4, String str5) throws ApplicationAuthenticatorException {
        try {
            return OAuthClientRequest.tokenLocation(str).setClientId(str2).setClientSecret(str3).setRedirectURI(str4).setCode(str5).buildQueryMessage();
        } catch (OAuthSystemException e) {
            throw new ApplicationAuthenticatorException("Exception while building access token request.", e);
        }
    }

    private String getUserInfoString(String str, String str2, String str3) throws ApplicationAuthenticatorException {
        try {
            return StringUtils.isBlank(str2) ? sendRequest(String.format("%s?%s", str, str3)) : sendRequest(String.format("%s?fields=%s&%s", str, str2, str3));
        } catch (MalformedURLException e) {
            if (log.isDebugEnabled()) {
                log.debug("URL : " + str + str3, e);
            }
            throw new ApplicationAuthenticatorException("MalformedURLException while sending user information request.", e);
        } catch (IOException e2) {
            throw new ApplicationAuthenticatorException("IOException while sending sending user information request.", e2);
        }
    }

    private void setSubject(AuthenticationContext authenticationContext, Map<String, Object> map) throws ApplicationAuthenticatorException {
        String str = (String) map.get(FacebookAuthenticatorConstants.DEFAULT_USER_IDENTIFIER);
        if (StringUtils.isEmpty(str)) {
            throw new ApplicationAuthenticatorException("Authenticated user identifier is empty");
        }
        authenticationContext.setSubject(AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier(str));
    }

    private Map<String, Object> getUserInfoJson(String str, String str2, String str3) throws ApplicationAuthenticatorException {
        String userInfoString = getUserInfoString(str, str2, str3);
        try {
            return JSONUtils.parseJSON(userInfoString);
        } catch (JSONException e) {
            if (log.isDebugEnabled()) {
                log.debug("UserInfoString : " + userInfoString, e);
            }
            throw new ApplicationAuthenticatorException("Exception while parsing User Information.", e);
        }
    }

    public void buildClaims(AuthenticationContext authenticationContext, Map<String, Object> map) throws ApplicationAuthenticatorException {
        if (map == null) {
            if (log.isDebugEnabled()) {
                log.debug("Decoded json object is null");
            }
            throw new ApplicationAuthenticatorException("Decoded json object is null");
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            hashMap.put(ClaimMapping.build(entry.getKey(), entry.getKey(), (String) null, false), entry.getValue().toString());
            if (log.isDebugEnabled()) {
                log.debug("Adding claim mapping : " + entry.getKey() + " <> " + entry.getKey() + " : " + entry.getValue());
            }
        }
        authenticationContext.getExternalIdP().getUserIdClaimUri();
        String federatedSubjectFromClaims = FrameworkUtils.getFederatedSubjectFromClaims(authenticationContext.getExternalIdP().getIdentityProvider(), hashMap);
        if (federatedSubjectFromClaims == null || federatedSubjectFromClaims.isEmpty()) {
            setSubject(authenticationContext, map);
        } else {
            authenticationContext.setSubject(AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier(federatedSubjectFromClaims));
        }
        authenticationContext.getSubject().setUserAttributes(hashMap);
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        log.trace("Inside FacebookAuthenticator.getContextIdentifier()");
        String parameter = httpServletRequest.getParameter(FacebookAuthenticatorConstants.OAUTH2_PARAM_STATE);
        if (parameter != null) {
            return parameter.split(",")[0];
        }
        return null;
    }

    private String sendRequest(String str) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new URL(str).openConnection().getInputStream(), Charset.forName("utf-8")));
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        while (true) {
            String str2 = readLine;
            if (str2 == null) {
                bufferedReader.close();
                return sb.toString();
            }
            sb.append(str2).append("\n");
            readLine = bufferedReader.readLine();
        }
    }

    private String getLoginType(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(FacebookAuthenticatorConstants.OAUTH2_PARAM_STATE);
        if (parameter != null) {
            return parameter.split(",")[1];
        }
        return null;
    }

    public String getFriendlyName() {
        return FacebookAuthenticatorConstants.FACEBOOK_LOGIN_TYPE;
    }

    public String getName() {
        return FacebookAuthenticatorConstants.AUTHENTICATOR_NAME;
    }
}
