package org.wso2.carbon.identity.authenticator.linkedIn;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.OAuthAuthzResponse;
import org.apache.oltu.oauth2.client.response.OAuthClientResponse;
import org.apache.oltu.oauth2.client.response.OAuthJSONAccessTokenResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.apache.oltu.oauth2.common.utils.JSONUtils;
import org.json.JSONObject;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authenticator.oidc.OpenIDConnectAuthenticator;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.core.util.IdentityUtil;

/* loaded from: input_file:org/wso2/carbon/identity/authenticator/linkedIn/LinkedInAuthenticator.class */
public class LinkedInAuthenticator extends OpenIDConnectAuthenticator implements FederatedApplicationAuthenticator {
    private static final Log log = LogFactory.getLog(LinkedInAuthenticator.class);

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(LinkedInAuthenticatorConstants.OAUTH2_GRANT_TYPE_CODE);
        String parameter2 = httpServletRequest.getParameter(LinkedInAuthenticatorConstants.OAUTH2_PARAM_STATE);
        String parameter3 = httpServletRequest.getParameter(LinkedInAuthenticatorConstants.OAUTH2_PARAM_ERROR);
        boolean booleanValue = isLoginTypeLinkedIn(httpServletRequest).booleanValue();
        if (log.isDebugEnabled()) {
            log.debug("Inside LinkedinOAuth2Authenticator.canHandle()");
            log.debug("Parameter values: ");
            log.debug("Is login type Linkedin: " + booleanValue);
            log.debug("code:" + parameter);
            log.debug("state:" + parameter2);
            log.debug("error:" + parameter3);
        }
        return (StringUtils.isNotEmpty(parameter) && parameter2 != null && booleanValue) || parameter3 != null;
    }

    private void handleErrorResponse(HttpServletRequest httpServletRequest) throws InvalidCredentialsException {
        if (httpServletRequest.getParameter(LinkedInAuthenticatorConstants.OAUTH2_PARAM_ERROR) != null) {
            StringBuilder sb = new StringBuilder();
            String parameter = httpServletRequest.getParameter(LinkedInAuthenticatorConstants.OAUTH2_PARAM_ERROR);
            sb.append(LinkedInAuthenticatorConstants.ERROR).append(parameter).append(LinkedInAuthenticatorConstants.ERROR_DESCRIPTION).append(httpServletRequest.getParameter(LinkedInAuthenticatorConstants.OAUTH2_PARAM_ERROR_DESCRIPTION)).append(LinkedInAuthenticatorConstants.STATE).append(httpServletRequest.getParameter(LinkedInAuthenticatorConstants.OAUTH2_PARAM_STATE));
            if (log.isDebugEnabled()) {
                log.debug("Failed to authenticate via LinkedIn when click on cancel without providing credentials. " + sb.toString());
            }
            throw new InvalidCredentialsException(sb.toString());
        }
    }

    private Boolean isLoginTypeLinkedIn(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(LinkedInAuthenticatorConstants.OAUTH2_PARAM_STATE);
        if (StringUtils.isNotEmpty(parameter)) {
            return Boolean.valueOf(parameter.contains(LinkedInAuthenticatorConstants.LINKEDIN_LOGIN_TYPE));
        }
        return false;
    }

    protected String getAuthorizationServerEndpoint(Map<String, String> map) {
        String str = map != null ? map.get(LinkedInAuthenticatorConstants.OAUTH2_AUTHZ_URL) : LinkedInAuthenticatorConstants.LINKEDIN_OAUTH_ENDPOINT_V2;
        return StringUtils.isNotEmpty(str) ? str : LinkedInAuthenticatorConstants.LINKEDIN_OAUTH_ENDPOINT_V2;
    }

    protected String getTokenEndpoint(Map<String, String> map) {
        String str = map != null ? map.get(LinkedInAuthenticatorConstants.OAUTH2_TOKEN_URL) : LinkedInAuthenticatorConstants.LINKEDIN_TOKEN_ENDPOINT_V2;
        return StringUtils.isNotEmpty(str) ? str : LinkedInAuthenticatorConstants.LINKEDIN_TOKEN_ENDPOINT_V2;
    }

    protected String getUserInfoEndpoint(OAuthClientResponse oAuthClientResponse, Map<String, String> map) {
        String str = map != null ? map.get(LinkedInAuthenticatorConstants.USERINFO_ENDPOINT) : LinkedInAuthenticatorConstants.LINKEDIN_USERINFO_ENDPOINT_V2;
        return StringUtils.isNotEmpty(str) ? str : LinkedInAuthenticatorConstants.LINKEDIN_USERINFO_ENDPOINT_V2;
    }

    protected boolean requiredIDToken(Map<String, String> map) {
        return false;
    }

    public String getFriendlyName() {
        return LinkedInAuthenticatorConstants.LINKEDIN_CONNECTOR_FRIENDLY_NAME;
    }

    public String getName() {
        return LinkedInAuthenticatorConstants.LINKEDIN_CONNECTOR_NAME;
    }

    public List<Property> getConfigurationProperties() {
        ArrayList arrayList = new ArrayList();
        Property property = new Property();
        property.setName("ClientId");
        property.setDisplayName(LinkedInAuthenticatorConstants.CLIENT_ID);
        property.setRequired(true);
        property.setDescription("Enter Linkedin IDP client identifier value");
        property.setDisplayOrder(0);
        arrayList.add(property);
        Property property2 = new Property();
        property2.setName("ClientSecret");
        property2.setDisplayName(LinkedInAuthenticatorConstants.CLIENT_SECRET);
        property2.setRequired(true);
        property2.setConfidential(true);
        property2.setDescription("Enter Linkedin IDP client secret value");
        property2.setDisplayOrder(1);
        arrayList.add(property2);
        Property property3 = new Property();
        property3.setDisplayName("Callback URL");
        property3.setName(LinkedInAuthenticatorConstants.CALLBACK_URL);
        property3.setDescription("Enter value corresponding to callback url.");
        property3.setRequired(true);
        property3.setDisplayOrder(2);
        arrayList.add(property3);
        return arrayList;
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            Map<String, String> authenticatorProperties = authenticationContext.getAuthenticatorProperties();
            if (authenticatorProperties == null) {
                throw new AuthenticationFailedException("Authenticator Properties cannot be null.");
            }
            String str = authenticatorProperties.get("ClientId");
            String authorizationServerEndpoint = getAuthorizationServerEndpoint(authenticatorProperties);
            httpServletResponse.sendRedirect(OAuthClientRequest.authorizationLocation(authorizationServerEndpoint).setClientId(str).setRedirectURI(getCallbackUrl(authenticatorProperties)).setResponseType(LinkedInAuthenticatorConstants.OAUTH2_GRANT_TYPE_CODE).setState(getState(authenticationContext.getContextIdentifier() + "," + LinkedInAuthenticatorConstants.LINKEDIN_LOGIN_TYPE, authenticatorProperties)).setScope(LinkedInAuthenticatorConstants.SCOPE).buildQueryMessage().getLocationUri());
        } catch (IOException | OAuthSystemException e) {
            throw new AuthenticationFailedException("Error while initiating authentication request.", e);
        }
    }

    protected String getCallbackUrl(Map<String, String> map) {
        return map.get(LinkedInAuthenticatorConstants.CALLBACK_URL);
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            handleErrorResponse(httpServletRequest);
            String code = OAuthAuthzResponse.oauthCodeAuthzResponse(httpServletRequest).getCode();
            Map<String, String> authenticatorProperties = authenticationContext.getAuthenticatorProperties();
            String str = authenticatorProperties.get("ClientId");
            String str2 = authenticatorProperties.get("ClientSecret");
            String tokenEndpoint = getTokenEndpoint(authenticatorProperties);
            try {
                OAuthJSONAccessTokenResponse accessToken = new OAuthClient(new URLConnectionClient()).accessToken(OAuthClientRequest.tokenLocation(tokenEndpoint).setGrantType(GrantType.AUTHORIZATION_CODE).setClientId(str).setClientSecret(str2).setRedirectURI(getCallbackUrl(authenticatorProperties)).setCode(code).buildBodyMessage());
                if (StringUtils.isEmpty(accessToken.getParam(LinkedInAuthenticatorConstants.ACCESS_TOKEN))) {
                    throw new AuthenticationFailedException("Authentication Failed. Didn't receive the access token.");
                }
                Map<ClaimMapping, String> subjectAttributes = getSubjectAttributes(accessToken, authenticatorProperties);
                if (subjectAttributes == null || subjectAttributes.isEmpty()) {
                    throw new AuthenticationFailedException("Selected user profile not found.");
                }
                AuthenticatedUser createFederateAuthenticatedUserFromSubjectIdentifier = AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier(subjectAttributes.get(ClaimMapping.build(LinkedInAuthenticatorConstants.EMAIL_ADDRESS_CLAIM, LinkedInAuthenticatorConstants.EMAIL_ADDRESS_CLAIM, (String) null, false)));
                createFederateAuthenticatedUserFromSubjectIdentifier.setUserAttributes(subjectAttributes);
                authenticationContext.setSubject(createFederateAuthenticatedUserFromSubjectIdentifier);
            } catch (OAuthSystemException e) {
                if (log.isDebugEnabled()) {
                    log.debug("Exception while building request for request access token", e);
                }
                throw new AuthenticationFailedException(e.getMessage(), e);
            }
        } catch (OAuthProblemException e2) {
            throw new AuthenticationFailedException("Authentication Failed in oauthresponse ", e2);
        }
    }

    protected String sendRequest(String str, String str2) throws IOException {
        if (log.isDebugEnabled()) {
            log.debug("claim url: " + str);
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestMethod("GET");
        httpURLConnection.setRequestProperty("Authorization", "Bearer " + str2);
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        while (true) {
            String str3 = readLine;
            if (str3 == null) {
                break;
            }
            sb.append(str3).append("\n");
            readLine = bufferedReader.readLine();
        }
        bufferedReader.close();
        if (log.isDebugEnabled()) {
            log.debug("response: " + sb.toString());
        }
        return sb.toString();
    }

    protected Map<String, Object> getUserClaims(OAuthClientResponse oAuthClientResponse) throws AuthenticationFailedException {
        try {
            return JSONUtils.parseJSON(sendRequest(LinkedInAuthenticatorConstants.LINKEDIN_USERINFO_ENDPOINT_V2, oAuthClientResponse.getParam(LinkedInAuthenticatorConstants.ACCESS_TOKEN)));
        } catch (IOException e) {
            throw new AuthenticationFailedException("Authentication Failed while request user info ", e);
        }
    }

    public String getClaimDialectURI() {
        return LinkedInAuthenticatorConstants.CLAIM_DIALECT_URI;
    }

    protected Map<ClaimMapping, String> getSubjectAttributes(OAuthClientResponse oAuthClientResponse, Map<String, String> map) {
        String sendRequest;
        HashMap hashMap = new HashMap();
        try {
            String param = oAuthClientResponse.getParam(LinkedInAuthenticatorConstants.ACCESS_TOKEN);
            hashMap.put(ClaimMapping.build(LinkedInAuthenticatorConstants.EMAIL_ADDRESS_CLAIM, LinkedInAuthenticatorConstants.EMAIL_ADDRESS_CLAIM, (String) null, false), ((JSONObject) ((Object[]) JSONUtils.parseJSON(sendRequest(getEmailEndpointURL(map), param)).get(LinkedInAuthenticatorConstants.ELEMENTS_ATTRIBUTE))[0]).getJSONObject(LinkedInAuthenticatorConstants.HANDLE_ATTRIBUTE).getString(LinkedInAuthenticatorConstants.EMAIL_ADDRESS_ATTRIBUTE));
            sendRequest = sendRequest(getUserInfoEndpoint(oAuthClientResponse, map), param);
        } catch (Exception e) {
            log.error("Error occurred while accessing user info endpoint", e);
        }
        if (StringUtils.isBlank(sendRequest)) {
            if (log.isDebugEnabled()) {
                log.debug("Empty JSON response from the IDP user info endpoint. Continuing without user claims.");
            }
            return Collections.emptyMap();
        }
        Map parseJSON = JSONUtils.parseJSON(sendRequest);
        Iterator it = parseJSON.entrySet().iterator();
        while (it.hasNext()) {
            String str = (String) ((Map.Entry) it.next()).getKey();
            hashMap.put(ClaimMapping.build("http://wso2.org/linkedin/claims/" + str, "http://wso2.org/linkedin/claims/" + str, (String) null, false), parseJSON.get(str).toString());
            if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("UserClaims")) {
                log.debug("Adding claims from end-point data mapping : " + str + " - " + parseJSON.get(str).toString());
            }
        }
        return hashMap;
    }

    public String getEmailEndpointURL(Map<String, String> map) {
        String str = map != null ? map.get(LinkedInAuthenticatorConstants.EMAIL_ENDPOINT) : LinkedInAuthenticatorConstants.LINKEDIN_EMAIL_ENDPOINT;
        return StringUtils.isNotEmpty(str) ? str : LinkedInAuthenticatorConstants.LINKEDIN_EMAIL_ENDPOINT;
    }
}
