package org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl;

import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.handler.sequence.RequestPathBasedSequenceHandler;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/DefaultRequestPathBasedSequenceHandler.class */
public class DefaultRequestPathBasedSequenceHandler implements RequestPathBasedSequenceHandler {
    private static final Log log = LogFactory.getLog(DefaultRequestPathBasedSequenceHandler.class);
    private static volatile DefaultRequestPathBasedSequenceHandler instance;

    public static DefaultRequestPathBasedSequenceHandler getInstance() {
        if (instance == null) {
            synchronized (DefaultRequestPathBasedSequenceHandler.class) {
                if (instance == null) {
                    instance = new DefaultRequestPathBasedSequenceHandler();
                }
            }
        }
        return instance;
    }

    @Override // org.wso2.carbon.identity.application.authentication.framework.handler.sequence.SequenceHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Executing the Request Path Authentication...");
        }
        SequenceConfig sequenceConfig = authenticationContext.getSequenceConfig();
        for (AuthenticatorConfig authenticatorConfig : sequenceConfig.getReqPathAuthenticators()) {
            ApplicationAuthenticator applicationAuthenticator = authenticatorConfig.getApplicationAuthenticator();
            if (log.isDebugEnabled()) {
                log.debug("Executing " + applicationAuthenticator.getName());
            }
            if (applicationAuthenticator.canHandle(httpServletRequest)) {
                if (log.isDebugEnabled()) {
                    log.debug(applicationAuthenticator.getName() + " can handle the request");
                }
                try {
                    AuthenticatorFlowStatus process = applicationAuthenticator.process(httpServletRequest, httpServletResponse, authenticationContext);
                    if (log.isDebugEnabled()) {
                        log.debug(applicationAuthenticator.getName() + ".authenticate() returned: " + process.toString());
                    }
                    AuthenticatedUser subject = authenticationContext.getSubject();
                    sequenceConfig.setAuthenticatedUser(subject);
                    if (log.isDebugEnabled()) {
                        log.debug("Authenticated User: " + subject.getAuthenticatedSubjectIdentifier());
                        log.debug("Authenticated User Tenant Domain: " + sequenceConfig.getAuthenticatedUser().getTenantDomain());
                    }
                    AuthenticatedIdPData authenticatedIdPData = new AuthenticatedIdPData();
                    authenticatedIdPData.setUser(subject);
                    authenticatedIdPData.setIdpName(FrameworkConstants.LOCAL_IDP_NAME);
                    authenticatorConfig.setAuthenticatorStateInfo(authenticationContext.getStateInfo());
                    authenticatedIdPData.setAuthenticator(authenticatorConfig);
                    sequenceConfig.setAuthenticatedReqPathAuthenticator(authenticatorConfig);
                    authenticationContext.getCurrentAuthenticatedIdPs().put(FrameworkConstants.LOCAL_IDP_NAME, authenticatedIdPData);
                    handlePostAuthentication(httpServletRequest, httpServletResponse, authenticationContext, authenticatedIdPData);
                } catch (InvalidCredentialsException e) {
                    if (log.isDebugEnabled()) {
                        log.debug("InvalidCredentialsException stack trace : ", e);
                    }
                    log.warn("A login attempt was failed due to invalid credentials");
                    authenticationContext.setRequestAuthenticated(false);
                } catch (AuthenticationFailedException e2) {
                    log.error(e2.getMessage(), e2);
                    authenticationContext.setRequestAuthenticated(false);
                } catch (LogoutFailedException e3) {
                    throw new FrameworkException(e3.getMessage(), e3);
                }
                authenticationContext.getSequenceConfig().setCompleted(true);
                return;
            }
        }
    }

    protected void handlePostAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, AuthenticatedIdPData authenticatedIdPData) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Handling Post Authentication tasks");
        }
        SequenceConfig sequenceConfig = authenticationContext.getSequenceConfig();
        StringBuilder sb = new StringBuilder();
        sb.append("\"idps\":");
        sb.append("[");
        sb.append("{");
        sb.append("\"idp\":\"").append(authenticatedIdPData.getIdpName()).append("\",");
        sb.append("\"authenticator\":\"").append(authenticatedIdPData.getAuthenticator().getApplicationAuthenticator().getName()).append("\"");
        sb.append("}");
        sb.append("]");
        sequenceConfig.setAuthenticatedIdPs(IdentityApplicationManagementUtil.getSignedJWT(sb.toString(), sequenceConfig.getApplicationConfig().getServiceProvider()));
        Map<String, String> handleClaimMappings = handleClaimMappings(authenticationContext);
        String spRoleClaimUri = getSpRoleClaimUri(sequenceConfig.getApplicationConfig());
        String str = handleClaimMappings.get(spRoleClaimUri);
        if (str != null && str.trim().length() > 0) {
            handleClaimMappings.put(spRoleClaimUri, getServiceProviderMappedUserRoles(sequenceConfig, Arrays.asList(str.split(","))));
        }
        sequenceConfig.getAuthenticatedUser().setUserAttributes(FrameworkUtils.buildClaimMappings(handleClaimMappings));
        if (authenticationContext.getSequenceConfig().getApplicationConfig().getSubjectClaimUri() == null || authenticationContext.getSequenceConfig().getApplicationConfig().getSubjectClaimUri().trim().length() <= 0) {
            return;
        }
        Map map = (Map) authenticationContext.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
        String str2 = map != null ? (String) map.get(authenticationContext.getSequenceConfig().getApplicationConfig().getSubjectClaimUri().trim()) : handleClaimMappings.get(authenticationContext.getSequenceConfig().getApplicationConfig().getSubjectClaimUri().trim());
        if (str2 != null) {
            sequenceConfig.getAuthenticatedUser().setAuthenticatedSubjectIdentifier(str2);
            if (log.isDebugEnabled()) {
                log.debug("Authenticated User: " + sequenceConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier());
                log.debug("Authenticated User Tenant Domain: " + sequenceConfig.getAuthenticatedUser().getTenantDomain());
            }
        }
    }

    protected String getServiceProviderMappedUserRoles(SequenceConfig sequenceConfig, List<String> list) throws FrameworkException {
        if (list == null || list.isEmpty()) {
            return null;
        }
        Map<String, String> roleMappings = sequenceConfig.getApplicationConfig().getRoleMappings();
        boolean z = false;
        if (roleMappings != null && !roleMappings.isEmpty()) {
            z = true;
        }
        StringBuilder sb = new StringBuilder();
        for (String str : list) {
            if (!z) {
                sb.append(str).append(",");
            } else if (roleMappings.containsKey(str)) {
                sb.append(str).append(",");
            }
        }
        return null;
    }

    protected String getSpRoleClaimUri(ApplicationConfig applicationConfig) throws FrameworkException {
        Map<String, String> claimMappings;
        String roleClaim = applicationConfig.getRoleClaim();
        if (roleClaim == null && (claimMappings = applicationConfig.getClaimMappings()) != null && !claimMappings.isEmpty()) {
            for (Map.Entry<String, String> entry : claimMappings.entrySet()) {
                if (FrameworkConstants.LOCAL_ROLE_CLAIM_URI.equals(entry.getValue())) {
                    return entry.getKey();
                }
            }
        }
        if (roleClaim == null) {
            return FrameworkConstants.LOCAL_ROLE_CLAIM_URI;
        }
        return null;
    }

    protected Map<String, String> handleClaimMappings(AuthenticationContext authenticationContext) throws FrameworkException {
        try {
            return FrameworkUtils.getClaimHandler().handleClaimMappings(null, authenticationContext, null, false);
        } catch (FrameworkException e) {
            log.error("Claim handling failed!", e);
            return null;
        }
    }
}
