package org.wso2.carbon.identity.application.authenticator.iwa;

import java.io.IOException;
import java.net.URLEncoder;
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.iwa.servlet.IWAServelet;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/iwa/IWAAuthenticator.class */
public class IWAAuthenticator extends AbstractApplicationAuthenticator implements LocalApplicationAuthenticator {
    public static final String AUTHENTICATOR_NAME = "IWAAuthenticator";
    public static final String AUTHENTICATOR_FRIENDLY_NAME = "iwa";
    public static final String IWA_PROCESSED = "iwaauth";
    private static final long serialVersionUID = -713445365200141399L;
    private static Log log = LogFactory.getLog(IWAAuthenticator.class);

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        String property = System.getProperty(IWAConstants.OS_NAME_PROPERTY);
        return StringUtils.isNotEmpty(property) && property.contains(IWAConstants.WINDOWS_OS_MATCH_STRING) && httpServletRequest.getParameter(IWA_PROCESSED) != null;
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        sendToLoginPage(httpServletRequest, httpServletResponse, authenticationContext.getContextIdentifier());
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        HttpSession session;
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (userPrincipal == null && (session = httpServletRequest.getSession(false)) != null) {
            userPrincipal = (Principal) session.getAttribute(IWAServelet.PRINCIPAL_SESSION_KEY);
        }
        if (userPrincipal == null || userPrincipal.getName() == null) {
            if (log.isDebugEnabled()) {
                log.debug("Authenticated principal is null. Therefore authentication is failed.");
            }
            throw new AuthenticationFailedException("Authentication Failed");
        }
        String name = userPrincipal.getName();
        String substring = name.substring(name.indexOf("\\") + 1);
        if (log.isDebugEnabled()) {
            log.debug("Authenticate request received : AuthType - " + httpServletRequest.getAuthType() + ", User - " + substring);
        }
        try {
            if (CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager().isExistingUser(MultitenantUtils.getTenantAwareUsername(substring))) {
                authenticationContext.setSubject(AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(FrameworkUtils.prependUserStoreDomainToName(substring)));
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("user authentication failed, user:" + substring + " is not in the user store");
                }
                throw new AuthenticationFailedException("Authentication Failed");
            }
        } catch (UserStoreException e) {
            throw new AuthenticationFailedException("IWAAuthenticator failed while trying to find user existence", e);
        }
    }

    public void sendToLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws AuthenticationFailedException {
        String str2 = null;
        try {
            str2 = IdentityUtil.getServerURL("iwa") + "?" + IWAConstants.IWA_PARAM_STATE + "=" + URLEncoder.encode(str, IWAConstants.UTF_8);
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(str2));
        } catch (IOException e) {
            log.error("Error when sending to the login page :" + str2, e);
            throw new AuthenticationFailedException("Authentication failed");
        }
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(IWAConstants.IWA_PARAM_STATE);
    }

    public String getFriendlyName() {
        return "iwa";
    }

    public String getName() {
        return AUTHENTICATOR_NAME;
    }
}
