package org.wso2.carbon.identity.application.authenticator.iproov;

import edu.umd.cs.findbugs.annotations.SuppressWarnings;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.extension.identity.helper.FederatedAuthenticatorUtil;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authenticator.iproov.common.constants.IproovAuthenticatorConstants;
import org.wso2.carbon.identity.application.authenticator.iproov.common.exception.IproovAuthnFailedException;
import org.wso2.carbon.identity.application.authenticator.iproov.common.web.IproovAuthorizationAPIClient;
import org.wso2.carbon.identity.application.authenticator.iproov.internal.IproovAuthenticatorDataHolder;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.JustInTimeProvisioningConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.core.ServiceURLBuilder;
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/iproov/IproovAuthenticator.class */
public class IproovAuthenticator extends AbstractApplicationAuthenticator implements FederatedApplicationAuthenticator {
    private static final Log LOG = LogFactory.getLog(IproovAuthenticator.class);

    public String getName() {
        return IproovAuthenticatorConstants.AUTHENTICATOR_NAME_VALUE;
    }

    public String getFriendlyName() {
        return IproovAuthenticatorConstants.AUTHENTICATOR_FRIENDLY_NAME_VALUE;
    }

    public List<Property> getConfigurationProperties() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(getProperty(IproovAuthenticatorConstants.ConfigProperties.BASE_URL));
        arrayList.add(getProperty(IproovAuthenticatorConstants.ConfigProperties.OAUTH_USERNAME));
        arrayList.add(getProperty(IproovAuthenticatorConstants.ConfigProperties.OAUTH_PASSWORD));
        arrayList.add(getProperty(IproovAuthenticatorConstants.ConfigProperties.API_KEY));
        arrayList.add(getProperty(IproovAuthenticatorConstants.ConfigProperties.API_SECRET));
        arrayList.add(getProperty(IproovAuthenticatorConstants.ConfigProperties.ENABLE_PROGRESSIVE_ENROLLMENT));
        return arrayList;
    }

    private Property getProperty(IproovAuthenticatorConstants.ConfigProperties configProperties) {
        Property property = new Property();
        property.setName(configProperties.getName());
        property.setDisplayName(configProperties.getDisplayName());
        property.setDescription(configProperties.getDescription());
        property.setDisplayOrder(configProperties.getDisplayOrder());
        property.setRequired(true);
        return property;
    }

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(IproovAuthenticatorConstants.SESSION_DATA_KEY) != null;
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(IproovAuthenticatorConstants.SESSION_DATA_KEY);
        if (StringUtils.isNotBlank(parameter)) {
            return parameter;
        }
        if (!LOG.isDebugEnabled()) {
            return null;
        }
        LOG.debug("A unique identifier cannot be issued for both Request and Response. ContextIdentifier is NULL.");
        return null;
    }

    public AuthenticatorFlowStatus process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            if (authenticationContext.isLogoutRequest()) {
                return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
            }
            if (authenticationContext.getLastAuthenticatedUser() == null) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Authenticated user is not found in the context.");
                }
                throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.NO_AUTHENTICATED_USER_FOUND_FROM_PREVIOUS_STEP);
            }
            AuthenticatedUser authenticatedUserFromContext = getAuthenticatedUserFromContext(authenticationContext);
            String tenantDomain = authenticatedUserFromContext.getTenantDomain();
            if (StringUtils.isBlank(tenantDomain)) {
                throw new AuthenticationFailedException(IproovAuthenticatorConstants.ErrorMessages.ERROR_CODE_NO_USER_TENANT.getCode(), IproovAuthenticatorConstants.ErrorMessages.ERROR_CODE_NO_USER_TENANT.getMessage());
            }
            String mappedLocalUsername = getMappedLocalUsername(authenticatedUserFromContext, authenticationContext);
            AuthenticatedUser resolveAuthenticatingUser = resolveAuthenticatingUser(authenticationContext, authenticatedUserFromContext, mappedLocalUsername, tenantDomain, StringUtils.isBlank(mappedLocalUsername));
            authenticationContext.setProperty(IproovAuthenticatorConstants.AUTHENTICATED_USER, resolveAuthenticatingUser);
            String parameter = httpServletRequest.getParameter(IproovAuthenticatorConstants.SCENARIO);
            if (IproovAuthenticatorConstants.Verification.AUTHENTICATION.equals(parameter) || IproovAuthenticatorConstants.Verification.ENROLLMENT.equals(parameter)) {
                processAuthenticationResponse(httpServletRequest, httpServletResponse, authenticationContext);
                return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
            }
            if (IproovAuthenticatorConstants.Verification.RETRY.equals(parameter)) {
                initiateIproovAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
                return AuthenticatorFlowStatus.INCOMPLETE;
            }
            boolean parseBoolean = Boolean.parseBoolean(getClaimValue(resolveAuthenticatingUser, IproovAuthenticatorConstants.IPROOV_ENROLLED_CLAIM));
            boolean isIproovProgressiveEnrollmentEnabled = isIproovProgressiveEnrollmentEnabled(authenticationContext);
            if (!parseBoolean && !isIproovProgressiveEnrollmentEnabled) {
                return AuthenticatorFlowStatus.FAIL_COMPLETED;
            }
            initiateIproovAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
            return AuthenticatorFlowStatus.INCOMPLETE;
        } catch (UserStoreException e) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.RETRIEVING_USER_STORE_FAILURE, e);
        }
    }

    public void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            redirectIproovLoginPage(httpServletResponse, authenticationContext, null, null);
        } catch (AuthenticationFailedException e) {
            throw new AuthenticationFailedException("Error occurred when trying to redirect user to the login page.", e);
        }
    }

    @SuppressWarnings({"UNVALIDATED_REDIRECT"})
    private void redirectIproovLoginPage(HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, IproovAuthenticatorConstants.AuthenticationStatus authenticationStatus, Map<String, String> map) throws IproovAuthnFailedException {
        try {
            ServiceURLBuilder addParameter = ServiceURLBuilder.create().addPath(new String[]{IproovAuthenticatorConstants.IPROOV_LOGIN_PAGE}).addParameter(IproovAuthenticatorConstants.SESSION_DATA_KEY, authenticationContext.getContextIdentifier()).addParameter(IproovAuthenticatorConstants.AUTHENTICATOR_NAME, IproovAuthenticatorConstants.AUTHENTICATOR_FRIENDLY_NAME_VALUE).addParameter(IproovAuthenticatorConstants.TENANT_DOMAIN, authenticationContext.getTenantDomain());
            if (authenticationStatus != null) {
                addParameter.addParameter("status", String.valueOf(authenticationStatus.getName()));
                addParameter.addParameter("message", String.valueOf(authenticationStatus.getMessage()));
            }
            if (map != null) {
                for (Map.Entry<String, String> entry : map.entrySet()) {
                    addParameter.addParameter(entry.getKey(), entry.getValue());
                }
            }
            httpServletResponse.sendRedirect(addParameter.build().getAbsolutePublicURL());
        } catch (IOException e) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.AUTHENTICATION_FAILED_REDIRECTING_LOGIN_FAILURE, e);
        } catch (URLBuilderException e2) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.IPROOV_REDIRECT_URL_BUILD_FAILURE, e2);
        }
    }

    /* JADX WARN: Type inference failed for: r14v3, types: [java.lang.Throwable, org.wso2.carbon.identity.application.authenticator.iproov.common.exception.IproovAuthnFailedException] */
    @SuppressWarnings({"CRLF_INJECTION_LOGS", "UNVALIDATED_REDIRECT"})
    protected void initiateIproovAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException, UserStoreException {
        try {
            AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(IproovAuthenticatorConstants.AUTHENTICATED_USER);
            boolean parseBoolean = Boolean.parseBoolean(getClaimValue(authenticatedUser, IproovAuthenticatorConstants.IPROOV_ENROLLED_CLAIM));
            String resolveUserId = resolveUserId(authenticatedUser);
            if (StringUtils.isBlank(resolveUserId)) {
                throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.USER_NOT_FOUND);
            }
            if (Boolean.parseBoolean(getClaimValue(authenticatedUser, IproovAuthenticatorConstants.USER_ACCOUNT_LOCKED_CLAIM))) {
                LOG.error("User account is locked.");
                throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.USER_ACCOUNT_LOCKED);
            }
            String userName = authenticatedUser.getUserName();
            Map authenticatorProperties = authenticationContext.getAuthenticatorProperties();
            String str = (String) authenticatorProperties.get(IproovAuthenticatorConstants.ConfigProperties.BASE_URL.getName());
            String str2 = (String) authenticatorProperties.get(IproovAuthenticatorConstants.ConfigProperties.API_KEY.getName());
            String str3 = (String) authenticatorProperties.get(IproovAuthenticatorConstants.ConfigProperties.API_SECRET.getName());
            validateIproovConfiguration(str, str2, str3, (String) authenticatorProperties.get(IproovAuthenticatorConstants.ConfigProperties.OAUTH_USERNAME.getName()), (String) authenticatorProperties.get(IproovAuthenticatorConstants.ConfigProperties.OAUTH_PASSWORD.getName()));
            String str4 = null;
            String str5 = null;
            if (parseBoolean) {
                str4 = IproovAuthorizationAPIClient.getToken(str, IproovAuthenticatorConstants.TokenEndpoints.IPROOV_VERIFY_TOKEN_PATH, str2, str3, resolveUserId);
                httpServletResponse.sendRedirect(ServiceURLBuilder.create().addPath(new String[]{IproovAuthenticatorConstants.IPROOV_LOGIN_PAGE}).addParameter(IproovAuthenticatorConstants.VERIFY_TOKEN, str4).build().getAbsolutePublicURL());
            } else {
                str5 = IproovAuthorizationAPIClient.getToken(str, IproovAuthenticatorConstants.TokenEndpoints.IPROOV_ENROLL_TOKEN_PATH, str2, str3, resolveUserId);
                httpServletResponse.sendRedirect(ServiceURLBuilder.create().addPath(new String[]{IproovAuthenticatorConstants.IPROOV_LOGIN_PAGE}).addParameter(IproovAuthenticatorConstants.ENROLL_TOKEN, str5).build().getAbsolutePublicURL());
            }
            authenticationContext.setProperty(IproovAuthenticatorConstants.USER_ID, resolveUserId);
            authenticationContext.setProperty(IproovAuthenticatorConstants.USERNAME, userName);
            HashMap hashMap = new HashMap();
            if (str4 != null) {
                authenticationContext.setProperty(IproovAuthenticatorConstants.VERIFY_TOKEN, str4);
                authenticationContext.getEndpointParams().put(IproovAuthenticatorConstants.VERIFY_TOKEN, str4);
            }
            if (str5 != null) {
                authenticationContext.setProperty(IproovAuthenticatorConstants.ENROLL_TOKEN, str5);
                authenticationContext.getEndpointParams().put(IproovAuthenticatorConstants.ENROLL_TOKEN, str5);
            }
            if (IproovAuthenticatorConstants.Verification.RETRY.equals(httpServletRequest.getParameter(IproovAuthenticatorConstants.SCENARIO))) {
                hashMap.put(IproovAuthenticatorConstants.Verification.RETRY, "true");
                handleIProovFailedAttempts(authenticatedUser);
            }
            redirectIproovLoginPage(httpServletResponse, authenticationContext, IproovAuthenticatorConstants.AuthenticationStatus.PENDING, hashMap);
        } catch (IproovAuthnFailedException e) {
            throw new AuthenticationFailedException(e.getMessage(), (Throwable) e);
        } catch (URLBuilderException | IOException e2) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.IPROOV_REDIRECT_URL_BUILD_FAILURE, e2);
        } catch (UserStoreException e3) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.RETRIEVING_REG_USER_FAILURE);
        } catch (UserIdNotFoundException e4) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.USER_NOT_FOUND);
        }
    }

    private AuthenticatedUser resolveAuthenticatingUser(AuthenticationContext authenticationContext, AuthenticatedUser authenticatedUser, String str, String str2, boolean z) throws AuthenticationFailedException {
        if (!authenticatedUser.isFederatedUser()) {
            return authenticatedUser;
        }
        if (!isJitProvisioningEnabled(authenticatedUser, str2)) {
            throw new AuthenticationFailedException(IproovAuthenticatorConstants.ErrorMessages.ERROR_CODE_INVALID_FEDERATED_USER_AUTHENTICATION.getCode(), IproovAuthenticatorConstants.ErrorMessages.ERROR_CODE_INVALID_FEDERATED_USER_AUTHENTICATION.getMessage());
        }
        if (z) {
            authenticationContext.setProperty(IproovAuthenticatorConstants.IS_INITIAL_FEDERATED_USER_ATTEMPT, true);
            return authenticatedUser;
        }
        AuthenticatedUser authenticatedUser2 = new AuthenticatedUser(authenticatedUser);
        authenticatedUser2.setUserName(str);
        authenticatedUser2.setUserStoreDomain(getFederatedUserStoreDomain(authenticatedUser, str2));
        return authenticatedUser2;
    }

    private String getFederatedUserStoreDomain(AuthenticatedUser authenticatedUser, String str) throws AuthenticationFailedException {
        String federatedIdPName = authenticatedUser.getFederatedIdPName();
        JustInTimeProvisioningConfig justInTimeProvisioningConfig = getIdentityProvider(federatedIdPName, str).getJustInTimeProvisioningConfig();
        if (justInTimeProvisioningConfig == null) {
            if (!LOG.isDebugEnabled()) {
                return null;
            }
            LOG.debug(String.format("No JIT provisioning configs for idp: %s in tenant: %s", federatedIdPName, str));
            return null;
        }
        String provisioningUserStore = justInTimeProvisioningConfig.getProvisioningUserStore();
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("Setting userstore: %s as the provisioning userstore for user: %s in tenant: %s", provisioningUserStore, authenticatedUser.getUserName(), str));
        }
        return provisioningUserStore;
    }

    private boolean isJitProvisioningEnabled(AuthenticatedUser authenticatedUser, String str) throws AuthenticationFailedException {
        String federatedIdPName = authenticatedUser.getFederatedIdPName();
        JustInTimeProvisioningConfig justInTimeProvisioningConfig = getIdentityProvider(federatedIdPName, str).getJustInTimeProvisioningConfig();
        if (justInTimeProvisioningConfig != null) {
            return justInTimeProvisioningConfig.isProvisioningEnabled();
        }
        if (!LOG.isDebugEnabled()) {
            return false;
        }
        LOG.debug(String.format("No JIT provisioning configs for idp: %s in tenant: %s", federatedIdPName, str));
        return false;
    }

    private IdentityProvider getIdentityProvider(String str, String str2) throws AuthenticationFailedException {
        try {
            IdentityProvider idPByName = IproovAuthenticatorDataHolder.getIdpManager().getIdPByName(str, str2);
            if (idPByName == null) {
                throw new AuthenticationFailedException(String.format(IproovAuthenticatorConstants.ErrorMessages.ERROR_CODE_INVALID_FEDERATED_AUTHENTICATOR.getMessage(), str, str2));
            }
            return idPByName;
        } catch (IdentityProviderManagementException e) {
            throw new AuthenticationFailedException(String.format(IproovAuthenticatorConstants.ErrorMessages.ERROR_CODE_INVALID_FEDERATED_AUTHENTICATOR.getMessage(), str, str2));
        }
    }

    private String getMappedLocalUsername(AuthenticatedUser authenticatedUser, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        if (!authenticatedUser.isFederatedUser()) {
            return authenticatedUser.getUserName();
        }
        String loggedInFederatedUser = FederatedAuthenticatorUtil.getLoggedInFederatedUser(authenticationContext);
        if (StringUtils.isBlank(loggedInFederatedUser)) {
            throw new AuthenticationFailedException(IproovAuthenticatorConstants.ErrorMessages.ERROR_CODE_NO_AUTHENTICATED_USER.getCode(), IproovAuthenticatorConstants.ErrorMessages.ERROR_CODE_NO_FEDERATED_USER.getMessage());
        }
        String localUsernameAssociatedWithFederatedUser = FederatedAuthenticatorUtil.getLocalUsernameAssociatedWithFederatedUser(MultitenantUtils.getTenantAwareUsername(loggedInFederatedUser), authenticationContext);
        if (StringUtils.isNotBlank(localUsernameAssociatedWithFederatedUser)) {
            return localUsernameAssociatedWithFederatedUser;
        }
        return null;
    }

    private AuthenticatedUser getAuthenticatedUserFromContext(AuthenticationContext authenticationContext) throws IproovAuthnFailedException {
        Map stepMap;
        if (authenticationContext.getSequenceConfig() != null && (stepMap = authenticationContext.getSequenceConfig().getStepMap()) != null) {
            for (StepConfig stepConfig : stepMap.values()) {
                AuthenticatedUser authenticatedUser = stepConfig.getAuthenticatedUser();
                if (stepConfig.isSubjectAttributeStep()) {
                    if (authenticatedUser == null) {
                        throw new IproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.USER_NOT_FOUND.getCode(), IproovAuthenticatorConstants.ErrorMessages.USER_NOT_FOUND.getMessage());
                    }
                    if (!StringUtils.isBlank(authenticatedUser.toFullQualifiedUsername())) {
                        return authenticatedUser;
                    }
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Username can not be empty.");
                    }
                    throw new IproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.USER_NOT_FOUND.getCode(), IproovAuthenticatorConstants.ErrorMessages.USER_NOT_FOUND.getMessage());
                }
            }
        }
        throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.NO_AUTHENTICATED_USER_FOUND_FROM_PREVIOUS_STEP);
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        boolean validateVerification;
        AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(IproovAuthenticatorConstants.AUTHENTICATED_USER);
        try {
            if (Boolean.parseBoolean(getClaimValue(authenticatedUser, IproovAuthenticatorConstants.USER_ACCOUNT_LOCKED_CLAIM))) {
                LOG.error("User account is locked.");
                throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.USER_ACCOUNT_LOCKED);
            }
            String resolveUserId = resolveUserId(authenticatedUser);
            if (StringUtils.isBlank(resolveUserId)) {
                throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.USER_NOT_FOUND);
            }
            Map authenticatorProperties = authenticationContext.getAuthenticatorProperties();
            String str = (String) authenticatorProperties.get(IproovAuthenticatorConstants.ConfigProperties.BASE_URL.getName());
            String str2 = (String) authenticatorProperties.get(IproovAuthenticatorConstants.ConfigProperties.API_KEY.getName());
            String str3 = (String) authenticatorProperties.get(IproovAuthenticatorConstants.ConfigProperties.API_SECRET.getName());
            String str4 = (String) authenticatorProperties.get(IproovAuthenticatorConstants.ConfigProperties.OAUTH_USERNAME.getName());
            String str5 = (String) authenticatorProperties.get(IproovAuthenticatorConstants.ConfigProperties.OAUTH_PASSWORD.getName());
            String parameter = httpServletRequest.getParameter(IproovAuthenticatorConstants.SCENARIO);
            if (IproovAuthenticatorConstants.Verification.AUTHENTICATION.equals(parameter)) {
                validateVerification = IproovAuthorizationAPIClient.validateVerification(str, IproovAuthenticatorConstants.TokenEndpoints.IPROOV_VALIDATE_VERIFICATION_PATH, str2, str3, resolveUserId, (String) authenticationContext.getProperty(IproovAuthenticatorConstants.VERIFY_TOKEN));
            } else {
                validateVerification = IproovAuthorizationAPIClient.validateVerification(str, IproovAuthenticatorConstants.TokenEndpoints.IPROOV_ENROLL_VERIFICATION_PATH, str2, str3, resolveUserId, (String) authenticationContext.getProperty(IproovAuthenticatorConstants.ENROLL_TOKEN));
                if (!validateVerification) {
                    if (IproovAuthorizationAPIClient.removeIproovUserProfile(str, str2, str4, str5, resolveUserId)) {
                        LOG.info("Successfully deleted the user profile from iProov server.");
                    } else {
                        LOG.error("Deleting user profile from iProov server failed.");
                    }
                }
            }
            if (!validateVerification) {
                handleIProovFailedAttempts(authenticatedUser);
                throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.IPROOV_VERIFICATION_TOKEN_VALIDATING_FAILURE);
            }
            authenticationContext.setSubject(authenticatedUser);
            if (IproovAuthenticatorConstants.Verification.ENROLLMENT.equals(parameter)) {
                UserStoreManager userStoreManager = getUserStoreManager(authenticatedUser);
                HashMap hashMap = new HashMap();
                hashMap.put(IproovAuthenticatorConstants.IPROOV_ENROLLED_CLAIM, "true");
                userStoreManager.setUserClaimValues(MultitenantUtils.getTenantAwareUsername(authenticatedUser.toFullQualifiedUsername()), hashMap, (String) null);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Successfully logged in the user " + resolveUserId);
            }
        } catch (AuthenticationFailedException e) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.IPROOV_SETTING_IPROOV_CLAIM_VALUE_FAILURE, e);
        } catch (UserIdNotFoundException e2) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.USER_NOT_FOUND);
        } catch (UserStoreException e3) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.RETRIEVING_USER_STORE_FAILURE, e3);
        }
    }

    private void handleIProovFailedAttempts(AuthenticatedUser authenticatedUser) throws AuthenticationFailedException, UserStoreException {
        UserStoreManager userStoreManager = getUserStoreManager(authenticatedUser);
        HashMap hashMap = new HashMap();
        hashMap.put("authenticatorName", getName());
        hashMap.put("PropertyFailedLoginAttemptsClaim", IproovAuthenticatorConstants.IPROOV_FAILED_LOGIN_ATTEMPTS_CLAIM);
        hashMap.put("userStoreManager", userStoreManager);
        hashMap.put("OPERATION_STATUS", false);
        triggerEvent(authenticatedUser, hashMap);
    }

    protected void triggerEvent(AuthenticatedUser authenticatedUser, Map<String, Object> map) throws AuthenticationFailedException {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("user-name", authenticatedUser.getUserName());
            hashMap.put("userstore-domain", authenticatedUser.getUserStoreDomain());
            hashMap.put("tenant-domain", authenticatedUser.getTenantDomain());
            if (map != null) {
                for (Map.Entry<String, Object> entry : map.entrySet()) {
                    if (StringUtils.isNotBlank(entry.getKey()) && entry.getValue() != null) {
                        hashMap.put(entry.getKey(), entry.getValue());
                    }
                }
            }
            IproovAuthenticatorDataHolder.getIdentityEventService().handleEvent(new Event("POST_NON_BASIC_AUTHENTICATION", hashMap));
        } catch (IdentityEventException e) {
            throw new AuthenticationFailedException("Error occurred while handling event", e);
        }
    }

    private String getClaimValue(AuthenticatedUser authenticatedUser, String str) throws AuthenticationFailedException, UserStoreException {
        try {
            return (String) getUserStoreManager(authenticatedUser).getUserClaimValues(MultitenantUtils.getTenantAwareUsername(authenticatedUser.toFullQualifiedUsername()), new String[]{str}, (String) null).get(str);
        } catch (UserStoreException e) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.USER_NOT_FOUND, e);
        }
    }

    private UserStoreManager getUserStoreManager(AuthenticatedUser authenticatedUser) throws AuthenticationFailedException, UserStoreException {
        try {
            return getUserRealm(authenticatedUser.toFullQualifiedUsername()).getUserStoreManager();
        } catch (UserStoreException e) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.RETRIEVING_REG_USER_FAILURE, e);
        }
    }

    private UserRealm getUserRealm(String str) throws IproovAuthnFailedException {
        UserRealm userRealm = null;
        if (str != null) {
            try {
                userRealm = IproovAuthenticatorDataHolder.getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(MultitenantUtils.getTenantDomain(str)));
            } catch (UserStoreException e) {
                throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.RETRIEVING_USER_STORE_FAILURE, e);
            }
        }
        if (userRealm == null) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.RETRIEVING_USER_REALM_FAILURE);
        }
        return userRealm;
    }

    private void validateIproovConfiguration(String str, String str2, String str3, String str4, String str5) throws IproovAuthnFailedException {
        if (StringUtils.isBlank(str)) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.IPROOV_BASE_URL_INVALID_FAILURE);
        }
        if (StringUtils.isBlank(str2)) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.IPROOV_API_KEY_INVALID_FAILURE);
        }
        if (StringUtils.isBlank(str3)) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.IPROOV_API_SECRET_INVALID_FAILURE);
        }
        if (StringUtils.isBlank(str4)) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.IPROOV_OAUTH_USERNAME_INVALID_FAILURE);
        }
        if (StringUtils.isBlank(str5)) {
            throw getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages.IPROOV_OAUTH_PASSWORD_INVALID_FAILURE);
        }
    }

    private String resolveUserId(AuthenticatedUser authenticatedUser) throws AuthenticationFailedException, UserStoreException, UserIdNotFoundException {
        return authenticatedUser.isFederatedUser() ? (String) getUserStoreManager(authenticatedUser).getUserClaimValues(MultitenantUtils.getTenantAwareUsername(authenticatedUser.toFullQualifiedUsername()), new String[]{IproovAuthenticatorConstants.USER_ID_CLAIM}, (String) null).get(IproovAuthenticatorConstants.USER_ID_CLAIM) : authenticatedUser.getUserId();
    }

    private boolean isIproovProgressiveEnrollmentEnabled(AuthenticationContext authenticationContext) {
        return Boolean.parseBoolean((String) authenticationContext.getAuthenticatorProperties().get(IproovAuthenticatorConstants.ConfigProperties.ENABLE_PROGRESSIVE_ENROLLMENT.getName()));
    }

    private static IproovAuthnFailedException getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages errorMessages, Exception exc) {
        return new IproovAuthnFailedException(errorMessages.getCode(), errorMessages.getMessage(), exc);
    }

    private IproovAuthnFailedException getIproovAuthnFailedException(IproovAuthenticatorConstants.ErrorMessages errorMessages) {
        return new IproovAuthnFailedException(errorMessages.getCode(), errorMessages.getMessage());
    }
}
