package org.wso2.carbon.identity.authenticator.emailotp;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.ProtocolException;
import java.net.URL;
import java.net.URLConnection;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.axiom.om.util.Base64;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONObject;
import org.wso2.carbon.extension.identity.helper.FederatedAuthenticatorUtil;
import org.wso2.carbon.extension.identity.helper.util.IdentityHelperUtil;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.oidc.OpenIDConnectAuthenticator;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.authenticator.emailotp.config.EmailOTPUtils;
import org.wso2.carbon.identity.authenticator.emailotp.exception.EmailOTPException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.mgt.IdentityMgtConfigException;
import org.wso2.carbon.identity.mgt.IdentityMgtServiceException;
import org.wso2.carbon.identity.mgt.NotificationSender;
import org.wso2.carbon.identity.mgt.config.Config;
import org.wso2.carbon.identity.mgt.config.ConfigBuilder;
import org.wso2.carbon.identity.mgt.config.ConfigType;
import org.wso2.carbon.identity.mgt.config.StorageType;
import org.wso2.carbon.identity.mgt.dto.NotificationDataDTO;
import org.wso2.carbon.identity.mgt.mail.DefaultEmailSendingModule;
import org.wso2.carbon.identity.mgt.mail.Notification;
import org.wso2.carbon.identity.mgt.mail.NotificationBuilder;
import org.wso2.carbon.identity.mgt.mail.NotificationData;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/authenticator/emailotp/EmailOTPAuthenticator.class */
public class EmailOTPAuthenticator extends OpenIDConnectAuthenticator implements FederatedApplicationAuthenticator {
    private static final Log log = LogFactory.getLog(EmailOTPAuthenticator.class);

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        if (log.isDebugEnabled()) {
            log.debug("Inside EmailOTPAuthenticator canHandle method");
        }
        return (StringUtils.isNotEmpty(httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.RESEND)) && StringUtils.isEmpty(httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.CODE))) || StringUtils.isNotEmpty(httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.CODE)) || StringUtils.isNotEmpty(httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.EMAIL_ADDRESS));
    }

    public AuthenticatorFlowStatus process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException, LogoutFailedException {
        if (authenticationContext.isLogoutRequest()) {
            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
        }
        if (StringUtils.isNotEmpty(httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.EMAIL_ADDRESS))) {
            initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
            return AuthenticatorFlowStatus.INCOMPLETE;
        }
        if (!StringUtils.isEmpty(httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.CODE))) {
            return super.process(httpServletRequest, httpServletResponse, authenticationContext);
        }
        initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
        if (!authenticationContext.getProperty(EmailOTPAuthenticatorConstants.AUTHENTICATION).equals(EmailOTPAuthenticatorConstants.AUTHENTICATOR_NAME)) {
            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
        }
        authenticationContext.setCurrentAuthenticator(getName());
        return AuthenticatorFlowStatus.INCOMPLETE;
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        boolean parseBoolean;
        boolean parseBoolean2;
        try {
            Object obj = null;
            Map<String, String> parameterMap = getAuthenticatorConfig().getParameterMap();
            String tenantDomain = authenticationContext.getTenantDomain();
            authenticationContext.setProperty(EmailOTPAuthenticatorConstants.AUTHENTICATION, EmailOTPAuthenticatorConstants.AUTHENTICATOR_NAME);
            if (!tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) {
                IdentityHelperUtil.loadApplicationAuthenticationXMLFromRegistry(authenticationContext, getName(), tenantDomain);
                obj = authenticationContext.getProperty("getPropertiesFromLocal");
            }
            if (obj != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) {
                parseBoolean = Boolean.parseBoolean(parameterMap.get(EmailOTPAuthenticatorConstants.IS_EMAILOTP_MANDATORY));
                parseBoolean2 = Boolean.parseBoolean(parameterMap.get(EmailOTPAuthenticatorConstants.SEND_OTP_TO_FEDERATED_EMAIL_ATTRIBUTE));
            } else {
                parseBoolean = Boolean.parseBoolean(String.valueOf(authenticationContext.getProperty(EmailOTPAuthenticatorConstants.IS_EMAILOTP_MANDATORY)));
                parseBoolean2 = Boolean.parseBoolean(String.valueOf(authenticationContext.getProperty(EmailOTPAuthenticatorConstants.SEND_OTP_TO_FEDERATED_EMAIL_ATTRIBUTE)));
            }
            FederatedAuthenticatorUtil.setUsernameFromFirstStep(authenticationContext);
            String valueOf = String.valueOf(authenticationContext.getProperty(EmailOTPAuthenticatorConstants.USER_NAME));
            AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(EmailOTPAuthenticatorConstants.AUTHENTICATED_USER);
            if (authenticatedUser == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Cannot find the authenticated user, the username : " + valueOf + " may be null");
                }
                throw new AuthenticationFailedException("Authentication failed!. Cannot find the authenticated user, the username : " + valueOf + " may be null");
            }
            boolean isUserExistInUserStore = FederatedAuthenticatorUtil.isUserExistInUserStore(valueOf);
            String queryStringWithFrameworkContextId = FrameworkUtils.getQueryStringWithFrameworkContextId(authenticationContext.getQueryParams(), authenticationContext.getCallerSessionKey(), authenticationContext.getContextIdentifier());
            if (parseBoolean) {
                if (log.isDebugEnabled()) {
                    log.debug("Process the EmailOTP mandatory flow ");
                }
                processEmailOTPMandatory(authenticationContext, httpServletRequest, httpServletResponse, isUserExistInUserStore, valueOf, queryStringWithFrameworkContextId, parameterMap, parseBoolean2);
            } else if (!isUserExistInUserStore || isEmailOTPDisableForUser(valueOf, authenticationContext, parameterMap)) {
                if (log.isDebugEnabled()) {
                    log.debug("Process with the first step (basic) authenticator only");
                }
                processFirstStepOnly(authenticatedUser, authenticationContext);
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Process the EmailOTP optional flow, but user enable emailOTP as second step ");
                }
                String emailValueForUsername = getEmailValueForUsername(valueOf, authenticationContext);
                if (StringUtils.isEmpty(emailValueForUsername)) {
                    if (httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.EMAIL_ADDRESS) == null) {
                        redirectToEmailAddressReqPage(httpServletResponse, authenticationContext, parameterMap, queryStringWithFrameworkContextId, valueOf);
                    } else {
                        updateEmailAddressForUsername(authenticationContext, httpServletRequest, valueOf);
                        emailValueForUsername = getEmailValueForUsername(valueOf, authenticationContext);
                    }
                }
                if (StringUtils.isNotEmpty(emailValueForUsername)) {
                    processEmailOTPFlow(httpServletRequest, httpServletResponse, emailValueForUsername, valueOf, queryStringWithFrameworkContextId, authenticationContext);
                }
            }
        } catch (EmailOTPException e) {
            throw new AuthenticationFailedException("Failed to get the email claim when proceed the EmailOTP flow ", e);
        } catch (UserStoreException e2) {
            throw new AuthenticationFailedException("Failed to get the user from user store ", e2);
        }
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        AuthenticatedUser authenticatedUser = getAuthenticatedUser(authenticationContext);
        if (authenticatedUser == null) {
            throw new AuthenticationFailedException("Could not find an Authenticated user in the context.");
        }
        if (isLocalUser(authenticationContext) && EmailOTPUtils.isAccountLocked(authenticatedUser)) {
            String format = String.format("Authentication failed since authenticated user: %s, account is locked.", authenticatedUser);
            if (log.isDebugEnabled()) {
                log.debug(format);
            }
            throw new AuthenticationFailedException(format);
        }
        if (StringUtils.isEmpty(httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.CODE))) {
            if (log.isDebugEnabled()) {
                log.debug("One time password cannot be null");
            }
            throw new InvalidCredentialsException("Code cannot be null");
        }
        if (Boolean.parseBoolean(httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.RESEND))) {
            if (log.isDebugEnabled()) {
                log.debug("Retrying to resend the OTP");
            }
            throw new InvalidCredentialsException("Retrying to resend the OTP");
        }
        if (!httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.CODE).equals((String) authenticationContext.getProperty(EmailOTPAuthenticatorConstants.OTP_TOKEN))) {
            if (log.isDebugEnabled()) {
                log.debug("Given otp code is mismatch");
            }
            handleOtpVerificationFail(authenticationContext);
            throw new AuthenticationFailedException("Code mismatch");
        }
        authenticationContext.setProperty(EmailOTPAuthenticatorConstants.OTP_TOKEN, "");
        authenticationContext.setProperty(EmailOTPAuthenticatorConstants.EMAILOTP_ACCESS_TOKEN, "");
        authenticationContext.setSubject(AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier(authenticationContext.getProperty(EmailOTPAuthenticatorConstants.RECEIVER_EMAIL).toString()));
        resetOtpFailedAttempts(authenticationContext);
    }

    private void checkEmailOTPBehaviour(AuthenticationContext authenticationContext, Map<String, String> map, Map<String, String> map2, String str, String str2, String str3) throws AuthenticationFailedException {
        if (isSMTP(map2, map, authenticationContext)) {
            sendOTP(str2, str3, str);
            return;
        }
        if (StringUtils.isNotEmpty(str)) {
            Map<String, String> authenticatorPropertiesWithTokenResponse = getAuthenticatorPropertiesWithTokenResponse(authenticationContext, map, map2);
            String sendMailUsingAPIs = sendMailUsingAPIs(authenticationContext, authenticatorPropertiesWithTokenResponse, map, prepareURLParams(authenticationContext, authenticatorPropertiesWithTokenResponse, map), preparePayload(authenticationContext, authenticatorPropertiesWithTokenResponse, map, str, str3), prepareFormData(authenticationContext, authenticatorPropertiesWithTokenResponse, map, str, str3));
            String failureString = getFailureString(authenticationContext, map, getAPI(authenticatorPropertiesWithTokenResponse));
            if (StringUtils.isEmpty(sendMailUsingAPIs) || sendMailUsingAPIs.startsWith(EmailOTPAuthenticatorConstants.FAILED) || (StringUtils.isNotEmpty(failureString) && sendMailUsingAPIs.contains(failureString))) {
                throw new AuthenticationFailedException("Unable to send the code");
            }
        }
    }

    private Map<String, String> getAuthenticatorPropertiesWithTokenResponse(AuthenticationContext authenticationContext, Map<String, String> map, Map<String, String> map2) throws AuthenticationFailedException {
        if (isAccessTokenRequired(authenticationContext, map, map2)) {
            String sendTokenRequest = sendTokenRequest(authenticationContext, map2, map);
            if (StringUtils.isEmpty(sendTokenRequest) || sendTokenRequest.startsWith(EmailOTPAuthenticatorConstants.FAILED)) {
                if (log.isDebugEnabled()) {
                    log.debug("Unable to get the access token");
                }
                throw new AuthenticationFailedException("Error while getting the access token");
            }
            authenticationContext.getAuthenticatorProperties().put(EmailOTPAuthenticatorConstants.EMAILOTP_ACCESS_TOKEN, new JSONObject(sendTokenRequest).getString(EmailOTPAuthenticatorConstants.EMAILOTP_ACCESS_TOKEN));
            map2 = authenticationContext.getAuthenticatorProperties();
        }
        return map2;
    }

    private String getFederatedEmailAttributeKey(AuthenticationContext authenticationContext, String str) throws AuthenticationFailedException {
        String str2 = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if (authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) {
            Map authenticatorConfig = FederatedAuthenticatorUtil.getAuthenticatorConfig(str);
            if (authenticatorConfig != null) {
                str2 = (String) authenticatorConfig.get(EmailOTPAuthenticatorConstants.FEDERATED_EMAIL_ATTRIBUTE_KEY);
            }
        } else {
            str2 = String.valueOf(authenticationContext.getProperty(EmailOTPAuthenticatorConstants.FEDERATED_EMAIL_ATTRIBUTE_KEY));
        }
        return str2;
    }

    private void processEmailOTPMandatory(AuthenticationContext authenticationContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, String str, String str2, Map<String, String> map, boolean z2) throws EmailOTPException, AuthenticationFailedException {
        String str3 = null;
        if (!z) {
            proceedOTPWithFederatedEmailAddress(authenticationContext, httpServletRequest, httpServletResponse, str, str2, z2, map);
            return;
        }
        if (isEmailOTPDisableForUser(str, authenticationContext, map)) {
            redirectToErrorPage(httpServletResponse, authenticationContext, map, str2, EmailOTPAuthenticatorConstants.ERROR_EMAILOTP_DISABLE);
        } else {
            str3 = getEmailValueForUsername(str, authenticationContext);
            if (StringUtils.isEmpty(str3)) {
                if (httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.EMAIL_ADDRESS) == null) {
                    redirectToEmailAddressReqPage(httpServletResponse, authenticationContext, map, str2, str);
                } else {
                    updateEmailAddressForUsername(authenticationContext, httpServletRequest, str);
                    str3 = getEmailValueForUsername(str, authenticationContext);
                }
            }
        }
        if (StringUtils.isNotEmpty(str3)) {
            processEmailOTPFlow(httpServletRequest, httpServletResponse, str3, str, str2, authenticationContext);
        }
    }

    private void updateEmailAddressForUsername(AuthenticationContext authenticationContext, HttpServletRequest httpServletRequest, String str) throws AuthenticationFailedException {
        String tenantDomain = authenticationContext.getTenantDomain();
        if (str == null || authenticationContext.isRetrying()) {
            return;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(EmailOTPAuthenticatorConstants.EMAIL_CLAIM, httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.EMAIL_ADDRESS));
        updateUserAttribute(MultitenantUtils.getTenantAwareUsername(str), hashMap, tenantDomain);
    }

    private void updateUserAttribute(String str, Map<String, String> map, String str2) throws AuthenticationFailedException {
        try {
            UserRealm tenantUserRealm = IdentityTenantUtil.getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(str2));
            if (tenantUserRealm == null) {
                throw new AuthenticationFailedException("The specified tenant domain " + str2 + " does not exist.");
            }
            verifyUserExists(str, str2);
            tenantUserRealm.getUserStoreManager().setUserClaimValues(str, map, (String) null);
        } catch (UserStoreException | AuthenticationFailedException e) {
            throw new AuthenticationFailedException("Exception occurred while connecting to User Store: Authentication is failed. ", e);
        }
    }

    private void verifyUserExists(String str, String str2) throws AuthenticationFailedException {
        boolean z = false;
        try {
            UserRealm tenantUserRealm = IdentityTenantUtil.getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(str2));
            if (tenantUserRealm == null) {
                throw new AuthenticationFailedException("Super tenant realm not loaded.");
            }
            if (tenantUserRealm.getUserStoreManager().isExistingUser(str)) {
                z = true;
            }
            if (z) {
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug("User does not exist in the User Store");
            }
            throw new AuthenticationFailedException("User does not exist in the User Store.");
        } catch (UserStoreException e) {
            throw new AuthenticationFailedException("Error while validating the user :" + str, e);
        }
    }

    private void redirectToEmailAddressReqPage(HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, Map<String, String> map, String str, String str2) throws AuthenticationFailedException {
        if (!isEmailAddressUpdateEnable(authenticationContext, map)) {
            throw new AuthenticationFailedException("Authentication failed!. Update email address for the user : " + str2);
        }
        try {
            httpServletResponse.sendRedirect(getRedirectURL(getEmailAddressRequestPage(authenticationContext, map), str));
        } catch (IOException e) {
            throw new AuthenticationFailedException("Authentication failed!. An IOException was caught while redirecting to email address request page. ", e);
        }
    }

    private String getRedirectURL(String str, String str2) {
        return StringUtils.isNotEmpty(str2) ? str + "?" + str2 + "&" + EmailOTPAuthenticatorConstants.AUTHENTICATORS + getName() : str + "?" + EmailOTPAuthenticatorConstants.AUTHENTICATORS + getName();
    }

    private void proceedOTPWithFederatedEmailAddress(AuthenticationContext authenticationContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, boolean z, Map<String, String> map) throws AuthenticationFailedException {
        try {
            String str3 = null;
            String name = ((StepConfig) authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep() - 1))).getAuthenticatedAutenticator().getName();
            String name2 = ((AuthenticatorConfig) ((StepConfig) authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep()))).getAuthenticatorList().iterator().next()).getName();
            if (z) {
                String federatedEmailAttributeKey = getFederatedEmailAttributeKey(authenticationContext, name);
                if (StringUtils.isEmpty(federatedEmailAttributeKey)) {
                    federatedEmailAttributeKey = getFederatedEmailAttributeKey(authenticationContext, name2);
                }
                Iterator it = ((AuthenticatedIdPData) authenticationContext.getCurrentAuthenticatedIdPs().values().iterator().next()).getUser().getUserAttributes().entrySet().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Map.Entry entry = (Map.Entry) it.next();
                    String valueOf = String.valueOf(((ClaimMapping) entry.getKey()).getLocalClaim().getClaimUri());
                    String str4 = (String) entry.getValue();
                    if (valueOf.equals(federatedEmailAttributeKey)) {
                        str3 = String.valueOf(str4);
                        authenticationContext.setProperty(EmailOTPAuthenticatorConstants.RECEIVER_EMAIL, str3);
                        processEmailOTPFlow(httpServletRequest, httpServletResponse, str3, str, str2, authenticationContext);
                        break;
                    }
                }
                if (StringUtils.isEmpty(str3)) {
                    if (log.isDebugEnabled()) {
                        log.debug("There is no email claim to send otp ");
                    }
                    throw new AuthenticationFailedException("There is no email claim to send otp");
                }
            } else {
                redirectToErrorPage(httpServletResponse, authenticationContext, map, str2, EmailOTPAuthenticatorConstants.SEND_OTP_DIRECTLY_DISABLE);
            }
        } catch (AuthenticationFailedException e) {
            throw new AuthenticationFailedException(" Failed to process EmailOTP flow ", e);
        }
    }

    private void processFirstStepOnly(AuthenticatedUser authenticatedUser, AuthenticationContext authenticationContext) {
        if (((StepConfig) authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep() - 1))).getAuthenticatedAutenticator().getApplicationAuthenticator() instanceof LocalApplicationAuthenticator) {
            FederatedAuthenticatorUtil.updateLocalAuthenticatedUserInStepConfig(authenticationContext, authenticatedUser);
            authenticationContext.setProperty(EmailOTPAuthenticatorConstants.AUTHENTICATION, EmailOTPAuthenticatorConstants.BASIC);
        } else {
            FederatedAuthenticatorUtil.updateAuthenticatedUserInStepConfig(authenticationContext, authenticatedUser);
            authenticationContext.setProperty(EmailOTPAuthenticatorConstants.AUTHENTICATION, EmailOTPAuthenticatorConstants.FEDERETOR);
        }
    }

    private void redirectToErrorPage(HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, Map<String, String> map, String str, String str2) throws AuthenticationFailedException {
        try {
            String emailOTPErrorPage = getEmailOTPErrorPage(authenticationContext, map);
            if (log.isDebugEnabled()) {
                log.debug("The EmailOTP error page url is " + emailOTPErrorPage);
            }
            if (StringUtils.isEmpty(emailOTPErrorPage)) {
                String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
                emailOTPErrorPage = authenticationEndpointURL.replace(EmailOTPAuthenticatorConstants.LOGIN_PAGE, EmailOTPAuthenticatorConstants.ERROR_PAGE);
                if (log.isDebugEnabled()) {
                    log.debug("The default authentication endpoint URL " + authenticationEndpointURL + "is replaced by default email otp error page " + emailOTPErrorPage);
                }
                if (!emailOTPErrorPage.contains(EmailOTPAuthenticatorConstants.ERROR_PAGE)) {
                    throw new AuthenticationFailedException("The default authentication page is not replaced by default email otp error page");
                }
            }
            httpServletResponse.sendRedirect(getRedirectURL(emailOTPErrorPage, str) + str2);
        } catch (IOException e) {
            throw new AuthenticationFailedException("Authentication Failed : An IO Exception caught, While redirecting to error page ", e);
        }
    }

    private void processEmailOTPFlow(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        Map<String, String> authenticatorProperties = authenticationContext.getAuthenticatorProperties();
        Map<String, String> parameterMap = getAuthenticatorConfig().getParameterMap();
        try {
            if (!authenticationContext.isRetrying() || ((authenticationContext.isRetrying() && StringUtils.isEmpty(httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.RESEND))) || (authenticationContext.isRetrying() && Boolean.parseBoolean(httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.RESEND))))) {
                String generateToken = new OneTimePassword().generateToken(OneTimePassword.getRandomNumber(5), "2", 6);
                authenticationContext.setProperty(EmailOTPAuthenticatorConstants.OTP_TOKEN, generateToken);
                if (authenticatorProperties == null) {
                    throw new AuthenticationFailedException("Error while retrieving properties. Authenticator Properties cannot be null");
                }
                if (StringUtils.isNotEmpty(generateToken)) {
                    checkEmailOTPBehaviour(authenticationContext, parameterMap, authenticatorProperties, str, str2, generateToken);
                }
            }
            if (authenticationContext.isRetrying() || StringUtils.isEmpty(httpServletRequest.getParameter(EmailOTPAuthenticatorConstants.RESEND))) {
                redirectToEmailOTPLoginPage(httpServletResponse, authenticationContext, parameterMap, str3, str);
            }
        } catch (AuthenticationFailedException e) {
            throw new AuthenticationFailedException("Authentication Failed: Authenticator Properties may be null ", e);
        }
    }

    private void redirectToEmailOTPLoginPage(HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, Map<String, String> map, String str, String str2) throws AuthenticationFailedException {
        try {
            String emailOTPLoginPage = getEmailOTPLoginPage(authenticationContext, map);
            if (log.isDebugEnabled()) {
                log.debug("The EmailOTP login page url is " + emailOTPLoginPage);
            }
            if (StringUtils.isEmpty(emailOTPLoginPage)) {
                String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
                emailOTPLoginPage = authenticationEndpointURL.replace(EmailOTPAuthenticatorConstants.LOGIN_PAGE, EmailOTPAuthenticatorConstants.EMAILOTP_PAGE);
                if (log.isDebugEnabled()) {
                    log.debug("The default authentication endpoint URL " + authenticationEndpointURL + "is replaced by default email otp login page " + emailOTPLoginPage);
                }
                if (!emailOTPLoginPage.contains(EmailOTPAuthenticatorConstants.EMAILOTP_PAGE)) {
                    throw new AuthenticationFailedException("The default authentication page is not replaced by default email otp page");
                }
            }
            String redirectURL = getRedirectURL(emailOTPLoginPage, str);
            if (isShowEmailAddressInUIEnable(authenticationContext, map)) {
                redirectURL = redirectURL + EmailOTPAuthenticatorConstants.SCREEN_VALUE + str2;
            }
            if (authenticationContext.isRetrying()) {
                redirectURL = redirectURL + EmailOTPAuthenticatorConstants.RETRY_PARAMS;
            }
            httpServletResponse.sendRedirect(redirectURL);
        } catch (IOException e) {
            throw new AuthenticationFailedException("Authentication Failed: An IOException was caught while redirecting to login page. ", e);
        }
    }

    private String sendRESTCall(String str, String str2, String str3, String str4, String str5, String str6) {
        StringBuilder sb = new StringBuilder();
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                try {
                    try {
                        URLConnection openConnection = new URL(str + str2).openConnection();
                        if (openConnection instanceof HttpURLConnection) {
                            httpURLConnection = (HttpURLConnection) openConnection;
                            httpURLConnection.setDoInput(true);
                            httpURLConnection.setDoOutput(true);
                            httpURLConnection.setRequestMethod(str6);
                            if (!StringUtils.isNotEmpty(str5)) {
                                httpURLConnection.setRequestProperty(EmailOTPAuthenticatorConstants.HTTP_CONTENT_TYPE, EmailOTPAuthenticatorConstants.HTTP_CONTENT_TYPE_XWFUE);
                            } else if (str5.startsWith("{")) {
                                httpURLConnection.setRequestProperty(EmailOTPAuthenticatorConstants.HTTP_CONTENT_TYPE, str5.startsWith("{") ? EmailOTPAuthenticatorConstants.HTTP_CONTENT_TYPE_JSON : EmailOTPAuthenticatorConstants.HTTP_CONTENT_TYPE_XML);
                            }
                            if (StringUtils.isNotEmpty(str3)) {
                                httpURLConnection.setRequestProperty(EmailOTPAuthenticatorConstants.HTTP_AUTH, str3);
                            }
                            if (str6.toUpperCase().equals(EmailOTPAuthenticatorConstants.HTTP_POST)) {
                                OutputStreamWriter outputStreamWriter = new OutputStreamWriter(httpURLConnection.getOutputStream(), EmailOTPAuthenticatorConstants.CHARSET);
                                if (StringUtils.isNotEmpty(str5)) {
                                    outputStreamWriter.write(str5);
                                } else if (StringUtils.isNotEmpty(str4)) {
                                    outputStreamWriter.write(str4);
                                }
                                outputStreamWriter.close();
                            }
                            if (httpURLConnection.getResponseCode() != 200) {
                                if (httpURLConnection != null) {
                                    httpURLConnection.disconnect();
                                }
                                return "Failed: Request to the API is failed";
                            }
                            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
                            while (true) {
                                String readLine = bufferedReader.readLine();
                                if (readLine == null) {
                                    break;
                                }
                                sb.append(readLine);
                            }
                            bufferedReader.close();
                        }
                        if (httpURLConnection != null) {
                            httpURLConnection.disconnect();
                        }
                        return sb.toString();
                    } catch (IOException e) {
                        if (log.isDebugEnabled()) {
                            log.debug("Failed:  An IOException occurred while perform a rest call with API endpoint ", e);
                        }
                        if (httpURLConnection != null) {
                            httpURLConnection.disconnect();
                        }
                        return EmailOTPAuthenticatorConstants.FAILED;
                    }
                } catch (ProtocolException e2) {
                    if (log.isDebugEnabled()) {
                        log.debug("Failed:  May be the query parameter too long ", e2);
                    }
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return EmailOTPAuthenticatorConstants.FAILED;
                }
            } catch (MalformedURLException e3) {
                if (log.isDebugEnabled()) {
                    log.debug("Failed:  The constructed URL may be wrong ", e3);
                }
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                return EmailOTPAuthenticatorConstants.FAILED;
            }
        } catch (Throwable th) {
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private String preparePayload(AuthenticationContext authenticationContext, Map<String, String> map, Map<String, String> map2, String str, String str2) throws AuthenticationFailedException {
        String preparePayload;
        String api = getAPI(map);
        if (api.equals(EmailOTPAuthenticatorConstants.API_GMAIL)) {
            preparePayload = "{\"raw\":\"" + new String(Base64.encode(("to:" + str + "\nsubject:OTP Code\nfrom:" + map.get(EmailOTPAuthenticatorConstants.EMAILOTP_EMAIL) + "\n\n" + str2).getBytes())) + "\"}";
        } else {
            preparePayload = getPreparePayload(authenticationContext, map2, api);
            if (StringUtils.isNotEmpty(preparePayload)) {
                preparePayload = preparePayload.replace(EmailOTPAuthenticatorConstants.MAIL_FROM_EMAIL, map.get(EmailOTPAuthenticatorConstants.EMAILOTP_EMAIL)).replace(EmailOTPAuthenticatorConstants.MAIL_TO_EMAIL, str).replace(EmailOTPAuthenticatorConstants.MAIL_BODY, str2).replace(EmailOTPAuthenticatorConstants.MAIL_API_KEY, getApiKey(authenticationContext, map2, api));
            }
        }
        return preparePayload;
    }

    private String prepareURLParams(AuthenticationContext authenticationContext, Map<String, String> map, Map<String, String> map2) throws AuthenticationFailedException {
        String prepareURLParams = getPrepareURLParams(authenticationContext, map2, getAPI(map));
        if (StringUtils.isNotEmpty(prepareURLParams)) {
            return prepareURLParams;
        }
        return null;
    }

    private String prepareFormData(AuthenticationContext authenticationContext, Map<String, String> map, Map<String, String> map2, String str, String str2) throws AuthenticationFailedException {
        String api = getAPI(map);
        String prepareFormData = getPrepareFormData(authenticationContext, map2, api);
        if (StringUtils.isNotEmpty(prepareFormData)) {
            String str3 = map.get(EmailOTPAuthenticatorConstants.EMAILOTP_EMAIL);
            prepareFormData = prepareFormData.replace(EmailOTPAuthenticatorConstants.MAIL_FROM_EMAIL, str3).replace(EmailOTPAuthenticatorConstants.MAIL_TO_EMAIL, str).replace(EmailOTPAuthenticatorConstants.MAIL_BODY, str2).replace(EmailOTPAuthenticatorConstants.MAIL_API_KEY, getApiKey(authenticationContext, map2, api));
        }
        return prepareFormData;
    }

    private boolean isAccessTokenRequired(AuthenticationContext authenticationContext, Map<String, String> map, Map<String, String> map2) throws AuthenticationFailedException {
        boolean z = false;
        String api = getAPI(map2);
        String tenantDomain = authenticationContext.getTenantDomain();
        if (authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) {
            if (StringUtils.isNotEmpty(api) && map.containsKey(EmailOTPAuthenticatorConstants.ACCESS_TOKEN_REQUIRED_APIS)) {
                z = map.get(EmailOTPAuthenticatorConstants.ACCESS_TOKEN_REQUIRED_APIS).contains(api);
            }
        } else if (StringUtils.isNotEmpty(api) && authenticationContext.getProperty(EmailOTPAuthenticatorConstants.ACCESS_TOKEN_REQUIRED_APIS) != null) {
            z = String.valueOf(authenticationContext.getProperty(EmailOTPAuthenticatorConstants.ACCESS_TOKEN_REQUIRED_APIS)).contains(api);
        }
        return z;
    }

    private boolean isAPIKeyHeaderRequired(AuthenticationContext authenticationContext, Map<String, String> map, Map<String, String> map2) throws AuthenticationFailedException {
        boolean z = false;
        String api = getAPI(map2);
        String tenantDomain = authenticationContext.getTenantDomain();
        if (authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) {
            if (StringUtils.isNotEmpty(api) && map.containsKey(EmailOTPAuthenticatorConstants.API_KEY_HEADER_REQUIRED_APIS)) {
                z = map.get(EmailOTPAuthenticatorConstants.API_KEY_HEADER_REQUIRED_APIS).contains(api);
            }
        } else if (StringUtils.isNotEmpty(api) && authenticationContext.getProperty(EmailOTPAuthenticatorConstants.API_KEY_HEADER_REQUIRED_APIS) != null) {
            z = String.valueOf(authenticationContext.getProperty(EmailOTPAuthenticatorConstants.API_KEY_HEADER_REQUIRED_APIS)).contains(api);
        }
        return z;
    }

    private boolean isEmailOTPDisableForUser(String str, AuthenticationContext authenticationContext, Map<String, String> map) throws AuthenticationFailedException {
        try {
            String tenantDomain = MultitenantUtils.getTenantDomain(str);
            UserRealm tenantUserRealm = IdentityTenantUtil.getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(tenantDomain));
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(String.valueOf(str));
            if (tenantUserRealm == null) {
                throw new AuthenticationFailedException("Cannot find the user realm for the given tenant domain : " + tenantDomain);
            }
            if (isAdminMakeUserToEnableOrDisableEmailOTP(authenticationContext, map)) {
                return Boolean.parseBoolean((String) tenantUserRealm.getUserStoreManager().getUserClaimValues(tenantAwareUsername, new String[]{EmailOTPAuthenticatorConstants.USER_EMAILOTP_DISABLED_CLAIM_URI}, (String) null).get(EmailOTPAuthenticatorConstants.USER_EMAILOTP_DISABLED_CLAIM_URI));
            }
            return false;
        } catch (UserStoreException e) {
            throw new AuthenticationFailedException("Failed while trying to access userRealm of the user : " + str, e);
        }
    }

    private boolean isAdminMakeUserToEnableOrDisableEmailOTP(AuthenticationContext authenticationContext, Map<String, String> map) {
        boolean z = false;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(EmailOTPAuthenticatorConstants.IS_EMAILOTP_ENABLE_BY_USER)) {
            z = Boolean.parseBoolean(map.get(EmailOTPAuthenticatorConstants.IS_EMAILOTP_ENABLE_BY_USER));
        } else if (authenticationContext.getProperty(EmailOTPAuthenticatorConstants.IS_EMAILOTP_ENABLE_BY_USER) != null) {
            z = Boolean.parseBoolean(String.valueOf(authenticationContext.getProperty(EmailOTPAuthenticatorConstants.IS_EMAILOTP_ENABLE_BY_USER)));
        }
        return z;
    }

    private String getEmailValueForUsername(String str, AuthenticationContext authenticationContext) throws EmailOTPException {
        try {
            String tenantDomain = MultitenantUtils.getTenantDomain(str);
            UserRealm tenantUserRealm = IdentityTenantUtil.getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(tenantDomain));
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
            if (tenantUserRealm == null) {
                throw new EmailOTPException("Cannot find the user realm for the given tenant domain : " + tenantDomain);
            }
            String userClaimValue = tenantUserRealm.getUserStoreManager().getUserClaimValue(tenantAwareUsername, EmailOTPAuthenticatorConstants.EMAIL_CLAIM, (String) null);
            authenticationContext.setProperty(EmailOTPAuthenticatorConstants.RECEIVER_EMAIL, userClaimValue);
            return userClaimValue;
        } catch (UserStoreException e) {
            throw new EmailOTPException("Cannot find the email claim for username : " + str, e);
        }
    }

    private String getClientId(AuthenticationContext authenticationContext, Map<String, String> map, String str) {
        String str2 = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(str + "ClientId")) {
            str2 = map.get(str + "ClientId");
        } else if (authenticationContext.getProperty(str + "ClientId") != null) {
            str2 = String.valueOf(authenticationContext.getProperty(str + "ClientId"));
        }
        return str2;
    }

    private String getClientSecret(AuthenticationContext authenticationContext, Map<String, String> map, String str) {
        String str2 = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(str + "ClientSecret")) {
            str2 = map.get(str + "ClientSecret");
        } else if (authenticationContext.getProperty(str + "ClientSecret") != null) {
            str2 = String.valueOf(authenticationContext.getProperty(str + "ClientSecret"));
        }
        return str2;
    }

    private String getRefreshToken(AuthenticationContext authenticationContext, Map<String, String> map, String str) {
        String str2 = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(str + EmailOTPAuthenticatorConstants.REFRESH_TOKEN)) {
            str2 = map.get(str + EmailOTPAuthenticatorConstants.REFRESH_TOKEN);
        } else if (authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.REFRESH_TOKEN) != null) {
            str2 = String.valueOf(authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.REFRESH_TOKEN));
        }
        return str2;
    }

    private String getApiKey(AuthenticationContext authenticationContext, Map<String, String> map, String str) {
        String str2 = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(str + EmailOTPAuthenticatorConstants.EMAILOTP_API_KEY)) {
            str2 = map.get(str + EmailOTPAuthenticatorConstants.EMAILOTP_API_KEY);
        } else if (authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.EMAILOTP_API_KEY) != null) {
            str2 = String.valueOf(authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.EMAILOTP_API_KEY));
        }
        return str2;
    }

    private String getMailingEndpoint(AuthenticationContext authenticationContext, Map<String, String> map, String str) {
        String str2 = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(str + EmailOTPAuthenticatorConstants.MAILING_ENDPOINT)) {
            str2 = map.get(str + EmailOTPAuthenticatorConstants.MAILING_ENDPOINT);
        } else if (authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.MAILING_ENDPOINT) != null) {
            str2 = String.valueOf(authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.MAILING_ENDPOINT));
        }
        return str2;
    }

    private String getPreparePayload(AuthenticationContext authenticationContext, Map<String, String> map, String str) {
        String str2 = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(str + EmailOTPAuthenticatorConstants.PAYLOAD)) {
            str2 = map.get(str + EmailOTPAuthenticatorConstants.PAYLOAD);
        } else if (authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.PAYLOAD) != null) {
            str2 = String.valueOf(authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.PAYLOAD));
        }
        return str2;
    }

    private String getPrepareFormData(AuthenticationContext authenticationContext, Map<String, String> map, String str) {
        String str2 = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(str + EmailOTPAuthenticatorConstants.FORM_DATA)) {
            str2 = map.get(str + EmailOTPAuthenticatorConstants.FORM_DATA);
        } else if (authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.FORM_DATA) != null) {
            str2 = String.valueOf(authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.FORM_DATA));
        }
        return str2;
    }

    private String getPrepareURLParams(AuthenticationContext authenticationContext, Map<String, String> map, String str) {
        String str2 = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(str + EmailOTPAuthenticatorConstants.URL_PARAMS)) {
            str2 = map.get(str + EmailOTPAuthenticatorConstants.URL_PARAMS);
        } else if (authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.URL_PARAMS) != null) {
            str2 = String.valueOf(authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.URL_PARAMS));
        }
        return str2;
    }

    private String getFailureString(AuthenticationContext authenticationContext, Map<String, String> map, String str) {
        String str2 = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(str + EmailOTPAuthenticatorConstants.FAILURE)) {
            str2 = map.get(str + EmailOTPAuthenticatorConstants.FAILURE);
        } else if (authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.FAILURE) != null) {
            str2 = String.valueOf(authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.FAILURE));
        }
        return str2;
    }

    private String getAuthTokenType(AuthenticationContext authenticationContext, Map<String, String> map, String str) {
        String str2 = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(str + EmailOTPAuthenticatorConstants.HTTP_AUTH_TOKEN_TYPE)) {
            str2 = map.get(str + EmailOTPAuthenticatorConstants.HTTP_AUTH_TOKEN_TYPE);
        } else if (authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.HTTP_AUTH_TOKEN_TYPE) != null) {
            str2 = String.valueOf(authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.HTTP_AUTH_TOKEN_TYPE));
        }
        return str2;
    }

    private String getAccessTokenEndpoint(AuthenticationContext authenticationContext, Map<String, String> map, String str) {
        String str2 = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(str + EmailOTPAuthenticatorConstants.EMAILOTP_TOKEN_ENDPOINT)) {
            str2 = map.get(str + EmailOTPAuthenticatorConstants.EMAILOTP_TOKEN_ENDPOINT);
        } else if (authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.EMAILOTP_TOKEN_ENDPOINT) != null) {
            str2 = String.valueOf(authenticationContext.getProperty(str + EmailOTPAuthenticatorConstants.EMAILOTP_TOKEN_ENDPOINT));
        }
        return str2;
    }

    private String getEmailOTPErrorPage(AuthenticationContext authenticationContext, Map<String, String> map) {
        String str = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(EmailOTPAuthenticatorConstants.EMAILOTP_AUTHENTICATION_ERROR_PAGE_URL)) {
            str = map.get(EmailOTPAuthenticatorConstants.EMAILOTP_AUTHENTICATION_ERROR_PAGE_URL);
        } else if (authenticationContext.getProperty(EmailOTPAuthenticatorConstants.EMAILOTP_AUTHENTICATION_ERROR_PAGE_URL) != null) {
            str = String.valueOf(authenticationContext.getProperty(EmailOTPAuthenticatorConstants.EMAILOTP_AUTHENTICATION_ERROR_PAGE_URL));
        }
        return str;
    }

    private String getEmailOTPLoginPage(AuthenticationContext authenticationContext, Map<String, String> map) {
        String str = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(EmailOTPAuthenticatorConstants.EMAILOTP_AUTHENTICATION_ENDPOINT_URL)) {
            str = map.get(EmailOTPAuthenticatorConstants.EMAILOTP_AUTHENTICATION_ENDPOINT_URL);
        } else if (authenticationContext.getProperty(EmailOTPAuthenticatorConstants.EMAILOTP_AUTHENTICATION_ENDPOINT_URL) != null) {
            str = String.valueOf(authenticationContext.getProperty(EmailOTPAuthenticatorConstants.EMAILOTP_AUTHENTICATION_ENDPOINT_URL));
        }
        return str;
    }

    private boolean isEmailAddressUpdateEnable(AuthenticationContext authenticationContext, Map<String, String> map) {
        boolean z = false;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(EmailOTPAuthenticatorConstants.IS_ENABLE_EMAIL_VALUE_UPDATE)) {
            z = Boolean.parseBoolean(map.get(EmailOTPAuthenticatorConstants.IS_ENABLE_EMAIL_VALUE_UPDATE));
        } else if (authenticationContext.getProperty(EmailOTPAuthenticatorConstants.IS_ENABLE_EMAIL_VALUE_UPDATE) != null) {
            z = Boolean.parseBoolean(String.valueOf(authenticationContext.getProperty(EmailOTPAuthenticatorConstants.IS_ENABLE_EMAIL_VALUE_UPDATE)));
        }
        return z;
    }

    private String getEmailAddressRequestPage(AuthenticationContext authenticationContext, Map<String, String> map) {
        String str = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(EmailOTPAuthenticatorConstants.EMAIL_ADDRESS_REQ_PAGE)) {
            str = map.get(EmailOTPAuthenticatorConstants.EMAIL_ADDRESS_REQ_PAGE);
        } else if (authenticationContext.getProperty(EmailOTPAuthenticatorConstants.EMAIL_ADDRESS_REQ_PAGE) != null) {
            str = String.valueOf(authenticationContext.getProperty(EmailOTPAuthenticatorConstants.EMAIL_ADDRESS_REQ_PAGE));
        }
        return str;
    }

    private boolean isShowEmailAddressInUIEnable(AuthenticationContext authenticationContext, Map<String, String> map) {
        boolean z = false;
        String tenantDomain = authenticationContext.getTenantDomain();
        if ((authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(EmailOTPAuthenticatorConstants.SUPER_TENANT)) && map.containsKey(EmailOTPAuthenticatorConstants.SHOW_EMAIL_ADDRESS_IN_UI)) {
            z = Boolean.parseBoolean(map.get(EmailOTPAuthenticatorConstants.SHOW_EMAIL_ADDRESS_IN_UI));
        } else if (authenticationContext.getProperty(EmailOTPAuthenticatorConstants.SHOW_EMAIL_ADDRESS_IN_UI) != null) {
            z = Boolean.parseBoolean(String.valueOf(authenticationContext.getProperty(EmailOTPAuthenticatorConstants.SHOW_EMAIL_ADDRESS_IN_UI)));
        }
        return z;
    }

    private String getAPI(Map<String, String> map) {
        return map.get(EmailOTPAuthenticatorConstants.EMAIL_API).trim();
    }

    private String sendMailUsingAPIs(AuthenticationContext authenticationContext, Map<String, String> map, Map<String, String> map2, String str, String str2, String str3) throws AuthenticationFailedException {
        String str4 = null;
        String api = getAPI(map);
        String apiKey = getApiKey(authenticationContext, map2, api);
        String mailingEndpoint = getMailingEndpoint(authenticationContext, map2, api);
        if ((isAccessTokenRequired(authenticationContext, map2, map) && StringUtils.isEmpty(map.get(EmailOTPAuthenticatorConstants.EMAILOTP_ACCESS_TOKEN))) || (isAPIKeyHeaderRequired(authenticationContext, map2, map) && StringUtils.isEmpty(apiKey))) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("Required param '" + (isAccessTokenRequired(authenticationContext, map2, map) ? EmailOTPAuthenticatorConstants.EMAILOTP_ACCESS_TOKEN : EmailOTPAuthenticatorConstants.EMAILOTP_API_KEY) + "' cannot be null");
            return null;
        }
        if (isAccessTokenRequired(authenticationContext, map2, map) || isAPIKeyHeaderRequired(authenticationContext, map2, map)) {
            String authTokenType = getAuthTokenType(authenticationContext, map2, api);
            if (!StringUtils.isNotEmpty(mailingEndpoint) || !StringUtils.isNotEmpty(authTokenType)) {
                if (!log.isDebugEnabled()) {
                    return null;
                }
                log.debug("The gmail api endpoint or access token type is empty");
                return null;
            }
            if (mailingEndpoint != null) {
                str4 = sendRESTCall(mailingEndpoint.replace(EmailOTPAuthenticatorConstants.ADMIN_EMAIL, map.get(EmailOTPAuthenticatorConstants.EMAILOTP_EMAIL)), StringUtils.isNotEmpty(str) ? str : "", authTokenType + " " + (isAccessTokenRequired(authenticationContext, map2, map) ? map.get(EmailOTPAuthenticatorConstants.EMAILOTP_ACCESS_TOKEN) : apiKey), str3, str2, EmailOTPAuthenticatorConstants.HTTP_POST);
            }
        } else {
            if (!StringUtils.isNotEmpty(mailingEndpoint)) {
                if (!log.isDebugEnabled()) {
                    return null;
                }
                log.debug("The API endpoint is required to send OTP using API");
                return null;
            }
            str4 = sendRESTCall(mailingEndpoint, StringUtils.isNotEmpty(str) ? str : "", "", "", str2, EmailOTPAuthenticatorConstants.HTTP_POST);
        }
        return str4;
    }

    private String sendTokenRequest(AuthenticationContext authenticationContext, Map<String, String> map, Map<String, String> map2) throws AuthenticationFailedException {
        String api = getAPI(map);
        String refreshToken = getRefreshToken(authenticationContext, map2, api);
        String clientId = getClientId(authenticationContext, map2, api);
        String clientSecret = getClientSecret(authenticationContext, map2, api);
        if (StringUtils.isNotEmpty(clientId) && StringUtils.isNotEmpty(clientSecret) && StringUtils.isNotEmpty(refreshToken)) {
            return sendRESTCall(getTokenEndpoint(authenticationContext, map, map2), "", "", "client_secret=" + clientSecret + "&" + EmailOTPAuthenticatorConstants.EMAILOTP_GRANT_TYPE + "=" + EmailOTPAuthenticatorConstants.EMAILOTP_GRANT_TYPE_REFRESH_TOKEN + "&" + EmailOTPAuthenticatorConstants.EMAILOTP_GRANT_TYPE_REFRESH_TOKEN + "=" + refreshToken + "&" + EmailOTPAuthenticatorConstants.EMAILOTP_CLIENT_ID + "=" + clientId, "", EmailOTPAuthenticatorConstants.HTTP_POST);
        }
        if (!log.isDebugEnabled()) {
            return null;
        }
        log.debug("Required params ClientID : " + clientId + " Or ClientSecret : " + clientSecret + " may be null: ");
        return null;
    }

    protected String getTokenEndpoint(AuthenticationContext authenticationContext, Map<String, String> map, Map<String, String> map2) throws AuthenticationFailedException {
        String accessTokenEndpoint = getAccessTokenEndpoint(authenticationContext, map2, getAPI(map));
        if (StringUtils.isNotEmpty(accessTokenEndpoint)) {
            return accessTokenEndpoint;
        }
        return null;
    }

    private void sendOTP(String str, String str2, String str3) throws AuthenticationFailedException {
        System.setProperty(EmailOTPAuthenticatorConstants.AXIS2, EmailOTPAuthenticatorConstants.AXIS2_FILE);
        try {
            if (!ConfigurationContextFactory.createConfigurationContextFromFileSystem((String) null, (String) null).getAxisConfiguration().getTransportsOut().containsKey(EmailOTPAuthenticatorConstants.TRANSPORT_MAILTO)) {
                throw new AuthenticationFailedException("MAILTO transport sender is not defined in axis2 configuration file");
            }
            NotificationSender notificationSender = new NotificationSender();
            NotificationDataDTO notificationDataDTO = new NotificationDataDTO();
            NotificationData notificationData = new NotificationData();
            try {
                Config loadConfiguration = ConfigBuilder.getInstance().loadConfiguration(ConfigType.EMAIL, StorageType.REGISTRY, IdentityTenantUtil.getTenantId(MultitenantUtils.getTenantDomain(str)));
                notificationData.setTagData(EmailOTPAuthenticatorConstants.CODE, str2);
                notificationData.setSendTo(str3);
                if (!loadConfiguration.getProperties().containsKey(EmailOTPAuthenticatorConstants.AUTHENTICATOR_NAME)) {
                    throw new AuthenticationFailedException("Unable find the email template");
                }
                String property = loadConfiguration.getProperty(EmailOTPAuthenticatorConstants.AUTHENTICATOR_NAME);
                try {
                    Notification createNotification = NotificationBuilder.createNotification("EMAIL", property, notificationData);
                    notificationDataDTO.setNotificationAddress(str3);
                    DefaultEmailSendingModule defaultEmailSendingModule = new DefaultEmailSendingModule();
                    defaultEmailSendingModule.setNotificationData(notificationDataDTO);
                    defaultEmailSendingModule.setNotification(createNotification);
                    notificationSender.sendNotification(defaultEmailSendingModule);
                    notificationDataDTO.setNotificationSent(true);
                } catch (IdentityMgtServiceException e) {
                    if (log.isDebugEnabled()) {
                        log.debug("Error occurred while creating notification from email template : " + property, e);
                    }
                    throw new AuthenticationFailedException("Error occurred while creating notification from email template : " + property, e);
                }
            } catch (IdentityMgtConfigException e2) {
                if (log.isDebugEnabled()) {
                    log.debug("Error occurred while loading email templates for user : " + str, e2);
                }
                throw new AuthenticationFailedException("Error occurred while loading email templates for user : " + str, e2);
            }
        } catch (AxisFault e3) {
            throw new AuthenticationFailedException("Error while getting the SMTP configuration");
        }
    }

    private boolean isSMTP(Map<String, String> map, Map<String, String> map2, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String api = getAPI(map);
        return StringUtils.isEmpty(map.get(EmailOTPAuthenticatorConstants.EMAILOTP_EMAIL)) || StringUtils.isEmpty(api) || StringUtils.isEmpty(getMailingEndpoint(authenticationContext, map2, api)) || (!isAccessTokenRequired(authenticationContext, map2, map) && StringUtils.isEmpty(getApiKey(authenticationContext, map2, api))) || (isAccessTokenRequired(authenticationContext, map2, map) && (StringUtils.isEmpty(getRefreshToken(authenticationContext, map2, api)) || StringUtils.isEmpty(getClientId(authenticationContext, map2, api)) || StringUtils.isEmpty(getClientSecret(authenticationContext, map2, api))));
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("sessionDataKey");
    }

    protected boolean requiredIDToken(Map<String, String> map) {
        return false;
    }

    public String getFriendlyName() {
        return EmailOTPAuthenticatorConstants.AUTHENTICATOR_FRIENDLY_NAME;
    }

    public String getName() {
        return EmailOTPAuthenticatorConstants.AUTHENTICATOR_NAME;
    }

    protected boolean retryAuthenticationEnabled() {
        return true;
    }

    public List<Property> getConfigurationProperties() {
        ArrayList arrayList = new ArrayList();
        Property property = new Property();
        property.setName(EmailOTPAuthenticatorConstants.EMAIL_API);
        property.setDisplayName("Email API");
        property.setDescription("Enter API to send OTP (E.g: Gmail, Sendgrid etc)");
        property.setDisplayOrder(0);
        arrayList.add(property);
        Property property2 = new Property();
        property2.setName(EmailOTPAuthenticatorConstants.EMAILOTP_EMAIL);
        property2.setDisplayName(EmailOTPAuthenticatorConstants.EMAILOTP_EMAIL);
        property2.setDescription("Email address of the sender");
        property2.setDisplayOrder(1);
        arrayList.add(property2);
        return arrayList;
    }

    private AuthenticatedUser getAuthenticatedUser(AuthenticationContext authenticationContext) {
        AuthenticatedUser authenticatedUser = null;
        Iterator it = authenticationContext.getSequenceConfig().getStepMap().values().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            StepConfig stepConfig = (StepConfig) it.next();
            AuthenticatedUser authenticatedUser2 = stepConfig.getAuthenticatedUser();
            if (stepConfig.isSubjectAttributeStep() && authenticatedUser2 != null) {
                authenticatedUser = stepConfig.getAuthenticatedUser();
                break;
            }
        }
        return authenticatedUser;
    }

    private UserRealm getUserRealm(AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
        UserRealm userRealm = null;
        if (authenticatedUser != null) {
            try {
                userRealm = IdentityTenantUtil.getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(authenticatedUser.getTenantDomain()));
            } catch (UserStoreException e) {
                throw new AuthenticationFailedException("Cannot find the user realm of user: " + authenticatedUser.getUserName(), e);
            }
        }
        return userRealm;
    }

    private void resetOtpFailedAttempts(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        if (isLocalUser(authenticationContext) && EmailOTPUtils.isAccountLockingEnabledForEmailOtp(authenticationContext)) {
            AuthenticatedUser authenticatedUser = getAuthenticatedUser(authenticationContext);
            for (Property property : EmailOTPUtils.getAccountLockConnectorConfigs(authenticatedUser.getTenantDomain())) {
                if (EmailOTPAuthenticatorConstants.PROPERTY_ACCOUNT_LOCK_ON_FAILURE.equals(property.getName()) && !Boolean.parseBoolean(property.getValue())) {
                    return;
                }
            }
            String addDomainToName = IdentityUtil.addDomainToName(authenticatedUser.getUserName(), authenticatedUser.getUserStoreDomain());
            try {
                UserStoreManager userStoreManager = getUserRealm(authenticatedUser).getUserStoreManager();
                Map userClaimValues = userStoreManager.getUserClaimValues(addDomainToName, new String[]{EmailOTPAuthenticatorConstants.EMAIL_OTP_FAILED_ATTEMPTS_CLAIM, EmailOTPAuthenticatorConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM}, "default");
                String str = (String) userClaimValues.get(EmailOTPAuthenticatorConstants.EMAIL_OTP_FAILED_ATTEMPTS_CLAIM);
                String str2 = (String) userClaimValues.get(EmailOTPAuthenticatorConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM);
                if ((NumberUtils.isNumber(str) && Integer.parseInt(str) > 0) || (NumberUtils.isNumber(str2) && Integer.parseInt(str2) > 0)) {
                    HashMap hashMap = new HashMap();
                    hashMap.put(EmailOTPAuthenticatorConstants.EMAIL_OTP_FAILED_ATTEMPTS_CLAIM, "0");
                    hashMap.put(EmailOTPAuthenticatorConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM, "0");
                    userStoreManager.setUserClaimValues(addDomainToName, hashMap, "default");
                }
            } catch (UserStoreException e) {
                String format = String.format("Failed to reset failed attempts count for user : %s.", authenticatedUser);
                log.error(format, e);
                throw new AuthenticationFailedException(format, e);
            }
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:11:0x0057. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:25:0x00c3. Please report as an issue. */
    private void handleOtpVerificationFail(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        AuthenticatedUser authenticatedUser = getAuthenticatedUser(authenticationContext);
        if (isLocalUser(authenticationContext) && EmailOTPUtils.isAccountLockingEnabledForEmailOtp(authenticationContext) && !EmailOTPUtils.isAccountLocked(authenticatedUser)) {
            int i = 0;
            long j = 0;
            double d = 1.0d;
            for (Property property : EmailOTPUtils.getAccountLockConnectorConfigs(authenticatedUser.getTenantDomain())) {
                String name = property.getName();
                boolean z = -1;
                switch (name.hashCode()) {
                    case 410630793:
                        if (name.equals(EmailOTPAuthenticatorConstants.PROPERTY_ACCOUNT_LOCK_ON_FAILURE)) {
                            z = false;
                            break;
                        }
                        break;
                    case 437904755:
                        if (name.equals(EmailOTPAuthenticatorConstants.PROPERTY_ACCOUNT_LOCK_TIME)) {
                            z = 2;
                            break;
                        }
                        break;
                    case 497142557:
                        if (name.equals(EmailOTPAuthenticatorConstants.PROPERTY_ACCOUNT_LOCK_ON_FAILURE_MAX)) {
                            z = true;
                            break;
                        }
                        break;
                    case 1825656985:
                        if (name.equals(EmailOTPAuthenticatorConstants.PROPERTY_LOGIN_FAIL_TIMEOUT_RATIO)) {
                            z = 3;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        if (!Boolean.parseBoolean(property.getValue())) {
                            return;
                        }
                    case true:
                        if (NumberUtils.isNumber(property.getValue())) {
                            i = Integer.parseInt(property.getValue());
                        }
                    case EmailOTPAuthenticatorConstants.NUMBER_BASE /* 2 */:
                        if (NumberUtils.isNumber(property.getValue())) {
                            j = Integer.parseInt(property.getValue());
                        }
                    case true:
                        if (NumberUtils.isNumber(property.getValue())) {
                            double parseDouble = Double.parseDouble(property.getValue());
                            if (parseDouble > 0.0d) {
                                d = parseDouble;
                            }
                        }
                    default:
                }
            }
            Map<String, String> userClaimValues = getUserClaimValues(authenticatedUser);
            if (userClaimValues == null) {
                userClaimValues = new HashMap();
            }
            int parseInt = NumberUtils.isNumber(userClaimValues.get(EmailOTPAuthenticatorConstants.EMAIL_OTP_FAILED_ATTEMPTS_CLAIM)) ? Integer.parseInt(userClaimValues.get(EmailOTPAuthenticatorConstants.EMAIL_OTP_FAILED_ATTEMPTS_CLAIM)) : 0;
            int parseInt2 = NumberUtils.isNumber(userClaimValues.get(EmailOTPAuthenticatorConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM)) ? Integer.parseInt(userClaimValues.get(EmailOTPAuthenticatorConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM)) : 0;
            HashMap hashMap = new HashMap();
            if (parseInt + 1 < i) {
                hashMap.put(EmailOTPAuthenticatorConstants.EMAIL_OTP_FAILED_ATTEMPTS_CLAIM, String.valueOf(parseInt + 1));
                setUserClaimValues(authenticatedUser, hashMap);
                return;
            }
            long currentTimeMillis = System.currentTimeMillis() + ((long) (j * 1000 * 60 * Math.pow(d, parseInt2)));
            hashMap.put(EmailOTPAuthenticatorConstants.ACCOUNT_LOCKED_CLAIM, Boolean.TRUE.toString());
            hashMap.put(EmailOTPAuthenticatorConstants.EMAIL_OTP_FAILED_ATTEMPTS_CLAIM, "0");
            hashMap.put(EmailOTPAuthenticatorConstants.ACCOUNT_UNLOCK_TIME_CLAIM, String.valueOf(currentTimeMillis));
            hashMap.put(EmailOTPAuthenticatorConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM, String.valueOf(parseInt2 + 1));
            ((Map) IdentityUtil.threadLocalProperties.get()).put(EmailOTPAuthenticatorConstants.ADMIN_INITIATED, false);
            setUserClaimValues(authenticatedUser, hashMap);
            throw new AuthenticationFailedException("User account is locked " + authenticatedUser.getUserName());
        }
    }

    private boolean isLocalUser(AuthenticationContext authenticationContext) {
        Map stepMap = authenticationContext.getSequenceConfig().getStepMap();
        if (stepMap == null) {
            return false;
        }
        for (StepConfig stepConfig : stepMap.values()) {
            if (stepConfig.getAuthenticatedUser() != null && stepConfig.isSubjectAttributeStep() && StringUtils.equals(EmailOTPAuthenticatorConstants.LOCAL_AUTHENTICATOR, stepConfig.getAuthenticatedIdP())) {
                return true;
            }
        }
        return false;
    }

    private Map<String, String> getUserClaimValues(AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
        try {
            return getUserRealm(authenticatedUser).getUserStoreManager().getUserClaimValues(IdentityUtil.addDomainToName(authenticatedUser.getUserName(), authenticatedUser.getUserStoreDomain()), new String[]{EmailOTPAuthenticatorConstants.EMAIL_OTP_FAILED_ATTEMPTS_CLAIM, EmailOTPAuthenticatorConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM}, "default");
        } catch (UserStoreException e) {
            log.error("Error while reading user claims of user: " + authenticatedUser.getUserName(), e);
            throw new AuthenticationFailedException(String.format("Failed to read user claims for user : %s.", authenticatedUser.getUserName()), e);
        }
    }

    private void setUserClaimValues(AuthenticatedUser authenticatedUser, Map<String, String> map) throws AuthenticationFailedException {
        try {
            getUserRealm(authenticatedUser).getUserStoreManager().setUserClaimValues(IdentityUtil.addDomainToName(authenticatedUser.getUserName(), authenticatedUser.getUserStoreDomain()), map, "default");
        } catch (UserStoreException e) {
            log.error("Error while updating user claims of user: " + authenticatedUser.getUserName(), e);
            throw new AuthenticationFailedException(String.format("Failed to update user claims for user : %s.", authenticatedUser.getUserName()), e);
        }
    }
}
