package org.wso2.carbon.identity.captcha.validator;

import java.util.Map;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityRuntimeException;
import org.wso2.carbon.identity.captcha.exception.CaptchaException;
import org.wso2.carbon.identity.captcha.util.CaptchaConstants;
import org.wso2.carbon.identity.captcha.util.CaptchaUtil;
import org.wso2.carbon.identity.core.bean.context.MessageContext;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventConstants;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/captcha/validator/FailLoginAttemptValidationHandler.class */
public class FailLoginAttemptValidationHandler extends AbstractEventHandler {
    private static Log log = LogFactory.getLog(FailLoginAttemptValidationHandler.class);

    public String getName() {
        return "failLoginAttemptValidator";
    }

    public boolean canHandle(MessageContext messageContext) throws IdentityRuntimeException {
        return super.canHandle(messageContext) && isFailLoginAttemptValidatorEnabled();
    }

    public void handleEvent(Event event) throws IdentityEventException {
        if (canHandleEvent(event)) {
            AuthenticationContext authenticationContext = (AuthenticationContext) event.getEventProperties().get("context");
            Map<String, Object> map = (Map) event.getEventProperties().get("params");
            String eventName = event.getEventName();
            if (log.isDebugEnabled()) {
                log.debug(getName() + " received event : " + eventName);
            }
            if (IdentityEventConstants.EventName.AUTHENTICATION_STEP_FAILURE.name().equals(eventName)) {
                handleAuthenticationStepFailure(authenticationContext, map);
            }
        }
    }

    protected void handleAuthenticationStepFailure(AuthenticationContext authenticationContext, Map<String, Object> map) {
        String currentAuthenticator = authenticationContext.getCurrentAuthenticator();
        if (StringUtils.isBlank(currentAuthenticator) && MapUtils.isNotEmpty(map)) {
            currentAuthenticator = (String) map.get("authenticator");
        }
        if ("BasicAuthenticator".equals(currentAuthenticator) && MapUtils.isNotEmpty(map) && map.get("user") != null && (map.get("user") instanceof User)) {
            User user = (User) map.get("user");
            String domainQualifiedUsername = getDomainQualifiedUsername(user);
            if (log.isDebugEnabled()) {
                log.debug("Evaluating failed login attempts for user: " + domainQualifiedUsername + " authenticated from: " + currentAuthenticator);
            }
            try {
                if (CaptchaUtil.isMaximumFailedLoginAttemptsReached(domainQualifiedUsername, user.getTenantDomain())) {
                    CaptchaConstants.setEnableSecurityMechanism("enable");
                    if (log.isDebugEnabled()) {
                        log.debug("User: " + domainQualifiedUsername + " reached maximum no of failed login attempts. Enabling captcha for user.");
                    }
                }
            } catch (CaptchaException e) {
                log.error("Failed to evaluate max failed login attempts of the user: " + domainQualifiedUsername, e);
            }
        }
    }

    private boolean isFailLoginAttemptValidatorEnabled() throws IdentityRuntimeException {
        if (this.configs.getModuleProperties() != null) {
            return Boolean.parseBoolean(this.configs.getModuleProperties().getProperty(CaptchaConstants.FAIL_LOGIN_ATTEMPT_VALIDATOR_ENABLED));
        }
        return false;
    }

    private boolean canHandleEvent(Event event) {
        return event != null && (event.getEventProperties().get("context") instanceof AuthenticationContext) && (event.getEventProperties().get("params") instanceof Map);
    }

    private String getDomainQualifiedUsername(User user) {
        String userName = user.getUserName();
        if (!StringUtils.isBlank(user.getUserStoreDomain()) && !IdentityUtil.getPrimaryDomainName().equals(user.getUserStoreDomain())) {
            userName = UserCoreUtil.addDomainToName(userName, user.getUserStoreDomain());
        }
        return userName;
    }
}
