package org.wso2.carbon.identity.captcha.connector.recaptcha;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.captcha.connector.CaptchaPostValidationResponse;
import org.wso2.carbon.identity.captcha.connector.CaptchaPreValidationResponse;
import org.wso2.carbon.identity.captcha.exception.CaptchaException;
import org.wso2.carbon.identity.captcha.internal.CaptchaDataHolder;
import org.wso2.carbon.identity.captcha.util.CaptchaConstants;
import org.wso2.carbon.identity.captcha.util.CaptchaUtil;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.governance.IdentityGovernanceException;
import org.wso2.carbon.identity.governance.IdentityGovernanceService;
import org.wso2.carbon.identity.governance.common.IdentityConnectorConfig;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/captcha/connector/recaptcha/SSOLoginReCaptchaConfig.class */
public class SSOLoginReCaptchaConfig extends AbstractReCaptchaConnector implements IdentityConnectorConfig {
    private static final Log log = LogFactory.getLog(SSOLoginReCaptchaConfig.class);
    private static final String CONNECTOR_NAME = "sso.login.recaptcha";
    private static final String CONNECTOR_IDENTIFIER_ATTRIBUTE = "username,password";
    private static final String RECAPTCHA_VERIFICATION_CLAIM = "http://wso2.org/claims/identity/failedLoginAttempts";
    private static final String SECURED_DESTINATIONS = "/commonauth,/samlsso,/oauth2";
    private static final String ON_FAIL_REDIRECT_URL = "/authenticationendpoint/login.do";
    private IdentityGovernanceService identityGovernanceService;

    @Override // org.wso2.carbon.identity.captcha.connector.CaptchaConnector
    public void init(IdentityGovernanceService identityGovernanceService) {
        this.identityGovernanceService = identityGovernanceService;
    }

    @Override // org.wso2.carbon.identity.captcha.connector.CaptchaConnector
    public int getPriority() {
        return 20;
    }

    @Override // org.wso2.carbon.identity.captcha.connector.CaptchaConnector
    public boolean canHandle(ServletRequest servletRequest, ServletResponse servletResponse) throws CaptchaException {
        String parameter;
        AuthenticationContext authenticationContextFromCache;
        String parameter2 = servletRequest.getParameter("username");
        if (StringUtils.isBlank(parameter2) || (parameter = servletRequest.getParameter("sessionDataKey")) == null || (authenticationContextFromCache = FrameworkUtils.getAuthenticationContextFromCache(parameter)) == null) {
            return false;
        }
        String tenant = getTenant(authenticationContextFromCache, parameter2);
        if (StringUtils.isBlank(tenant)) {
            return false;
        }
        try {
            Property[] configuration = this.identityGovernanceService.getConfiguration(new String[]{"sso.login.recaptcha.enable.always", "sso.login.recaptcha.enable"}, tenant);
            if (ArrayUtils.isEmpty(configuration) || configuration.length != 2) {
                return false;
            }
            if (!Boolean.parseBoolean(configuration[0].getValue()) && !Boolean.parseBoolean(configuration[1].getValue())) {
                return false;
            }
            String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
            if (StringUtils.isBlank(requestURI) || !CaptchaUtil.isPathAvailable(requestURI, SECURED_DESTINATIONS)) {
                return false;
            }
            for (String str : CONNECTOR_IDENTIFIER_ATTRIBUTE.split(",")) {
                if (servletRequest.getParameter(str) == null) {
                    return false;
                }
            }
            return true;
        } catch (IdentityGovernanceException e) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Unable to load connector configuration.", e);
            return false;
        }
    }

    @Override // org.wso2.carbon.identity.captcha.connector.CaptchaConnector
    public CaptchaPreValidationResponse preValidate(ServletRequest servletRequest, ServletResponse servletResponse) throws CaptchaException {
        CaptchaPreValidationResponse captchaPreValidationResponse = new CaptchaPreValidationResponse();
        String parameter = servletRequest.getParameter("username");
        String tenant = getTenant(FrameworkUtils.getAuthenticationContextFromCache(servletRequest.getParameter("sessionDataKey")), parameter);
        Property[] propertyArr = null;
        try {
            propertyArr = this.identityGovernanceService.getConfiguration(new String[]{"sso.login.recaptcha.enable.always"}, tenant);
        } catch (IdentityGovernanceException e) {
            log.error("Unable to load connector configuration.", e);
        }
        if (propertyArr != null && propertyArr.length != 0 && Boolean.parseBoolean(propertyArr[0].getValue())) {
            HashMap hashMap = new HashMap();
            hashMap.put("authFailure", "true");
            hashMap.put("authFailureMsg", "recaptcha.fail.message");
            captchaPreValidationResponse.setCaptchaAttributes(hashMap);
            captchaPreValidationResponse.setOnCaptchaFailRedirectUrls(getFailedUrlList());
            captchaPreValidationResponse.setCaptchaValidationRequired(true);
        } else if (CaptchaUtil.isMaximumFailedLoginAttemptsReached(MultitenantUtils.getTenantAwareUsername(parameter), tenant)) {
            captchaPreValidationResponse.setCaptchaValidationRequired(true);
            captchaPreValidationResponse.setMaxFailedLimitReached(true);
            captchaPreValidationResponse.setOnCaptchaFailRedirectUrls(getFailedUrlList());
            HashMap hashMap2 = new HashMap();
            hashMap2.put("reCaptcha", "true");
            hashMap2.put("reCaptchaKey", CaptchaDataHolder.getInstance().getReCaptchaSiteKey());
            hashMap2.put("reCaptchaAPI", CaptchaDataHolder.getInstance().getReCaptchaAPIUrl());
            hashMap2.put("authFailure", "true");
            hashMap2.put("authFailureMsg", "recaptcha.fail.message");
            captchaPreValidationResponse.setCaptchaAttributes(hashMap2);
        }
        captchaPreValidationResponse.setMaxFailedLimitReached(true);
        captchaPreValidationResponse.setPostValidationRequired(true);
        return captchaPreValidationResponse;
    }

    @Override // org.wso2.carbon.identity.captcha.connector.CaptchaConnector
    public CaptchaPostValidationResponse postValidate(ServletRequest servletRequest, ServletResponse servletResponse) throws CaptchaException {
        if (StringUtils.isBlank(CaptchaConstants.getEnableSecurityMechanism())) {
            return null;
        }
        CaptchaConstants.removeEnabledSecurityMechanism();
        CaptchaPostValidationResponse captchaPostValidationResponse = new CaptchaPostValidationResponse();
        captchaPostValidationResponse.setSuccessfulAttempt(false);
        captchaPostValidationResponse.setEnableCaptchaResponsePath(true);
        HashMap hashMap = new HashMap();
        hashMap.put("reCaptcha", "true");
        hashMap.put("reCaptchaKey", CaptchaDataHolder.getInstance().getReCaptchaSiteKey());
        hashMap.put("reCaptchaAPI", CaptchaDataHolder.getInstance().getReCaptchaAPIUrl());
        captchaPostValidationResponse.setCaptchaAttributes(hashMap);
        return captchaPostValidationResponse;
    }

    public String getName() {
        return CONNECTOR_NAME;
    }

    public String getFriendlyName() {
        return "reCaptcha for SSO Login";
    }

    public String getCategory() {
        return "Login Attempts Security";
    }

    public String getSubCategory() {
        return "DEFAULT";
    }

    public int getOrder() {
        return 0;
    }

    public Map<String, String> getPropertyNameMapping() {
        HashMap hashMap = new HashMap();
        hashMap.put("sso.login.recaptcha.enable.always", "Always prompt reCaptcha");
        hashMap.put("sso.login.recaptcha.enable", "Prompt reCaptcha after max failed attempts");
        hashMap.put("sso.login.recaptcha.on.max.failed.attempts", "Max failed attempts for reCaptcha");
        return hashMap;
    }

    public Map<String, String> getPropertyDescriptionMapping() {
        HashMap hashMap = new HashMap();
        hashMap.put("sso.login.recaptcha.enable.always", "Always prompt reCaptcha verification during SSO login flow.");
        hashMap.put("sso.login.recaptcha.enable", "Prompt reCaptcha verification during SSO login flow only after the max failed attempts exceeded.");
        hashMap.put("sso.login.recaptcha.on.max.failed.attempts", "Number of failed attempts allowed without prompting reCaptcha verification.");
        return hashMap;
    }

    public String[] getPropertyNames() {
        return new String[]{"sso.login.recaptcha.enable.always", "sso.login.recaptcha.enable", "sso.login.recaptcha.on.max.failed.attempts"};
    }

    public Properties getDefaultPropertyValues(String str) throws IdentityGovernanceException {
        Map<String, String> sSOLoginReCaptchaConnectorPropertyMap = CaptchaDataHolder.getInstance().getSSOLoginReCaptchaConnectorPropertyMap();
        if (StringUtils.isBlank(sSOLoginReCaptchaConnectorPropertyMap.get("sso.login.recaptcha.enable.always"))) {
            sSOLoginReCaptchaConnectorPropertyMap.put("sso.login.recaptcha.enable.always", "false");
        }
        if (StringUtils.isBlank(sSOLoginReCaptchaConnectorPropertyMap.get("sso.login.recaptcha.enable"))) {
            sSOLoginReCaptchaConnectorPropertyMap.put("sso.login.recaptcha.enable", "false");
        }
        if (StringUtils.isBlank(sSOLoginReCaptchaConnectorPropertyMap.get("sso.login.recaptcha.on.max.failed.attempts"))) {
            sSOLoginReCaptchaConnectorPropertyMap.put("sso.login.recaptcha.on.max.failed.attempts", "3");
        }
        Properties properties = new Properties();
        properties.putAll(sSOLoginReCaptchaConnectorPropertyMap);
        return properties;
    }

    public Map<String, String> getDefaultPropertyValues(String[] strArr, String str) throws IdentityGovernanceException {
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v10, types: [java.util.List] */
    private List<String> getFailedUrlList() {
        ArrayList arrayList = new ArrayList();
        String reCaptchaErrorRedirectUrls = CaptchaDataHolder.getInstance().getReCaptchaErrorRedirectUrls();
        if (StringUtils.isNotBlank(reCaptchaErrorRedirectUrls)) {
            arrayList = Arrays.asList(reCaptchaErrorRedirectUrls.split(","));
        }
        arrayList.add(ON_FAIL_REDIRECT_URL);
        return arrayList;
    }

    private String getTenant(AuthenticationContext authenticationContext, String str) {
        return (IdentityTenantUtil.isTenantedSessionsEnabled() || IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) ? authenticationContext.getUserTenantDomain() : MultitenantUtils.getTenantDomain(str);
    }
}
