package org.wso2.carbon.identity.captcha.util;

import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.servlet.ServletRequest;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpEntity;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.captcha.exception.CaptchaClientException;
import org.wso2.carbon.identity.captcha.exception.CaptchaException;
import org.wso2.carbon.identity.captcha.exception.CaptchaServerException;
import org.wso2.carbon.identity.captcha.internal.CaptchaDataHolder;
import org.wso2.carbon.identity.captcha.util.CaptchaConstants;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.governance.IdentityGovernanceException;
import org.wso2.carbon.identity.governance.IdentityGovernanceService;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.securevault.SecretResolver;
import org.wso2.securevault.SecretResolverFactory;
import org.wso2.securevault.commons.MiscellaneousUtil;

/* loaded from: input_file:org/wso2/carbon/identity/captcha/util/CaptchaUtil.class */
public class CaptchaUtil {
    private static final Log log = LogFactory.getLog(CaptchaUtil.class);

    public static void buildReCaptchaFilterProperties() {
        Path path = Paths.get(getCarbonHomeDirectory().toString(), "repository", "conf", "identity", CaptchaConstants.CAPTCHA_CONFIG_FILE_NAME);
        if (Files.exists(path, new LinkOption[0])) {
            Properties properties = new Properties();
            try {
                InputStreamReader inputStreamReader = new InputStreamReader(Files.newInputStream(path, new OpenOption[0]), StandardCharsets.UTF_8);
                Throwable th = null;
                try {
                    try {
                        properties.load(inputStreamReader);
                        if (inputStreamReader != null) {
                            if (0 != 0) {
                                try {
                                    inputStreamReader.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                inputStreamReader.close();
                            }
                        }
                        boolean booleanValue = Boolean.valueOf(properties.getProperty(CaptchaConstants.RE_CAPTCHA_ENABLED)).booleanValue();
                        String property = properties.getProperty(CaptchaConstants.RE_CAPTCHA_FAILED_REDIRECT_URLS);
                        if (StringUtils.isNotBlank(property)) {
                            CaptchaDataHolder.getInstance().setReCaptchaErrorRedirectUrls(property);
                        }
                        if (!booleanValue) {
                            CaptchaDataHolder.getInstance().setReCaptchaEnabled(false);
                            return;
                        }
                        CaptchaDataHolder.getInstance().setReCaptchaEnabled(true);
                        resolveSecrets(properties);
                        setReCaptchaConfigs(properties);
                    } catch (Throwable th3) {
                        th = th3;
                        throw th3;
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new RuntimeException("Error while loading 'captcha-config.properties' configuration file", e);
            }
        }
    }

    public static Path getCarbonHomeDirectory() {
        return Paths.get(System.getProperty(CaptchaConstants.CARBON_HOME), new String[0]);
    }

    public static boolean isPathAvailable(String str, String str2) {
        if (StringUtils.isBlank(str2)) {
            return false;
        }
        for (String str3 : str2.split(",")) {
            if (str.equals(str3)) {
                return true;
            }
        }
        return false;
    }

    public static String getUpdatedUrl(String str, Map<String, String> map) {
        try {
            URIBuilder uRIBuilder = new URIBuilder(str);
            for (Map.Entry<String, String> entry : map.entrySet()) {
                uRIBuilder.addParameter(entry.getKey(), entry.getValue());
            }
            return uRIBuilder.build().toString();
        } catch (URISyntaxException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error occurred while building URL.", e);
            }
            return str;
        }
    }

    public static String getOnFailRedirectUrl(String str, List<String> list, Map<String, String> map) {
        if (StringUtils.isBlank(str) || list.isEmpty()) {
            return getErrorPage("Human Verification Failed.", "Something went wrong. Please try again.");
        }
        try {
            URIBuilder uRIBuilder = new URIBuilder(str);
            for (String str2 : list) {
                if (!StringUtils.isBlank(str2) && str2.equalsIgnoreCase(uRIBuilder.getPath())) {
                    for (NameValuePair nameValuePair : uRIBuilder.getQueryParams()) {
                        map.put(nameValuePair.getName(), nameValuePair.getValue());
                    }
                    return getUpdatedUrl(str2, map);
                }
            }
            return getErrorPage("Human Verification Failed.", "Something went wrong. Please try again.");
        } catch (URISyntaxException e) {
            return getErrorPage("Human Verification Failed.", "Something went wrong. Please try again.");
        }
    }

    public static String getErrorPage(String str, String str2) {
        try {
            URIBuilder uRIBuilder = new URIBuilder(CaptchaConstants.ERROR_PAGE);
            uRIBuilder.addParameter("status", str);
            uRIBuilder.addParameter("statusMsg", str2);
            return uRIBuilder.build().toString();
        } catch (URISyntaxException e) {
            if (!log.isDebugEnabled()) {
                return CaptchaConstants.ERROR_PAGE;
            }
            log.debug("Error occurred while building URL.", e);
            return CaptchaConstants.ERROR_PAGE;
        }
    }

    public static Map<String, String> getClaimValues(User user, int i, String[] strArr) throws CaptchaServerException {
        String userName = user.getUserName();
        if (!StringUtils.isBlank(user.getUserStoreDomain()) && !"PRIMARY".equals(user.getUserStoreDomain())) {
            userName = IdentityUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain());
        }
        try {
            try {
                Map<String, String> map = null;
                try {
                    map = CaptchaDataHolder.getInstance().getRealmService().getTenantUserRealm(i).getUserStoreManager().getUserClaimValues(userName, strArr, "default");
                } catch (UserStoreException e) {
                    if (log.isDebugEnabled()) {
                        log.debug("Error occurred while retrieving user claims.", e);
                    }
                }
                return map;
            } catch (org.wso2.carbon.user.api.UserStoreException e2) {
                throw new CaptchaServerException("Failed to retrieve user store manager.", e2);
            }
        } catch (org.wso2.carbon.user.api.UserStoreException e3) {
            throw new CaptchaServerException("Failed to retrieve user realm from tenant id : " + i, e3);
        }
    }

    public static boolean isValidCaptcha(String str) throws CaptchaException {
        CloseableHttpClient build = HttpClientBuilder.create().useSystemProperties().build();
        HttpPost httpPost = new HttpPost(CaptchaDataHolder.getInstance().getReCaptchaVerifyUrl());
        httpPost.setEntity(new UrlEncodedFormEntity(Arrays.asList(new BasicNameValuePair("secret", CaptchaDataHolder.getInstance().getReCaptchaSecretKey()), new BasicNameValuePair("response", str)), StandardCharsets.UTF_8));
        try {
            HttpEntity entity = build.execute(httpPost).getEntity();
            if (entity == null) {
                throw new CaptchaServerException("reCaptcha verification response is not received.");
            }
            try {
                InputStream content = entity.getContent();
                Throwable th = null;
                try {
                    try {
                        JsonObject asJsonObject = new JsonParser().parse(IOUtils.toString(content)).getAsJsonObject();
                        if (asJsonObject == null || asJsonObject.get("success") == null || !asJsonObject.get("success").getAsBoolean()) {
                            throw new CaptchaClientException("reCaptcha verification failed. Please try again.");
                        }
                        if (content != null) {
                            if (0 != 0) {
                                try {
                                    content.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                content.close();
                            }
                        }
                        return true;
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new CaptchaServerException("Unable to read the verification response.", e);
            }
        } catch (IOException e2) {
            throw new CaptchaServerException("Unable to get the verification response.", e2);
        }
    }

    public static boolean isMaximumFailedLoginAttemptsReached(String str, String str2) throws CaptchaException {
        try {
            Property[] configuration = CaptchaDataHolder.getInstance().getIdentityGovernanceService().getConfiguration(new String[]{"sso.login.recaptcha" + CaptchaConstants.ReCaptchaConnectorPropertySuffixes.ENABLE, "sso.login.recaptcha" + CaptchaConstants.ReCaptchaConnectorPropertySuffixes.MAX_ATTEMPTS}, str2);
            if (configuration == null) {
                return false;
            }
            String str3 = null;
            for (Property property : configuration) {
                if (("sso.login.recaptcha" + CaptchaConstants.ReCaptchaConnectorPropertySuffixes.ENABLE).equals(property.getName()) && !Boolean.valueOf(property.getValue()).booleanValue()) {
                    return false;
                }
                if (("sso.login.recaptcha" + CaptchaConstants.ReCaptchaConnectorPropertySuffixes.MAX_ATTEMPTS).equals(property.getName())) {
                    str3 = property.getValue();
                }
            }
            if (StringUtils.isBlank(str3) || !NumberUtils.isNumber(str3)) {
                throw new CaptchaServerException("Invalid reCaptcha configuration.");
            }
            int parseInt = Integer.parseInt(str3);
            RealmService realmService = CaptchaDataHolder.getInstance().getRealmService();
            try {
                int tenantId = realmService.getTenantManager().getTenantId(str2);
                if (-1 == tenantId) {
                    throw new CaptchaServerException("Invalid tenant domain : " + str2);
                }
                try {
                    try {
                        try {
                            Map userClaimValues = realmService.getTenantUserRealm(tenantId).getUserStoreManager().getUserClaimValues(MultitenantUtils.getTenantAwareUsername(str), new String[]{"http://wso2.org/claims/identity/failedLoginAttempts"}, "default");
                            return (NumberUtils.isNumber((String) userClaimValues.get("http://wso2.org/claims/identity/failedLoginAttempts")) ? Integer.parseInt((String) userClaimValues.get("http://wso2.org/claims/identity/failedLoginAttempts")) : 0) >= parseInt;
                        } catch (UserStoreException e) {
                            if (!log.isDebugEnabled()) {
                                return false;
                            }
                            log.debug("Error occurred while retrieving user claims.", e);
                            return false;
                        }
                    } catch (org.wso2.carbon.user.api.UserStoreException e2) {
                        throw new CaptchaServerException("Failed to retrieve user store manager.", e2);
                    }
                } catch (org.wso2.carbon.user.api.UserStoreException e3) {
                    throw new CaptchaServerException("Failed to retrieve user realm from tenant id : " + tenantId, e3);
                }
            } catch (org.wso2.carbon.user.api.UserStoreException e4) {
                throw new CaptchaServerException("Failed to retrieve tenant id from tenant domain : " + str2, e4);
            }
        } catch (Exception e5) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Unable to load connector configuration.", e5);
            return false;
        }
    }

    private static void setReCaptchaConfigs(Properties properties) {
        String property = properties.getProperty(CaptchaConstants.RE_CAPTCHA_API_URL);
        if (StringUtils.isBlank(property)) {
            throw new RuntimeException(getValidationErrorMessage(CaptchaConstants.RE_CAPTCHA_API_URL));
        }
        CaptchaDataHolder.getInstance().setReCaptchaAPIUrl(property);
        String property2 = properties.getProperty(CaptchaConstants.RE_CAPTCHA_VERIFY_URL);
        if (StringUtils.isBlank(property2)) {
            throw new RuntimeException(getValidationErrorMessage(CaptchaConstants.RE_CAPTCHA_VERIFY_URL));
        }
        CaptchaDataHolder.getInstance().setReCaptchaVerifyUrl(property2);
        String property3 = properties.getProperty(CaptchaConstants.RE_CAPTCHA_SITE_KEY);
        if (StringUtils.isBlank(property3)) {
            throw new RuntimeException(getValidationErrorMessage(CaptchaConstants.RE_CAPTCHA_SITE_KEY));
        }
        CaptchaDataHolder.getInstance().setReCaptchaSiteKey(property3);
        String property4 = properties.getProperty(CaptchaConstants.RE_CAPTCHA_SECRET_KEY);
        if (StringUtils.isBlank(property4)) {
            throw new RuntimeException(getValidationErrorMessage(CaptchaConstants.RE_CAPTCHA_SECRET_KEY));
        }
        CaptchaDataHolder.getInstance().setReCaptchaSecretKey(property4);
        String property5 = properties.getProperty(CaptchaConstants.RE_CAPTCHA_REQUEST_WRAP_URLS);
        if (property5 == null) {
            throw new RuntimeException(getValidationErrorMessage(CaptchaConstants.RE_CAPTCHA_REQUEST_WRAP_URLS));
        }
        CaptchaDataHolder.getInstance().setReCaptchaRequestWrapUrls(property5);
    }

    private static void setSSOLoginConnectorConfigs(Properties properties) {
        HashMap hashMap = new HashMap();
        hashMap.put("sso.login.enable", properties.getProperty("sso.login.enable"));
        hashMap.put("sso.login.connector.identifier.attribute", properties.getProperty("sso.login.connector.identifier.attribute"));
        hashMap.put("sso.login.user.identifier.attribute", properties.getProperty("sso.login.user.identifier.attribute"));
        hashMap.put("sso.login.verification.claim", properties.getProperty("sso.login.verification.claim"));
        hashMap.put("sso.login.on.max.failed.attempts", properties.getProperty("sso.login.on.max.failed.attempts"));
        CaptchaDataHolder.getInstance().setSSOLoginReCaptchaConnectorPropertyMap(hashMap);
    }

    private static void setPathBasedConnectorConfigs(Properties properties) {
        HashMap hashMap = new HashMap();
        hashMap.put("path.based.enable", properties.getProperty("path.based.enable"));
        hashMap.put("path.based.secured.pages", properties.getProperty("path.based.secured.pages"));
        hashMap.put("path.based.secured.destinations", properties.getProperty("path.based.secured.destinations"));
        CaptchaDataHolder.getInstance().setPathBasedReCaptchaConnectorPropertyMap(hashMap);
    }

    private static String getValidationErrorMessage(String str) {
        return "Invalid value for " + str + " in the " + CaptchaConstants.CAPTCHA_CONFIG_FILE_NAME + " file.";
    }

    public static Property[] getConnectorConfigs(ServletRequest servletRequest, IdentityGovernanceService identityGovernanceService, String str) throws Exception {
        String parameter = servletRequest.getParameter("tenantDomain");
        if (StringUtils.isEmpty(parameter)) {
            parameter = servletRequest.getParameter("tenant-domain");
        }
        if (StringUtils.isBlank(parameter)) {
            parameter = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        }
        if (StringUtils.isBlank(parameter)) {
            parameter = "carbon.super";
        }
        return identityGovernanceService.getConfiguration(new String[]{str}, parameter);
    }

    public static boolean isValidAuthenticator(AuthenticationContext authenticationContext, String str) {
        ApplicationAuthenticator currentAuthenticator = getCurrentAuthenticator(authenticationContext, str);
        if (currentAuthenticator != null) {
            return CaptchaConstants.BASIC_AUTH_MECHANISM.equals(currentAuthenticator.getAuthMechanism());
        }
        return false;
    }

    private static ApplicationAuthenticator getCurrentAuthenticator(AuthenticationContext authenticationContext, String str) {
        int currentStep = authenticationContext.getCurrentStep();
        SequenceConfig sequenceConfig = authenticationContext.getSequenceConfig();
        if (sequenceConfig == null) {
            return null;
        }
        Map stepMap = sequenceConfig.getStepMap();
        if (!MapUtils.isNotEmpty(stepMap) || !stepMap.containsKey(Integer.valueOf(currentStep))) {
            return null;
        }
        for (AuthenticatorConfig authenticatorConfig : ((StepConfig) stepMap.get(Integer.valueOf(currentStep))).getAuthenticatorList()) {
            if (authenticatorConfig.getName().equals(str)) {
                return authenticatorConfig.getApplicationAuthenticator();
            }
        }
        return null;
    }

    private static void resolveSecrets(Properties properties) {
        SecretResolver create = SecretResolverFactory.create(properties);
        if (create == null || !create.isInitialized()) {
            if (log.isDebugEnabled()) {
                log.debug("Secret Resolver is not present. Will not resolve encryptions for captcha");
                return;
            }
            return;
        }
        for (Map.Entry entry : properties.entrySet()) {
            String obj = entry.getKey().toString();
            String obj2 = entry.getValue().toString();
            if (obj2 != null) {
                obj2 = MiscellaneousUtil.resolve(obj2, create);
            }
            properties.put(obj, obj2);
        }
    }

    public static String reCaptchaSiteKey() {
        return CaptchaDataHolder.getInstance().getReCaptchaSiteKey();
    }

    public static String reCaptchaAPIURL() {
        return CaptchaDataHolder.getInstance().getReCaptchaAPIUrl();
    }

    public static Boolean isReCaptchaEnabled() {
        return Boolean.valueOf(CaptchaDataHolder.getInstance().isReCaptchaEnabled());
    }

    public static Boolean isReCaptchaEnabledForFlow(String str, String str2) {
        Property[] propertyArr = null;
        String str3 = null;
        IdentityGovernanceService identityGovernanceService = CaptchaDataHolder.getInstance().getIdentityGovernanceService();
        if (StringUtils.isEmpty(str2)) {
            str2 = "carbon.super";
        }
        try {
            propertyArr = identityGovernanceService.getConfiguration(str2);
        } catch (IdentityGovernanceException e) {
            log.error("Error while retrieving resident Idp configurations for tenant: " + str2, e);
        }
        if (propertyArr == null || !StringUtils.isNotEmpty(str)) {
            log.warn(String.format("Connector configurations are null. Hence return true for %s configuration.", str));
        } else {
            for (Property property : propertyArr) {
                if (str.equals(property.getName())) {
                    str3 = property.getValue();
                }
            }
        }
        return Boolean.valueOf(!Boolean.FALSE.toString().equalsIgnoreCase(str3));
    }
}
