package org.wso2.solutions.identity.user.ui.action;

import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionContext;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts2.StrutsStatics;
import org.openid4java.message.ParameterList;
import org.openid4java.message.pape.PapeMessage;
import org.wso2.solutions.identity.IdentityProviderException;
import org.wso2.solutions.identity.UserStore;
import org.wso2.solutions.identity.admin.ClaimsAdmin;
import org.wso2.solutions.identity.admin.ReportAdmin;
import org.wso2.solutions.identity.openid.OpenIDUtil;
import org.wso2.solutions.identity.persistence.IPPersistenceManager;
import org.wso2.solutions.identity.persistence.dataobject.OpenIDUserRPDO;
import org.wso2.solutions.identity.relyingparty.RelyingPartyException;
import org.wso2.solutions.identity.user.ui.ClaimValue;
import org.wso2.solutions.identity.user.ui.UIConstants;
import org.wso2.solutions.identity.user.ui.util.UserUtil;
import org.wso2.solutions.identity.users.IdentityUserStoreReader;
import org.wso2.usermanager.UserManagerException;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:WEB-INF/classes/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.class */
public class OpenIDAuthVerificationAction extends ManagedAction {
    private static final long serialVersionUID = 7880796322220751491L;
    private List<String> profile = null;
    private List<ClaimValue> claimValues = null;
    private String defaultUserProfileName = null;
    private List<String> requiredAttributes = null;

    @Override // com.opensymphony.xwork2.ActionSupport, com.opensymphony.xwork2.Action
    public String execute() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) ActionContext.getContext().get(StrutsStatics.HTTP_REQUEST);
        HttpSession session = httpServletRequest.getSession();
        String parameter = httpServletRequest.getParameter("InfoCardSignin");
        ParameterList parameterList = (ParameterList) session.getAttribute("parameterlist");
        if (parameterList == null || !parameterList.hasParameter("openid.identity")) {
            addErrorMessage(getText("openid_required"));
            return Action.ERROR;
        }
        String value = parameterList.getParameter("openid.identity").getValue();
        if (!parameterList.hasParameter("openid.return_to")) {
            addErrorMessage(getText("returnTo_required"));
            return Action.ERROR;
        }
        String relyingPartyUrl = UserUtil.getRelyingPartyUrl(parameterList.getParameter("openid.return_to").getValue());
        this.requiredAttributes = (List) session.getAttribute("RequestedAttr");
        String userName = UserUtil.getUserName(value);
        return (parameter == null || !"Log in".equals(parameter)) ? handleUserNameLogin(value, userName, relyingPartyUrl) : handleInforCardLogin(value, userName, relyingPartyUrl);
    }

    protected String handleUserNameLogin(String str, String str2, String str3) throws RelyingPartyException, IdentityProviderException, IOException {
        ActionContext context = ActionContext.getContext();
        HttpServletRequest httpServletRequest = (HttpServletRequest) context.get(StrutsStatics.HTTP_REQUEST);
        HttpServletResponse httpServletResponse = (HttpServletResponse) context.get(StrutsStatics.HTTP_RESPONSE);
        HttpSession session = httpServletRequest.getSession();
        String parameter = httpServletRequest.getParameter("password");
        if (parameter == null) {
            parameter = (String) session.getAttribute("password");
            if (parameter != null) {
                session.removeAttribute("password");
            }
        }
        if (!UserUtil.doLogin(str2, parameter)) {
            ReportAdmin.record(str2, "User Failure", getText("invalid_user_password"));
            addErrorMessage(getText("invalid_user_password"));
            return Action.ERROR;
        }
        populateUserProfiles(str2, str3);
        String str4 = null;
        if (httpServletRequest.getParameter("remember") != null) {
            str4 = httpServletRequest.getParameter("remember");
        }
        if (str4 != null && str4.equalsIgnoreCase("true")) {
            Cookie cookie = new Cookie("rememberme", "true");
            cookie.setMaxAge(1209600);
            httpServletResponse.addCookie(cookie);
            Cookie cookie2 = new Cookie("openid", str);
            cookie2.setMaxAge(1209600);
            cookie2.setSecure(true);
            httpServletResponse.addCookie(cookie2);
            Cookie cookie3 = new Cookie("password", new BASE64Encoder().encode(parameter.getBytes("UTF-8")));
            cookie3.setMaxAge(1209600);
            cookie3.setSecure(true);
            httpServletResponse.addCookie(cookie3);
        }
        ReportAdmin.record(str2, "User Login - OpenID", getText("successful_for", new String[]{str2}));
        if (isRequiredUserApproval(httpServletRequest)) {
            return Action.SUCCESS;
        }
        ReportAdmin.record(str2, "User approved OpenID RP always", getText("successful_for", new String[]{str2}));
        httpServletResponse.sendRedirect("server?_action=complete&authenticatedAndApproved=true");
        return Action.SUCCESS;
    }

    protected String handleInforCardLogin(String str, String str2, String str3) throws RelyingPartyException, IdentityProviderException, IOException {
        String value;
        boolean z = false;
        ActionContext context = ActionContext.getContext();
        HttpServletRequest httpServletRequest = (HttpServletRequest) context.get(StrutsStatics.HTTP_REQUEST);
        HttpServletResponse httpServletResponse = (HttpServletResponse) context.get(StrutsStatics.HTTP_RESPONSE);
        HttpSession session = httpServletRequest.getSession();
        ParameterList parameterList = (ParameterList) session.getAttribute("parameterlist");
        if (!UserUtil.verifyInfoCardLogin(context, str)) {
            for (Cookie cookie : httpServletRequest.getCookies()) {
                if (cookie.getName().equalsIgnoreCase("infocardCookie") && (value = cookie.getValue()) != null && value.equals(str)) {
                    cookie.setMaxAge(0);
                    httpServletResponse.addCookie(cookie);
                }
            }
            ReportAdmin.record(str2, "User Failure", getText("invalid_user_password"));
            addErrorMessage(getText("invalid_card_login"));
            return Action.ERROR;
        }
        String[] requestedAuthenticationPolicies = OpenIDUtil.getRequestedAuthenticationPolicies(parameterList);
        if (requestedAuthenticationPolicies != null) {
            int length = requestedAuthenticationPolicies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (requestedAuthenticationPolicies[i].equalsIgnoreCase(PapeMessage.PAPE_POLICY_MULTI_FACTOR)) {
                    session.setAttribute("multiFactorAuthenticationWithUsernamePassword", "true");
                    session.setAttribute("multifactorlogin", "true");
                    z = true;
                    httpServletResponse.sendRedirect(UIConstants.OPENID_AUTH_ACTION);
                    break;
                }
                i++;
            }
        }
        populateUserProfiles(str2, str3);
        Cookie cookie2 = new Cookie("infocardCookie", str);
        cookie2.setMaxAge(1209600);
        cookie2.setSecure(true);
        httpServletResponse.addCookie(cookie2);
        session.setAttribute("phishingResistanceAuthentication", "true");
        if (z) {
            return Action.SUCCESS;
        }
        ReportAdmin.record(str2, "User Login - Self issued Information Card", getText("successful_for", new String[]{str2}));
        if (isRequiredUserApproval(httpServletRequest)) {
            return Action.SUCCESS;
        }
        ReportAdmin.record(str2, "User approved OpenID RP always", getText("successful_for", new String[]{str2}));
        httpServletResponse.sendRedirect("server?_action=complete&authenticatedAndApproved=true");
        return Action.SUCCESS;
    }

    protected void populateUserProfiles(String str, String str2) throws RelyingPartyException {
        try {
            this.profile = new ArrayList();
            IdentityUserStoreReader identityUserStoreReader = UserStore.getInstance().getRealm().getIdentityUserStoreReader();
            this.profile = identityUserStoreReader.getUserProfileNames(str);
            this.defaultUserProfileName = IPPersistenceManager.getPersistanceManager().getOpenIDDefaultUserProfile(str, str2);
            if (this.defaultUserProfileName == null) {
                this.defaultUserProfileName = identityUserStoreReader.getDefaultUserProfileName(str);
            }
            this.profile.remove(this.defaultUserProfileName);
            this.profile.add(0, this.defaultUserProfileName);
            readDefaultProfileValues(str, this.defaultUserProfileName);
        } catch (UserManagerException e) {
            throw new RelyingPartyException("profileRetrievalError", e);
        } catch (IdentityProviderException e2) {
            throw new RelyingPartyException("profileRetrievalError", e2);
        }
    }

    protected void readDefaultProfileValues(String str, String str2) throws RelyingPartyException {
        try {
            new HashMap();
            Map userProperties = UserStore.getInstance().getRealm().getIdentityUserStoreReader().getUserProperties(str, str2);
            ClaimsAdmin claimsAdmin = new ClaimsAdmin();
            this.claimValues = new ArrayList();
            for (Map.Entry entry : userProperties.entrySet()) {
                ClaimValue claimValue = new ClaimValue();
                claimValue.setClaimValue((String) entry.getValue());
                if (this.requiredAttributes.contains(entry.getKey())) {
                    claimValue.setClaim(claimsAdmin.findClaimByURI((String) entry.getKey()));
                    this.claimValues.add(claimValue);
                }
            }
        } catch (IdentityProviderException e) {
            throw new RelyingPartyException("profileRetrievalError", e);
        } catch (UserManagerException e2) {
            throw new RelyingPartyException("profileRetrievalError", e2);
        }
    }

    private boolean isRequiredUserApproval(HttpServletRequest httpServletRequest) throws RelyingPartyException {
        ParameterList parameterList = (ParameterList) httpServletRequest.getSession().getAttribute("parameterlist");
        String value = parameterList.getParameter("openid.identity").getValue();
        String relyingPartyUrl = UserUtil.getRelyingPartyUrl(parameterList.getParameterValue("openid.return_to"));
        try {
            IPPersistenceManager persistanceManager = IPPersistenceManager.getPersistanceManager();
            OpenIDUserRPDO[] openIDUserRP = persistanceManager.getOpenIDUserRP(UserUtil.getUserName(value), relyingPartyUrl);
            if (openIDUserRP == null || openIDUserRP.length <= 0) {
                return true;
            }
            OpenIDUserRPDO openIDUserRPDO = openIDUserRP[0];
            if (!openIDUserRPDO.getIsTrustedAlways()) {
                return true;
            }
            openIDUserRPDO.setVisitCount(openIDUserRPDO.getVisitCount() + 1);
            openIDUserRPDO.setLastVisit(new Date());
            persistanceManager.update(openIDUserRPDO);
            return false;
        } catch (IdentityProviderException e) {
            throw new RelyingPartyException("dbConnectionFailure");
        }
    }

    public List<ClaimValue> getClaimValues() {
        return this.claimValues;
    }

    public List<String> getProfile() {
        return this.profile;
    }

    public void setProfile(List<String> list) {
        this.profile = list;
    }

    public String getDefaultUserProfileName() {
        return this.defaultUserProfileName;
    }

    public void setDefaultUserProfileName(String str) {
        this.defaultUserProfileName = str;
    }
}
