package org.wso2.carbon.identity.application.authenticator.hypr;

import edu.umd.cs.findbugs.annotations.SuppressWarnings;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authenticator.hypr.common.constants.HyprAuthenticatorConstants;
import org.wso2.carbon.identity.application.authenticator.hypr.common.exception.HYPRAuthnFailedException;
import org.wso2.carbon.identity.application.authenticator.hypr.common.model.RegisteredDevicesResponse;
import org.wso2.carbon.identity.application.authenticator.hypr.common.web.HYPRAuthorizationAPIClient;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.ServiceURLBuilder;
import org.wso2.carbon.identity.core.URLBuilderException;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/hypr/HyprAuthenticator.class */
public class HyprAuthenticator extends AbstractApplicationAuthenticator implements FederatedApplicationAuthenticator {
    private static final Log LOG = LogFactory.getLog(HyprAuthenticator.class);

    private static HYPRAuthnFailedException getHyprAuthnFailedException(HyprAuthenticatorConstants.ErrorMessages errorMessages) {
        return new HYPRAuthnFailedException(errorMessages.getCode(), errorMessages.getMessage());
    }

    private static HYPRAuthnFailedException getHyprAuthnFailedException(HyprAuthenticatorConstants.ErrorMessages errorMessages, Exception exc) {
        return new HYPRAuthnFailedException(errorMessages.getCode(), errorMessages.getMessage(), exc);
    }

    public String getName() {
        return HyprAuthenticatorConstants.HYPR.AUTHENTICATOR_NAME;
    }

    public String getFriendlyName() {
        return HyprAuthenticatorConstants.HYPR.AUTHENTICATOR_FRIENDLY_NAME;
    }

    public List<Property> getConfigurationProperties() {
        ArrayList arrayList = new ArrayList();
        Property property = new Property();
        property.setName(HyprAuthenticatorConstants.HYPR.BASE_URL);
        property.setDisplayName("Base URL");
        property.setRequired(true);
        property.setDescription("Enter the base URL of your HYPR server deployment.");
        property.setDisplayOrder(1);
        arrayList.add(property);
        Property property2 = new Property();
        property2.setName(HyprAuthenticatorConstants.HYPR.APP_ID);
        property2.setDisplayName("Relying Party App ID");
        property2.setRequired(true);
        property2.setDescription("Enter the relying party app ID in HYPR control center.");
        property2.setType("string");
        property2.setDisplayOrder(2);
        arrayList.add(property2);
        Property property3 = new Property();
        property3.setName(HyprAuthenticatorConstants.HYPR.HYPR_API_TOKEN);
        property3.setDisplayName("API Token");
        property3.setRequired(true);
        property3.setDescription("Enter the relying party app access token generated in the control center.");
        property3.setType("string");
        property3.setConfidential(true);
        property3.setDisplayOrder(4);
        arrayList.add(property3);
        return arrayList;
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(HyprAuthenticatorConstants.HYPR.SESSION_DATA_KEY);
        if (StringUtils.isNotBlank(parameter)) {
            return parameter;
        }
        if (!LOG.isDebugEnabled()) {
            return null;
        }
        LOG.debug("A unique identifier cannot be issued for both Request and Response. ContextIdentifier is NULL.");
        return null;
    }

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(HyprAuthenticatorConstants.HYPR.SESSION_DATA_KEY) != null;
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            redirectHYPRLoginPage(httpServletResponse, authenticationContext, null);
        } catch (AuthenticationFailedException e) {
            throw new AuthenticationFailedException("Error occurred when trying to redirect user to the login page.", e);
        }
    }

    @SuppressWarnings({"UNVALIDATED_REDIRECT"})
    private void redirectHYPRLoginPage(HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, HyprAuthenticatorConstants.HYPR.AuthenticationStatus authenticationStatus) throws HYPRAuthnFailedException {
        try {
            ServiceURLBuilder addParameter = ServiceURLBuilder.create().addPath(new String[]{HyprAuthenticatorConstants.HYPR.HYPR_LOGIN_PAGE}).addParameter(HyprAuthenticatorConstants.HYPR.SESSION_DATA_KEY, authenticationContext.getContextIdentifier()).addParameter("AuthenticatorName", HyprAuthenticatorConstants.HYPR.AUTHENTICATOR_FRIENDLY_NAME).addParameter(HyprAuthenticatorConstants.HYPR.TENANT_DOMAIN, authenticationContext.getTenantDomain());
            if (authenticationStatus != null) {
                addParameter.addParameter("status", String.valueOf(authenticationStatus.getName()));
                addParameter.addParameter("message", String.valueOf(authenticationStatus.getMessage()));
            }
            httpServletResponse.sendRedirect(addParameter.build().getAbsolutePublicURL());
        } catch (IOException e) {
            throw getHyprAuthnFailedException(HyprAuthenticatorConstants.ErrorMessages.AUTHENTICATION_FAILED_REDIRECTING_LOGIN_FAILURE, e);
        } catch (URLBuilderException e2) {
            throw getHyprAuthnFailedException(HyprAuthenticatorConstants.ErrorMessages.AUTHENTICATION_FAILED_BUILDING_LOGIN_URL_FAILURE, e2);
        }
    }

    /* JADX WARN: Type inference failed for: r15v0, types: [java.lang.Throwable, org.wso2.carbon.identity.application.authenticator.hypr.common.exception.HYPRAuthnFailedException] */
    @SuppressWarnings(value = {"CRLF_INJECTION_LOGS"}, justification = "username should be sanitized at this point.")
    private void initiateHYPRAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        Map stepMap;
        String str = null;
        if (authenticationContext.getSequenceConfig() != null && (stepMap = authenticationContext.getSequenceConfig().getStepMap()) != null) {
            Iterator it = stepMap.values().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                StepConfig stepConfig = (StepConfig) it.next();
                if (stepConfig.isSubjectIdentifierStep() && stepConfig.getAuthenticatedUser() != null) {
                    str = stepConfig.getAuthenticatedUser().getUserName();
                    break;
                }
            }
        }
        if (StringUtils.isEmpty(str)) {
            str = httpServletRequest.getParameter(HyprAuthenticatorConstants.HYPR.USERNAME);
        }
        Map authenticatorProperties = authenticationContext.getAuthenticatorProperties();
        String str2 = (String) authenticatorProperties.get(HyprAuthenticatorConstants.HYPR.BASE_URL);
        String str3 = (String) authenticatorProperties.get(HyprAuthenticatorConstants.HYPR.APP_ID);
        String str4 = (String) authenticatorProperties.get(HyprAuthenticatorConstants.HYPR.HYPR_API_TOKEN);
        if (StringUtils.isBlank(str)) {
            redirectHYPRLoginPage(httpServletResponse, authenticationContext, HyprAuthenticatorConstants.HYPR.AuthenticationStatus.INVALID_REQUEST);
            return;
        }
        validateHYPRConfiguration(str2, str3, str4);
        try {
            RegisteredDevicesResponse registeredDevicesRequest = HYPRAuthorizationAPIClient.getRegisteredDevicesRequest(str2, str3, str4, str);
            if (registeredDevicesRequest.getRegisteredDevices().isEmpty()) {
                if (authenticationContext.getCurrentStep() == 1) {
                    redirectHYPRLoginPage(httpServletResponse, authenticationContext, HyprAuthenticatorConstants.HYPR.AuthenticationStatus.INVALID_REQUEST);
                    return;
                } else {
                    redirectHYPRLoginPage(httpServletResponse, authenticationContext, HyprAuthenticatorConstants.HYPR.AuthenticationStatus.INVALID_USER);
                    return;
                }
            }
            String maskedUsername = getMaskedUsername(str);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Successfully retrieved the registered devices for the user " + maskedUsername);
            }
            String machineId = registeredDevicesRequest.getRegisteredDevices().get(0).getMachineId();
            if (StringUtils.isBlank(machineId)) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Retrieved machine ID for the user " + maskedUsername + " is either null or empty.");
                }
                redirectHYPRLoginPage(httpServletResponse, authenticationContext, HyprAuthenticatorConstants.HYPR.AuthenticationStatus.FAILED);
                return;
            }
            String requestId = HYPRAuthorizationAPIClient.initiateAuthenticationRequest(str2, str3, str4, str, machineId).getResponse().getRequestId();
            if (StringUtils.isBlank(requestId)) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Retrieved request ID for the authentication request for the user " + maskedUsername + " is either null or empty.");
                }
                redirectHYPRLoginPage(httpServletResponse, authenticationContext, HyprAuthenticatorConstants.HYPR.AuthenticationStatus.FAILED);
            } else {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Successfully sent a push notification for the registered devices of the user " + maskedUsername);
                }
                authenticationContext.setProperty(HyprAuthenticatorConstants.HYPR.AUTH_STATUS, HyprAuthenticatorConstants.HYPR.AuthenticationStatus.PENDING.getName());
                authenticationContext.setProperty(HyprAuthenticatorConstants.HYPR.AUTH_REQUEST_ID, requestId);
                authenticationContext.setProperty(HyprAuthenticatorConstants.HYPR.USERNAME, str);
                redirectHYPRLoginPage(httpServletResponse, authenticationContext, HyprAuthenticatorConstants.HYPR.AuthenticationStatus.PENDING);
            }
        } catch (HYPRAuthnFailedException e) {
            if (!HyprAuthenticatorConstants.ErrorMessages.HYPR_ENDPOINT_API_TOKEN_INVALID_FAILURE.getCode().equals(e.getErrorCode())) {
                throw new AuthenticationFailedException(e.getMessage(), (Throwable) e);
            }
            LOG.error(e.getErrorCode() + " : " + e.getMessage());
            redirectHYPRLoginPage(httpServletResponse, authenticationContext, HyprAuthenticatorConstants.HYPR.AuthenticationStatus.INVALID_TOKEN);
        }
    }

    private String getMaskedUsername(String str) {
        return LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(str) : str;
    }

    private void validateHYPRConfiguration(String str, String str2, String str3) throws HYPRAuthnFailedException {
        if (StringUtils.isBlank(str)) {
            throw getHyprAuthnFailedException(HyprAuthenticatorConstants.ErrorMessages.HYPR_BASE_URL_INVALID_FAILURE);
        }
        if (StringUtils.isBlank(str2)) {
            throw getHyprAuthnFailedException(HyprAuthenticatorConstants.ErrorMessages.HYPR_APP_ID_INVALID_FAILURE);
        }
        if (StringUtils.isBlank(str3)) {
            throw getHyprAuthnFailedException(HyprAuthenticatorConstants.ErrorMessages.HYPR_ENDPOINT_API_TOKEN_INVALID_FAILURE);
        }
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) {
        String str = (String) authenticationContext.getProperty(HyprAuthenticatorConstants.HYPR.USERNAME);
        authenticationContext.setSubject(AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier(str));
        if (LOG.isDebugEnabled()) {
            LOG.debug("Successfully logged in the user " + getMaskedUsername(str));
        }
    }

    public AuthenticatorFlowStatus process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException, LogoutFailedException {
        if (authenticationContext.isLogoutRequest()) {
            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
        }
        if (httpServletRequest.getParameterMap().containsKey(HyprAuthenticatorConstants.HYPR.USERNAME)) {
            initiateHYPRAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
            return AuthenticatorFlowStatus.INCOMPLETE;
        }
        if (authenticationContext.getProperty(HyprAuthenticatorConstants.HYPR.AUTH_STATUS) == null) {
            if (authenticationContext.getLastAuthenticatedUser() != null) {
                initiateHYPRAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
            } else {
                initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
            }
            return AuthenticatorFlowStatus.INCOMPLETE;
        }
        String str = (String) authenticationContext.getProperty(HyprAuthenticatorConstants.HYPR.AUTH_STATUS);
        if (HyprAuthenticatorConstants.HYPR.AuthenticationStatus.COMPLETED.getName().equals(str)) {
            processAuthenticationResponse(httpServletRequest, httpServletResponse, authenticationContext);
            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
        }
        if (HyprAuthenticatorConstants.HYPR.AuthenticationStatus.PENDING.getName().equals(str)) {
            redirectHYPRLoginPage(httpServletResponse, authenticationContext, HyprAuthenticatorConstants.HYPR.AuthenticationStatus.PENDING);
            return AuthenticatorFlowStatus.INCOMPLETE;
        }
        if (HyprAuthenticatorConstants.HYPR.AuthenticationStatus.CANCELED.getName().equals(str)) {
            redirectHYPRLoginPage(httpServletResponse, authenticationContext, HyprAuthenticatorConstants.HYPR.AuthenticationStatus.CANCELED);
            return AuthenticatorFlowStatus.INCOMPLETE;
        }
        if (!HyprAuthenticatorConstants.HYPR.AuthenticationStatus.FAILED.getName().equals(str)) {
            return super.process(httpServletRequest, httpServletResponse, authenticationContext);
        }
        redirectHYPRLoginPage(httpServletResponse, authenticationContext, HyprAuthenticatorConstants.HYPR.AuthenticationStatus.FAILED);
        return AuthenticatorFlowStatus.INCOMPLETE;
    }
}
