package org.wso2.carbon.identity.application.authentication.framework.handler.step.impl;

import java.io.IOException;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.handler.step.StepHandler;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.class */
public class DefaultStepHandler implements StepHandler {
    private static Log log = LogFactory.getLog(DefaultStepHandler.class);
    private static volatile DefaultStepHandler instance;

    public static DefaultStepHandler getInstance() {
        if (instance == null) {
            synchronized (DefaultStepHandler.class) {
                if (instance == null) {
                    instance = new DefaultStepHandler();
                }
            }
        }
        return instance;
    }

    @Override // org.wso2.carbon.identity.application.authentication.framework.handler.step.StepHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        StepConfig stepConfig = authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep()));
        List<AuthenticatorConfig> authenticatorList = stepConfig.getAuthenticatorList();
        String authenticatorIdPMappingString = FrameworkUtils.getAuthenticatorIdPMappingString(authenticatorList);
        String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
        String parameter = httpServletRequest.getParameter(FrameworkConstants.RequestParams.FEDERATED_IDP);
        Map<String, AuthenticatedIdPData> previousAuthenticatedIdPs = authenticationContext.getPreviousAuthenticatedIdPs();
        Map<String, AuthenticatorConfig> authenticatedStepIdPs = FrameworkUtils.getAuthenticatedStepIdPs(stepConfig, previousAuthenticatedIdPs);
        if (authenticationContext.isPassiveAuthenticate()) {
            if (authenticatedStepIdPs.isEmpty()) {
                authenticationContext.setRequestAuthenticated(false);
            } else {
                populateStepConfigWithAuthenticationDetails(stepConfig, previousAuthenticatedIdPs.get(authenticatedStepIdPs.entrySet().iterator().next().getKey()));
            }
            stepConfig.setCompleted(true);
            return;
        }
        if (parameter != null && !parameter.isEmpty() && stepConfig.getOrder() == 1) {
            handleHomeRealmDiscovery(httpServletRequest, httpServletResponse, authenticationContext);
            return;
        }
        if (authenticationContext.isReturning()) {
            if (httpServletRequest.getParameter(FrameworkConstants.RequestParams.AUTHENTICATOR) == null || httpServletRequest.getParameter(FrameworkConstants.RequestParams.AUTHENTICATOR).isEmpty()) {
                handleResponse(httpServletRequest, httpServletResponse, authenticationContext);
                return;
            } else {
                handleRequestFromLoginPage(httpServletRequest, httpServletResponse, authenticationContext);
                return;
            }
        }
        if (ConfigurationFacade.getInstance().isDumbMode()) {
            if (log.isDebugEnabled()) {
                log.debug("Executing in Dumb mode");
            }
            try {
                httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + authenticationContext.getContextIdIncludedQueryParams() + "&authenticators=" + authenticatorIdPMappingString + "&hrd=true");
                return;
            } catch (IOException e) {
                throw new FrameworkException(e.getMessage(), e);
            }
        }
        if (!authenticationContext.isForceAuthenticate() && !authenticatedStepIdPs.isEmpty()) {
            Map.Entry<String, AuthenticatorConfig> next = authenticatedStepIdPs.entrySet().iterator().next();
            String key = next.getKey();
            AuthenticatorConfig value = next.getValue();
            if (authenticationContext.isReAuthenticate()) {
                if (log.isDebugEnabled()) {
                    log.debug("Re-authenticating with " + key + " IdP");
                }
                authenticationContext.setExternalIdP(ConfigurationFacade.getInstance().getIdPConfigByName(key, authenticationContext.getTenantDomain()));
                doAuthentication(httpServletRequest, httpServletResponse, authenticationContext, value);
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug("Already authenticated. Skipping the step");
            }
            populateStepConfigWithAuthenticationDetails(stepConfig, previousAuthenticatedIdPs.get(key));
            stepConfig.setCompleted(true);
            return;
        }
        boolean z = false;
        AuthenticatorConfig authenticatorConfig = null;
        if (authenticatorList.size() > 1) {
            z = true;
        } else {
            authenticatorConfig = authenticatorList.get(0);
            if (authenticatorConfig.getIdpNames().size() > 1) {
                z = true;
            }
        }
        if (!z) {
            if (authenticatorConfig.getIdpNames().size() > 0) {
                if (log.isDebugEnabled()) {
                    log.debug("Step contains only a single IdP. Going to call it directly");
                }
                authenticationContext.setExternalIdP(ConfigurationFacade.getInstance().getIdPConfigByName(authenticatorConfig.getIdpNames().get(0), authenticationContext.getTenantDomain()));
            }
            doAuthentication(httpServletRequest, httpServletResponse, authenticationContext, authenticatorConfig);
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Sending to the Multi Option page");
        }
        String str = "";
        if (stepConfig.isRetrying()) {
            authenticationContext.setCurrentAuthenticator(null);
            str = "&authFailure=true&authFailureMsg=login.fail.message";
        }
        try {
            httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + authenticationContext.getContextIdIncludedQueryParams() + "&authenticators=" + authenticatorIdPMappingString + str);
        } catch (IOException e2) {
            throw new FrameworkException(e2.getMessage(), e2);
        }
    }

    protected void handleHomeRealmDiscovery(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Request contains fidp parameter. Initiating Home Realm Discovery");
        }
        String parameter = httpServletRequest.getParameter(FrameworkConstants.RequestParams.FEDERATED_IDP);
        if (log.isDebugEnabled()) {
            log.debug("Received domain: " + parameter);
        }
        StepConfig stepConfig = authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep()));
        List<AuthenticatorConfig> authenticatorList = stepConfig.getAuthenticatorList();
        String discover = FrameworkUtils.getHomeRealmDiscoverer().discover(parameter);
        if (log.isDebugEnabled()) {
            log.debug("Home realm discovered: " + discover);
        }
        ExternalIdPConfig idPConfigByRealm = ConfigurationFacade.getInstance().getIdPConfigByRealm(discover);
        if (idPConfigByRealm != null) {
            String idPName = idPConfigByRealm.getIdPName();
            if (log.isDebugEnabled()) {
                log.debug("Found IdP of the realm: " + idPName);
            }
            Map<String, AuthenticatedIdPData> previousAuthenticatedIdPs = authenticationContext.getPreviousAuthenticatedIdPs();
            if (FrameworkUtils.getAuthenticatedStepIdPs(stepConfig, previousAuthenticatedIdPs).containsKey(idPName) && !authenticationContext.isForceAuthenticate() && !authenticationContext.isReAuthenticate()) {
                populateStepConfigWithAuthenticationDetails(stepConfig, previousAuthenticatedIdPs.get(idPName));
                stepConfig.setCompleted(true);
                return;
            }
            for (AuthenticatorConfig authenticatorConfig : authenticatorList) {
                if (authenticatorConfig.getIdpNames().contains(idPName)) {
                    authenticationContext.setExternalIdP(idPConfigByRealm);
                    doAuthentication(httpServletRequest, httpServletResponse, authenticationContext, authenticatorConfig);
                    return;
                }
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("An IdP was not found for the sent domain");
        }
        String authenticatorIdPMappingString = FrameworkUtils.getAuthenticatorIdPMappingString(authenticatorList);
        String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
        if (log.isDebugEnabled()) {
            log.debug("Sending to the domain page");
        }
        try {
            httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + authenticationContext.getContextIdIncludedQueryParams() + "&authenticators=" + authenticatorIdPMappingString + "&authFailure=true&authFailureMsg=domain.unknown&hrd=true");
        } catch (IOException e) {
            throw new FrameworkException(e.getMessage(), e);
        }
    }

    protected void handleRequestFromLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Recieved a request from the multi option page");
        }
        StepConfig stepConfig = authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep()));
        String parameter = httpServletRequest.getParameter(FrameworkConstants.RequestParams.IDP);
        if (parameter != null) {
            if (log.isDebugEnabled()) {
                log.debug("User has selected IdP: " + parameter);
            }
            authenticationContext.setExternalIdP(ConfigurationFacade.getInstance().getIdPConfigByName(parameter, authenticationContext.getTenantDomain()));
        }
        for (AuthenticatorConfig authenticatorConfig : stepConfig.getAuthenticatorList()) {
            if (authenticatorConfig.getApplicationAuthenticator().getName().equalsIgnoreCase(httpServletRequest.getParameter(FrameworkConstants.RequestParams.AUTHENTICATOR))) {
                doAuthentication(httpServletRequest, httpServletResponse, authenticationContext, authenticatorConfig);
                return;
            }
        }
    }

    protected void handleResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Receive a response from the external party");
        }
        for (AuthenticatorConfig authenticatorConfig : authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep())).getAuthenticatorList()) {
            ApplicationAuthenticator applicationAuthenticator = authenticatorConfig.getApplicationAuthenticator();
            if (applicationAuthenticator.canHandle(httpServletRequest) && (authenticationContext.getCurrentAuthenticator() == null || applicationAuthenticator.getName().equals(authenticationContext.getCurrentAuthenticator()))) {
                if (log.isDebugEnabled()) {
                    log.debug(applicationAuthenticator.getName() + " can handle the request.");
                }
                doAuthentication(httpServletRequest, httpServletResponse, authenticationContext, authenticatorConfig);
                return;
            }
        }
    }

    protected void doAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, AuthenticatorConfig authenticatorConfig) throws FrameworkException {
        AuthenticatorFlowStatus process;
        StepConfig stepConfig = authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep()));
        ApplicationAuthenticator applicationAuthenticator = authenticatorConfig.getApplicationAuthenticator();
        try {
            authenticationContext.setAuthenticatorProperties(FrameworkUtils.getAuthenticatorPropertyMapFromIdP(authenticationContext.getExternalIdP(), applicationAuthenticator.getName()));
            process = applicationAuthenticator.process(httpServletRequest, httpServletResponse, authenticationContext);
            if (log.isDebugEnabled()) {
                log.debug(applicationAuthenticator.getName() + " returned: " + process.toString());
            }
        } catch (AuthenticationFailedException e) {
            if (e instanceof InvalidCredentialsException) {
                log.warn("A login attempt was failed due to invalid credentials");
            } else {
                log.error(e.getMessage(), e);
            }
            authenticationContext.setRequestAuthenticated(false);
        } catch (LogoutFailedException e2) {
            throw new FrameworkException(e2.getMessage(), e2);
        }
        if (process == AuthenticatorFlowStatus.INCOMPLETE) {
            if (log.isDebugEnabled()) {
                log.debug(applicationAuthenticator.getName() + " is redirecting");
                return;
            }
            return;
        }
        AuthenticatedIdPData authenticatedIdPData = new AuthenticatedIdPData();
        String subject = authenticationContext.getSubject();
        stepConfig.setAuthenticatedUser(subject);
        authenticatedIdPData.setUsername(subject);
        Map<ClaimMapping, String> subjectAttributes = authenticationContext.getSubjectAttributes();
        stepConfig.setAuthenticatedUserAttributes(subjectAttributes);
        authenticatedIdPData.setUserAttributes(subjectAttributes);
        authenticatorConfig.setAuthenticatorStateInfo(authenticationContext.getStateInfo());
        stepConfig.setAuthenticatedAutenticator(authenticatorConfig);
        String str = FrameworkConstants.LOCAL_IDP_NAME;
        if (authenticationContext.getExternalIdP() != null) {
            str = authenticationContext.getExternalIdP().getIdPName();
        }
        stepConfig.setAuthenticatedIdP(str);
        authenticatedIdPData.setIdpName(str);
        authenticatedIdPData.setAuthenticator(authenticatorConfig);
        authenticationContext.getCurrentAuthenticatedIdPs().put(str, authenticatedIdPData);
        stepConfig.setCompleted(true);
    }

    protected void populateStepConfigWithAuthenticationDetails(StepConfig stepConfig, AuthenticatedIdPData authenticatedIdPData) {
        stepConfig.setAuthenticatedUser(authenticatedIdPData.getUsername());
        stepConfig.setAuthenticatedUserAttributes(authenticatedIdPData.getUserAttributes());
        stepConfig.setAuthenticatedIdP(authenticatedIdPData.getIdpName());
        stepConfig.setAuthenticatedAutenticator(authenticatedIdPData.getAuthenticator());
    }
}
