package org.xdi.oxauth.auth;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import org.apache.commons.lang.StringUtils;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.web.RequestParameter;
import org.jboss.seam.contexts.Context;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.core.Events;
import org.jboss.seam.faces.FacesManager;
import org.jboss.seam.faces.FacesMessages;
import org.jboss.seam.international.StatusMessage;
import org.jboss.seam.log.Log;
import org.jboss.seam.resteasy.Application;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.SimplePrincipal;
import org.xdi.model.AuthenticationScriptUsageType;
import org.xdi.model.custom.script.conf.CustomScriptConfiguration;
import org.xdi.oxauth.model.common.Prompt;
import org.xdi.oxauth.model.common.SessionId;
import org.xdi.oxauth.model.common.User;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.model.config.Constants;
import org.xdi.oxauth.model.registration.Client;
import org.xdi.oxauth.model.session.OAuthCredentials;
import org.xdi.oxauth.model.session.SessionClient;
import org.xdi.oxauth.service.AuthenticationService;
import org.xdi.oxauth.service.ClientService;
import org.xdi.oxauth.service.SessionIdService;
import org.xdi.oxauth.service.UserService;
import org.xdi.oxauth.service.external.ExternalAuthenticationService;
import org.xdi.util.StringHelper;

@Name("authenticator")
@Scope(ScopeType.EVENT)
/* loaded from: input_file:org/xdi/oxauth/auth/Authenticator.class */
public class Authenticator implements Serializable {
    private static final long serialVersionUID = 669395320060928092L;

    @Logger
    private Log log;

    @In
    private Identity identity;

    @In
    private OAuthCredentials credentials;

    @In
    private UserService userService;

    @In
    private ClientService clientService;

    @In
    private SessionIdService sessionIdService;

    @In
    private AuthenticationService authenticationService;

    @In
    private ExternalAuthenticationService externalAuthenticationService;

    @In
    private FacesMessages facesMessages;

    @RequestParameter("auth_step")
    private Integer authStep;

    @RequestParameter("auth_level")
    private String authLevel;

    @RequestParameter("auth_mode")
    private String authMode;

    @RequestParameter("acr")
    private String authAcr;

    public boolean authenticate() {
        return authenticateImpl(Contexts.getEventContext(), true);
    }

    public String authenticateWithOutcome() {
        return authenticateImpl(Contexts.getEventContext(), true) ? Constants.RESULT_SUCCESS : Constants.RESULT_FAILURE;
    }

    public boolean authenticateWebService() {
        return authenticateImpl(getWebServiceContext(), false);
    }

    public Context getWebServiceContext() {
        return Contexts.getEventContext();
    }

    public boolean authenticateImpl(Context context, boolean z) {
        Map<String, String> restoreRequestParametersFromSession = this.authenticationService.restoreRequestParametersFromSession();
        initCustomAuthenticatorVariables(restoreRequestParametersFromSession);
        setAuthModeFromAcr();
        if (z && this.authStep == null) {
            return authenticationFailed();
        }
        try {
            if (StringHelper.isNotEmpty(this.credentials.getUsername()) && StringHelper.isNotEmpty(this.credentials.getPassword()) && this.credentials.getUsername().startsWith("@!")) {
                if (!z && this.externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE)) {
                    CustomScriptConfiguration determineCustomScriptConfiguration = this.externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authLevel, this.authMode);
                    if (determineCustomScriptConfiguration == null) {
                        this.log.error("Failed to get CustomScriptConfiguration. auth_step: {0}, auth_mode: {1}, auth_level: {2}", new Object[]{this.authStep, this.authMode, this.authLevel});
                    } else {
                        this.authMode = determineCustomScriptConfiguration.getCustomScript().getName();
                        boolean executeExternalAuthenticate = this.externalAuthenticationService.executeExternalAuthenticate(determineCustomScriptConfiguration, null, 1);
                        this.log.info("Authentication result for {0}. auth_step: {1}, result: {2}", new Object[]{this.credentials.getUsername(), this.authStep, Boolean.valueOf(executeExternalAuthenticate)});
                        if (executeExternalAuthenticate) {
                            configureSessionClient(context);
                            this.log.info("Authentication success for Client: {0}", new Object[]{this.credentials.getUsername()});
                            return true;
                        }
                    }
                }
                if (this.clientService.authenticate(this.credentials.getUsername(), this.credentials.getPassword())) {
                    configureSessionClient(context);
                    this.log.info("Authentication success for Client: {0}", new Object[]{this.credentials.getUsername()});
                    return true;
                }
            } else if (!z) {
                if (this.externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE)) {
                    CustomScriptConfiguration determineCustomScriptConfiguration2 = this.externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authLevel, this.authMode);
                    if (determineCustomScriptConfiguration2 == null) {
                        this.log.error("Failed to get CustomScriptConfiguration. auth_step: {0}, auth_mode: {1}, auth_level: {2}", new Object[]{this.authStep, this.authMode, this.authLevel});
                    } else {
                        this.authMode = determineCustomScriptConfiguration2.getName();
                        boolean executeExternalAuthenticate2 = this.externalAuthenticationService.executeExternalAuthenticate(determineCustomScriptConfiguration2, null, 1);
                        this.log.info("Authentication result for {0}. auth_step: {1}, result: {2}", new Object[]{this.credentials.getUsername(), this.authStep, Boolean.valueOf(executeExternalAuthenticate2)});
                        if (executeExternalAuthenticate2) {
                            authenticateExternallyWebService(this.credentials.getUsername());
                            this.authenticationService.configureEventUser(z);
                            this.log.info("Authentication success for User: {0}", new Object[]{this.credentials.getUsername()});
                            return true;
                        }
                    }
                }
                if (StringHelper.isNotEmpty(this.credentials.getUsername()) && this.authenticationService.authenticate(this.credentials.getUsername(), this.credentials.getPassword())) {
                    authenticateExternallyWebService(this.credentials.getUsername());
                    this.authenticationService.configureEventUser(z);
                    this.log.info("Authentication success for User: {0}", new Object[]{this.credentials.getUsername()});
                    return true;
                }
            } else if (this.externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE)) {
                ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
                CustomScriptConfiguration determineCustomScriptConfiguration3 = this.externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, 1, this.authLevel, this.authMode);
                if (determineCustomScriptConfiguration3 == null) {
                    this.log.error("Failed to get CustomScriptConfiguration. auth_step: {0}, auth_mode: {1}, auth_level: {2}", new Object[]{this.authStep, this.authMode, this.authLevel});
                    return authenticationFailed();
                }
                this.authMode = determineCustomScriptConfiguration3.getName();
                boolean executeExternalAuthenticate3 = this.externalAuthenticationService.executeExternalAuthenticate(determineCustomScriptConfiguration3, externalContext.getRequestParameterValuesMap(), this.authStep.intValue());
                this.log.info("Authentication result for {0}. auth_step: {1}, result: {2}", new Object[]{this.credentials.getUsername(), this.authStep, Boolean.valueOf(executeExternalAuthenticate3)});
                if (!executeExternalAuthenticate3) {
                    return authenticationFailed();
                }
                int executeExternalGetCountAuthenticationSteps = this.externalAuthenticationService.executeExternalGetCountAuthenticationSteps(determineCustomScriptConfiguration3);
                if (this.authStep.intValue() < executeExternalGetCountAuthenticationSteps) {
                    int intValue = this.authStep.intValue() + 1;
                    String executeExternalGetPageForStep = this.externalAuthenticationService.executeExternalGetPageForStep(determineCustomScriptConfiguration3, intValue);
                    if (StringHelper.isEmpty(executeExternalGetPageForStep)) {
                        return authenticationFailed();
                    }
                    Contexts.getEventContext().set("auth_step", Integer.toString(intValue));
                    Contexts.getEventContext().set("auth_mode", this.authMode);
                    List<String> executeExternalGetExtraParametersForStep = this.externalAuthenticationService.executeExternalGetExtraParametersForStep(determineCustomScriptConfiguration3, intValue);
                    Map<String, String> parametersMap = restoreRequestParametersFromSession == null ? this.authenticationService.getParametersMap(executeExternalGetExtraParametersForStep) : this.authenticationService.getParametersMap(executeExternalGetExtraParametersForStep, restoreRequestParametersFromSession);
                    this.log.trace("Redirect to page: {0}", new Object[]{executeExternalGetPageForStep});
                    FacesManager.instance().redirect(executeExternalGetPageForStep, parametersMap, false);
                    return false;
                }
                if (this.authStep.intValue() == executeExternalGetCountAuthenticationSteps) {
                    this.authenticationService.configureEventUser(z);
                    this.identity.acceptExternallyAuthenticatedPrincipal(new SimplePrincipal(this.credentials.getUsername()));
                    this.identity.quietLogin();
                    if (Events.exists()) {
                        this.log.info("Sending event to trigger user redirection: {0}", new Object[]{this.credentials.getUsername()});
                        Events.instance().raiseEvent(Constants.EVENT_OXAUTH_CUSTOM_LOGIN_SUCCESSFUL, new Object[]{this.authMode, restoreRequestParametersFromSession});
                    }
                    this.log.info("Authentication success for User: {0}", new Object[]{this.credentials.getUsername()});
                    return true;
                }
            } else if (StringHelper.isNotEmpty(this.credentials.getUsername()) && this.authenticationService.authenticate(this.credentials.getUsername(), this.credentials.getPassword())) {
                this.authenticationService.configureEventUser(z);
                if (Events.exists()) {
                    this.log.info("Sending event to trigger user redirection: {0}", new Object[]{this.credentials.getUsername()});
                    Events.instance().raiseEvent(Constants.EVENT_OXAUTH_CUSTOM_LOGIN_SUCCESSFUL, new Object[]{this.authMode, null});
                }
                this.log.info("Authentication success for User: {0}", new Object[]{this.credentials.getUsername()});
                return true;
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
        }
        this.log.info("Authentication failed for {0}", new Object[]{this.credentials.getUsername()});
        return false;
    }

    private void initCustomAuthenticatorVariables(Map<String, String> map) {
        if (map == null) {
            return;
        }
        this.authStep = StringHelper.toInteger(map.get("auth_step"), (Integer) null);
        this.authLevel = map.get("auth_level");
        this.authMode = map.get("auth_mode");
        this.authAcr = map.get("acr");
    }

    public String prepareAuthenticationForStep() {
        setAuthModeFromAcr();
        if (this.authMode == null) {
            return Constants.RESULT_SUCCESS;
        }
        if (this.authStep == null || this.authStep.intValue() < 1) {
            return Constants.RESULT_NO_PERMISSIONS;
        }
        CustomScriptConfiguration determineCustomScriptConfiguration = this.externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, this.authStep.intValue(), this.authLevel, this.authMode);
        String name = determineCustomScriptConfiguration.getName();
        if (determineCustomScriptConfiguration == null) {
            this.log.error("Failed to get CustomScriptConfiguration. auth_step: '{0}', auth_mode: '{1}'", new Object[]{this.authStep, this.authMode});
            return Constants.RESULT_FAILURE;
        }
        CustomScriptConfiguration determineExternalAuthenticatorForWorkflow = this.externalAuthenticationService.determineExternalAuthenticatorForWorkflow(AuthenticationScriptUsageType.INTERACTIVE, determineCustomScriptConfiguration);
        if (determineExternalAuthenticatorForWorkflow == null) {
            return Constants.RESULT_FAILURE;
        }
        String name2 = determineExternalAuthenticatorForWorkflow.getName();
        if (StringHelper.equalsIgnoreCase(name, name2)) {
            Boolean valueOf = Boolean.valueOf(this.externalAuthenticationService.executeExternalPrepareForStep(determineExternalAuthenticatorForWorkflow, FacesContext.getCurrentInstance().getExternalContext().getRequestParameterValuesMap(), this.authStep.intValue()));
            return (valueOf != null && valueOf.booleanValue()) ? Constants.RESULT_SUCCESS : Constants.RESULT_FAILURE;
        }
        String executeExternalGetPageForStep = this.externalAuthenticationService.executeExternalGetPageForStep(determineExternalAuthenticatorForWorkflow, this.authStep.intValue());
        if (StringHelper.isEmpty(executeExternalGetPageForStep)) {
            executeExternalGetPageForStep = "/login.xhtml";
        }
        this.log.debug("Redirect to page: {0}. Force to use auth_mode: '{1}'", new Object[]{executeExternalGetPageForStep, name2});
        Map<String, String> parametersMap = this.authenticationService.getParametersMap(null);
        parametersMap.put("auth_mode", name2);
        FacesManager.instance().redirect(executeExternalGetPageForStep, parametersMap, false);
        return Constants.RESULT_SUCCESS;
    }

    public void authenticateExternallyWebService(String str) {
        Application application = (Application) Component.getInstance(Application.class);
        if (application == null || application.isDestroySessionAfterRequest()) {
            return;
        }
        this.identity.acceptExternallyAuthenticatedPrincipal(new SimplePrincipal(str));
        this.identity.quietLogin();
    }

    public void configureSessionClient(Context context) {
        this.identity.addRole("client");
        Client client = this.clientService.getClient(this.credentials.getUsername());
        SessionClient sessionClient = new SessionClient();
        sessionClient.setClient(client);
        context.set("sessionClient", sessionClient);
        this.clientService.updatAccessTime(client, true);
    }

    public int getCurrentAuthenticationStep() {
        return this.authStep.intValue();
    }

    public void setCurrentAuthenticationStep(int i) {
        this.authStep = Integer.valueOf(i);
    }

    public boolean authenticationFailed() {
        this.facesMessages.addFromResourceBundle(StatusMessage.Severity.ERROR, "login.errorMessage", new Object[0]);
        return false;
    }

    public boolean authenticateBySessionId(String str) {
        User userOrRemoveSession;
        if (!StringUtils.isNotBlank(str) || !ConfigurationFactory.getConfiguration().getSessionIdEnabled().booleanValue()) {
            return false;
        }
        try {
            SessionId sessionId = this.sessionIdService.getSessionId(str);
            this.log.trace("authenticateBySessionId, sessionId = {0}, session = {1}", new Object[]{str, sessionId});
            if (sessionId == null || (userOrRemoveSession = getUserOrRemoveSession(sessionId)) == null) {
                return false;
            }
            authenticateExternallyWebService(userOrRemoveSession.getUserId());
            this.authenticationService.configureEventUser(sessionId, new ArrayList(Arrays.asList(Prompt.NONE)));
            return true;
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e, new Object[0]);
            return false;
        }
    }

    private User getUserOrRemoveSession(SessionId sessionId) {
        if (sessionId == null) {
            return null;
        }
        try {
            if (StringUtils.isNotBlank(sessionId.getUserDn())) {
                User userByDn = this.userService.getUserByDn(sessionId.getUserDn());
                if (userByDn != null) {
                    return userByDn;
                }
                this.sessionIdService.remove(sessionId);
            } else {
                this.sessionIdService.remove(sessionId);
            }
            return null;
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e, new Object[0]);
            return null;
        }
    }

    private void setAuthModeFromAcr() {
        if (StringHelper.isNotEmpty(this.authAcr)) {
            this.authMode = this.authAcr;
        }
    }
}
