package org.xdi.oxauth.auth;

import java.io.Serializable;
import java.util.List;
import java.util.Map;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import org.apache.commons.lang.StringUtils;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.contexts.Context;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.core.Events;
import org.jboss.seam.faces.FacesManager;
import org.jboss.seam.faces.FacesMessages;
import org.jboss.seam.international.StatusMessage;
import org.jboss.seam.log.Log;
import org.jboss.seam.resteasy.Application;
import org.jboss.seam.security.Credentials;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.SimplePrincipal;
import org.xdi.model.AuthenticationScriptUsageType;
import org.xdi.model.custom.script.conf.CustomScriptConfiguration;
import org.xdi.oxauth.model.common.SessionIdState;
import org.xdi.oxauth.model.common.SessionState;
import org.xdi.oxauth.model.common.User;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.model.config.Constants;
import org.xdi.oxauth.model.registration.Client;
import org.xdi.oxauth.service.AuthenticationService;
import org.xdi.oxauth.service.ClientService;
import org.xdi.oxauth.service.SessionStateService;
import org.xdi.oxauth.service.external.ExternalAuthenticationService;
import org.xdi.oxauth.util.ServerUtil;
import org.xdi.util.StringHelper;

@Name("authenticator")
@Scope(ScopeType.EVENT)
/* loaded from: input_file:org/xdi/oxauth/auth/Authenticator.class */
public class Authenticator implements Serializable {
    private static final long serialVersionUID = 669395320060928092L;

    @Logger
    private Log log;

    @In
    private Identity identity;

    @In
    private ClientService clientService;

    @In
    private SessionStateService sessionStateService;

    @In
    private AuthenticationService authenticationService;

    @In
    private ExternalAuthenticationService externalAuthenticationService;

    @In
    private FacesMessages facesMessages;
    private String authAcr;
    private Integer authStep;
    private boolean addedErrorMessage;

    public boolean authenticate() {
        if (authenticateImpl(Contexts.getEventContext(), true, false)) {
            return true;
        }
        return authenticationFailed();
    }

    public String authenticateWithOutcome() {
        return authenticateImpl(Contexts.getEventContext(), true, false) ? Constants.RESULT_SUCCESS : Constants.RESULT_FAILURE;
    }

    public boolean authenticateWebService(boolean z) {
        return authenticateImpl(getWebServiceContext(), false, z);
    }

    public boolean authenticateWebService() {
        return authenticateImpl(getWebServiceContext(), false, false);
    }

    public Context getWebServiceContext() {
        return Contexts.getEventContext();
    }

    public boolean authenticateImpl(Context context, boolean z, boolean z2) {
        Credentials credentials = (Credentials) ServerUtil.instance(Credentials.class);
        boolean z3 = false;
        try {
            z3 = (StringHelper.isNotEmpty(credentials.getUsername()) && (z2 || StringHelper.isNotEmpty(credentials.getPassword())) && credentials.getUsername().startsWith("@!")) ? clientAuthentication(credentials, context, z, z2) : z ? userAuthenticationInteractive(credentials) : userAuthenticationService(credentials);
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
        }
        if (z3) {
            this.log.trace("Authentication successfully for '{0}'", new Object[]{credentials.getUsername()});
            return true;
        }
        this.log.info("Authentication failed for '{0}'", new Object[]{credentials.getUsername()});
        return false;
    }

    private boolean clientAuthentication(Credentials credentials, Context context, boolean z, boolean z2) {
        if (!z && this.externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE)) {
            CustomScriptConfiguration determineCustomScriptConfiguration = this.externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authAcr);
            if (determineCustomScriptConfiguration == null) {
                this.log.error("Failed to get CustomScriptConfiguration. acr: '{0}'", new Object[]{this.authAcr});
            } else {
                this.authAcr = determineCustomScriptConfiguration.getCustomScript().getName();
                boolean executeExternalAuthenticate = this.externalAuthenticationService.executeExternalAuthenticate(determineCustomScriptConfiguration, null, 1);
                this.log.info("Authentication result for user '{0}', result: '{1}'", new Object[]{credentials.getUsername(), Boolean.valueOf(executeExternalAuthenticate)});
                if (executeExternalAuthenticate) {
                    this.authenticationService.configureSessionClient(context);
                    this.log.info("Authentication success for client: '{0}'", new Object[]{credentials.getUsername()});
                    return true;
                }
            }
        }
        boolean z3 = z2;
        if (!z3) {
            z3 = this.clientService.authenticate(credentials.getUsername(), credentials.getPassword());
        }
        if (!z3) {
            return false;
        }
        this.authenticationService.configureSessionClient(context);
        this.log.info("Authentication success for Client: '{0}'", new Object[]{credentials.getUsername()});
        return true;
    }

    private boolean userAuthenticationInteractive(Credentials credentials) {
        SessionState sessionState = this.sessionStateService.getSessionState();
        Map<String, String> sessionAttributes = this.sessionStateService.getSessionAttributes(sessionState);
        if (sessionAttributes == null) {
            this.log.error("Failed to get session attributes", new Object[0]);
            authenticationFailedSessionInvalid();
            return false;
        }
        Contexts.getEventContext().set("sessionAttributes", sessionAttributes);
        initCustomAuthenticatorVariables(sessionAttributes);
        if (!this.externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE) || StringHelper.isEmpty(this.authAcr)) {
            if (!StringHelper.isNotEmpty(credentials.getUsername()) || !this.authenticationService.authenticate(credentials.getUsername(), credentials.getPassword())) {
                return false;
            }
            SessionState configureSessionUser = this.authenticationService.configureSessionUser(sessionState, sessionAttributes);
            if (Events.exists()) {
                this.log.debug("Sending event to trigger user redirection: '{0}'", new Object[]{credentials.getUsername()});
                this.authenticationService.onSuccessfulLogin(configureSessionUser);
            }
            this.log.info("Authentication success for User: '{0}'", new Object[]{credentials.getUsername()});
            return true;
        }
        initCustomAuthenticatorVariables(sessionAttributes);
        if (this.authStep == null || StringHelper.isEmpty(this.authAcr)) {
            this.log.error("Failed to determine authentication mode", new Object[0]);
            authenticationFailedSessionInvalid();
            return false;
        }
        ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
        CustomScriptConfiguration customScriptConfiguration = this.externalAuthenticationService.getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, this.authAcr);
        if (customScriptConfiguration == null) {
            this.log.error("Failed to get CustomScriptConfiguration for acr: '{1}', auth_step: '{0}'", new Object[]{this.authAcr, this.authStep});
            return false;
        }
        if (!isPassedPreviousAuthSteps(sessionAttributes, this.authStep)) {
            this.log.error("There are authentication steps not marked as passed. acr: '{1}', auth_step: '{0}'", new Object[]{this.authAcr, this.authStep});
            return false;
        }
        boolean executeExternalAuthenticate = this.externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, externalContext.getRequestParameterValuesMap(), this.authStep.intValue());
        this.log.debug("Authentication result for user '{0}'. auth_step: '{1}', result: '{2}', credentials: '{3}'", new Object[]{credentials.getUsername(), this.authStep, Boolean.valueOf(executeExternalAuthenticate), Integer.valueOf(System.identityHashCode(credentials))});
        int i = -1;
        int executeExternalGetApiVersion = this.externalAuthenticationService.executeExternalGetApiVersion(customScriptConfiguration);
        if (executeExternalGetApiVersion > 1) {
            this.log.trace("According to API version script supports steps overriding", new Object[0]);
            i = this.externalAuthenticationService.getNextStep(customScriptConfiguration, externalContext.getRequestParameterValuesMap(), this.authStep.intValue());
            this.log.debug("Get next step from script: '{0}'", new Object[]{Integer.valueOf(executeExternalGetApiVersion)});
        }
        if (!executeExternalAuthenticate && i == -1) {
            return false;
        }
        boolean z = false;
        if (i > -1) {
            z = true;
            this.sessionStateService.resetToStep(this.sessionStateService.getSessionState(), i);
            this.authStep = Integer.valueOf(i);
            this.log.info("Authentication reset to step : '{0}'", new Object[]{this.authStep});
        }
        SessionState sessionState2 = this.sessionStateService.getSessionState();
        Map<String, String> sessionAttributes2 = this.sessionStateService.getSessionAttributes(sessionState2);
        int executeExternalGetCountAuthenticationSteps = this.externalAuthenticationService.executeExternalGetCountAuthenticationSteps(customScriptConfiguration);
        if (this.authStep.intValue() >= executeExternalGetCountAuthenticationSteps) {
            if (this.authStep.intValue() != executeExternalGetCountAuthenticationSteps) {
                return false;
            }
            SessionState configureSessionUser2 = this.authenticationService.configureSessionUser(sessionState2, sessionAttributes2);
            this.identity.acceptExternallyAuthenticatedPrincipal(new SimplePrincipal(credentials.getUsername()));
            this.identity.quietLogin();
            if (Events.exists()) {
                this.log.debug("Sending event to trigger user redirection: '{0}'", new Object[]{credentials.getUsername()});
                this.authenticationService.onSuccessfulLogin(configureSessionUser2);
            }
            this.log.info("Authentication success for User: '{0}'", new Object[]{credentials.getUsername()});
            return true;
        }
        int intValue = z ? i : this.authStep.intValue() + 1;
        String executeExternalGetPageForStep = this.externalAuthenticationService.executeExternalGetPageForStep(customScriptConfiguration, intValue);
        if (StringHelper.isEmpty(executeExternalGetPageForStep)) {
            executeExternalGetPageForStep = "/login.xhtml";
        }
        updateExtraParameters(customScriptConfiguration, intValue, sessionAttributes2);
        if (!z) {
            sessionAttributes2.put("auth_step", Integer.toString(intValue));
            markAuthStepAsPassed(sessionAttributes2, this.authStep);
        }
        if (sessionState2 != null && !updateSession(sessionState2, sessionAttributes2)) {
            return false;
        }
        this.log.trace("Redirect to page: '{0}'", new Object[]{executeExternalGetPageForStep});
        FacesManager.instance().redirect(executeExternalGetPageForStep, (Map) null, false);
        return true;
    }

    private boolean updateSession(SessionState sessionState, Map<String, String> map) {
        sessionState.setSessionAttributes(map);
        if (this.sessionStateService.updateSessionState(sessionState, true, true)) {
            return true;
        }
        this.log.debug("Failed to update session entry: '{0}'", new Object[]{sessionState.getId()});
        return false;
    }

    private boolean userAuthenticationService(Credentials credentials) {
        if (this.externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE)) {
            CustomScriptConfiguration determineCustomScriptConfiguration = this.externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authAcr);
            if (determineCustomScriptConfiguration == null) {
                this.log.error("Failed to get CustomScriptConfiguration. auth_step: '{0}', acr: '{1}'", new Object[]{this.authStep, this.authAcr});
            } else {
                this.authAcr = determineCustomScriptConfiguration.getName();
                boolean executeExternalAuthenticate = this.externalAuthenticationService.executeExternalAuthenticate(determineCustomScriptConfiguration, null, 1);
                this.log.info("Authentication result for '{0}'. auth_step: '{1}', result: '{2}'", new Object[]{credentials.getUsername(), this.authStep, Boolean.valueOf(executeExternalAuthenticate)});
                if (executeExternalAuthenticate) {
                    authenticateExternallyWebService(credentials.getUsername());
                    this.authenticationService.configureEventUser();
                    this.log.info("Authentication success for User: '{0}'", new Object[]{credentials.getUsername()});
                    return true;
                }
            }
        }
        if (!StringHelper.isNotEmpty(credentials.getUsername()) || !this.authenticationService.authenticate(credentials.getUsername(), credentials.getPassword())) {
            return false;
        }
        authenticateExternallyWebService(credentials.getUsername());
        this.authenticationService.configureEventUser();
        this.log.info("Authentication success for User: '{0}'", new Object[]{credentials.getUsername()});
        return true;
    }

    private void updateExtraParameters(CustomScriptConfiguration customScriptConfiguration, int i, Map<String, String> map) {
        List<String> executeExternalGetExtraParametersForStep = this.externalAuthenticationService.executeExternalGetExtraParametersForStep(customScriptConfiguration, i);
        if (executeExternalGetExtraParametersForStep != null) {
            for (String str : executeExternalGetExtraParametersForStep) {
                if (this.authenticationService.isParameterExists(str)) {
                    map.put(str, this.authenticationService.getParameterValue(str));
                }
            }
        }
    }

    public String prepareAuthenticationForStep() {
        SessionState sessionState = this.sessionStateService.getSessionState();
        Map<String, String> sessionAttributes = this.sessionStateService.getSessionAttributes(sessionState);
        if (sessionAttributes == null) {
            this.log.error("Failed to get attributes from session", new Object[0]);
            return Constants.RESULT_EXPIRED;
        }
        Contexts.getEventContext().set("sessionAttributes", sessionAttributes);
        if (!this.externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE)) {
            return Constants.RESULT_SUCCESS;
        }
        initCustomAuthenticatorVariables(sessionAttributes);
        if (StringHelper.isEmpty(this.authAcr)) {
            return Constants.RESULT_SUCCESS;
        }
        if (this.authStep == null || this.authStep.intValue() < 1) {
            return Constants.RESULT_NO_PERMISSIONS;
        }
        CustomScriptConfiguration customScriptConfiguration = this.externalAuthenticationService.getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, this.authAcr);
        if (customScriptConfiguration == null) {
            this.log.error("Failed to get CustomScriptConfiguration. auth_step: '{0}', acr: '{1}'", new Object[]{this.authStep, this.authAcr});
            return Constants.RESULT_FAILURE;
        }
        String name = customScriptConfiguration.getName();
        CustomScriptConfiguration determineExternalAuthenticatorForWorkflow = this.externalAuthenticationService.determineExternalAuthenticatorForWorkflow(AuthenticationScriptUsageType.INTERACTIVE, customScriptConfiguration);
        if (determineExternalAuthenticatorForWorkflow == null) {
            return Constants.RESULT_FAILURE;
        }
        String name2 = determineExternalAuthenticatorForWorkflow.getName();
        if (StringHelper.equalsIgnoreCase(name, name2)) {
            if (!isPassedPreviousAuthSteps(sessionAttributes, this.authStep)) {
                this.log.error("There are authentication steps not marked as passed. acr: '{1}', auth_step: '{0}'", new Object[]{this.authAcr, this.authStep});
                return Constants.RESULT_FAILURE;
            }
            Boolean valueOf = Boolean.valueOf(this.externalAuthenticationService.executeExternalPrepareForStep(determineExternalAuthenticatorForWorkflow, FacesContext.getCurrentInstance().getExternalContext().getRequestParameterValuesMap(), this.authStep.intValue()));
            if (valueOf == null || !valueOf.booleanValue()) {
                return Constants.RESULT_FAILURE;
            }
            updateExtraParameters(determineExternalAuthenticatorForWorkflow, this.authStep.intValue(), sessionAttributes);
            return (sessionState == null || updateSession(sessionState, sessionAttributes)) ? Constants.RESULT_SUCCESS : Constants.RESULT_FAILURE;
        }
        String executeExternalGetPageForStep = this.externalAuthenticationService.executeExternalGetPageForStep(determineExternalAuthenticatorForWorkflow, this.authStep.intValue());
        if (StringHelper.isEmpty(executeExternalGetPageForStep)) {
            executeExternalGetPageForStep = "/login.xhtml";
        }
        CustomScriptConfiguration customScriptConfiguration2 = this.externalAuthenticationService.getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, name2);
        if (customScriptConfiguration2 == null) {
            this.log.error("Failed to get determined CustomScriptConfiguration. auth_step: '{0}', acr: '{1}'", new Object[]{this.authStep, this.authAcr});
            return Constants.RESULT_FAILURE;
        }
        this.log.debug("Redirect to page: '{0}'. Force to use acr: '{1}'", new Object[]{executeExternalGetPageForStep, name2});
        String name3 = customScriptConfiguration2.getName();
        String num = Integer.toString(customScriptConfiguration2.getLevel());
        sessionAttributes.put("acr", name3);
        sessionAttributes.put("auth_level", num);
        sessionAttributes.put("auth_step", Integer.toString(1));
        if (sessionState != null && !updateSession(sessionState, sessionAttributes)) {
            return Constants.RESULT_EXPIRED;
        }
        FacesManager.instance().redirect(executeExternalGetPageForStep, (Map) null, false);
        return Constants.RESULT_SUCCESS;
    }

    public void authenticateExternallyWebService(String str) {
        Application application = (Application) Component.getInstance(Application.class);
        if (application == null || application.isDestroySessionAfterRequest()) {
            return;
        }
        this.identity.acceptExternallyAuthenticatedPrincipal(new SimplePrincipal(str));
        this.identity.quietLogin();
    }

    public boolean authenticateBySessionState(String str) {
        if (!StringUtils.isNotBlank(str) || !ConfigurationFactory.instance().getConfiguration().getSessionIdEnabled().booleanValue()) {
            return false;
        }
        try {
            return authenticateBySessionState(this.sessionStateService.getSessionState(str));
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e, new Object[0]);
            return false;
        }
    }

    public boolean authenticateBySessionState(SessionState sessionState) {
        User userOrRemoveSession;
        if (sessionState == null) {
            return false;
        }
        this.log.trace("authenticateBySessionState, sessionState = '{0}', session = '{1}', state= '{2}'", new Object[]{sessionState.getId(), sessionState, sessionState.getState()});
        if (SessionIdState.AUTHENTICATED != sessionState.getState() || (userOrRemoveSession = this.authenticationService.getUserOrRemoveSession(sessionState)) == null) {
            return false;
        }
        try {
            authenticateExternallyWebService(userOrRemoveSession.getUserId());
            this.authenticationService.configureEventUser(sessionState);
            return true;
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e, new Object[0]);
            return true;
        }
    }

    private void initCustomAuthenticatorVariables(Map<String, String> map) {
        if (map == null) {
            this.log.error("Failed to restore attributes from session attributes", new Object[0]);
        } else {
            this.authStep = StringHelper.toInteger(map.get("auth_step"), (Integer) null);
            this.authAcr = map.get("acr");
        }
    }

    private boolean authenticationFailed() {
        if (this.addedErrorMessage) {
            return false;
        }
        this.facesMessages.addFromResourceBundle(StatusMessage.Severity.ERROR, "login.errorMessage", new Object[0]);
        return false;
    }

    private void authenticationFailedSessionInvalid() {
        this.addedErrorMessage = true;
        this.facesMessages.addFromResourceBundle(StatusMessage.Severity.ERROR, "login.errorSessionInvalidMessage", new Object[0]);
        FacesManager.instance().redirect("/error.xhtml");
    }

    private void markAuthStepAsPassed(Map<String, String> map, Integer num) {
        map.put(String.format("auth_step_passed_%d", num), Boolean.TRUE.toString());
    }

    private boolean isAuthStepPassed(Map<String, String> map, Integer num) {
        String format = String.format("auth_step_passed_%d", num);
        return map.containsKey(format) && Boolean.parseBoolean(map.get(format));
    }

    private boolean isPassedPreviousAuthSteps(Map<String, String> map, Integer num) {
        for (int i = 1; i < num.intValue(); i++) {
            if (!isAuthStepPassed(map, Integer.valueOf(i))) {
                return false;
            }
        }
        return true;
    }

    public void configureSessionClient(Client client) {
        this.authenticationService.configureSessionClient(getWebServiceContext(), client);
    }
}
