package io.jans.as.server.auth;

import io.jans.as.common.model.common.User;
import io.jans.as.common.model.registration.Client;
import io.jans.as.common.model.session.SessionId;
import io.jans.as.common.model.session.SessionIdState;
import io.jans.as.model.authorize.AuthorizeErrorResponseType;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.server.i18n.LanguageBean;
import io.jans.as.server.model.config.Constants;
import io.jans.as.server.model.exception.InvalidSessionStateException;
import io.jans.as.server.security.Identity;
import io.jans.as.server.service.AuthenticationService;
import io.jans.as.server.service.ClientService;
import io.jans.as.server.service.ErrorHandlerService;
import io.jans.as.server.service.RequestParameterService;
import io.jans.as.server.service.SessionIdService;
import io.jans.as.server.service.external.ExternalAuthenticationService;
import io.jans.jsf2.message.FacesMessages;
import io.jans.jsf2.service.FacesService;
import io.jans.model.AuthenticationScriptUsageType;
import io.jans.model.custom.script.conf.CustomScriptConfiguration;
import io.jans.model.security.Credentials;
import io.jans.util.StringHelper;
import jakarta.enterprise.context.RequestScoped;
import jakarta.faces.application.FacesMessage;
import jakarta.faces.context.ExternalContext;
import jakarta.faces.context.FacesContext;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;

@Named
@RequestScoped
/* loaded from: input_file:io/jans/as/server/auth/Authenticator.class */
public class Authenticator {
    public static final String INVALID_SESSION_MESSAGE = "login.errorSessionInvalidMessage";
    public static final String AUTHENTICATION_ERROR_MESSAGE = "login.failedToAuthenticate";
    public static final String AUTHENTICATION_SUCCESS_FOR_USER = "Authentication success for User: '{}'";

    @Inject
    private Logger logger;

    @Inject
    private Identity identity;

    @Inject
    private Credentials credentials;

    @Inject
    private ClientService clientService;

    @Inject
    private SessionIdService sessionIdService;

    @Inject
    private AuthenticationService authenticationService;

    @Inject
    private ExternalAuthenticationService externalAuthenticationService;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private FacesContext facesContext;

    @Inject
    private ExternalContext externalContext;

    @Inject
    private FacesService facesService;

    @Inject
    private FacesMessages facesMessages;

    @Inject
    private LanguageBean languageBean;

    @Inject
    private RequestParameterService requestParameterService;

    @Inject
    private ErrorHandlerService errorHandlerService;
    private String authAcr;
    private Integer authStep;
    private String lastResult;
    private SessionId curentSessionId;

    public boolean authenticate() {
        HttpServletRequest httpServletRequest = (HttpServletRequest) this.facesContext.getExternalContext().getRequest();
        if (this.sessionIdService.isSessionIdAuthenticated(getSessionId(httpServletRequest))) {
            this.errorHandlerService.handleError("login.userAlreadyAuthenticated", AuthorizeErrorResponseType.RETRY, "Session is already authenticated. Please re-send authorization request. If AS errorHandlingMethod=remote then RP can get redirect with error and re-send authorization request automatically.");
            return false;
        }
        this.lastResult = authenticateImpl(httpServletRequest, true, false, false);
        if (Constants.RESULT_SUCCESS.equals(this.lastResult)) {
            return true;
        }
        if (Constants.RESULT_FAILURE.equals(this.lastResult)) {
            authenticationFailed();
            return false;
        }
        if (Constants.RESULT_NO_PERMISSIONS.equals(this.lastResult)) {
            handlePermissionsError();
            return false;
        }
        if (Constants.RESULT_EXPIRED.equals(this.lastResult)) {
            handleSessionInvalid();
            return false;
        }
        if (!Constants.RESULT_AUTHENTICATION_FAILED.equals(this.lastResult)) {
            return false;
        }
        addSeverityMessages();
        return false;
    }

    private void addSeverityMessages() {
        if (this.facesMessages.getMessages().size() == 0) {
            addMessage(FacesMessage.SEVERITY_ERROR, AUTHENTICATION_ERROR_MESSAGE);
        }
    }

    public String authenticateWithOutcome() {
        this.lastResult = authenticateImpl((HttpServletRequest) this.facesContext.getExternalContext().getRequest(), true, false, false);
        if (Constants.RESULT_SUCCESS.equals(this.lastResult)) {
            return this.lastResult;
        }
        if (Constants.RESULT_FAILURE.equals(this.lastResult)) {
            authenticationFailed();
        } else if (Constants.RESULT_NO_PERMISSIONS.equals(this.lastResult)) {
            handlePermissionsError();
        } else if (Constants.RESULT_EXPIRED.equals(this.lastResult)) {
            handleSessionInvalid();
        } else if (Constants.RESULT_AUTHENTICATION_FAILED.equals(this.lastResult)) {
            addSeverityMessages();
            handleLoginError(null);
        }
        return this.lastResult;
    }

    public boolean authenticateClient(HttpServletRequest httpServletRequest, boolean z) {
        return Constants.RESULT_SUCCESS.equals(authenticateImpl(httpServletRequest, false, z, true));
    }

    public boolean authenticateClient(HttpServletRequest httpServletRequest) {
        return Constants.RESULT_SUCCESS.equals(authenticateImpl(httpServletRequest, false, false, true));
    }

    public boolean authenticateUser(HttpServletRequest httpServletRequest) {
        return Constants.RESULT_SUCCESS.equals(authenticateImpl(httpServletRequest, false, false, false));
    }

    public boolean isServiceAuthentication(boolean z, boolean z2, HttpServletRequest httpServletRequest) {
        return z && StringHelper.isNotEmpty(this.credentials.getUsername()) && (z2 || StringHelper.isNotEmpty(this.credentials.getPassword())) && httpServletRequest != null && (httpServletRequest.getRequestURI().endsWith("/token") || httpServletRequest.getRequestURI().endsWith("/revoke") || httpServletRequest.getRequestURI().endsWith("/revoke_session") || httpServletRequest.getRequestURI().endsWith("/userinfo") || httpServletRequest.getRequestURI().endsWith("/bc-authorize") || httpServletRequest.getRequestURI().endsWith("/par") || httpServletRequest.getRequestURI().endsWith("/device_authorization"));
    }

    public String authenticateImpl(HttpServletRequest httpServletRequest, boolean z, boolean z2, boolean z3) {
        String str = Constants.RESULT_FAILURE;
        try {
            this.logger.trace("Authenticating ... (interactive: {}, skipPassword: {}, credentials.username: {})", new Object[]{Boolean.valueOf(z), Boolean.valueOf(z2), this.credentials.getUsername()});
            if (isServiceAuthentication(z3, z2, httpServletRequest)) {
                if (clientAuthentication(this.credentials, z, z2)) {
                    str = Constants.RESULT_SUCCESS;
                }
            } else if (z) {
                str = userAuthenticationInteractive(httpServletRequest);
            } else if (userAuthenticationService()) {
                str = Constants.RESULT_SUCCESS;
            }
        } catch (InvalidSessionStateException e) {
            throw e;
        } catch (Exception e2) {
            this.logger.error(e2.getMessage(), e2);
        }
        if (Constants.RESULT_SUCCESS.equals(str)) {
            this.logger.trace("Authentication successfully for '{}'", this.credentials.getUsername());
            return str;
        }
        this.logger.info("Authentication failed for '{}'", this.credentials.getUsername());
        return str;
    }

    public boolean clientAuthentication(Credentials credentials, boolean z, boolean z2) {
        if (!z && this.externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE)) {
            CustomScriptConfiguration determineCustomScriptConfiguration = this.externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authAcr);
            if (determineCustomScriptConfiguration == null) {
                this.logger.error("Failed to get CustomScriptConfiguration. acr: '{}'", this.authAcr);
            } else {
                this.authAcr = determineCustomScriptConfiguration.getCustomScript().getName();
                boolean executeExternalAuthenticate = this.externalAuthenticationService.executeExternalAuthenticate(determineCustomScriptConfiguration, null, 1);
                this.logger.info("Authentication result for user '{}', result: '{}'", credentials.getUsername(), Boolean.valueOf(executeExternalAuthenticate));
                if (executeExternalAuthenticate) {
                    showClientAuthenticationLog(this.authenticationService.configureSessionClient());
                    return true;
                }
            }
        }
        boolean z3 = z2;
        if (!z3) {
            z3 = this.clientService.authenticate(credentials.getUsername(), credentials.getPassword());
        }
        if (!z3) {
            return false;
        }
        showClientAuthenticationLog(this.authenticationService.configureSessionClient());
        return true;
    }

    private void showClientAuthenticationLog(Client client) {
        StringBuilder sb = new StringBuilder("Authentication success for Client");
        if (StringHelper.toBoolean(this.appConfiguration.getLogClientIdOnClientAuthentication(), false) || StringHelper.toBoolean(this.appConfiguration.getLogClientNameOnClientAuthentication(), false)) {
            sb.append(":");
            if (BooleanUtils.isTrue(this.appConfiguration.getLogClientIdOnClientAuthentication())) {
                sb.append(" ").append("'").append(client.getClientId()).append("'");
            }
            if (BooleanUtils.isTrue(this.appConfiguration.getLogClientNameOnClientAuthentication())) {
                sb.append(" ").append("('").append(client.getClientName()).append("')");
            }
        }
        if (this.logger.isInfoEnabled()) {
            this.logger.info(sb.toString());
        }
    }

    private String userAuthenticationInteractive(HttpServletRequest httpServletRequest) {
        SessionId sessionId = getSessionId(httpServletRequest);
        Map<String, String> sessionAttributes = this.sessionIdService.getSessionAttributes(sessionId);
        if (sessionAttributes == null) {
            this.logger.debug("Unable to get session attributes. SessionId: {}", sessionId != null ? sessionId.getId() : null);
            return Constants.RESULT_EXPIRED;
        }
        this.identity.setSessionId(sessionId);
        initCustomAuthenticatorVariables(sessionAttributes);
        if (!this.externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE) || StringHelper.isEmpty(this.authAcr)) {
            if (!StringHelper.isNotEmpty(this.credentials.getUsername())) {
                return Constants.RESULT_FAILURE;
            }
            if (this.authenticationService.authenticate(this.credentials.getUsername(), this.credentials.getPassword())) {
                SessionId configureSessionUser = this.authenticationService.configureSessionUser(sessionId, sessionAttributes);
                this.logger.debug("Sending event to trigger user redirection: '{}'", this.credentials.getUsername());
                this.authenticationService.onSuccessfulLogin(configureSessionUser);
            } else {
                this.sessionIdService.updateSessionId(sessionId);
            }
            this.logger.info(AUTHENTICATION_SUCCESS_FOR_USER, this.credentials.getUsername());
            return Constants.RESULT_SUCCESS;
        }
        initCustomAuthenticatorVariables(sessionAttributes);
        if (this.authStep == null || StringHelper.isEmpty(this.authAcr)) {
            this.logger.error("Failed to determine authentication mode");
            return Constants.RESULT_EXPIRED;
        }
        CustomScriptConfiguration customScriptConfiguration = this.externalAuthenticationService.getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, this.authAcr);
        if (customScriptConfiguration == null) {
            this.logger.error("Failed to get CustomScriptConfiguration for acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
            return Constants.RESULT_FAILURE;
        }
        if (!isPassedPreviousAuthSteps(sessionAttributes, this.authStep)) {
            this.logger.error("There are authentication steps not marked as passed. acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
            return Constants.RESULT_FAILURE;
        }
        setIdentityWorkingParameters(sessionAttributes);
        boolean executeExternalAuthenticate = this.externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, this.externalContext.getRequestParameterValuesMap(), this.authStep.intValue());
        if (this.logger.isDebugEnabled()) {
            String username = this.credentials.getUsername();
            if (StringHelper.isEmpty(username)) {
                User user = this.identity.getUser();
                if (user != null) {
                    username = user.getUserId();
                }
                this.logger.debug("Authentication result for user '{}'. auth_step: '{}', result: '{}', credentials: '{}'", new Object[]{username, this.authStep, Boolean.valueOf(executeExternalAuthenticate), Integer.valueOf(System.identityHashCode(this.credentials))});
            }
        }
        int i = -1;
        this.logger.trace("################## acr: {}, step: {}", this.authAcr, this.authStep);
        if (this.externalAuthenticationService.executeExternalGetApiVersion(customScriptConfiguration) > 1) {
            this.logger.trace("According to API version script supports steps overriding");
            i = this.externalAuthenticationService.getNextStep(customScriptConfiguration, this.externalContext.getRequestParameterValuesMap(), this.authStep.intValue());
            this.logger.debug("Get next step from script: '{}'", Integer.valueOf(i));
        }
        if (!executeExternalAuthenticate && i == -1) {
            this.sessionIdService.updateSessionId(sessionId);
            return Constants.RESULT_AUTHENTICATION_FAILED;
        }
        boolean z = false;
        if (i > -1) {
            z = true;
            sessionId = this.sessionIdService.resetToStep(sessionId, i);
            if (sessionId == null) {
                return Constants.RESULT_AUTHENTICATION_FAILED;
            }
            this.authStep = Integer.valueOf(i);
            this.logger.info("Authentication reset to step : '{}'", this.authStep);
        }
        updateExtraParameters(customScriptConfiguration, this.authStep.intValue() + 1, sessionAttributes);
        int executeExternalGetCountAuthenticationSteps = this.externalAuthenticationService.executeExternalGetCountAuthenticationSteps(customScriptConfiguration);
        Map<String, String> sessionAttributes2 = this.sessionIdService.getSessionAttributes(sessionId);
        if (this.authStep.intValue() >= executeExternalGetCountAuthenticationSteps && !z) {
            if (this.authStep.intValue() != executeExternalGetCountAuthenticationSteps) {
                return Constants.RESULT_FAILURE;
            }
            updateExtraParameters(customScriptConfiguration, this.authStep.intValue() + 1, sessionAttributes2);
            SessionId configureSessionUser2 = this.authenticationService.configureSessionUser(sessionId, sessionAttributes2);
            this.authenticationService.quietLogin(this.credentials.getUsername());
            this.logger.debug("Sending event to trigger user redirection: '{}'", this.credentials.getUsername());
            this.authenticationService.onSuccessfulLogin(configureSessionUser2);
            this.logger.info(AUTHENTICATION_SUCCESS_FOR_USER, this.credentials.getUsername());
            return Constants.RESULT_SUCCESS;
        }
        int intValue = z ? i : this.authStep.intValue() + 1;
        String executeExternalGetPageForStep = this.externalAuthenticationService.executeExternalGetPageForStep(customScriptConfiguration, intValue);
        if (executeExternalGetPageForStep == null) {
            return Constants.RESULT_FAILURE;
        }
        if (StringHelper.isEmpty(executeExternalGetPageForStep)) {
            executeExternalGetPageForStep = "/login.xhtml";
        }
        updateExtraParameters(customScriptConfiguration, intValue, sessionAttributes2);
        if (!z) {
            sessionAttributes2.put("auth_step", Integer.toString(intValue));
            markAuthStepAsPassed(sessionAttributes2, this.authStep);
        }
        if (sessionId != null && !updateSession(sessionId, sessionAttributes2)) {
            return Constants.RESULT_EXPIRED;
        }
        this.logger.trace("Redirect to page: '{}'", executeExternalGetPageForStep);
        this.facesService.redirectWithExternal(executeExternalGetPageForStep, (Map) null);
        return Constants.RESULT_SUCCESS;
    }

    protected void handleSessionInvalid() {
        this.errorHandlerService.handleError(INVALID_SESSION_MESSAGE, AuthorizeErrorResponseType.AUTHENTICATION_SESSION_INVALID, "Create authorization request to start new authentication session.");
    }

    protected void handleScriptError() {
        handleScriptError(AUTHENTICATION_ERROR_MESSAGE);
    }

    protected void handleScriptError(String str) {
        this.errorHandlerService.handleError(str, AuthorizeErrorResponseType.INVALID_AUTHENTICATION_METHOD, "Contact administrator to fix specific ACR method issue.");
    }

    protected void handlePermissionsError() {
        this.errorHandlerService.handleError("login.youDontHavePermission", AuthorizeErrorResponseType.ACCESS_DENIED, "Contact administrator to grant access to resource.");
    }

    protected void handleLoginError(String str) {
        this.errorHandlerService.handleError(str, AuthorizeErrorResponseType.LOGIN_REQUIRED, "User should log into into system.");
    }

    private boolean updateSession(SessionId sessionId, Map<String, String> map) {
        sessionId.setSessionAttributes(map);
        if (this.sessionIdService.updateSessionId(sessionId, true, true, true)) {
            return true;
        }
        this.logger.debug("Failed to update session entry: '{}'", sessionId.getId());
        return false;
    }

    private boolean userAuthenticationService() {
        if (this.externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE)) {
            CustomScriptConfiguration determineCustomScriptConfiguration = this.externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authAcr);
            if (determineCustomScriptConfiguration == null) {
                this.logger.error("Failed to get CustomScriptConfiguration. auth_step: '{}', acr: '{}'", this.authStep, this.authAcr);
            } else {
                this.authAcr = determineCustomScriptConfiguration.getName();
                boolean executeExternalAuthenticate = this.externalAuthenticationService.executeExternalAuthenticate(determineCustomScriptConfiguration, null, 1);
                this.logger.info("Authentication result for '{}'. auth_step: '{}', result: '{}'", new Object[]{this.credentials.getUsername(), this.authStep, Boolean.valueOf(executeExternalAuthenticate)});
                if (executeExternalAuthenticate) {
                    this.authenticationService.configureEventUser();
                    this.logger.info(AUTHENTICATION_SUCCESS_FOR_USER, this.credentials.getUsername());
                    return true;
                }
                this.logger.info("Authentication failed for User: '{}'", this.credentials.getUsername());
            }
        }
        if (!StringHelper.isNotEmpty(this.credentials.getUsername())) {
            return false;
        }
        if (!this.authenticationService.authenticate(this.credentials.getUsername(), this.credentials.getPassword())) {
            this.logger.info("Authentication failed for User: '{}'", this.credentials.getUsername());
            return false;
        }
        this.authenticationService.configureEventUser();
        this.logger.info(AUTHENTICATION_SUCCESS_FOR_USER, this.credentials.getUsername());
        return true;
    }

    private void setIdentityWorkingParameters(Map<String, String> map) {
        Map<String, String> externalScriptExtraParameters = this.authenticationService.getExternalScriptExtraParameters(map);
        HashMap workingParameters = this.identity.getWorkingParameters();
        for (Map.Entry<String, String> entry : externalScriptExtraParameters.entrySet()) {
            String key = entry.getKey();
            String value = entry.getValue();
            if (map.containsKey(key)) {
                workingParameters.put(key, this.requestParameterService.getTypedValue(map.get(key), value));
            }
        }
    }

    public String prepareAuthenticationForStep() {
        this.lastResult = prepareAuthenticationForStep(this.sessionIdService.getSessionId());
        if (Constants.RESULT_SUCCESS.equals(this.lastResult)) {
            return this.lastResult;
        }
        if (Constants.RESULT_FAILURE.equals(this.lastResult)) {
            handleScriptError();
        } else if (Constants.RESULT_NO_PERMISSIONS.equals(this.lastResult)) {
            handlePermissionsError();
        } else if (Constants.RESULT_EXPIRED.equals(this.lastResult)) {
            handleSessionInvalid();
        }
        return this.lastResult;
    }

    public String prepareAuthenticationForStep(SessionId sessionId) {
        Map<String, String> sessionAttributes = this.sessionIdService.getSessionAttributes(sessionId);
        if (sessionAttributes == null) {
            this.logger.debug("Unable to get attributes from session");
            return Constants.RESULT_EXPIRED;
        }
        this.identity.setSessionId(sessionId);
        if (!this.externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE)) {
            return Constants.RESULT_SUCCESS;
        }
        initCustomAuthenticatorVariables(sessionAttributes);
        if (StringHelper.isEmpty(this.authAcr)) {
            return Constants.RESULT_SUCCESS;
        }
        if (this.authStep == null || this.authStep.intValue() < 1) {
            return Constants.RESULT_NO_PERMISSIONS;
        }
        CustomScriptConfiguration customScriptConfiguration = this.externalAuthenticationService.getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, this.authAcr);
        if (customScriptConfiguration == null) {
            this.logger.error("Failed to get CustomScriptConfiguration. auth_step: '{}', acr: '{}'", this.authStep, this.authAcr);
            return Constants.RESULT_FAILURE;
        }
        if (!isPassedPreviousAuthSteps(sessionAttributes, this.authStep)) {
            this.logger.error("There are authentication steps not marked as passed. acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
            return Constants.RESULT_FAILURE;
        }
        setIdentityWorkingParameters(sessionAttributes);
        String name = customScriptConfiguration.getName();
        CustomScriptConfiguration determineExternalAuthenticatorForWorkflow = this.externalAuthenticationService.determineExternalAuthenticatorForWorkflow(AuthenticationScriptUsageType.INTERACTIVE, customScriptConfiguration);
        if (determineExternalAuthenticatorForWorkflow == null) {
            return Constants.RESULT_FAILURE;
        }
        String name2 = determineExternalAuthenticatorForWorkflow.getName();
        if (StringHelper.equalsIgnoreCase(name, name2)) {
            return executeExternalPrepareForStep(sessionId, sessionAttributes, determineExternalAuthenticatorForWorkflow);
        }
        String executeExternalGetPageForStep = this.externalAuthenticationService.executeExternalGetPageForStep(determineExternalAuthenticatorForWorkflow, this.authStep.intValue());
        if (StringHelper.isEmpty(executeExternalGetPageForStep)) {
            executeExternalGetPageForStep = "/login.xhtml";
        }
        CustomScriptConfiguration customScriptConfiguration2 = this.externalAuthenticationService.getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, name2);
        if (customScriptConfiguration2 == null) {
            this.logger.error("Failed to get determined CustomScriptConfiguration. auth_step: '{}', acr: '{}'", this.authStep, this.authAcr);
            return Constants.RESULT_FAILURE;
        }
        this.logger.debug("Redirect to page: '{}'. Force to use acr: '{}'", executeExternalGetPageForStep, name2);
        String name3 = customScriptConfiguration2.getName();
        String num = Integer.toString(customScriptConfiguration2.getLevel());
        sessionAttributes.put("acr", name3);
        sessionAttributes.put("auth_level", num);
        sessionAttributes.put("auth_step", Integer.toString(1));
        if (BooleanUtils.isFalse(this.appConfiguration.getKeepAuthenticatorAttributesOnAcrChange())) {
            this.authenticationService.clearExternalScriptExtraParameters(sessionAttributes);
        }
        if (sessionId != null && !updateSession(sessionId, sessionAttributes)) {
            return Constants.RESULT_EXPIRED;
        }
        this.facesService.redirectWithExternal(executeExternalGetPageForStep, (Map) null);
        return Constants.RESULT_SUCCESS;
    }

    @NotNull
    private String executeExternalPrepareForStep(SessionId sessionId, Map<String, String> map, CustomScriptConfiguration customScriptConfiguration) {
        if (!this.externalAuthenticationService.executeExternalPrepareForStep(customScriptConfiguration, this.externalContext.getRequestParameterValuesMap(), this.authStep.intValue())) {
            return Constants.RESULT_FAILURE;
        }
        updateExtraParameters(customScriptConfiguration, this.authStep.intValue(), map);
        return (sessionId == null || updateSession(sessionId, map)) ? Constants.RESULT_SUCCESS : Constants.RESULT_FAILURE;
    }

    public boolean authenticateBySessionId(String str) {
        if (!StringUtils.isNotBlank(str)) {
            return false;
        }
        try {
            return authenticateBySessionId(this.sessionIdService.getSessionId(str));
        } catch (Exception e) {
            this.logger.trace(e.getMessage(), e);
            return false;
        }
    }

    public boolean authenticateBySessionId(SessionId sessionId) {
        User userOrRemoveSession;
        if (sessionId == null) {
            return false;
        }
        this.logger.trace("authenticateBySessionId, sessionId = '{}', session = '{}', state= '{}'", new Object[]{sessionId.getId(), sessionId, sessionId.getState()});
        if (SessionIdState.AUTHENTICATED != sessionId.getState() || (userOrRemoveSession = this.authenticationService.getUserOrRemoveSession(sessionId)) == null) {
            return false;
        }
        try {
            this.authenticationService.quietLogin(userOrRemoveSession.getUserId());
            this.authenticationService.configureEventUser(sessionId);
            return true;
        } catch (Exception e) {
            this.logger.trace(e.getMessage(), e);
            return true;
        }
    }

    private void initCustomAuthenticatorVariables(Map<String, String> map) {
        if (map == null) {
            this.logger.error("Failed to restore attributes from session attributes");
        } else {
            this.authStep = StringHelper.toInteger(map.get("auth_step"), (Integer) null);
            this.authAcr = map.get("acr");
        }
    }

    private boolean authenticationFailed() {
        addMessage(FacesMessage.SEVERITY_ERROR, "login.errorMessage");
        handleScriptError(null);
        return false;
    }

    private void markAuthStepAsPassed(Map<String, String> map, Integer num) {
        map.put(String.format("auth_step_passed_%d", num), Boolean.TRUE.toString());
    }

    private boolean isAuthStepPassed(Map<String, String> map, Integer num) {
        String format = String.format("auth_step_passed_%d", num);
        return map.containsKey(format) && Boolean.parseBoolean(map.get(format));
    }

    private boolean isPassedPreviousAuthSteps(Map<String, String> map, Integer num) {
        for (int i = 1; i < num.intValue(); i++) {
            if (!isAuthStepPassed(map, Integer.valueOf(i))) {
                return false;
            }
        }
        return true;
    }

    private void updateExtraParameters(CustomScriptConfiguration customScriptConfiguration, int i, Map<String, String> map) {
        this.authenticationService.updateExtraParameters(map, this.externalAuthenticationService.executeExternalGetExtraParametersForStep(customScriptConfiguration, i));
    }

    public void configureSessionClient(Client client) {
        this.authenticationService.configureSessionClient(client);
    }

    public void addMessage(FacesMessage.Severity severity, String str) {
        this.facesMessages.add(severity, this.languageBean.getMessage(str));
    }

    private SessionId getSessionId(HttpServletRequest httpServletRequest) {
        if (this.curentSessionId == null && this.identity.getSessionId() != null) {
            this.curentSessionId = this.identity.getSessionId();
            return this.curentSessionId;
        }
        if (this.curentSessionId == null) {
            this.curentSessionId = this.sessionIdService.getSessionId(httpServletRequest);
        }
        return this.curentSessionId;
    }

    public String getMaskedNumber() {
        String fullNumber = getFullNumber();
        if (fullNumber.length() > 7) {
            fullNumber = fullNumber.replace(fullNumber.substring(4, 6), "XX");
        }
        return fullNumber;
    }

    @NotNull
    private String getFullNumber() {
        String str = null;
        SessionId sessionId = this.sessionIdService.getSessionId();
        if (sessionId != null) {
            str = (String) sessionId.getSessionAttributes().get("mobile_number");
            if (StringUtils.isBlank(str)) {
                str = (String) sessionId.getSessionAttributes().get("mobile");
            }
        }
        return StringUtils.isBlank(str) ? "UNKNOWN USER PHONE." : str;
    }
}
