package io.jans.as.server.service.external;

import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.server.service.AcrService;
import io.jans.as.server.service.LocalResponseCache;
import io.jans.as.server.service.cdi.event.ReloadAuthScript;
import io.jans.as.server.service.external.internal.InternalDefaultPersonAuthenticationType;
import io.jans.model.AuthenticationScriptUsageType;
import io.jans.model.custom.script.CustomScriptType;
import io.jans.model.custom.script.conf.CustomScriptConfiguration;
import io.jans.model.custom.script.model.CustomScript;
import io.jans.model.custom.script.model.auth.AuthenticationCustomScript;
import io.jans.model.custom.script.type.BaseExternalType;
import io.jans.model.ldap.GluuLdapConfiguration;
import io.jans.service.custom.script.ExternalScriptService;
import io.jans.util.StringHelper;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.event.Observes;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.BooleanUtils;

@ApplicationScoped
/* loaded from: input_file:io/jans/as/server/service/external/ExternalAuthenticationService.class */
public class ExternalAuthenticationService extends ExternalScriptService {
    public static final String MODIFIED_INTERNAL_TYPES_EVENT_TYPE = "CustomScriptModifiedInternlTypesEvent";

    @Inject
    @Named("persistenceAuthConfig")
    private List<GluuLdapConfiguration> ldapAuthConfigs;

    @Inject
    private InternalDefaultPersonAuthenticationType internalDefaultPersonAuthenticationType;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private LocalResponseCache localResponseCache;
    private static final long serialVersionUID = 7339887464253044927L;
    private Map<AuthenticationScriptUsageType, List<CustomScriptConfiguration>> customScriptConfigurationsMapByUsageType;
    private Map<AuthenticationScriptUsageType, CustomScriptConfiguration> defaultExternalAuthenticators;
    private Map<String, String> scriptAliasMap;

    public ExternalAuthenticationService() {
        super(CustomScriptType.PERSON_AUTHENTICATION);
    }

    public void reloadAuthScript(@ReloadAuthScript @Observes String str) {
        reload(str);
    }

    public String scriptName(String str) {
        if (StringHelper.isEmpty(str)) {
            return null;
        }
        String scriptName = AcrService.getScriptName(str);
        return this.scriptAliasMap.containsKey(scriptName) ? this.scriptAliasMap.get(scriptName) : scriptName;
    }

    protected void reloadExternal() {
        this.customScriptConfigurationsMapByUsageType = groupCustomScriptConfigurationsMapByUsageType(this.customScriptConfigurationsNameMap);
        this.scriptAliasMap = buildScriptAliases();
        this.defaultExternalAuthenticators = determineDefaultCustomScriptConfigurationsMap(this.customScriptConfigurationsNameMap);
        this.localResponseCache.invalidateDiscoveryCache();
    }

    private HashMap<String, String> buildScriptAliases() {
        HashMap<String, String> hashMap = new HashMap<>();
        for (Map.Entry entry : this.customScriptConfigurationsNameMap.entrySet()) {
            String str = (String) entry.getKey();
            CustomScript customScript = ((CustomScriptConfiguration) entry.getValue()).getCustomScript();
            hashMap.put(str, str);
            List<String> aliases = customScript.getAliases();
            if (aliases != null) {
                for (String str2 : aliases) {
                    if (StringUtils.isNotBlank(str2)) {
                        hashMap.put(str2, str);
                    }
                }
            }
        }
        return hashMap;
    }

    protected void addExternalConfigurations(List<CustomScriptConfiguration> list) {
        if (this.ldapAuthConfigs == null || this.ldapAuthConfigs.isEmpty()) {
            if (list.isEmpty()) {
                list.add(getInternalCustomScriptConfiguration());
            }
        } else {
            Iterator<GluuLdapConfiguration> it = this.ldapAuthConfigs.iterator();
            while (it.hasNext()) {
                list.add(getInternalCustomScriptConfiguration(it.next()));
            }
        }
    }

    private Map<AuthenticationScriptUsageType, List<CustomScriptConfiguration>> groupCustomScriptConfigurationsMapByUsageType(Map<String, CustomScriptConfiguration> map) {
        HashMap hashMap = new HashMap();
        for (AuthenticationScriptUsageType authenticationScriptUsageType : AuthenticationScriptUsageType.values()) {
            ArrayList arrayList = new ArrayList();
            for (CustomScriptConfiguration customScriptConfiguration : map.values()) {
                if (isValidateUsageType(authenticationScriptUsageType, customScriptConfiguration)) {
                    arrayList.add(customScriptConfiguration);
                }
            }
            hashMap.put(authenticationScriptUsageType, arrayList);
        }
        return hashMap;
    }

    private Map<AuthenticationScriptUsageType, CustomScriptConfiguration> determineDefaultCustomScriptConfigurationsMap(Map<String, CustomScriptConfiguration> map) {
        HashMap hashMap = new HashMap();
        for (AuthenticationScriptUsageType authenticationScriptUsageType : AuthenticationScriptUsageType.values()) {
            CustomScriptConfiguration customScriptConfiguration = null;
            for (CustomScriptConfiguration customScriptConfiguration2 : this.customScriptConfigurationsMapByUsageType.get(authenticationScriptUsageType)) {
                if (customScriptConfiguration == null || customScriptConfiguration.getLevel() < customScriptConfiguration2.getLevel()) {
                    customScriptConfiguration = customScriptConfiguration2;
                }
            }
            hashMap.put(authenticationScriptUsageType, customScriptConfiguration);
        }
        return hashMap;
    }

    private boolean executeExternalIsValidAuthenticationMethod(AuthenticationScriptUsageType authenticationScriptUsageType, CustomScriptConfiguration customScriptConfiguration) {
        try {
            this.log.debug("Executing python 'isValidAuthenticationMethod' authenticator method");
            boolean isValidAuthenticationMethod = customScriptConfiguration.getExternalType().isValidAuthenticationMethod(authenticationScriptUsageType, customScriptConfiguration.getConfigurationAttributes());
            this.log.debug("Executed python 'isValidAuthenticationMethod' authenticator method, result: {}", Boolean.valueOf(isValidAuthenticationMethod));
            return isValidAuthenticationMethod;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            saveScriptError(customScriptConfiguration.getCustomScript(), e);
            return false;
        }
    }

    private String executeExternalGetAlternativeAuthenticationMethod(AuthenticationScriptUsageType authenticationScriptUsageType, CustomScriptConfiguration customScriptConfiguration) {
        try {
            this.log.trace("Executing python 'getAlternativeAuthenticationMethod' authenticator method");
            String alternativeAuthenticationMethod = customScriptConfiguration.getExternalType().getAlternativeAuthenticationMethod(authenticationScriptUsageType, customScriptConfiguration.getConfigurationAttributes());
            this.log.trace("Executed python 'getAlternativeAuthenticationMethod' authenticator method, result: {}", alternativeAuthenticationMethod);
            return alternativeAuthenticationMethod;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            saveScriptError(customScriptConfiguration.getCustomScript(), e);
            return null;
        }
    }

    public int executeExternalGetCountAuthenticationSteps(CustomScriptConfiguration customScriptConfiguration) {
        try {
            this.log.trace("Executing python 'getCountAuthenticationSteps' authenticator method");
            int countAuthenticationSteps = customScriptConfiguration.getExternalType().getCountAuthenticationSteps(customScriptConfiguration.getConfigurationAttributes());
            this.log.trace("Executed python 'getCountAuthenticationSteps' authenticator method, result: {}", Integer.valueOf(countAuthenticationSteps));
            return countAuthenticationSteps;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            saveScriptError(customScriptConfiguration.getCustomScript(), e);
            return -1;
        }
    }

    public boolean executeExternalAuthenticate(CustomScriptConfiguration customScriptConfiguration, Map<String, String[]> map, int i) {
        try {
            this.log.trace("Executing python 'authenticate' authenticator method");
            boolean authenticate = customScriptConfiguration.getExternalType().authenticate(customScriptConfiguration.getConfigurationAttributes(), map, i);
            this.log.trace("Executed python 'authenticate' authenticator method, result: {}", Boolean.valueOf(authenticate));
            return authenticate;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            saveScriptError(customScriptConfiguration.getCustomScript(), e);
            return false;
        }
    }

    public int getNextStep(CustomScriptConfiguration customScriptConfiguration, Map<String, String[]> map, int i) {
        try {
            this.log.trace("Executing python 'getNextStep' authenticator method");
            int nextStep = customScriptConfiguration.getExternalType().getNextStep(customScriptConfiguration.getConfigurationAttributes(), map, i);
            this.log.trace("Executed python 'getNextStep' authenticator method, result: {}", Integer.valueOf(nextStep));
            return nextStep;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            saveScriptError(customScriptConfiguration.getCustomScript(), e);
            return -1;
        }
    }

    public boolean executeExternalLogout(CustomScriptConfiguration customScriptConfiguration, Map<String, String[]> map) {
        try {
            this.log.trace("Executing python 'logout' authenticator method");
            boolean logout = customScriptConfiguration.getExternalType().logout(customScriptConfiguration.getConfigurationAttributes(), map);
            this.log.trace("Executed python 'logout' authenticator method, result: {}", Boolean.valueOf(logout));
            return logout;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            saveScriptError(customScriptConfiguration.getCustomScript(), e);
            return false;
        }
    }

    public String getLogoutExternalUrl(CustomScriptConfiguration customScriptConfiguration, Map<String, String[]> map) {
        try {
            this.log.trace("Executing python 'getLogouExternalUrl' authenticator method");
            String logoutExternalUrl = customScriptConfiguration.getExternalType().getLogoutExternalUrl(customScriptConfiguration.getConfigurationAttributes(), map);
            this.log.trace("Executed python 'getLogouExternalUrl' authenticator method, result: {}", logoutExternalUrl);
            return logoutExternalUrl;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            saveScriptError(customScriptConfiguration.getCustomScript(), e);
            return null;
        }
    }

    public boolean executeExternalPrepareForStep(CustomScriptConfiguration customScriptConfiguration, Map<String, String[]> map, int i) {
        try {
            this.log.trace("Executing python 'prepareForStep' authn");
            boolean prepareForStep = customScriptConfiguration.getExternalType().prepareForStep(customScriptConfiguration.getConfigurationAttributes(), map, i);
            this.log.trace("Executed python 'prepareForStep' authn, result: {}", Boolean.valueOf(prepareForStep));
            return prepareForStep;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            saveScriptError(customScriptConfiguration.getCustomScript(), e);
            return false;
        }
    }

    public List<String> executeExternalGetExtraParametersForStep(CustomScriptConfiguration customScriptConfiguration, int i) {
        try {
            this.log.trace("Executing python 'getExtraParametersForStep' authn");
            List<String> extraParametersForStep = customScriptConfiguration.getExternalType().getExtraParametersForStep(customScriptConfiguration.getConfigurationAttributes(), i);
            this.log.trace("Executed python 'getExtraParametersForStep' authn, result: {}", extraParametersForStep);
            return extraParametersForStep;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            saveScriptError(customScriptConfiguration.getCustomScript(), e);
            return null;
        }
    }

    public String executeExternalGetPageForStep(CustomScriptConfiguration customScriptConfiguration, int i) {
        try {
            this.log.trace("Executing python 'getPageForStep' authenticator method");
            String pageForStep = customScriptConfiguration.getExternalType().getPageForStep(customScriptConfiguration.getConfigurationAttributes(), i);
            this.log.trace("Executed python 'getPageForStep' authenticator method, result: {}", pageForStep);
            return pageForStep;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            saveScriptError(customScriptConfiguration.getCustomScript(), e);
            return null;
        }
    }

    public int executeExternalGetApiVersion(CustomScriptConfiguration customScriptConfiguration) {
        try {
            this.log.trace("Executing python 'getApiVersion' authenticator method");
            int apiVersion = customScriptConfiguration.getExternalType().getApiVersion();
            this.log.trace("Executed python 'getApiVersion' authenticator method, result: {}", Integer.valueOf(apiVersion));
            return apiVersion;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            saveScriptError(customScriptConfiguration.getCustomScript(), e);
            return -1;
        }
    }

    public boolean isEnabled(AuthenticationScriptUsageType authenticationScriptUsageType) {
        return this.customScriptConfigurationsMapByUsageType != null && this.customScriptConfigurationsMapByUsageType.get(authenticationScriptUsageType).size() > 0;
    }

    public CustomScriptConfiguration getExternalAuthenticatorByAuthLevel(AuthenticationScriptUsageType authenticationScriptUsageType, int i) {
        CustomScriptConfiguration customScriptConfiguration = null;
        for (CustomScriptConfiguration customScriptConfiguration2 : this.customScriptConfigurationsMapByUsageType.get(authenticationScriptUsageType)) {
            if (customScriptConfiguration2.getLevel() == i && customScriptConfiguration == null) {
                customScriptConfiguration = customScriptConfiguration2;
            }
        }
        return customScriptConfiguration;
    }

    public CustomScriptConfiguration determineCustomScriptConfiguration(AuthenticationScriptUsageType authenticationScriptUsageType, int i, String str) {
        if (AcrService.isAgama(str)) {
            str = AcrService.AGAMA;
        }
        return i == 1 ? StringHelper.isNotEmpty(str) ? getCustomScriptConfiguration(authenticationScriptUsageType, str) : getDefaultExternalAuthenticator(authenticationScriptUsageType) : getCustomScriptConfiguration(authenticationScriptUsageType, str);
    }

    public CustomScriptConfiguration determineCustomScriptConfiguration(AuthenticationScriptUsageType authenticationScriptUsageType, List<String> list) {
        this.log.debug("Determining script by acrs {}, usageType {}", list, authenticationScriptUsageType);
        List<String> authModesByAcrValues = getAuthModesByAcrValues(list);
        if (authModesByAcrValues.size() > 0) {
            for (String str : authModesByAcrValues) {
                for (CustomScriptConfiguration customScriptConfiguration : this.customScriptConfigurationsMapByUsageType.get(authenticationScriptUsageType)) {
                    if (StringHelper.equalsIgnoreCase(str, customScriptConfiguration.getName())) {
                        return customScriptConfiguration;
                    }
                }
            }
        }
        if (BooleanUtils.isTrue(this.appConfiguration.getUseHighestLevelScriptIfAcrScriptNotFound())) {
            return getDefaultExternalAuthenticator(authenticationScriptUsageType);
        }
        return null;
    }

    public List<String> getAuthModesByAcrValues(List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            if (StringHelper.isNotEmpty(str)) {
                String lowerCase = StringHelper.toLowerCase(scriptName(str));
                if (this.customScriptConfigurationsNameMap.containsKey(lowerCase)) {
                    CustomScriptConfiguration customScriptConfiguration = (CustomScriptConfiguration) this.customScriptConfigurationsNameMap.get(lowerCase);
                    if (customScriptConfiguration.getCustomScript().isInternal()) {
                        arrayList.add(scriptName(str));
                    } else {
                        BaseExternalType defaultImplementation = customScriptConfiguration.getCustomScript().getScriptType().getDefaultImplementation();
                        BaseExternalType externalType = customScriptConfiguration.getExternalType();
                        if (externalType != null && defaultImplementation != externalType) {
                            arrayList.add(scriptName(str));
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    public CustomScriptConfiguration determineExternalAuthenticatorForWorkflow(AuthenticationScriptUsageType authenticationScriptUsageType, CustomScriptConfiguration customScriptConfiguration) {
        String name = customScriptConfiguration.getName();
        this.log.trace("Validating acr_values: '{}'", name);
        if (executeExternalIsValidAuthenticationMethod(authenticationScriptUsageType, customScriptConfiguration)) {
            return customScriptConfiguration;
        }
        this.log.warn("Current acr_values: '{}' isn't valid", name);
        String executeExternalGetAlternativeAuthenticationMethod = executeExternalGetAlternativeAuthenticationMethod(authenticationScriptUsageType, customScriptConfiguration);
        if (StringHelper.isEmpty(executeExternalGetAlternativeAuthenticationMethod)) {
            this.log.error("Failed to determine alternative authentication mode for acr_values: '{}'", name);
            return null;
        }
        CustomScriptConfiguration customScriptConfiguration2 = getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, executeExternalGetAlternativeAuthenticationMethod);
        if (customScriptConfiguration2 != null) {
            return customScriptConfiguration2;
        }
        this.log.error("Failed to get alternative CustomScriptConfiguration '{}' for acr_values: '{}'", executeExternalGetAlternativeAuthenticationMethod, name);
        return null;
    }

    public CustomScriptConfiguration getDefaultExternalAuthenticator(AuthenticationScriptUsageType authenticationScriptUsageType) {
        if (this.defaultExternalAuthenticators != null) {
            return this.defaultExternalAuthenticators.get(authenticationScriptUsageType);
        }
        return null;
    }

    public CustomScriptConfiguration getCustomScriptConfiguration(AuthenticationScriptUsageType authenticationScriptUsageType, String str) {
        for (CustomScriptConfiguration customScriptConfiguration : this.customScriptConfigurationsMapByUsageType.get(authenticationScriptUsageType)) {
            if (StringHelper.equalsIgnoreCase(scriptName(str), customScriptConfiguration.getName())) {
                return customScriptConfiguration;
            }
        }
        return null;
    }

    public CustomScriptConfiguration getCustomScriptConfigurationByName(String str) {
        for (Map.Entry entry : this.customScriptConfigurationsNameMap.entrySet()) {
            if (StringHelper.equalsIgnoreCase(scriptName(str), (String) entry.getKey())) {
                return (CustomScriptConfiguration) entry.getValue();
            }
        }
        return null;
    }

    public List<CustomScriptConfiguration> getCustomScriptConfigurationsMap() {
        return this.customScriptConfigurationsNameMap == null ? new ArrayList(0) : new ArrayList(this.customScriptConfigurationsNameMap.values());
    }

    public List<String> getAcrValuesList() {
        return new ArrayList(this.scriptAliasMap.keySet());
    }

    private boolean isValidateUsageType(AuthenticationScriptUsageType authenticationScriptUsageType, CustomScriptConfiguration customScriptConfiguration) {
        if (customScriptConfiguration == null) {
            return false;
        }
        AuthenticationScriptUsageType usageType = customScriptConfiguration.getCustomScript().getUsageType();
        if (usageType == null) {
            usageType = AuthenticationScriptUsageType.INTERACTIVE;
        }
        if (AuthenticationScriptUsageType.BOTH.equals(usageType)) {
            return true;
        }
        if (AuthenticationScriptUsageType.INTERACTIVE.equals(authenticationScriptUsageType) && AuthenticationScriptUsageType.INTERACTIVE.equals(usageType)) {
            return true;
        }
        return AuthenticationScriptUsageType.SERVICE.equals(authenticationScriptUsageType) && AuthenticationScriptUsageType.SERVICE.equals(usageType);
    }

    public Map<Integer, Set<String>> levelToAcrMapping() {
        HashMap newHashMap = Maps.newHashMap();
        for (CustomScriptConfiguration customScriptConfiguration : getCustomScriptConfigurationsMap()) {
            int level = customScriptConfiguration.getLevel();
            String name = customScriptConfiguration.getName();
            Set set = (Set) newHashMap.get(Integer.valueOf(level));
            if (set == null) {
                set = Sets.newHashSet();
                newHashMap.put(Integer.valueOf(level), set);
            }
            set.add(name);
            if (customScriptConfiguration.getCustomScript() != null && customScriptConfiguration.getCustomScript().getAliases() != null) {
                for (String str : customScriptConfiguration.getCustomScript().getAliases()) {
                    if (StringUtils.isNotBlank(str)) {
                        set.add(str);
                    }
                }
            }
        }
        return newHashMap;
    }

    public Map<String, Integer> acrToLevelMapping() {
        HashMap newHashMap = Maps.newHashMap();
        for (CustomScriptConfiguration customScriptConfiguration : getCustomScriptConfigurationsMap()) {
            if (customScriptConfiguration.getCustomScript().isInternal()) {
                newHashMap.put(customScriptConfiguration.getName(), -1);
            } else {
                newHashMap.put(customScriptConfiguration.getName(), Integer.valueOf(customScriptConfiguration.getLevel()));
            }
        }
        return newHashMap;
    }

    private CustomScriptConfiguration getInternalCustomScriptConfiguration(GluuLdapConfiguration gluuLdapConfiguration) {
        CustomScriptConfiguration internalCustomScriptConfiguration = getInternalCustomScriptConfiguration();
        internalCustomScriptConfiguration.getCustomScript().setName(gluuLdapConfiguration.getConfigId());
        return internalCustomScriptConfiguration;
    }

    private CustomScriptConfiguration getInternalCustomScriptConfiguration() {
        AuthenticationCustomScript authenticationCustomScript = new AuthenticationCustomScript() { // from class: io.jans.as.server.service.external.ExternalAuthenticationService.1
            public AuthenticationScriptUsageType getUsageType() {
                return AuthenticationScriptUsageType.INTERACTIVE;
            }
        };
        authenticationCustomScript.setName("simple_password_auth");
        authenticationCustomScript.setLevel(-1);
        authenticationCustomScript.setInternal(true);
        return new CustomScriptConfiguration(authenticationCustomScript, this.internalDefaultPersonAuthenticationType, new HashMap(0));
    }

    public void setCustomScriptConfigurationsMapByUsageType(Map<AuthenticationScriptUsageType, List<CustomScriptConfiguration>> map) {
        this.customScriptConfigurationsMapByUsageType = map;
    }

    public void setDefaultExternalAuthenticators(Map<AuthenticationScriptUsageType, CustomScriptConfiguration> map) {
        this.defaultExternalAuthenticators = map;
    }
}
