package org.forgerock.openam.authentication.modules.persistentcookie;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.spi.AuthenticationException;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdUtils;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.security.DecodeAction;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.sm.SMSException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.MessageInfo;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.forgerock.openam.authentication.modules.common.JaspiAuthLoginModulePostAuthenticationPlugin;
import org.forgerock.openam.utils.ClientUtils;
import org.forgerock.util.annotations.VisibleForTesting;

/* loaded from: input_file:org/forgerock/openam/authentication/modules/persistentcookie/PersistentCookieAuthModulePostAuthenticationPlugin.class */
public class PersistentCookieAuthModulePostAuthenticationPlugin extends JaspiAuthLoginModulePostAuthenticationPlugin {
    private final PersistentCookieModuleWrapper persistentCookieModuleWrapper;

    public PersistentCookieAuthModulePostAuthenticationPlugin() {
        this(new PersistentCookieModuleWrapper());
    }

    @VisibleForTesting
    protected PersistentCookieAuthModulePostAuthenticationPlugin(PersistentCookieModuleWrapper persistentCookieModuleWrapper) {
        super(PersistentCookieModuleWrapper.AUTH_RESOURCE_BUNDLE_NAME, persistentCookieModuleWrapper);
        this.persistentCookieModuleWrapper = persistentCookieModuleWrapper;
    }

    protected Map<String, Object> generateConfig(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SSOToken sSOToken) throws AuthenticationException {
        if (httpServletRequest == null || sSOToken == null) {
            return Collections.EMPTY_MAP;
        }
        try {
            String property = sSOToken.getProperty("tokenIdleTimeMinutes", true);
            String property2 = sSOToken.getProperty("maxTokenLifeMinutes", true);
            boolean parseBoolean = Boolean.parseBoolean(sSOToken.getProperty(PersistentCookieModuleWrapper.ENFORCE_CLIENT_IP_SETTING_KEY, true));
            String property3 = sSOToken.getProperty(PersistentCookieModuleWrapper.SSO_TOKEN_ORGANIZATION_PROPERTY_KEY, true);
            boolean parseBoolean2 = Boolean.parseBoolean(sSOToken.getProperty(PersistentCookieModuleWrapper.SECURE_COOKIE_KEY, true));
            boolean parseBoolean3 = Boolean.parseBoolean(sSOToken.getProperty(PersistentCookieModuleWrapper.HTTP_ONLY_COOKIE_KEY, true));
            String property4 = sSOToken.getProperty(PersistentCookieModuleWrapper.COOKIE_NAME_KEY, true);
            String property5 = sSOToken.getProperty(PersistentCookieModuleWrapper.COOKIE_DOMAINS_KEY, true);
            Collection singleton = StringUtils.isBlank(property5) ? Collections.singleton(null) : Arrays.asList(property5.split(","));
            String str = (String) AccessController.doPrivileged((PrivilegedAction) new DecodeAction(sSOToken.getProperty(PersistentCookieModuleWrapper.HMAC_KEY, true)));
            sSOToken.setProperty(PersistentCookieModuleWrapper.HMAC_KEY, "");
            return this.persistentCookieModuleWrapper.generateConfig(property, property2, parseBoolean, property3, parseBoolean2, parseBoolean3, property4, singleton, str);
        } catch (SSOException | SMSException e) {
            this.DEBUG.error("Could not initialise the Auth Module", e);
            throw new AuthenticationException(e.getLocalizedMessage());
        }
    }

    public void onLoginSuccess(MessageInfo messageInfo, Map map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SSOToken sSOToken) throws AuthenticationException {
        if (httpServletRequest == null || sSOToken == null) {
            return;
        }
        try {
            String property = sSOToken.getProperty("openam.field.ui", true);
            if (!StringUtils.isNotBlank(property) || StringUtils.isNotBlank(sSOToken.getProperty("remember.check", true)) || (StringUtils.equalsIgnoreCase("POST", httpServletRequest.getMethod()) && httpServletRequest.getParameter(property) != null)) {
                Map<String, Object> contextMap = this.persistentCookieModuleWrapper.getContextMap(messageInfo);
                String property2 = sSOToken.getProperty("Principal", true);
                String property3 = sSOToken.getProperty(PersistentCookieModuleWrapper.SSO_TOKEN_ORGANIZATION_PROPERTY_KEY, true);
                contextMap.put(PersistentCookieModuleWrapper.OPENAM_USER_CLAIM_KEY, property2);
                contextMap.put(PersistentCookieModuleWrapper.OPENAM_AUTH_TYPE_CLAIM_KEY, sSOToken.getProperty("AuthType", true));
                contextMap.put(PersistentCookieModuleWrapper.OPENAM_SESSION_ID_CLAIM_KEY, sSOToken.getTokenID().toString());
                contextMap.put(PersistentCookieModuleWrapper.OPENAM_REALM_CLAIM_KEY, property3);
                contextMap.put(PersistentCookieModuleWrapper.OPENAM_CLIENT_IP_CLAIM_KEY, ClientUtils.getClientIPAddress(httpServletRequest));
                String property4 = sSOToken.getProperty("jwtValidated", true);
                if (property4 != null) {
                    messageInfo.getMap().put("jwtValidated", Boolean.valueOf(Boolean.parseBoolean(property4)));
                }
                String property5 = sSOToken.getProperty("openam.field.repo", true);
                if (StringUtils.isNotBlank(property5)) {
                    try {
                        Integer num = 1;
                        try {
                            num = Integer.valueOf(Integer.parseInt(sSOToken.getProperty("openam.field.repo.max", true)));
                        } catch (NumberFormatException e) {
                        }
                        AMIdentity identity = IdUtils.getIdentity((SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()), property2, property3);
                        HashMap hashMap = new HashMap(1);
                        Set attribute = identity.getAttribute(property5);
                        while (attribute.size() >= num.intValue()) {
                            attribute.remove(attribute.iterator().next());
                        }
                        attribute.add(sSOToken.getTokenID().toString());
                        hashMap.put(property5, attribute);
                        identity.setAttributes(hashMap);
                        identity.store();
                    } catch (IdRepoException e2) {
                        this.DEBUG.error("Could not save token", e2);
                    }
                }
            } else {
                messageInfo.getMap().put("skipSession", true);
            }
        } catch (SSOException e3) {
            this.DEBUG.error("Could not secure response", e3);
            throw new AuthenticationException(e3.getLocalizedMessage());
        }
    }

    public void onLoginFailure(Map map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    }

    public void onLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SSOToken sSOToken) {
        if (httpServletRequest == null) {
            return;
        }
        try {
            Map<String, Object> generateConfig = generateConfig(httpServletRequest, httpServletResponse, sSOToken);
            generateConfig.put("hmacKey", Base64.encode(new byte[32]));
            this.persistentCookieModuleWrapper.initialize(null, generateConfig);
            this.persistentCookieModuleWrapper.deleteSessionJwtCookie(this.persistentCookieModuleWrapper.prepareMessageInfo(null, httpServletResponse));
        } catch (AuthenticationException | AuthException e) {
            this.DEBUG.error("Failed to initialise the underlying JASPI Server Auth Module.", e);
        }
    }
}
