package com.sun.identity.authentication.modules.hotp;

import com.iplanet.dpro.session.service.InternalSession;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthErrorCodeException;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.InvalidPasswordException;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.debug.Debug;
import java.security.Principal;
import java.util.Collections;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.ConfirmationCallback;
import javax.security.auth.callback.PasswordCallback;

/* loaded from: input_file:com/sun/identity/authentication/modules/hotp/HOTP.class */
public class HOTP extends AMLoginModule {
    protected static final String amAuthHOTP = "amAuthHOTP";
    protected static final Debug debug = Debug.getInstance(amAuthHOTP);
    private static final String FROM_ADDRESS = "sunAMAuthHOTPSMTPFromAddress";
    private int currentState;
    private Map sharedState;
    public Map currentConfig;
    protected Principal userPrincipal;
    private static final String AUTHLEVEL = "sunAMAuthHOTPAuthLevel";
    private static final String GATEWAYSMSImplCLASS = "sunAMAuthHOTPSMSGatewayImplClassName";
    private static final String CODEVALIDITYDURATION = "sunAMAuthHOTPPasswordValidityDuration";
    private static final String CODELENGTH = "sunAMAuthHOTPPasswordLength";
    private static final String CODEDELIVERY = "sunAMAuthHOTPasswordDelivery";
    private static final String ATTRIBUTEPHONE = "openamTelephoneAttribute";
    private static final String ATTRIBUTECARRIER = "openamSMSCarrierAttribute";
    private static final String ATTRIBUTEEMAIL = "openamEmailAttribute";
    private static final String AUTO_CLICKING = "sunAMAuthHOTPAutoClicking";
    private static final String SKIP_HOTP = "skipHOTP";
    private HOTPService hotpService;
    ResourceBundle bundle = null;
    private String userName = null;
    private String userUUID = null;
    private String enteredHOTPCode = null;
    private String gatewaySMSImplClass = null;
    private String codeValidityDuration = null;
    private String codeLength = null;
    private String codeDelivery = null;
    private String telephoneAttribute = null;
    private String carrierAttribute = null;
    private String emailAttribute = null;
    private boolean skip = false;
    private boolean hotpAutoClicking = false;
    private int START_STATE = 2;
    private Set<String> userSearchAttributes = Collections.emptySet();

    public void init(Subject subject, Map map, Map map2) {
        this.currentConfig = map2;
        String mapAttr = CollectionHelper.getMapAttr(map2, AUTHLEVEL);
        if (mapAttr != null) {
            try {
                setAuthLevel(Integer.parseInt(mapAttr));
            } catch (Exception e) {
                debug.error("HOTP.init() : Unable to set auth level " + mapAttr, e);
            }
        }
        this.gatewaySMSImplClass = CollectionHelper.getMapAttr(map2, GATEWAYSMSImplCLASS);
        this.codeValidityDuration = CollectionHelper.getMapAttr(map2, CODEVALIDITYDURATION);
        this.codeLength = CollectionHelper.getMapAttr(map2, CODELENGTH);
        this.codeDelivery = CollectionHelper.getMapAttr(map2, CODEDELIVERY);
        this.telephoneAttribute = CollectionHelper.getMapAttr(map2, ATTRIBUTEPHONE);
        this.carrierAttribute = CollectionHelper.getMapAttr(map2, ATTRIBUTECARRIER);
        this.emailAttribute = CollectionHelper.getMapAttr(map2, ATTRIBUTEEMAIL);
        try {
            this.userSearchAttributes = getUserAliasList();
        } catch (AuthLoginException e2) {
            debug.warning("HOTP.init: unable to retrieve search attributes", e2);
        }
        if (debug.messageEnabled()) {
            debug.message("HOTP.init() : telephone attribute=" + this.telephoneAttribute + " carrier attribute=" + this.carrierAttribute + " email attribute=" + this.emailAttribute + " user search attributes=" + this.userSearchAttributes);
        }
        Locale loginLocale = getLoginLocale();
        this.bundle = amCache.getResBundle(amAuthHOTP, loginLocale);
        if (debug.messageEnabled()) {
            debug.message("HOTP.init() : HOTP resouce bundle locale=" + loginLocale);
        }
        this.userName = (String) map.get(getUserKey());
        if (this.userName == null || this.userName.isEmpty()) {
            try {
                SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
                InternalSession oldSession = getLoginState("HOTP").getOldSession();
                if (oldSession == null) {
                    throw new AuthLoginException("amAuth", "noInternalSession", (Object[]) null);
                }
                SSOToken createSSOToken = sSOTokenManager.createSSOToken(oldSession.getID().toString());
                this.userUUID = createSSOToken.getPrincipal().getName();
                this.userName = createSSOToken.getProperty("UserToken");
                if (debug.messageEnabled()) {
                    debug.message("HOTP.init() : UserName in SSOToken : " + this.userName);
                }
            } catch (AuthLoginException e3) {
                debug.error("HOTP.init() : Unable to retrieve userName from existing session", e3);
            } catch (SSOException e4) {
                debug.error("HOTP.init() : Unable to retrieve userName from existing session", e4);
            }
        }
        this.sharedState = map;
        if (map.containsKey(SKIP_HOTP)) {
            this.skip = ((Boolean) map.get(SKIP_HOTP)).booleanValue();
        }
        this.hotpAutoClicking = CollectionHelper.getMapAttr(map2, AUTO_CLICKING).equals("true");
        this.hotpService = new HOTPService(getAMIdentityRepository(getRequestOrg()), this.userName, new HOTPParams(this.gatewaySMSImplClass, Long.parseLong(this.codeValidityDuration), this.telephoneAttribute, this.carrierAttribute, this.emailAttribute, this.codeDelivery, this.currentConfig, Integer.parseInt(this.codeLength), this.bundle.getString("messageSubject"), this.bundle.getString("messageContent"), FROM_ADDRESS, this.userSearchAttributes));
    }

    public int process(Callback[] callbackArr, int i) throws AuthLoginException {
        if (this.skip) {
            debug.message("Skipping HOTP module");
            return -1;
        }
        if (this.userName == null || this.userName.length() == 0) {
            throw new AuthLoginException("amAuth", "noUserName", (Object[]) null);
        }
        if (i == 1) {
            if (this.hotpAutoClicking) {
                debug.message("Auto sending OTP code");
                try {
                    this.hotpService.sendHOTP();
                    substituteHeader(this.START_STATE, this.bundle.getString("send.success"));
                } catch (AuthLoginException e) {
                    throw new AuthErrorCodeException("102", amAuthHOTP, "send.failure");
                }
            }
            return this.START_STATE;
        }
        this.currentState = i;
        try {
            if (this.currentState != this.START_STATE) {
                setFailureID(this.userName);
                throw new AuthLoginException(amAuthHOTP, "authFailed", (Object[]) null);
            }
            if (callbackArr == null || callbackArr.length != 2) {
                setFailureID(this.userName);
                throw new AuthLoginException(amAuthHOTP, "authFailed", (Object[]) null);
            }
            int selectedIndex = ((ConfirmationCallback) callbackArr[1]).getSelectedIndex();
            if (debug.messageEnabled()) {
                debug.message("HOTP.process() : LOGIN page button index: " + selectedIndex);
            }
            if (selectedIndex != 0) {
                try {
                    this.hotpService.sendHOTP();
                    substituteHeader(this.START_STATE, this.bundle.getString("send.success"));
                    return this.START_STATE;
                } catch (AuthLoginException e2) {
                    throw new AuthErrorCodeException("102", amAuthHOTP, "send.failure");
                }
            }
            this.enteredHOTPCode = String.valueOf(((PasswordCallback) callbackArr[0]).getPassword());
            if (this.enteredHOTPCode == null || this.enteredHOTPCode.length() == 0) {
                if (debug.messageEnabled()) {
                    debug.message("HOTP.process() : invalid HOTP code");
                }
                setFailureID(this.userName);
                throw new InvalidPasswordException("amAuth", "invalidPasswd", (Object[]) null);
            }
            if (this.hotpService.isValidHOTP(this.enteredHOTPCode)) {
                return -1;
            }
            setFailureID(this.userName);
            throw new InvalidPasswordException("amAuth", "invalidPasswd", (Object[]) null);
        } catch (NumberFormatException e3) {
            debug.error("HOTP.process() : NumberFormatException Exception", e3);
            if (this.userName != null && this.userName.length() != 0) {
                setFailureID(this.userName);
            }
            throw new AuthLoginException(amAuthHOTP, "authFailed", (Object[]) null, e3);
        }
    }

    public Principal getPrincipal() {
        if (this.userUUID != null) {
            this.userPrincipal = new HOTPPrincipal(this.userUUID);
            return this.userPrincipal;
        }
        if (this.userName == null) {
            return null;
        }
        this.userPrincipal = new HOTPPrincipal(this.userName);
        return this.userPrincipal;
    }

    public void destroyModuleState() {
        nullifyUsedVars();
    }

    public void nullifyUsedVars() {
        this.bundle = null;
        this.userName = null;
        this.sharedState = null;
        this.currentConfig = null;
        this.enteredHOTPCode = null;
        this.userSearchAttributes = Collections.emptySet();
    }
}
