package org.openidentityplatform.openam.authentication.modules.recaptcha;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.dpro.session.SessionID;
import com.sun.identity.authentication.callbacks.HiddenValueCallback;
import com.sun.identity.authentication.callbacks.ScriptTextOutputCallback;
import com.sun.identity.authentication.service.AuthD;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.debug.Debug;
import java.lang.reflect.Field;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.login.LoginException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.net.util.SubnetUtils;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.json.JSONObject;
import ru.org.openam.httpdump.Dump;

/* loaded from: input_file:org/openidentityplatform/openam/authentication/modules/recaptcha/ReCaptcha.class */
public class ReCaptcha extends AMLoginModule {
    private static final String amAuthReCaptcha = "amAuthReCaptcha";
    private static Debug debug = Debug.getInstance(amAuthReCaptcha);
    static Field AMIdentity_isSharedStateField;
    static PoolingHttpClientConnectionManager cm;
    static final Integer connectTimeout;
    static final Integer readTimeout;
    static final RequestConfig requestConfig;
    static CloseableHttpClient httpClient;
    public Map sharedState;
    private String secret = "";
    private String key = "";
    private String jsUrl = "";
    private String verifyUrl = "";
    private boolean invisible = true;
    boolean isIPIgnore = false;
    boolean userProcessed = false;
    String username = null;
    String in_code = null;
    Integer module_pwdCT = 0;

    public void init(Subject subject, Map map, Map map2) {
        SubnetUtils subnetUtils;
        if (getHttpServletRequest() == null) {
            return;
        }
        this.sharedState = map;
        try {
            AMIdentity_isSharedStateField.set(this, true);
        } catch (Exception e) {
            debug.error("AMIdentity_isSharedStateField", e);
        }
        this.secret = CollectionHelper.getMapAttr(map2, "org.openidentityplatform.openam.authentication.modules.recaptcha.ReCaptcha.secret", "").trim();
        this.key = CollectionHelper.getMapAttr(map2, "org.openidentityplatform.openam.authentication.modules.recaptcha.ReCaptcha.key", "").trim();
        this.jsUrl = CollectionHelper.getMapAttr(map2, "org.openidentityplatform.openam.authentication.modules.recaptcha.ReCaptcha.jsUrl", "").trim();
        this.verifyUrl = CollectionHelper.getMapAttr(map2, "org.openidentityplatform.openam.authentication.modules.recaptcha.ReCaptcha.verifyUrl", "").trim();
        this.invisible = Boolean.parseBoolean(CollectionHelper.getMapAttr(map2, "org.openidentityplatform.openam.authentication.modules.recaptcha.ReCaptcha.invisible", "true"));
        this.jsUrl = CollectionHelper.getMapAttr(map2, "org.openidentityplatform.openam.authentication.modules.recaptcha.ReCaptcha.jsUrl", "https://www.google.com/recaptcha/api.js").trim();
        this.verifyUrl = CollectionHelper.getMapAttr(map2, "org.openidentityplatform.openam.authentication.modules.recaptcha.ReCaptcha.verifyUrl", "https://www.google.com/recaptcha/api/siteverify").trim();
        if (!this.isIPIgnore && map2.get("org.openidentityplatform.openam.authentication.modules.recaptcha.ReCaptcha.ip.ignore") != null) {
            for (String str : (Set) map2.get("org.openidentityplatform.openam.authentication.modules.recaptcha.ReCaptcha.ip.ignore")) {
                try {
                    subnetUtils = new SubnetUtils(str);
                    subnetUtils.setInclusiveHostCount(true);
                } catch (Throwable th) {
                    debug.error("invalid {}: {}", new Object[]{str, th.getMessage()});
                }
                if (subnetUtils.getInfo().isInRange(getHttpServletRequest().getRemoteAddr())) {
                    this.isIPIgnore = true;
                    try {
                        setUserSessionProperty("org.openidentityplatform.openam.authentication.modules.recaptcha.ReCaptcha.ignore.range", str);
                    } catch (AuthLoginException e2) {
                    }
                    break;
                }
                continue;
            }
        }
        setForceCallbacksRead(true);
    }

    public int process(Callback[] callbackArr, int i) throws LoginException {
        if (getHttpServletRequest() == null) {
            return 0;
        }
        getHttpServletRequest().setAttribute("g-recaptcha-sitekey", this.key);
        getHttpServletRequest().setAttribute("g-recaptcha-js-url", this.jsUrl);
        getHttpServletRequest().setAttribute("g-recaptcha-invisible", Boolean.valueOf(this.invisible));
        if (callbackArr.length != 0) {
            Integer num = 0;
            Integer num2 = this.module_pwdCT;
            if (i == 1) {
                this.in_code = null;
                this.userProcessed = false;
            }
            for (Callback callback : callbackArr) {
                if ((callback instanceof NameCallback) && !this.userProcessed && !StringUtils.isBlank(((NameCallback) callback).getName())) {
                    this.username = ((NameCallback) callback).getName();
                    if (StringUtils.isNotBlank(this.username)) {
                        this.sharedState.put(getUserKey(), this.username);
                    }
                    replaceCallback(i, num.intValue(), new NameCallback(((NameCallback) callback).getPrompt(), ((NameCallback) callback).getName()));
                    this.userProcessed = true;
                } else if ((callback instanceof HiddenValueCallback) && ((HiddenValueCallback) callback).getValue() != null) {
                    this.in_code = ((HiddenValueCallback) callback).getValue();
                    num2 = Integer.valueOf(num2.intValue() + 1);
                }
                num = Integer.valueOf(num.intValue() + 1);
            }
            Integer.valueOf(num2.intValue() - 1);
            if ((System.getProperty("test.ReCaptcha") != null && StringUtils.equalsIgnoreCase(System.getProperty("test.ReCaptcha"), this.in_code)) || this.isIPIgnore || validateRecaptcha(this.in_code)) {
                return 0;
            }
        }
        if (i == 1) {
            replaceCallback(i, 1, getScriptCallback());
        }
        return i;
    }

    private TextOutputCallback getScriptCallback() {
        return new ScriptTextOutputCallback("if (window.$ && window.require) { \n\t$('#recaptcha-container').attr('data-sitekey', '" + this.key + "');\n\trequire(['" + this.jsUrl + "'], function() {});\n}");
    }

    boolean validateRecaptcha(String str) throws AuthLoginException {
        try {
            HttpPost httpPost = new HttpPost(this.verifyUrl);
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("secret", this.secret));
            arrayList.add(new BasicNameValuePair("response", str));
            arrayList.add(new BasicNameValuePair("remoteip", getHttpServletRequest().getRemoteAddr()));
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
            CloseableHttpResponse execute = httpClient.execute(httpPost);
            Throwable th = null;
            try {
                String entityUtils = EntityUtils.toString(execute.getEntity(), "UTF-8");
                if (execute != null) {
                    if (0 != 0) {
                        try {
                            execute.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        execute.close();
                    }
                }
                JSONObject jSONObject = new JSONObject(entityUtils);
                boolean z = jSONObject.getBoolean("success");
                if (z) {
                    AuthD.getSession(new SessionID(getSessionId())).setObject(ReCaptcha.class.getName().concat(".passed"), true);
                    setUserSessionProperty(ReCaptcha.class.getName().concat(".passed"), "1");
                } else {
                    setUserSessionProperty(ReCaptcha.class.getName().concat(".error"), jSONObject.toString());
                    debug.error("failed validation {}: {} request=({})", new Object[]{this.sharedState.get(getUserKey()), jSONObject.toString(), Dump.toString(getHttpServletRequest())});
                }
                return z;
            } finally {
            }
        } catch (Exception e) {
            AuthD.getSession(new SessionID(getSessionId())).setObject(ReCaptcha.class.getName().concat(".ignored.connection-error"), true);
            setUserSessionProperty(ReCaptcha.class.getName().concat(".ignored.connection-error"), e.getMessage() == null ? e.toString() : e.getMessage());
            Debug debug2 = debug;
            Object[] objArr = new Object[3];
            objArr[0] = this.sharedState.get(getUserKey());
            objArr[1] = e.getMessage() == null ? e.toString() : e.getMessage();
            objArr[2] = Dump.toString(getHttpServletRequest());
            debug2.error("ignore validation {}: {} request=({})", objArr);
            return true;
        }
    }

    public Principal getPrincipal() {
        return null;
    }

    static {
        try {
            AMIdentity_isSharedStateField = AMLoginModule.class.getDeclaredField("isSharedState");
            AMIdentity_isSharedStateField.setAccessible(true);
        } catch (Exception e) {
            debug.error("AMIdentity_isSharedStateField", e);
        }
        cm = new PoolingHttpClientConnectionManager();
        cm.setDefaultMaxPerRoute(500);
        cm.setMaxTotal(500);
        connectTimeout = Integer.valueOf(Integer.parseInt(SystemProperties.get(ReCaptcha.class.getName() + ".connect.timeout", "1500")));
        readTimeout = Integer.valueOf(Integer.parseInt(SystemProperties.get(ReCaptcha.class.getName() + ".read.timeout", "2500")));
        requestConfig = RequestConfig.custom().setSocketTimeout(connectTimeout.intValue()).setConnectTimeout(connectTimeout.intValue()).setConnectionRequestTimeout(readTimeout.intValue()).build();
        httpClient = HttpClients.custom().setConnectionManager(cm).setDefaultRequestConfig(requestConfig).build();
    }
}
