package org.forgerock.openam.authentication.modules.scripted;

import com.google.inject.Key;
import com.google.inject.TypeLiteral;
import com.google.inject.name.Names;
import com.sun.identity.authentication.callbacks.HiddenValueCallback;
import com.sun.identity.authentication.callbacks.ScriptTextOutputCallback;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.idm.AMIdentityRepository;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.debug.Debug;
import java.security.Principal;
import java.util.Map;
import javax.script.ScriptException;
import javax.script.SimpleBindings;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.login.LoginException;
import org.forgerock.guice.core.InjectorHolder;
import org.forgerock.http.client.RestletHttpClient;
import org.forgerock.http.client.request.HttpClientRequest;
import org.forgerock.http.client.request.HttpClientRequestFactory;
import org.forgerock.openam.scripting.ScriptConstants;
import org.forgerock.openam.scripting.ScriptEvaluator;
import org.forgerock.openam.scripting.ScriptObject;
import org.forgerock.openam.scripting.SupportedScriptingLanguage;
import org.forgerock.openam.scripting.service.ScriptConfiguration;
import org.forgerock.openam.scripting.service.ScriptingService;
import org.forgerock.openam.scripting.service.ScriptingServiceFactory;

/* loaded from: input_file:org/forgerock/openam/authentication/modules/scripted/Scripted.class */
public class Scripted extends AMLoginModule {
    private static final String ATTR_NAME_PREFIX = "iplanet-am-auth-scripted-";
    private static final String CLIENT_SCRIPT_ATTR_NAME = "iplanet-am-auth-scripted-client-script";
    private static final String CLIENT_SCRIPT_ENABLED_ATTR_NAME = "iplanet-am-auth-scripted-client-script-enabled";
    private static final String SERVER_SCRIPT_ATTRIBUTE_NAME = "iplanet-am-auth-scripted-server-script";
    private static final int STATE_RUN_SCRIPT = 2;
    public static final String STATE_VARIABLE_NAME = "authState";
    private static final String SUCCESS_ATTR_NAME = "SUCCESS";
    public static final int SUCCESS_VALUE = -1;
    private static final String FAILED_ATTR_NAME = "FAILED";
    public static final int FAILURE_VALUE = -2;
    public static final String USERNAME_VARIABLE_NAME = "username";
    public static final String HTTP_CLIENT_VARIABLE_NAME = "httpClient";
    public static final String LOGGER_VARIABLE_NAME = "logger";
    public static final String IDENTITY_REPOSITORY = "idRepository";
    public static final String CLIENT_SCRIPT_OUTPUT_DATA_PARAMETER_NAME = "clientScriptOutputData";
    public static final String CLIENT_SCRIPT_OUTPUT_DATA_VARIABLE_NAME = "clientScriptOutputData";
    public static final String REQUEST_DATA_VARIABLE_NAME = "requestData";
    public static final String SHARED_STATE = "sharedState";
    private String userName;
    private boolean clientSideScriptEnabled;
    private ScriptEvaluator scriptEvaluator;
    private ScriptingService scriptingService;
    public Map moduleConfiguration;
    private static final Debug DEBUG = Debug.getInstance("amScript");
    final HttpClientRequestFactory httpClientRequestFactory = (HttpClientRequestFactory) InjectorHolder.getInstance(HttpClientRequestFactory.class);
    private RestletHttpClient httpClient;
    private ScriptIdentityRepository identityRepository;
    protected Map<String, Object> sharedState;

    public void init(Subject subject, Map map, Map map2) {
        this.sharedState = map;
        this.userName = (String) map.get(getUserKey());
        this.moduleConfiguration = map2;
        this.scriptingService = initialiseScriptingService();
        this.scriptEvaluator = getScriptEvaluator();
        this.clientSideScriptEnabled = getClientSideScriptEnabled();
        this.httpClient = getHttpClient();
        this.identityRepository = getScriptIdentityRepository();
    }

    private ScriptIdentityRepository getScriptIdentityRepository() {
        return new ScriptIdentityRepository(getAmIdentityRepository());
    }

    private AMIdentityRepository getAmIdentityRepository() {
        return getAMIdentityRepository(getRequestOrg());
    }

    private ScriptingService initialiseScriptingService() {
        return ((ScriptingServiceFactory) InjectorHolder.getInstance(Key.get(new TypeLiteral<ScriptingServiceFactory>() { // from class: org.forgerock.openam.authentication.modules.scripted.Scripted.1
        }))).create(getRequestOrg());
    }

    public int process(Callback[] callbackArr, int i) throws LoginException {
        switch (i) {
            case 1:
                substituteUIStrings();
                return STATE_RUN_SCRIPT;
            case STATE_RUN_SCRIPT /* 2 */:
                SimpleBindings simpleBindings = new SimpleBindings();
                simpleBindings.put(REQUEST_DATA_VARIABLE_NAME, getScriptHttpRequestWrapper());
                String clientScriptOutputData = getClientScriptOutputData(callbackArr);
                simpleBindings.put("clientScriptOutputData", clientScriptOutputData);
                simpleBindings.put(LOGGER_VARIABLE_NAME, DEBUG);
                simpleBindings.put(STATE_VARIABLE_NAME, Integer.valueOf(i));
                simpleBindings.put(SHARED_STATE, this.sharedState);
                simpleBindings.put(USERNAME_VARIABLE_NAME, this.userName);
                simpleBindings.put(SUCCESS_ATTR_NAME, -1);
                simpleBindings.put(FAILED_ATTR_NAME, -2);
                simpleBindings.put(HTTP_CLIENT_VARIABLE_NAME, this.httpClient);
                simpleBindings.put(IDENTITY_REPOSITORY, this.identityRepository);
                try {
                    this.scriptEvaluator.evaluateScript(getServerSideScript(), simpleBindings);
                    int intValue = ((Number) simpleBindings.get(STATE_VARIABLE_NAME)).intValue();
                    this.userName = (String) simpleBindings.get(USERNAME_VARIABLE_NAME);
                    this.sharedState.put("clientScriptOutputData", clientScriptOutputData);
                    if (intValue != -1) {
                        throw new AuthLoginException("Authentication failed");
                    }
                    return intValue;
                } catch (ScriptException e) {
                    DEBUG.message("Error running server side scripts", e);
                    throw new AuthLoginException("Error running script", e);
                }
            default:
                throw new AuthLoginException("Invalid state");
        }
    }

    private String getClientScriptOutputData(Callback[] callbackArr) {
        String value = ((HiddenValueCallback) callbackArr[0]).getValue();
        if (value == null) {
            value = getScriptHttpRequestWrapper().getParameter("clientScriptOutputData");
        }
        return value;
    }

    private ScriptObject getServerSideScript() throws AuthLoginException {
        String configValue = getConfigValue(SERVER_SCRIPT_ATTRIBUTE_NAME);
        try {
            if ("[Empty]".equals(configValue)) {
                return new ScriptObject("DefaultScript", "", SupportedScriptingLanguage.JAVASCRIPT);
            }
            ScriptConfiguration scriptConfiguration = this.scriptingService.get(configValue);
            return new ScriptObject(scriptConfiguration.getName(), scriptConfiguration.getScript(), scriptConfiguration.getLanguage());
        } catch (org.forgerock.openam.scripting.ScriptException e) {
            DEBUG.error("Error retrieving server side script", e);
            throw new AuthLoginException("Error retrieving script", e);
        }
    }

    private ScriptEvaluator getScriptEvaluator() {
        return (ScriptEvaluator) InjectorHolder.getInstance(Key.get(ScriptEvaluator.class, Names.named(ScriptConstants.ScriptContext.AUTHENTICATION_SERVER_SIDE.name())));
    }

    private RestletHttpClient getHttpClient() {
        SupportedScriptingLanguage scriptType = getScriptType();
        if (scriptType == null) {
            return null;
        }
        return (RestletHttpClient) InjectorHolder.getInstance(Key.get(RestletHttpClient.class, Names.named(scriptType.name())));
    }

    private HttpClientRequest getHttpRequest() {
        return this.httpClientRequestFactory.createRequest();
    }

    private String getClientSideScript() {
        String str = "";
        if (!this.clientSideScriptEnabled) {
            return str;
        }
        String configValue = getConfigValue(CLIENT_SCRIPT_ATTR_NAME);
        if ("[Empty]".equals(configValue)) {
            return str;
        }
        try {
            str = this.scriptingService.get(configValue).getScript();
        } catch (org.forgerock.openam.scripting.ScriptException e) {
            DEBUG.error("Error retrieving client side script", e);
        }
        return str;
    }

    private String getConfigValue(String str) {
        return CollectionHelper.getMapAttr(this.moduleConfiguration, str);
    }

    private ScriptHttpRequestWrapper getScriptHttpRequestWrapper() {
        return new ScriptHttpRequestWrapper(getHttpServletRequest());
    }

    private void substituteUIStrings() throws AuthLoginException {
        replaceCallback(STATE_RUN_SCRIPT, 1, createClientSideScriptAndSelfSubmitCallback());
    }

    private Callback createClientSideScriptAndSelfSubmitCallback() {
        return new ScriptTextOutputCallback(ScriptedClientUtilityFunctions.createClientSideScriptExecutorFunction(getClientSideScript(), "clientScriptOutputData", getClientSideScriptEnabled()));
    }

    private SupportedScriptingLanguage getScriptType() {
        try {
            return getServerSideScript().getLanguage();
        } catch (AuthLoginException e) {
            DEBUG.error("Error retrieving server side scripting language", e);
            return null;
        }
    }

    private boolean getClientSideScriptEnabled() {
        return Boolean.parseBoolean(getConfigValue(CLIENT_SCRIPT_ENABLED_ATTR_NAME));
    }

    public Principal getPrincipal() {
        if (this.userName == null) {
            DEBUG.message("Warning: username is null");
        }
        return new ScriptedPrinciple(this.userName);
    }
}
