package org.openidentityplatform.openam.authentication.modules;

import com.google.zxing.BarcodeFormat;
import com.google.zxing.MultiFormatWriter;
import com.google.zxing.client.j2se.MatrixToImageWriter;
import com.iplanet.dpro.session.Session;
import com.iplanet.dpro.session.SessionException;
import com.iplanet.dpro.session.SessionID;
import com.iplanet.dpro.session.service.AuthenticationSessionStore;
import com.iplanet.dpro.session.service.InternalSession;
import com.iplanet.dpro.session.service.SessionService;
import com.iplanet.dpro.session.service.SessionType;
import com.iplanet.services.util.Crypt;
import com.sun.identity.authentication.service.LoginState;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.PagePropertiesCallback;
import com.sun.identity.authentication.spi.UserNamePasswordValidationException;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.debug.Debug;
import java.io.ByteArrayOutputStream;
import java.security.Principal;
import java.util.Base64;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.login.LoginException;
import org.forgerock.guice.core.InjectorHolder;
import org.forgerock.openam.session.service.access.SessionQueryManager;

/* loaded from: input_file:org/openidentityplatform/openam/authentication/modules/QR.class */
public class QR extends AMLoginModule {
    private static Debug debug = Debug.getInstance("amAuthQR");
    public Map options;
    public Map sharedState;
    Principal principal = null;
    Callback[] qr = null;

    public void init(Subject subject, Map map, Map map2) {
        this.options = map2;
        this.sharedState = map;
    }

    public int process(Callback[] callbackArr, int i) throws LoginException {
        String property;
        LoginState loginState = getLoginState(QR.class.getName());
        try {
            Callback[] submittedInfo = loginState.getSubmittedInfo();
            loginState.setReceivedCallback_NoThread((Callback[]) null);
            if (loginState.getOldSession() == null) {
                Map allSessionsByUUID = ((SessionQueryManager) InjectorHolder.getInstance(SessionQueryManager.class)).getAllSessionsByUUID("qr-" + getSessionId());
                if (allSessionsByUUID.size() == 1 && (property = Session.getSession(new SessionID((String) allSessionsByUUID.keySet().iterator().next())).getProperty("am.protected.qr.uid")) != null) {
                    try {
                        setAuthLevel(Integer.parseInt(CollectionHelper.getMapAttr(this.options, "org.openidentityplatform.openam.authentication.modules.QR.authlevel", "0")));
                    } catch (Exception e) {
                        setAuthLevel(0);
                    }
                    this.principal = new QRPrincipal(property);
                    return -1;
                }
                getCallbackHandler().handle(getQR());
            } else {
                if (submittedInfo != null && submittedInfo.length != 0) {
                    try {
                        Session session = Session.getSession(new SessionID(Crypt.decode(new String(((PasswordCallback) submittedInfo[0]).getPassword()))));
                        if (session != null) {
                            session.setProperty("am.protected.qr.uid", loginState.getOldSession().getProperty("am.protected.oauth2.uid") != null ? loginState.getOldSession().getProperty("am.protected.oauth2.uid") : loginState.getOldSession().getProperty("sun.am.UniversalIdentifier"));
                            loginState.setReceivedCallback_NoThread((Callback[]) null);
                            getCallbackHandler().handle(sendOK());
                        }
                    } catch (SessionException e2) {
                    }
                    throw new UserNamePasswordValidationException("Invalid token");
                }
                getCallbackHandler().handle(requestQR());
            }
            return 0;
        } catch (Exception e3) {
            Debug debug2 = debug;
            Object[] objArr = new Object[2];
            objArr[0] = e3 instanceof AuthLoginException ? e3.getMessage() : "error";
            objArr[1] = e3 instanceof AuthLoginException ? e3.toString() : e3;
            debug2.warning("{}: {}", objArr);
            if (e3 instanceof AuthLoginException) {
                throw e3;
            }
            throw new UserNamePasswordValidationException(e3);
        }
    }

    protected Callback[] sendOK() {
        return new Callback[]{new PagePropertiesCallback("QR", "QR code correct", (String) null, 60, "Login.jsp", false, (String) null), new TextOutputCallback(0, "OK")};
    }

    protected Callback[] requestQR() {
        return new Callback[]{new PagePropertiesCallback("QR", "Please enter secret from QR code", (String) null, 60, "Login.jsp", false, (String) null), new PasswordCallback("Secret from QR", false)};
    }

    public Principal getPrincipal() {
        return this.principal;
    }

    protected Callback[] getQR() {
        if (this.qr != null) {
            return this.qr;
        }
        try {
            String encode = Crypt.encode(makeSecret());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            MatrixToImageWriter.writeToStream(new MultiFormatWriter().encode(encode, BarcodeFormat.QR_CODE, 300, 300), "PNG", byteArrayOutputStream);
            this.qr = new Callback[]{new PagePropertiesCallback("QR", "Please scan QR code", (String) null, 60, "Login.jsp", false, (String) null), new TextOutputCallback(0, "data:image/png;base64,".concat(Base64.getEncoder().encodeToString(byteArrayOutputStream.toByteArray()))), new TextOutputCallback(0, encode)};
            return this.qr;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    String makeSecret() throws AuthLoginException {
        LoginState loginState = getLoginState(QR.class.getName());
        String str = "qr-" + getSessionId();
        InternalSession newInternalSession = ((SessionService) InjectorHolder.getInstance(SessionService.class)).newInternalSession(loginState.getOrgDN(), false);
        newInternalSession.setClientID(str);
        newInternalSession.setClientDomain(loginState.getOrgDN());
        newInternalSession.putProperty("sun.am.UniversalIdentifier", str);
        newInternalSession.setMaxCachingTime(1L);
        newInternalSession.setMaxIdleTime(2L);
        newInternalSession.setMaxSessionTime(maxSecretTime());
        newInternalSession.setType(SessionType.USER);
        newInternalSession.activate(str);
        ((AuthenticationSessionStore) InjectorHolder.getInstance(AuthenticationSessionStore.class)).promoteSession(newInternalSession.getID());
        return newInternalSession.getSessionID().toString();
    }

    protected long maxSecretTime() {
        try {
            return Long.parseLong(CollectionHelper.getMapAttr(this.options, "org.openidentityplatform.openam.authentication.modules.QR.maxSecretTime", "20"));
        } catch (Exception e) {
            return 20L;
        }
    }
}
