package org.forgerock.oauth2.core;

import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.shared.debug.Debug;
import java.util.ArrayList;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.servlet.http.HttpServletRequest;
import org.forgerock.oauth2.core.exceptions.ClientAuthenticationFailureFactory;
import org.forgerock.oauth2.core.exceptions.InvalidClientException;
import org.forgerock.oauth2.core.exceptions.InvalidRequestException;
import org.forgerock.oauth2.core.exceptions.NotFoundException;
import org.forgerock.openam.oauth2.ClientCredentials;
import org.forgerock.openam.oauth2.ClientCredentialsReader;
import org.forgerock.openam.oauth2.OAuth2AuditLogger;
import org.forgerock.openam.utils.RealmNormaliser;
import org.forgerock.util.Reject;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.ext.servlet.ServletUtils;

@Singleton
/* loaded from: input_file:org/forgerock/oauth2/core/ClientAuthenticator.class */
public class ClientAuthenticator {
    private final Debug logger = Debug.getInstance("OAuth2Provider");
    private final ClientRegistrationStore clientRegistrationStore;
    private final OAuth2AuditLogger auditLogger;
    private final RealmNormaliser realmNormaliser;
    private final ClientCredentialsReader clientCredentialsReader;
    private final ClientAuthenticationFailureFactory failureFactory;

    @Inject
    public ClientAuthenticator(ClientRegistrationStore clientRegistrationStore, OAuth2AuditLogger oAuth2AuditLogger, RealmNormaliser realmNormaliser, ClientCredentialsReader clientCredentialsReader, ClientAuthenticationFailureFactory clientAuthenticationFailureFactory) {
        this.clientRegistrationStore = clientRegistrationStore;
        this.auditLogger = oAuth2AuditLogger;
        this.realmNormaliser = realmNormaliser;
        this.clientCredentialsReader = clientCredentialsReader;
        this.failureFactory = clientAuthenticationFailureFactory;
    }

    public ClientRegistration authenticate(OAuth2Request oAuth2Request, String str) throws InvalidClientException, InvalidRequestException, NotFoundException {
        ClientCredentials extractCredentials = this.clientCredentialsReader.extractCredentials(oAuth2Request, str);
        Reject.ifTrue(Utils.isEmpty(extractCredentials.getClientId()), "Missing parameter, 'client_id'");
        try {
            try {
                String normalise = this.realmNormaliser.normalise((String) oAuth2Request.getParameter("realm"));
                ClientRegistration clientRegistration = this.clientRegistrationStore.get(extractCredentials.getClientId(), oAuth2Request);
                if (!clientRegistration.isConfidential()) {
                    if (this.auditLogger.isAuditLogEnabled()) {
                        if (0 != 0) {
                            this.auditLogger.logAccessMessage("AUTHENTICATED_CLIENT", new String[]{extractCredentials.getClientId()}, null);
                        } else {
                            this.auditLogger.logErrorMessage("FAILED_AUTHENTICATE_CLIENT", new String[]{extractCredentials.getClientId()}, null);
                        }
                    }
                    return clientRegistration;
                }
                if (!extractCredentials.isAuthenticated() && !authenticate(oAuth2Request, extractCredentials.getClientId(), extractCredentials.getClientSecret(), normalise)) {
                    this.logger.error("ClientVerifierImpl::Unable to verify password for: " + extractCredentials.getClientId());
                    throw this.failureFactory.getException(oAuth2Request, "Client authentication failed");
                }
                if (this.auditLogger.isAuditLogEnabled()) {
                    if (1 != 0) {
                        this.auditLogger.logAccessMessage("AUTHENTICATED_CLIENT", new String[]{extractCredentials.getClientId()}, null);
                    } else {
                        this.auditLogger.logErrorMessage("FAILED_AUTHENTICATE_CLIENT", new String[]{extractCredentials.getClientId()}, null);
                    }
                }
                return clientRegistration;
            } catch (org.forgerock.json.resource.NotFoundException e) {
                throw new NotFoundException(e.getMessage());
            }
        } catch (Throwable th) {
            if (this.auditLogger.isAuditLogEnabled()) {
                if (0 != 0) {
                    this.auditLogger.logAccessMessage("AUTHENTICATED_CLIENT", new String[]{extractCredentials.getClientId()}, null);
                } else {
                    this.auditLogger.logErrorMessage("FAILED_AUTHENTICATE_CLIENT", new String[]{extractCredentials.getClientId()}, null);
                }
            }
            throw th;
        }
    }

    private boolean authenticate(OAuth2Request oAuth2Request, String str, char[] cArr, String str2) throws InvalidClientException {
        try {
            AuthContext authContext = new AuthContext(str2);
            HttpServletRequest request = ServletUtils.getRequest(Request.getCurrent());
            request.setAttribute("org.forgerock.openam.auth.noSession", "true");
            authContext.login(AuthContext.IndexType.MODULE_INSTANCE, "Application", (String[]) null, request, ServletUtils.getResponse(Response.getCurrent()));
            while (authContext.hasMoreRequirements()) {
                NameCallback[] requirements = authContext.getRequirements();
                ArrayList arrayList = new ArrayList();
                for (NameCallback nameCallback : requirements) {
                    if (nameCallback instanceof NameCallback) {
                        nameCallback.setName(str);
                    } else if (nameCallback instanceof PasswordCallback) {
                        ((PasswordCallback) nameCallback).setPassword(cArr);
                    } else {
                        arrayList.add(nameCallback);
                    }
                }
                if (arrayList.size() > 0) {
                    throw this.failureFactory.getException(oAuth2Request, "Missing requirements");
                }
                authContext.submitRequirements(requirements);
            }
            if (authContext.getStatus() != AuthContext.Status.SUCCESS) {
                throw this.failureFactory.getException(oAuth2Request, "Client authentication failed");
            }
            oAuth2Request.getRequest().getAttributes().put("AMCtxId", authContext.getAuthContextLocal().getLoginState().getActivatedSessionTrackingId());
            return true;
        } catch (AuthLoginException e) {
            this.logger.error("ClientVerifierImpl::authContext AuthException", e);
            throw this.failureFactory.getException(oAuth2Request, "Client authentication failed");
        }
    }
}
