package com.worklight.core.auth.ext;

import com.ibm.json.java.JSONObject;
import com.worklight.common.constants.Constants;
import com.worklight.core.auth.api.AuthenticationService;
import com.worklight.core.auth.impl.AuthenticationContext;
import com.worklight.core.auth.impl.DeviceAuthenticationScheme;
import com.worklight.core.auth.impl.DeviceProvisioningAuthenticationScheme;
import com.worklight.core.util.RssBrokerUtils;
import com.worklight.gadgets.utils.SecurityFilterUtils;
import com.worklight.server.auth.api.AuthenticationResult;
import com.worklight.server.auth.api.MissingConfigurationOptionException;
import com.worklight.server.auth.api.UserIdentity;
import com.worklight.server.auth.api.WorkLightAuthenticator;
import com.worklight.server.util.JSONUtils;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:lib/worklight-extension-api.jar:com/worklight/core/auth/ext/DeviceAuthenticator.class */
public class DeviceAuthenticator implements WorkLightAuthenticator {
    static final String AUTHENTICATION_DATA = "Authentication";
    static final String PROVISIONING_REALM = "provisioningRealm";
    private Status status = Status.NOT_STARTED;
    private final Map<String, Object> authenticationData = new HashMap();
    private String lastToken = null;
    public static final String TOKEN_PARAM_NAME = "token";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/worklight-extension-api.jar:com/worklight/core/auth/ext/DeviceAuthenticator$Status.class */
    public enum Status {
        NOT_STARTED,
        AWAITING_AUTHORIZATION_HEADER,
        SUCCESS
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public void init(Map<String, String> map) throws MissingConfigurationOptionException {
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public AuthenticationResult processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException {
        switch (this.status) {
            case NOT_STARTED:
                return createNewChallenge(httpServletRequest, httpServletResponse);
            case AWAITING_AUTHORIZATION_HEADER:
                if (!z) {
                    return AuthenticationResult.REQUEST_NOT_RECOGNIZED;
                }
                String header = httpServletRequest.getHeader("Authorization");
                if (StringUtils.isEmpty(header)) {
                    return createNewChallenge(httpServletRequest, httpServletResponse);
                }
                String provisioningRealmName = AuthenticationContext.getCurrentResource().getProvisioningRealmName();
                AuthenticationResult checkToken = provisioningRealmName == null ? checkToken(header) : checkTokenInJWS(header);
                if (checkToken == AuthenticationResult.SUCCESS) {
                    this.authenticationData.put(AUTHENTICATION_DATA, header);
                    this.authenticationData.put(PROVISIONING_REALM, provisioningRealmName);
                }
                return checkToken;
            default:
                throw new IllegalStateException();
        }
    }

    private AuthenticationResult checkTokenInJWS(String str) throws IOException {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ".");
        stringTokenizer.nextToken();
        return checkToken(new String(Base64.decodeBase64(stringTokenizer.nextToken()), Constants.UTF8_CHARSET));
    }

    private AuthenticationResult checkToken(String str) throws IOException {
        if (!this.lastToken.equals((String) JSONObject.parse(str).get(TOKEN_PARAM_NAME))) {
            return AuthenticationResult.FAILURE;
        }
        this.status = Status.SUCCESS;
        return AuthenticationResult.SUCCESS;
    }

    private AuthenticationResult createNewChallenge(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String randomToken = SecurityFilterUtils.getRandomToken();
        httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        httpServletResponse.addHeader("WWW-Authenticate", "WL-Composite-Authentication");
        JSONObject jSONObject = new JSONObject();
        new DeviceAuthenticationScheme(randomToken).addChallengeToJSON(jSONObject);
        String provisioningRealmName = AuthenticationContext.getCurrentResource().getProvisioningRealmName();
        if (provisioningRealmName != null) {
            new DeviceProvisioningAuthenticationScheme(true, (String) ((AuthenticationService) RssBrokerUtils.getBeanFactory().getBean("worklightAuthenticationService")).getLoginConfigurationService().getLoginModuleParametersFor(provisioningRealmName).get("entity"), provisioningRealmName).addChallengeToJSON(jSONObject);
        }
        JSONUtils.sendJSONObject(httpServletResponse, jSONObject);
        this.lastToken = randomToken;
        this.status = Status.AWAITING_AUTHORIZATION_HEADER;
        return AuthenticationResult.CLIENT_INTERACTION_REQUIRED;
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public AuthenticationResult processRequestAlreadyAuthenticated(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        return AuthenticationResult.REQUEST_NOT_RECOGNIZED;
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public Map<String, Object> getAuthenticationData() {
        return this.authenticationData;
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public AuthenticationResult processAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException, ServletException {
        return AuthenticationResult.FAILURE;
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public HttpServletRequest getRequestToProceed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UserIdentity userIdentity) throws IOException {
        return httpServletRequest;
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    /* renamed from: clone, reason: merged with bridge method [inline-methods] */
    public WorkLightAuthenticator m59clone() throws CloneNotSupportedException {
        return (WorkLightAuthenticator) super.clone();
    }
}
