package com.worklight.core.auth.ext;

import com.ibm.json.java.JSONObject;
import com.worklight.common.constants.Constants;
import com.worklight.console.application.Services;
import com.worklight.core.auth.api.AuthenticationService;
import com.worklight.core.auth.impl.AuthenticationContext;
import com.worklight.core.auth.impl.ProvisionedEntity;
import com.worklight.gadgets.bean.GadgetApplication;
import com.worklight.gadgets.utils.GadgetUtils;
import com.worklight.server.auth.api.AuthenticationResult;
import com.worklight.server.auth.api.MissingConfigurationOptionException;
import java.io.IOException;
import java.util.Map;
import java.util.StringTokenizer;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:lib/worklight-extension-api.jar:com/worklight/core/auth/ext/DeviceWithProvisioningAuthenticator.class */
public abstract class DeviceWithProvisioningAuthenticator extends DeviceAuthenticator {
    protected ProvisionedEntity entity = null;
    private String[] preRequiredRealms = null;
    private static final String ALLOWED_PARAM_NAME = "allowed";
    public static final String PROVISIONED_ENTITY_PARAM_NAME = "provisioned-entity";
    protected static final String PRE_REQUIRED_REALMS_PARAM_NAME = "pre-required-realms";
    private static final String ENTITY_JSON_KEY = "entity";

    @Override // com.worklight.core.auth.ext.WorklightProtocolAuthenticator, com.worklight.server.auth.api.WorkLightAuthenticator
    public void init(Map<String, String> map) throws MissingConfigurationOptionException {
        super.init(map);
        String remove = map.remove(PROVISIONED_ENTITY_PARAM_NAME);
        if (remove == null) {
            throw new MissingConfigurationOptionException(PROVISIONED_ENTITY_PARAM_NAME);
        }
        this.entity = ProvisionedEntity.parse(remove);
        String remove2 = map.remove(PRE_REQUIRED_REALMS_PARAM_NAME);
        if (remove2 != null) {
            this.preRequiredRealms = remove2.split(",");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.worklight.core.auth.ext.DeviceAuthenticator
    public AuthenticationResult checkToken(Object obj) throws IOException {
        StringTokenizer stringTokenizer = new StringTokenizer((String) obj, ".");
        stringTokenizer.nextToken();
        return super.checkTokenString((String) JSONObject.parse(new String(Base64.decodeBase64(stringTokenizer.nextToken()), Constants.UTF8_CHARSET)).get("token"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.worklight.core.auth.ext.DeviceAuthenticator
    public AuthenticationResult createNewChallenge() {
        JSONObject tokenChallenge = getTokenChallenge();
        tokenChallenge.put(ENTITY_JSON_KEY, this.entity.getFullName());
        tokenChallenge.put(ALLOWED_PARAM_NAME, Boolean.valueOf(isProvisioningAllowed()));
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("ID", tokenChallenge);
        return createChallengeResponse(jSONObject);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isProvisioningAllowed() {
        if (this.preRequiredRealms == null) {
            return true;
        }
        AuthenticationService authService = Services.getAuthService();
        for (String str : this.preRequiredRealms) {
            if (!str.equals("wl_authenticityRealm")) {
                if (authService.getIdentity(str) == null) {
                    return false;
                }
            } else if (GadgetUtils.getGadgetApplicationFrom(AuthenticationContext.getCurrentRequest()).getAuthenticityMode() == GadgetApplication.AuthenticityMode.ENABLED && authService.getIdentity(str) == null) {
                return false;
            }
        }
        return true;
    }

    @Override // com.worklight.core.auth.ext.DeviceAuthenticator, com.worklight.core.auth.ext.WorklightProtocolAuthenticator, com.worklight.server.auth.api.WorkLightAuthenticator
    public /* bridge */ /* synthetic */ Map getAuthenticationData() {
        return super.getAuthenticationData();
    }

    @Override // com.worklight.core.auth.ext.DeviceAuthenticator, com.worklight.core.auth.ext.WorklightProtocolAuthenticator, com.worklight.server.auth.api.WorkLightAuthenticator
    public /* bridge */ /* synthetic */ AuthenticationResult processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException {
        return super.processRequest(httpServletRequest, httpServletResponse, z);
    }
}
