package com.worklight.core.auth.ext;

import com.ibm.json.java.JSONObject;
import com.worklight.gadgets.utils.SecurityFilterUtils;
import com.worklight.server.auth.api.AuthenticationResult;
import com.worklight.server.auth.api.AuthenticationStatus;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/worklight/core/auth/ext/DeviceAuthenticator.class */
abstract class DeviceAuthenticator extends WorklightProtocolAuthenticator {
    protected Status status = Status.NOT_STARTED;
    protected String lastToken = null;
    protected final Map<String, Object> authenticationData = new HashMap();
    static final String ID_PARAM = "ID";
    protected static final String TOKEN_PARAM_NAME = "token";

    /* loaded from: input_file:com/worklight/core/auth/ext/DeviceAuthenticator$Status.class */
    protected enum Status {
        NOT_STARTED,
        AWAITING_CHALLENGE_RESPONSE,
        SUCCESS
    }

    @Override // com.worklight.core.auth.ext.WorklightProtocolAuthenticator
    public AuthenticationResult processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException {
        switch (this.status) {
            case NOT_STARTED:
                return createNewChallenge();
            case AWAITING_CHALLENGE_RESPONSE:
                Object challengeResponse = getChallengeResponse(httpServletRequest);
                return challengeResponse == null ? z ? createNewChallenge() : AuthenticationResult.createFrom(AuthenticationStatus.REQUEST_NOT_RECOGNIZED) : checkChallangeResponse(challengeResponse, httpServletResponse);
            default:
                throw new IllegalStateException();
        }
    }

    @Override // com.worklight.core.auth.ext.WorklightProtocolAuthenticator
    public Map<String, Object> getAuthenticationData() {
        return this.authenticationData;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationResult createChallengeResponse(JSONObject jSONObject) {
        this.status = Status.AWAITING_CHALLENGE_RESPONSE;
        AuthenticationResult createFrom = AuthenticationResult.createFrom(AuthenticationStatus.CLIENT_INTERACTION_REQUIRED);
        createFrom.setJson(jSONObject);
        return createFrom;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JSONObject getTokenChallenge() {
        if (this.lastToken == null) {
            this.lastToken = SecurityFilterUtils.getRandomToken();
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(TOKEN_PARAM_NAME, this.lastToken);
        return jSONObject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationResult checkTokenString(String str) {
        if (this.lastToken == null || !this.lastToken.equals(str)) {
            this.lastToken = null;
            return AuthenticationResult.createFailureResult(new JSONObject(), "bad token");
        }
        this.status = Status.SUCCESS;
        return AuthenticationResult.createFrom(AuthenticationStatus.SUCCESS);
    }

    protected abstract AuthenticationResult checkToken(Object obj) throws IOException;

    protected abstract AuthenticationResult createNewChallenge() throws IOException;

    protected abstract AuthenticationResult checkChallangeResponse(Object obj, HttpServletResponse httpServletResponse) throws IOException;
}
