package org.josso.selfservices.password.lostpassword;

import java.util.HashSet;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.josso.auth.Credential;
import org.josso.auth.CredentialProvider;
import org.josso.auth.exceptions.AuthenticationFailureException;
import org.josso.gateway.SSOException;
import org.josso.gateway.identity.SSOUser;
import org.josso.gateway.identity.exceptions.SSOIdentityException;
import org.josso.gateway.identity.service.SSOIdentityManager;
import org.josso.selfservices.ChallengeResponseCredential;
import org.josso.selfservices.ProcessRequest;
import org.josso.selfservices.ProcessResponse;
import org.josso.selfservices.ProcessState;
import org.josso.selfservices.annotations.Action;
import org.josso.selfservices.annotations.Extension;
import org.josso.selfservices.password.BasePasswordManagementProcess;
import org.josso.selfservices.password.PasswordDistributor;
import org.josso.selfservices.password.PasswordGenerator;
import org.josso.selfservices.password.PasswordManagementException;
import org.josso.selfservices.password.PasswordManagementProcess;
import org.josso.util.id.IdGenerator;
import org.springframework.beans.PropertyAccessor;

/* loaded from: input_file:WEB-INF/lib/josso-core-1.8.7.jar:org/josso/selfservices/password/lostpassword/AbstractLostPasswordProcess.class */
public abstract class AbstractLostPasswordProcess extends BasePasswordManagementProcess implements Constants {
    private static final Log log;
    private CredentialProvider credentialProvider;
    private PasswordDistributor distributor;
    private PasswordGenerator generator;
    private SSOIdentityManager identityManager;
    private IdGenerator idGenerator;

    @Extension(Constants.EXT_URL_PROVIDER)
    private LostPasswordUrlProvider urlProvider;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // org.josso.selfservices.password.BasePasswordManagementProcess, org.josso.selfservices.password.PasswordManagementProcess
    public PasswordManagementProcess createNewProcess(String str) throws SSOException {
        AbstractLostPasswordProcess abstractLostPasswordProcess = (AbstractLostPasswordProcess) super.createNewProcess(str);
        abstractLostPasswordProcess.setCredentialProvider(this.credentialProvider);
        abstractLostPasswordProcess.setIdentityManager(this.identityManager);
        abstractLostPasswordProcess.setPasswordDistributor(this.distributor);
        abstractLostPasswordProcess.setPasswordGenerator(this.generator);
        abstractLostPasswordProcess.setIdGenerator(this.idGenerator);
        return abstractLostPasswordProcess;
    }

    @Override // org.josso.selfservices.password.BasePasswordManagementProcess
    protected ProcessState doMakeState(String str) {
        return new LostPasswordProcessState(str);
    }

    @Override // org.josso.selfservices.password.BasePasswordManagementProcess, org.josso.selfservices.password.PasswordManagementProcess
    public ProcessResponse start() {
        if (log.isDebugEnabled()) {
            log.debug("Starting lost password process .. .");
        }
        super.start();
        if (!$assertionsDisabled && this.identityManager == null) {
            throw new AssertionError("No Identity Manager Configured");
        }
        if (!$assertionsDisabled && this.credentialProvider == null) {
            throw new AssertionError("No Credential Provider Configured");
        }
        if (!$assertionsDisabled && this.distributor == null) {
            throw new AssertionError("No Password Distributor Configured");
        }
        if (!$assertionsDisabled && this.generator == null) {
            throw new AssertionError("No Password Generator Configured");
        }
        if (!$assertionsDisabled && this.idGenerator == null) {
            throw new AssertionError("No Password Assertion Generator Configured");
        }
        getLostPasswordState().setPasswordConfirmUrl(null);
        getLostPasswordState().setAssertionId(null);
        getLostPasswordState().setChallenges(new HashSet());
        ChallengeResponseCredential[] createInitilaChallenges = createInitilaChallenges();
        ProcessResponse createResponse = createResponse(Constants.STEP_REQUEST_CHALLENGES);
        createResponse.setAttribute(Constants.ATTR_CHALLENGES, createInitilaChallenges);
        storeAllChallenges(createInitilaChallenges);
        return createResponse;
    }

    @Override // org.josso.selfservices.password.BasePasswordManagementProcess, org.josso.selfservices.password.PasswordManagementProcess
    public void stop() {
        if (log.isDebugEnabled()) {
            log.debug("Stopping lost password process .. .");
        }
        super.stop();
    }

    @Action(fromSteps = {Constants.STEP_REQUEST_CHALLENGES, Constants.STEP_REQUEST_ADDITIONAL_CHALLENGES})
    public ProcessResponse processChallenges(ProcessRequest processRequest) {
        try {
            ChallengeResponseCredential[] challengeResponseCredentialArr = (ChallengeResponseCredential[]) processRequest.getAttribute(Constants.ATTR_CHALLENGES);
            if (challengeResponseCredentialArr == null) {
                if (log.isDebugEnabled()) {
                    log.debug("No challenges received!");
                }
                return createFinalResponse(Constants.STEP_AUTH_ERROR);
            }
            storeAllChallenges(challengeResponseCredentialArr);
            Set<ChallengeResponseCredential> retrieveAllChallenges = retrieveAllChallenges();
            ChallengeResponseCredential[] createAdditionalChallenges = createAdditionalChallenges(retrieveAllChallenges);
            if (createAdditionalChallenges != null && createAdditionalChallenges.length > 0) {
                if (log.isDebugEnabled()) {
                    log.debug("Requesting additional challengis");
                }
                ProcessResponse createResponse = createResponse(Constants.STEP_REQUEST_ADDITIONAL_CHALLENGES);
                createResponse.setAttribute(Constants.ATTR_CHALLENGES, createAdditionalChallenges);
                storeAllChallenges(createAdditionalChallenges);
                return createResponse;
            }
            if (log.isDebugEnabled()) {
                log.debug("Starting password reset");
            }
            SSOUser authenticate = authenticate(retrieveAllChallenges);
            if (log.isDebugEnabled()) {
                log.debug("User " + authenticate.getName() + " authenticated");
            }
            String createNewPassword = createNewPassword(authenticate, retrieveAllChallenges);
            if (log.isDebugEnabled()) {
                log.debug("Password created for " + authenticate.getName());
            }
            Credential newEncodedCredential = this.credentialProvider.newEncodedCredential("password", createNewPassword);
            if (log.isDebugEnabled()) {
                log.debug("Password encoded for " + authenticate.getName());
            }
            getLostPasswordState().setUser(authenticate);
            getLostPasswordState().setNewPasswordCredential(newEncodedCredential);
            String generateAssertionId = generateAssertionId(authenticate);
            if (log.isDebugEnabled()) {
                log.debug("Password Assertion ID [" + generateAssertionId + "] generated for " + authenticate.getName());
            }
            getLostPasswordState().setAssertionId(generateAssertionId);
            getLostPasswordState().setPasswordConfirmUrl(this.urlProvider.provideResetUrl(generateAssertionId));
            distribute(authenticate, createNewPassword);
            if (log.isDebugEnabled()) {
                log.debug("Password distributed " + authenticate.getName());
            }
            ProcessResponse createResponse2 = createResponse(Constants.STEP_CONFIRM_PASSWORD);
            ChallengeResponseCredential[] createConfirmationChallenges = createConfirmationChallenges();
            if (createConfirmationChallenges != null && createConfirmationChallenges.length > 0) {
                storeAllChallenges(createConfirmationChallenges);
                createResponse2.setAttribute(Constants.ATTR_CHALLENGES, createConfirmationChallenges);
            }
            return createResponse2;
        } catch (AuthenticationFailureException e) {
            log.error("Authentication error " + e.getMessage(), e);
            ProcessResponse createFinalResponse = createFinalResponse(Constants.STEP_AUTH_ERROR);
            createFinalResponse.setAttribute("error", e);
            return createFinalResponse;
        } catch (Exception e2) {
            log.error("Fatal error error " + e2.getMessage(), e2);
            ProcessResponse createFinalResponse2 = createFinalResponse(Constants.STEP_FATAL_ERROR);
            createFinalResponse2.setAttribute("error", e2);
            return createFinalResponse2;
        }
    }

    @Action(fromSteps = {Constants.STEP_CONFIRM_PASSWORD, Constants.STEP_REQUEST_ADDITIONAL_CONFIRMATION_CHALLENGES})
    public ProcessResponse requestPasswordConfirmation(ProcessRequest processRequest) throws PasswordManagementException {
        storeAllChallenges((ChallengeResponseCredential[]) processRequest.getAttribute(Constants.ATTR_CHALLENGES));
        ChallengeResponseCredential[] createAdditionalConfirmationChallenges = createAdditionalConfirmationChallenges(retrieveAllChallenges());
        if (createAdditionalConfirmationChallenges != null && createAdditionalConfirmationChallenges.length > 0) {
            ProcessResponse createFinalResponse = createFinalResponse(Constants.STEP_REQUEST_ADDITIONAL_CONFIRMATION_CHALLENGES);
            createFinalResponse.setAttribute(Constants.ATTR_CHALLENGES, createAdditionalConfirmationChallenges);
            storeAllChallenges(createAdditionalConfirmationChallenges);
            return createFinalResponse;
        }
        Set<ChallengeResponseCredential> retrieveAllChallenges = retrieveAllChallenges();
        if (retrieveAllChallenges == null || retrieveAllChallenges.size() <= 0) {
            log.error("No challenges provided or requested for password confirmation!");
            return createFinalResponse(Constants.STEP_AUTH_ERROR);
        }
        try {
            authenticateConfirmation();
            SSOUser user = getLostPasswordState().getUser();
            if (log.isDebugEnabled()) {
                log.debug("Password confirmed for " + user.getName());
            }
            updateAccount(user, getLostPasswordState().getNewPasswordCredential());
            if (log.isDebugEnabled()) {
                log.debug("Account updated : " + user.getName());
            }
            return createFinalResponse(Constants.STEP_PASSWORD_RESETED);
        } catch (AuthenticationFailureException e) {
            log.error(e.getMessage(), e);
            return createFinalResponse(Constants.STEP_AUTH_ERROR);
        }
    }

    @Action(fromSteps = {Constants.STEP_PASSWORD_RESETED})
    public ProcessResponse passwordResetted(ProcessRequest processRequest) {
        stop();
        return createFinalResponse(null);
    }

    @Action(fromSteps = {Constants.STEP_FATAL_ERROR})
    public ProcessResponse fatalError(ProcessRequest processRequest) {
        stop();
        return createFinalResponse(null);
    }

    @Action(fromSteps = {Constants.STEP_AUTH_ERROR})
    public ProcessResponse authError(ProcessRequest processRequest) {
        stop();
        return createFinalResponse(null);
    }

    protected ChallengeResponseCredential[] createInitilaChallenges() {
        return null;
    }

    protected ChallengeResponseCredential[] createAdditionalChallenges(Set<ChallengeResponseCredential> set) {
        return null;
    }

    protected ChallengeResponseCredential[] createConfirmationChallenges() {
        if (getChallenge(Constants.CHALLENGE_PWD_ASSERTION_ID) == null) {
            log.debug("Creating password assertion challenge");
            return new ChallengeResponseCredential[]{new ChallengeResponseCredential(Constants.CHALLENGE_PWD_ASSERTION_ID, "Password Assertion")};
        }
        if (!log.isDebugEnabled()) {
            return null;
        }
        log.debug("Already created password assertion challenge, value is " + getChallenge(Constants.CHALLENGE_PWD_ASSERTION_ID).getValue());
        return null;
    }

    protected ChallengeResponseCredential[] createAdditionalConfirmationChallenges(Set<ChallengeResponseCredential> set) {
        return null;
    }

    protected abstract SSOUser authenticate(Set<ChallengeResponseCredential> set) throws AuthenticationFailureException;

    protected void authenticateConfirmation() throws AuthenticationFailureException {
        ChallengeResponseCredential challenge = getChallenge(Constants.CHALLENGE_PWD_ASSERTION_ID);
        if (challenge == null || challenge.getValue() == null) {
            throw new AuthenticationFailureException("No Password Assertion found");
        }
        String str = (String) challenge.getValue();
        if (str.equals(getPasswordAssertionId())) {
            return;
        }
        log.error("Invalid password assertion  : " + str);
        throw new AuthenticationFailureException("Invalid password assertion : " + getPasswordAssertionId());
    }

    protected String createNewPassword(SSOUser sSOUser, Set<ChallengeResponseCredential> set) {
        if (log.isDebugEnabled()) {
            log.debug("Generating new password for " + sSOUser.getName());
        }
        return this.generator.generateClearPassword(sSOUser, retrieveAllChallenges());
    }

    protected void updateAccount(SSOUser sSOUser, Credential credential) throws PasswordManagementException {
        if (log.isDebugEnabled()) {
            log.debug("Updating user account for " + sSOUser.getName());
        }
        try {
            this.identityManager.updateAccountPassword(sSOUser, credential);
        } catch (SSOIdentityException e) {
            throw new PasswordManagementException(e.getMessage(), e);
        }
    }

    protected String generateAssertionId(SSOUser sSOUser) throws PasswordManagementException {
        if (log.isDebugEnabled()) {
            log.debug("Generating assertion ID for " + sSOUser.getName());
        }
        return this.idGenerator.generateId();
    }

    protected void distribute(SSOUser sSOUser, String str) throws PasswordManagementException {
        if (log.isDebugEnabled()) {
            log.debug("Distributing password for " + sSOUser.getName());
        }
        this.distributor.distributePassword(sSOUser, str, getLostPasswordState());
    }

    protected SSOUser findUserByUsername(String str) {
        if (log.isDebugEnabled()) {
            log.debug("Looking for user " + str);
        }
        try {
            return this.identityManager.findUser(str);
        } catch (SSOIdentityException e) {
            log.error(e.getMessage(), e);
            return null;
        }
    }

    protected LostPasswordProcessState getLostPasswordState() {
        return (LostPasswordProcessState) getState();
    }

    protected ChallengeResponseCredential getChallenge(String str) {
        return getChallenge(str, retrieveAllChallenges());
    }

    protected ChallengeResponseCredential getChallenge(String str, Set<ChallengeResponseCredential> set) {
        for (ChallengeResponseCredential challengeResponseCredential : set) {
            if (challengeResponseCredential.getId().equals(str)) {
                return challengeResponseCredential;
            }
        }
        return null;
    }

    protected void storeAllChallenges(ChallengeResponseCredential[] challengeResponseCredentialArr) {
        if (challengeResponseCredentialArr == null) {
            return;
        }
        for (ChallengeResponseCredential challengeResponseCredential : challengeResponseCredentialArr) {
            getLostPasswordState().getChallenges().add(challengeResponseCredential);
            if (log.isDebugEnabled()) {
                log.debug("Storing challenge : " + challengeResponseCredential.getId() + " [" + challengeResponseCredential.getResponse() + PropertyAccessor.PROPERTY_KEY_SUFFIX);
            }
        }
    }

    protected void clearChallenges() {
        getLostPasswordState().getChallenges().clear();
    }

    protected Set<ChallengeResponseCredential> retrieveAllChallenges() {
        return getLostPasswordState().getChallenges();
    }

    public String getPasswordAssertionId() {
        return getLostPasswordState().getAssertionId();
    }

    public CredentialProvider getCredentialProvider() {
        return this.credentialProvider;
    }

    public void setCredentialProvider(CredentialProvider credentialProvider) {
        this.credentialProvider = credentialProvider;
    }

    public PasswordDistributor getPasswordDistributor() {
        return this.distributor;
    }

    public void setPasswordDistributor(PasswordDistributor passwordDistributor) {
        this.distributor = passwordDistributor;
    }

    public PasswordGenerator getPasswordGenerator() {
        return this.generator;
    }

    public void setPasswordGenerator(PasswordGenerator passwordGenerator) {
        this.generator = passwordGenerator;
    }

    public IdGenerator getIdGenerator() {
        return this.idGenerator;
    }

    public void setIdGenerator(IdGenerator idGenerator) {
        this.idGenerator = idGenerator;
    }

    public SSOIdentityManager getIdentityManager() {
        return this.identityManager;
    }

    public void setIdentityManager(SSOIdentityManager sSOIdentityManager) {
        this.identityManager = sSOIdentityManager;
    }

    static {
        $assertionsDisabled = !AbstractLostPasswordProcess.class.desiredAssertionStatus();
        log = LogFactory.getLog(AbstractLostPasswordProcess.class);
    }
}
