package io.jans.as.server.authorize.ws.rs;

import io.jans.as.common.model.session.SessionId;
import io.jans.as.common.model.session.SessionIdState;
import io.jans.as.common.util.RedirectUri;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.util.Util;
import io.jans.as.server.i18n.LanguageBean;
import io.jans.as.server.model.common.DeviceAuthorizationCacheControl;
import io.jans.as.server.model.common.DeviceAuthorizationStatus;
import io.jans.as.server.service.CookieService;
import io.jans.as.server.service.DeviceAuthorizationService;
import io.jans.as.server.service.SessionIdService;
import io.jans.jsf2.message.FacesMessages;
import jakarta.enterprise.context.RequestScoped;
import jakarta.faces.application.FacesMessage;
import jakarta.faces.context.FacesContext;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import java.io.IOException;
import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;

@Named
@RequestScoped
/* loaded from: input_file:io/jans/as/server/authorize/ws/rs/DeviceAuthorizationAction.class */
public class DeviceAuthorizationAction implements Serializable {
    private static final String INVALID_USER_CODE_MESSAGE_KEY = "device.authorization.invalid.user.code";

    @Inject
    private Logger log;

    @Inject
    private FacesMessages facesMessages;

    @Inject
    private LanguageBean languageBean;

    @Inject
    private DeviceAuthorizationService deviceAuthorizationService;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private SessionIdService sessionIdService;

    @Inject
    private CookieService cookieService;
    private String code;
    private String sessionId;
    private String state;
    private String sessionState;
    private String error;
    private String errorDescription;
    private String userCode;
    private String userCodePart1;
    private String userCodePart2;
    private String titleMsg;
    private String descriptionMsg;
    private Long lastAttempt = Long.valueOf(System.currentTimeMillis());
    private byte attempts;

    public void pageLoaded() {
        this.log.info("Processing device authorization page request, userCode: {}, code: {}, sessionId: {}, state: {}, sessionState: {}, error: {}, errorDescription: {}", new Object[]{this.userCode, this.code, this.sessionId, this.state, this.sessionState, this.error, this.errorDescription});
        if (StringUtils.isNotBlank(this.error)) {
            this.titleMsg = this.error;
            this.descriptionMsg = this.errorDescription;
        }
        if (isDeviceAuthnCompleted()) {
            this.titleMsg = this.languageBean.getMessage("device.authorization.access.granted.title");
            this.descriptionMsg = this.languageBean.getMessage("device.authorization.authorization.completed.msg");
        }
        initializeSession();
    }

    public void initializeSession() {
        initializeOrCreateSession();
    }

    public SessionId initializeOrCreateSession() {
        SessionId sessionId = this.sessionIdService.getSessionId();
        Map<String, String> sessionAttributes = sessionId != null ? sessionId.getSessionAttributes() : new HashMap<>();
        sessionAttributes.put("device_authorization", Boolean.TRUE.toString());
        sessionAttributes.remove(DeviceAuthorizationService.SESSION_USER_CODE);
        if (StringUtils.isNotBlank(this.userCode)) {
            sessionAttributes.put(DeviceAuthorizationService.SESSION_USER_CODE, this.userCode);
        }
        if (sessionId == null) {
            SessionId generateUnauthenticatedSessionId = this.sessionIdService.generateUnauthenticatedSessionId(null, new Date(), SessionIdState.UNAUTHENTICATED, sessionAttributes, false);
            this.sessionIdService.persistSessionId(generateUnauthenticatedSessionId);
            this.cookieService.createSessionIdCookie(generateUnauthenticatedSessionId, false);
            this.log.debug("Created session for device authorization grant page, sessionId: {}", generateUnauthenticatedSessionId.getId());
        } else {
            if (StringUtils.isNotBlank((CharSequence) sessionId.getSessionAttributes().get(DeviceAuthorizationService.SESSION_LAST_ATTEMPT)) && StringUtils.isNotBlank((CharSequence) sessionId.getSessionAttributes().get(DeviceAuthorizationService.SESSION_ATTEMPTS))) {
                this.lastAttempt = Long.valueOf(Long.parseLong((String) sessionId.getSessionAttributes().get(DeviceAuthorizationService.SESSION_LAST_ATTEMPT)));
                this.attempts = Byte.parseByte((String) sessionId.getSessionAttributes().get(DeviceAuthorizationService.SESSION_ATTEMPTS));
            }
            sessionAttributes.put(DeviceAuthorizationService.SESSION_LAST_ATTEMPT, String.valueOf(this.lastAttempt));
            sessionAttributes.put(DeviceAuthorizationService.SESSION_ATTEMPTS, String.valueOf((int) this.attempts));
            sessionId.setSessionAttributes(sessionAttributes);
            this.sessionIdService.updateSessionId(sessionId);
            this.log.debug("Updated session for device authorization grant page, sessionId: {}", sessionId.getId());
        }
        return sessionId;
    }

    public void processUserCodeVerification() {
        try {
            SessionId sessionId = this.sessionIdService.getSessionId();
            if (sessionId == null) {
                this.log.trace("No session found during device authorization, creating new unauthenticated session ...");
                sessionId = initializeOrCreateSession();
            }
            if (!preventBruteForcing(sessionId)) {
                this.log.trace("Brute force prevention during device authorization, sessionId: {}", sessionId.getId());
                this.facesMessages.add(FacesMessage.SEVERITY_WARN, this.languageBean.getMessage("device.authorization.brute.forcing.msg"));
                return;
            }
            String upperCase = (StringUtils.isBlank(this.userCodePart1) && StringUtils.isBlank(this.userCodePart2)) ? ((String) sessionId.getSessionAttributes().get(DeviceAuthorizationService.SESSION_USER_CODE)).toUpperCase() : (this.userCodePart1 + "-" + this.userCodePart2).toUpperCase();
            if (!validateFormat(upperCase)) {
                this.log.trace("Invalid user code during device authorization, userCode: {}, sessionId: {}", upperCase, sessionId.getId());
                this.facesMessages.add(FacesMessage.SEVERITY_WARN, this.languageBean.getMessage(INVALID_USER_CODE_MESSAGE_KEY));
                return;
            }
            DeviceAuthorizationCacheControl deviceAuthzByUserCode = this.deviceAuthorizationService.getDeviceAuthzByUserCode(upperCase);
            this.log.debug("Verifying device authorization cache data: {}", deviceAuthzByUserCode);
            String str = null;
            if (deviceAuthzByUserCode == null) {
                this.log.trace("Unable to validate user code during device authorization, userCode: {}, sessionId: {}", upperCase, sessionId.getId());
                str = this.languageBean.getMessage(INVALID_USER_CODE_MESSAGE_KEY);
            } else if (deviceAuthzByUserCode.getStatus() == DeviceAuthorizationStatus.PENDING) {
                sessionId.getSessionAttributes().put(DeviceAuthorizationService.SESSION_USER_CODE, upperCase);
                sessionId.getSessionAttributes().remove(DeviceAuthorizationService.SESSION_LAST_ATTEMPT);
                sessionId.getSessionAttributes().remove(DeviceAuthorizationService.SESSION_ATTEMPTS);
                this.sessionIdService.updateSessionId(sessionId);
                redirectToAuthorization(deviceAuthzByUserCode);
            } else if (deviceAuthzByUserCode.getStatus() == DeviceAuthorizationStatus.DENIED) {
                this.log.trace("Cache data status=DENIED during device authorization, userCode: {}, sessionId: {}", upperCase, sessionId.getId());
                str = this.languageBean.getMessage("device.authorization.access.denied.msg");
            } else {
                this.log.trace("Cache data EXPIRED during device authorization, userCode: {}, sessionId: {}", upperCase, sessionId.getId());
                str = this.languageBean.getMessage("device.authorization.expired.code.msg");
            }
            if (str != null) {
                this.log.trace("Message during device authorization, message: {}, userCode: {}, sessionId: {}", new Object[]{str, upperCase, sessionId.getId()});
                this.facesMessages.add(FacesMessage.SEVERITY_WARN, str);
            }
        } catch (Exception e) {
            this.log.error("Failed to process user code validation", e);
            this.facesMessages.clear();
            this.facesMessages.add(FacesMessage.SEVERITY_WARN, this.languageBean.getMessage(INVALID_USER_CODE_MESSAGE_KEY));
        }
    }

    private boolean preventBruteForcing(SessionId sessionId) {
        this.lastAttempt = Long.valueOf((String) sessionId.getSessionAttributes().getOrDefault(DeviceAuthorizationService.SESSION_LAST_ATTEMPT, "0"));
        this.attempts = Byte.parseByte((String) sessionId.getSessionAttributes().getOrDefault(DeviceAuthorizationService.SESSION_ATTEMPTS, "0"));
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - this.lastAttempt.longValue() <= 500 || this.attempts >= 5) {
            this.log.trace("User has done too many failed user code verification requests, sessionId: {}", this.sessionIdService.getSessionId());
            return false;
        }
        this.lastAttempt = Long.valueOf(currentTimeMillis);
        this.attempts = (byte) (this.attempts + 1);
        sessionId.getSessionAttributes().put(DeviceAuthorizationService.SESSION_LAST_ATTEMPT, String.valueOf(this.lastAttempt));
        sessionId.getSessionAttributes().put(DeviceAuthorizationService.SESSION_ATTEMPTS, String.valueOf((int) this.attempts));
        this.sessionIdService.updateSessionId(sessionId);
        return true;
    }

    private boolean validateFormat(String str) {
        return str.matches("[BCDFGHJKLMNPQRSTVWXZ]{4}-[BCDFGHJKLMNPQRSTVWXZ]{4}");
    }

    private void redirectToAuthorization(DeviceAuthorizationCacheControl deviceAuthorizationCacheControl) {
        try {
            this.log.info("Redirecting to authorization code flow to process device authorization, data: {}", deviceAuthorizationCacheControl);
            String authorizationEndpoint = this.appConfiguration.getAuthorizationEndpoint();
            String clientId = deviceAuthorizationCacheControl.getClient().getClientId();
            String deviceAuthzResponseTypeToProcessAuthz = this.appConfiguration.getDeviceAuthzResponseTypeToProcessAuthz();
            String listAsString = Util.listAsString(deviceAuthorizationCacheControl.getScopes());
            String uuid = UUID.randomUUID().toString();
            String uuid2 = UUID.randomUUID().toString();
            String deviceAuthzAcr = this.appConfiguration.getDeviceAuthzAcr();
            RedirectUri redirectUri = new RedirectUri(authorizationEndpoint);
            redirectUri.addResponseParameter("client_id", clientId);
            redirectUri.addResponseParameter("response_type", deviceAuthzResponseTypeToProcessAuthz);
            redirectUri.addResponseParameter("scope", listAsString);
            redirectUri.addResponseParameter("state", uuid);
            redirectUri.addResponseParameter("nonce", uuid2);
            if (StringUtils.isNotBlank(deviceAuthzAcr)) {
                redirectUri.addResponseParameter("acr_values", deviceAuthzAcr);
            }
            String redirectUri2 = redirectUri.toString();
            this.log.debug("Redirecting to: {}", redirectUri2);
            FacesContext.getCurrentInstance().getExternalContext().redirect(redirectUri2);
        } catch (IOException e) {
            this.log.error("Problems trying to redirect to authorization page from device authorization action", e);
            this.facesMessages.add(FacesMessage.SEVERITY_WARN, this.languageBean.getMessage("error.errorEncountered"));
        } catch (Exception e2) {
            this.log.error("Exception processing redirection", e2);
            this.facesMessages.add(FacesMessage.SEVERITY_WARN, this.languageBean.getMessage("error.errorEncountered"));
        }
    }

    public boolean isNewRequest() {
        return StringUtils.isBlank(this.code) && StringUtils.isBlank(this.sessionId) && StringUtils.isBlank(this.state) && StringUtils.isBlank(this.error) && StringUtils.isBlank(this.errorDescription);
    }

    public boolean isErrorResponse() {
        return StringUtils.isNotBlank(this.error);
    }

    public boolean isCompleteVerificationMode() {
        return isNewRequest() && StringUtils.isNotBlank(this.userCode);
    }

    public boolean isDeviceAuthnCompleted() {
        return StringUtils.isNotBlank(this.code) && StringUtils.isNotBlank(this.state) && StringUtils.isBlank(this.error);
    }

    public String getUserCodePart1() {
        return this.userCodePart1;
    }

    public void setUserCodePart1(String str) {
        this.userCodePart1 = str;
    }

    public String getUserCodePart2() {
        return this.userCodePart2;
    }

    public void setUserCodePart2(String str) {
        this.userCodePart2 = str;
    }

    public String getCode() {
        return this.code;
    }

    public void setCode(String str) {
        this.code = str;
    }

    public String getSessionId() {
        return this.sessionId;
    }

    public void setSessionId(String str) {
        this.sessionId = str;
    }

    public String getState() {
        return this.state;
    }

    public void setState(String str) {
        this.state = str;
    }

    public String getSessionState() {
        return this.sessionState;
    }

    public void setSessionState(String str) {
        this.sessionState = str;
    }

    public String getError() {
        return this.error;
    }

    public void setError(String str) {
        this.error = str;
    }

    public String getErrorDescription() {
        return this.errorDescription;
    }

    public void setErrorDescription(String str) {
        this.errorDescription = str;
    }

    public String getUserCode() {
        return this.userCode;
    }

    public void setUserCode(String str) {
        this.userCode = str;
    }

    public String getTitleMsg() {
        return this.titleMsg;
    }

    public void setTitleMsg(String str) {
        this.titleMsg = str;
    }

    public String getDescriptionMsg() {
        return this.descriptionMsg;
    }

    public void setDescriptionMsg(String str) {
        this.descriptionMsg = str;
    }
}
