package com.simba.athena.iamsupport.plugin;

import com.simba.athena.amazonaws.SdkClientException;
import com.simba.athena.amazonaws.util.IOUtils;
import com.simba.athena.amazonaws.util.StringUtils;
import com.simba.athena.athena.core.AJPropertyKey;
import com.simba.athena.iamsupport.IamSupport;
import com.simba.athena.iamsupport.model.CredentialsHolder;
import com.simba.athena.iamsupport.plugin.utils.LogUtils;
import com.simba.athena.shaded.fasterxml.jackson.databind.JsonNode;
import com.simba.athena.shaded.fasterxml.jackson.databind.ObjectMapper;
import com.simba.athena.support.LogUtilities;
import java.awt.Desktop;
import java.io.IOException;
import java.io.StringWriter;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.util.HashMap;
import java.util.Iterator;
import javax.swing.JOptionPane;
import org.apache.http.HttpHeaders;
import org.apache.http.HttpHost;
import org.apache.http.StatusLine;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import software.amazon.ion.SystemSymbols;

/* loaded from: input_file:com/simba/athena/iamsupport/plugin/OktaCredentialsProvider.class */
public class OktaCredentialsProvider extends SamlCredentialsProvider {
    private static final String KEY_APP_URL = "app_id";
    private static final String KEY_APP_NAME = "app_name";
    private static final String OKTA_MFA_TYPE = "okta_mfa_type";
    private static final String OKTA_MFA_WAIT_TIME = "okta_mfa_wait_time";
    private static final String OKTA_PHONE_NUMBER = "okta_phone_number";
    private static final String OKTA_VERIFY_PUSH_FACTOR_TYPE = "push";
    private static final String OKTA_VERIFY_TOTP_FACTOR_TYPE = "token:software:totp";
    private static final String OKTA_SMS_FACTOR_TYPE = "sms";
    private static final String OKTA_VERIFY_PROVIDER = "OKTA";
    private static final String GOOGLE_AUTHENTICATOR_FACTOR_TYPE = "token:software:totp";
    private static final String GOOGLE_AUTHENTICATOR_PROVIDER = "GOOGLE";
    private static final int DEFAULT_OKTA_MFA_WAIT_TIME = 60;
    private static final String OKTA_AUTHENTICATION_URL = "/api/v1/authn";
    private static final String OKTA_FACTORS_URL = "/api/v1/authn/factors";
    public static final String USE_OKTA_MFA = "UseOktaMFA";
    protected String m_app_id;
    protected String m_app_name;
    protected String m_okta_mfa_type;
    protected String m_okta_phone_number;
    private String m_oktaMfaFactorType;
    private String m_oktaMfaProvider;
    protected int m_okta_mfa_wait_time = 60;
    private boolean m_useOktaMfa = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/simba/athena/iamsupport/plugin/OktaCredentialsProvider$SupportedFactors.class */
    public enum SupportedFactors {
        OKTAVERIFYWITHPUSH,
        OKTAVERIFYWITHTOTP,
        SMSAUTHENTICATION,
        GOOGLEAUTHENTICATOR
    }

    @Override // com.simba.athena.iamsupport.plugin.SamlCredentialsProvider, com.simba.athena.iamsupport.IPlugin
    public void addParameter(String str, String str2) {
        super.addParameter(str, str2);
        if (KEY_APP_URL.equalsIgnoreCase(str)) {
            this.m_app_id = str2;
        }
        if (KEY_APP_NAME.equalsIgnoreCase(str)) {
            this.m_app_name = str2;
        }
        if (OKTA_MFA_TYPE.equalsIgnoreCase(str)) {
            this.m_okta_mfa_type = str2;
        }
        if (OKTA_MFA_WAIT_TIME.equalsIgnoreCase(str)) {
            this.m_okta_mfa_wait_time = Integer.parseInt(str2);
        }
        if (OKTA_PHONE_NUMBER.equalsIgnoreCase(str)) {
            this.m_okta_phone_number = str2;
        }
        if ("UseOktaMFA".equalsIgnoreCase(str)) {
            this.m_useOktaMfa = Boolean.parseBoolean(str2);
        }
    }

    @Override // com.simba.athena.iamsupport.plugin.SamlCredentialsProvider
    protected String getSamlAssertion() throws IOException {
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        checkRequiredParameters();
        if (StringUtils.isNullOrEmpty(this.m_app_id)) {
            throw new IOException("Missing required property: app_id");
        }
        CloseableHttpClient closeableHttpClient = null;
        try {
            try {
                closeableHttpClient = getHttpClient();
                if (null != this.m_proxyHost && !this.m_proxyHost.isEmpty() && this.m_useProxyForIdpAuth.booleanValue() && this.m_proxyUid != null && !this.m_proxyUid.isEmpty() && this.m_proxyPwd != null && !this.m_proxyPwd.isEmpty()) {
                    BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                    basicCredentialsProvider.setCredentials(new AuthScope(this.m_proxyHost, this.m_proxyPort), new UsernamePasswordCredentials(this.m_proxyUid, this.m_proxyPwd));
                    closeableHttpClient = HttpClients.custom().setDefaultCredentialsProvider(basicCredentialsProvider).build();
                }
                String oktaAuthentication = oktaAuthentication(closeableHttpClient);
                LogUtilities.logDebug("Exiting", LogUtils.getLogger());
                String handleSamlAssertion = handleSamlAssertion(closeableHttpClient, oktaAuthentication);
                IOUtils.closeQuietly(closeableHttpClient, null);
                return handleSamlAssertion;
            } catch (GeneralSecurityException e) {
                throw new SdkClientException("Failed create SSLContext.", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(closeableHttpClient, null);
            throw th;
        }
    }

    @Override // com.simba.athena.iamsupport.plugin.SamlCredentialsProvider
    protected CredentialsHolder performPostSAMLAction(String str, String str2, CredentialsHolder credentialsHolder) throws SdkClientException {
        LogUtilities.logDebug(String.format("Entered with parameter value {%s}", str), LogUtils.getLogger());
        LogUtilities.logDebug("Exiting", LogUtils.getLogger());
        return null;
    }

    private String handleSamlAssertion(CloseableHttpClient closeableHttpClient, String str) throws IOException {
        LogUtilities.logDebug(String.format("Entered with parameter value {%s}", str), LogUtils.getLogger());
        if (StringUtils.isNullOrEmpty(this.m_app_name)) {
            this.m_app_name = "amazon_aws";
        } else {
            this.m_app_name = URLEncoder.encode(this.m_app_name, "UTF-8");
        }
        String str2 = ("https://" + this.m_idpHost + "/home/" + this.m_app_name + "/" + this.m_app_id) + "?onetimetoken=" + str;
        validateURL(str2);
        HttpGet httpGet = new HttpGet(str2);
        if (null != this.m_proxyHost && !this.m_proxyHost.isEmpty() && this.m_useProxyForIdpAuth.booleanValue()) {
            httpGet.setConfig(RequestConfig.custom().setProxy(new HttpHost(this.m_proxyHost, this.m_proxyPort)).build());
        }
        CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpGet);
        if (execute.getStatusLine().getStatusCode() != 200) {
            throw new RuntimeException("Failed : HTTP error code : " + execute.getStatusLine().getStatusCode() + " : Reason : " + execute.getStatusLine().getReasonPhrase());
        }
        for (String str3 : getInputTagsfromHTML(EntityUtils.toString(execute.getEntity()))) {
            String valueByKey = getValueByKey(str3, SystemSymbols.NAME);
            String valueByKey2 = getValueByKey(str3, "value");
            if ("SAMLResponse".equalsIgnoreCase(valueByKey)) {
                LogUtilities.logDebug("Exiting", LogUtils.getLogger());
                return valueByKey2.replace("&#x2b;", "+").replace("&#x3d;", "=");
            }
        }
        throw new IOException("Failed to retrieve SAMLAssertion.");
    }

    private String oktaAuthentication(CloseableHttpClient closeableHttpClient) throws IOException {
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        try {
            ObjectMapper objectMapper = new ObjectMapper();
            String str = "https://" + this.m_idpHost + OKTA_AUTHENTICATION_URL;
            validateURL(str);
            HttpPost httpPost = new HttpPost(str);
            httpPost.addHeader(HttpHeaders.ACCEPT, "application/json");
            httpPost.addHeader("Content-Type", "application/json");
            httpPost.addHeader(HttpHeaders.CACHE_CONTROL, "no-cache");
            HashMap hashMap = new HashMap();
            hashMap.put("username", this.m_userName);
            hashMap.put(IamSupport.PASSWORD_ALT, this.m_password);
            StringWriter stringWriter = new StringWriter();
            objectMapper.writeValue(stringWriter, hashMap);
            StringEntity stringEntity = new StringEntity(stringWriter.toString(), "UTF-8");
            stringEntity.setContentType("application/json");
            httpPost.setEntity(stringEntity);
            if (null != this.m_proxyHost && !this.m_proxyHost.isEmpty() && this.m_useProxyForIdpAuth.booleanValue()) {
                if (this.m_proxyUid != null && !this.m_proxyUid.isEmpty() && this.m_proxyPwd != null && !this.m_proxyPwd.isEmpty()) {
                    BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                    basicCredentialsProvider.setCredentials(new AuthScope(this.m_proxyHost, this.m_proxyPort), new UsernamePasswordCredentials(this.m_proxyUid, this.m_proxyPwd));
                    closeableHttpClient = HttpClients.custom().setDefaultCredentialsProvider(basicCredentialsProvider).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
                }
                httpPost.setConfig(RequestConfig.custom().setProxy(new HttpHost(this.m_proxyHost, this.m_proxyPort)).build());
            }
            CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpPost);
            StatusLine statusLine = execute.getStatusLine();
            if (statusLine.getStatusCode() != 200) {
                throw new IOException(statusLine.getReasonPhrase());
            }
            JsonNode readTree = objectMapper.readTree(EntityUtils.toString(execute.getEntity()));
            if ("SUCCESS".equals(readTree.get("status").asText())) {
                LogUtilities.logDebug("Exiting", LogUtils.getLogger());
                String asText = readTree.get("sessionToken").asText();
                IOUtils.closeQuietly(execute, null);
                return asText;
            }
            if (this.m_useOktaMfa) {
                if (20 > this.m_okta_mfa_wait_time) {
                    throw new IOException("Wait time cannot be less than 20 seconds");
                }
                if (this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.OKTAVERIFYWITHPUSH.toString())) {
                    this.m_oktaMfaFactorType = OKTA_VERIFY_PUSH_FACTOR_TYPE;
                    this.m_oktaMfaProvider = OKTA_VERIFY_PROVIDER;
                } else if (this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.OKTAVERIFYWITHTOTP.toString())) {
                    this.m_oktaMfaFactorType = "token:software:totp";
                    this.m_oktaMfaProvider = OKTA_VERIFY_PROVIDER;
                } else if (this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.GOOGLEAUTHENTICATOR.toString())) {
                    this.m_oktaMfaFactorType = "token:software:totp";
                    this.m_oktaMfaProvider = GOOGLE_AUTHENTICATOR_PROVIDER;
                } else {
                    if (!this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.SMSAUTHENTICATION.toString())) {
                        throw new IOException("Invalid factor type specified.");
                    }
                    this.m_oktaMfaFactorType = OKTA_SMS_FACTOR_TYPE;
                    this.m_oktaMfaProvider = OKTA_VERIFY_PROVIDER;
                }
                if ("MFA_REQUIRED".equals(readTree.get("status").asText())) {
                    LogUtilities.logDebug("Exiting", LogUtils.getLogger());
                    String authenticateExistingUser = authenticateExistingUser(closeableHttpClient, readTree);
                    IOUtils.closeQuietly(execute, null);
                    return authenticateExistingUser;
                }
                if ("MFA_ENROLL".equals(readTree.get("status").asText())) {
                    if (!enrollNewUser(closeableHttpClient, readTree).equals("SUCCESS")) {
                        throw new IOException("Okta MFA Enrollment Failed.");
                    }
                    LogUtilities.logDebug("Exiting", LogUtils.getLogger());
                    String oktaAuthentication = oktaAuthentication(closeableHttpClient);
                    IOUtils.closeQuietly(execute, null);
                    return oktaAuthentication;
                }
            }
            throw new IOException("No session token in the response.");
        } catch (Throwable th) {
            IOUtils.closeQuietly(null, null);
            throw th;
        }
    }

    private String authenticateExistingUser(CloseableHttpClient closeableHttpClient, JsonNode jsonNode) throws IOException {
        String oktaVerifyState;
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        Iterator<JsonNode> it = jsonNode.path("_embedded").path("factors").iterator();
        while (it.hasNext()) {
            JsonNode next = it.next();
            String asText = next.path("factorType").asText();
            String asText2 = next.path("provider").asText();
            if (asText.equalsIgnoreCase(this.m_oktaMfaFactorType) && asText2.equalsIgnoreCase(this.m_oktaMfaProvider)) {
                if (this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.OKTAVERIFYWITHPUSH.toString())) {
                    String asText3 = next.path("_links").path("verify").path("href").asText();
                    int i = 0;
                    int i2 = this.m_okta_mfa_wait_time / 10;
                    while (i2 > i) {
                        try {
                            oktaVerifyState = getOktaVerifyState(closeableHttpClient, jsonNode.get("stateToken").asText(), asText3);
                        } catch (InterruptedException e) {
                            e.printStackTrace();
                        }
                        if (!"WAITING".equals(oktaVerifyState)) {
                            if ("REJECTED".equals(oktaVerifyState)) {
                                throw new IOException("Okta Verify Push Notification Rejected.");
                            }
                            LogUtilities.logDebug("Exiting", LogUtils.getLogger());
                            return oktaVerifyState;
                        }
                        i++;
                        Thread.sleep(10000L);
                    }
                    throw new IOException("Failed Maximum number of retries");
                }
                if (this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.OKTAVERIFYWITHTOTP.toString()) || this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.GOOGLEAUTHENTICATOR.toString()) || this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.SMSAUTHENTICATION.toString())) {
                    String asText4 = next.path("_links").path("verify").path("href").asText();
                    if (this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.SMSAUTHENTICATION.toString())) {
                        sendSMSChallenge(closeableHttpClient, jsonNode.get("stateToken").asText(), asText4);
                    }
                    String showInputDialog = JOptionPane.showInputDialog("Please enter passcode to authenticate: ");
                    if (null == showInputDialog) {
                        throw new IOException("User cancelled the authentication process");
                    }
                    LogUtilities.logDebug("Exiting", LogUtils.getLogger());
                    return verifyTotpFactor(closeableHttpClient, jsonNode.get("stateToken").asText(), asText4, showInputDialog);
                }
            }
        }
        throw new IOException("Enrollment Failed.");
    }

    private void sendSMSChallenge(CloseableHttpClient closeableHttpClient, String str, String str2) throws IOException {
        LogUtilities.logDebug(String.format("Entered with parameter value {%s}", str), LogUtils.getLogger());
        try {
            ObjectMapper objectMapper = new ObjectMapper();
            HttpPost httpPost = new HttpPost(str2);
            String substring = str2.substring(8, str2.indexOf("/", 8));
            httpPost.addHeader(HttpHeaders.ACCEPT, "application/json");
            httpPost.addHeader("Content-Type", "application/json");
            httpPost.addHeader(HttpHeaders.CACHE_CONTROL, "no-cache");
            HashMap hashMap = new HashMap();
            hashMap.put("stateToken", str);
            StringWriter stringWriter = new StringWriter();
            objectMapper.writeValue(stringWriter, hashMap);
            StringEntity stringEntity = new StringEntity(stringWriter.toString(), "UTF-8");
            stringEntity.setContentType("application/json");
            httpPost.setEntity(stringEntity);
            if (null != this.m_proxyHost && !this.m_proxyHost.isEmpty() && this.m_useProxyForIdpAuth.booleanValue() && !CheckNonProxyHost(substring, this.m_nonProxyHosts) && this.m_proxyUid != null && !this.m_proxyUid.isEmpty() && this.m_proxyPwd != null && !this.m_proxyPwd.isEmpty()) {
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(new AuthScope(this.m_proxyHost, this.m_proxyPort), new UsernamePasswordCredentials(this.m_proxyUid, this.m_proxyPwd));
                closeableHttpClient = HttpClients.custom().setDefaultCredentialsProvider(basicCredentialsProvider).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
                httpPost.setConfig(RequestConfig.custom().setProxy(new HttpHost(this.m_proxyHost, this.m_proxyPort)).build());
            }
            CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpPost);
            StatusLine statusLine = execute.getStatusLine();
            int statusCode = statusLine.getStatusCode();
            JsonNode readTree = objectMapper.readTree(EntityUtils.toString(execute.getEntity()));
            if (statusCode == 403 || statusCode == 401) {
                throw new IOException(readTree.get("errorSummary").asText());
            }
            if (statusCode != 200) {
                throw new IOException(statusLine.getReasonPhrase());
            }
            if (!"MFA_CHALLENGE".equals(readTree.get("status").asText())) {
                throw new IOException("SMS Challenge failed.");
            }
            LogUtilities.logDebug("Exiting", LogUtils.getLogger());
            IOUtils.closeQuietly(execute, null);
        } catch (Throwable th) {
            LogUtilities.logDebug("Exiting", LogUtils.getLogger());
            IOUtils.closeQuietly(null, null);
            throw th;
        }
    }

    private String enrollNewUser(CloseableHttpClient closeableHttpClient, JsonNode jsonNode) throws IOException {
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        try {
            ObjectMapper objectMapper = new ObjectMapper();
            HttpPost httpPost = new HttpPost("https://" + this.m_idpHost + OKTA_FACTORS_URL);
            httpPost.addHeader(HttpHeaders.ACCEPT, "application/json");
            httpPost.addHeader("Content-Type", "application/json");
            httpPost.addHeader(HttpHeaders.CACHE_CONTROL, "no-cache");
            String asText = jsonNode.get("stateToken").asText();
            HashMap hashMap = new HashMap();
            hashMap.put("stateToken", asText);
            hashMap.put("factorType", this.m_oktaMfaFactorType);
            hashMap.put("provider", this.m_oktaMfaProvider);
            if (this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.SMSAUTHENTICATION.toString())) {
                if (StringUtils.isNullOrEmpty(this.m_okta_phone_number)) {
                    throw new IOException("Phone number not specified.");
                }
                HashMap hashMap2 = new HashMap();
                hashMap2.put("phoneNumber", this.m_okta_phone_number);
                hashMap.put(AJPropertyKey.AWS_PROFILE, hashMap2);
            }
            StringWriter stringWriter = new StringWriter();
            objectMapper.writeValue(stringWriter, hashMap);
            StringEntity stringEntity = new StringEntity(stringWriter.toString(), "UTF-8");
            stringEntity.setContentType("application/json");
            httpPost.setEntity(stringEntity);
            if (null != this.m_proxyHost && !this.m_proxyHost.isEmpty() && this.m_useProxyForIdpAuth.booleanValue()) {
                if (this.m_proxyUid != null && !this.m_proxyUid.isEmpty() && this.m_proxyPwd != null && !this.m_proxyPwd.isEmpty()) {
                    BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                    basicCredentialsProvider.setCredentials(new AuthScope(this.m_proxyHost, this.m_proxyPort), new UsernamePasswordCredentials(this.m_proxyUid, this.m_proxyPwd));
                    closeableHttpClient = HttpClients.custom().setDefaultCredentialsProvider(basicCredentialsProvider).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
                }
                httpPost.setConfig(RequestConfig.custom().setProxy(new HttpHost(this.m_proxyHost, this.m_proxyPort)).build());
            }
            CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpPost);
            StatusLine statusLine = execute.getStatusLine();
            int statusCode = statusLine.getStatusCode();
            JsonNode readTree = objectMapper.readTree(EntityUtils.toString(execute.getEntity()));
            if (statusCode == 403 || statusCode == 400) {
                throw new IOException(readTree.get("errorSummary").asText());
            }
            if (statusCode != 200) {
                throw new IOException(statusLine.getReasonPhrase());
            }
            if (!"MFA_ENROLL_ACTIVATE".equals(readTree.get("status").asText())) {
                throw new IOException("MFA Enroll Exception.");
            }
            LogUtilities.logDebug("Exiting", LogUtils.getLogger());
            String enrollDeviceForOktaMfa = enrollDeviceForOktaMfa(closeableHttpClient, readTree);
            IOUtils.closeQuietly(execute, null);
            return enrollDeviceForOktaMfa;
        } catch (Throwable th) {
            IOUtils.closeQuietly(null, null);
            throw th;
        }
    }

    private String enrollDeviceForOktaMfa(CloseableHttpClient closeableHttpClient, JsonNode jsonNode) throws IOException {
        String pollForFactorEnrollment;
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        String asText = jsonNode.path("_embedded").path("factor").path("_embedded").path("activation").path("_links").path("qrcode").path("href").asText();
        if (!this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.SMSAUTHENTICATION.toString())) {
            if (Desktop.isDesktopSupported() && Desktop.getDesktop().isSupported(Desktop.Action.BROWSE)) {
                try {
                    Desktop.getDesktop().browse(new URI(asText));
                } catch (URISyntaxException e) {
                    e.printStackTrace();
                }
            } else {
                try {
                    Runtime.getRuntime().exec("xdg-open " + asText);
                } catch (IOException e2) {
                    e2.printStackTrace();
                }
            }
        }
        if (!this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.OKTAVERIFYWITHPUSH.toString())) {
            if (!this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.OKTAVERIFYWITHTOTP.toString()) && !this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.GOOGLEAUTHENTICATOR.toString()) && !this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.SMSAUTHENTICATION.toString())) {
                throw new IOException("Invalid Factor Type Specified");
            }
            String pollForFactorEnrollment2 = pollForFactorEnrollment(closeableHttpClient, jsonNode);
            if (!pollForFactorEnrollment2.equals("SUCCESS")) {
                throw new IOException("Device Activation Failed.");
            }
            LogUtilities.logDebug("Exiting", LogUtils.getLogger());
            return pollForFactorEnrollment2;
        }
        int i = 0;
        int i2 = this.m_okta_mfa_wait_time / 10;
        while (i2 > i) {
            try {
                pollForFactorEnrollment = pollForFactorEnrollment(closeableHttpClient, jsonNode);
            } catch (InterruptedException e3) {
                e3.printStackTrace();
            }
            if (pollForFactorEnrollment.equals("SUCCESS")) {
                return pollForFactorEnrollment;
            }
            Thread.sleep(10000L);
            i++;
        }
        throw new IOException("QR Code Scanning Timeout");
    }

    private String pollForFactorEnrollment(CloseableHttpClient closeableHttpClient, JsonNode jsonNode) throws IOException {
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        try {
            ObjectMapper objectMapper = new ObjectMapper();
            String asText = jsonNode.path("_links").path("next").path("href").asText();
            String substring = asText.substring(8, asText.indexOf("/", 8));
            HttpPost httpPost = new HttpPost(asText);
            httpPost.addHeader(HttpHeaders.ACCEPT, "application/json");
            httpPost.addHeader("Content-Type", "application/json");
            httpPost.addHeader(HttpHeaders.CACHE_CONTROL, "no-cache");
            String asText2 = jsonNode.get("stateToken").asText();
            HashMap hashMap = new HashMap();
            hashMap.put("stateToken", asText2);
            if (this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.OKTAVERIFYWITHPUSH.toString())) {
                hashMap.put("factorType", OKTA_VERIFY_PUSH_FACTOR_TYPE);
                hashMap.put("provider", OKTA_VERIFY_PROVIDER);
            } else if (this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.OKTAVERIFYWITHTOTP.toString()) || this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.GOOGLEAUTHENTICATOR.toString()) || this.m_okta_mfa_type.equalsIgnoreCase(SupportedFactors.SMSAUTHENTICATION.toString())) {
                String showInputDialog = JOptionPane.showInputDialog("Please enter passcode to activate your device: ");
                if (null == showInputDialog) {
                    throw new IOException("User cancelled the activation process");
                }
                hashMap.put("passCode", showInputDialog);
            }
            StringWriter stringWriter = new StringWriter();
            objectMapper.writeValue(stringWriter, hashMap);
            StringEntity stringEntity = new StringEntity(stringWriter.toString(), "UTF-8");
            stringEntity.setContentType("application/json");
            httpPost.setEntity(stringEntity);
            if (null != this.m_proxyHost && !this.m_proxyHost.isEmpty() && this.m_useProxyForIdpAuth.booleanValue() && !CheckNonProxyHost(substring, this.m_nonProxyHosts) && this.m_proxyUid != null && !this.m_proxyUid.isEmpty() && this.m_proxyPwd != null && !this.m_proxyPwd.isEmpty()) {
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(new AuthScope(this.m_proxyHost, this.m_proxyPort), new UsernamePasswordCredentials(this.m_proxyUid, this.m_proxyPwd));
                closeableHttpClient = HttpClients.custom().setDefaultCredentialsProvider(basicCredentialsProvider).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
                httpPost.setConfig(RequestConfig.custom().setProxy(new HttpHost(this.m_proxyHost, this.m_proxyPort)).build());
            }
            CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpPost);
            StatusLine statusLine = execute.getStatusLine();
            int statusCode = statusLine.getStatusCode();
            JsonNode readTree = objectMapper.readTree(EntityUtils.toString(execute.getEntity()));
            if (statusCode == 403 || statusCode == 401) {
                throw new IOException(readTree.get("errorSummary").asText());
            }
            if (statusCode != 200 && statusCode != 202) {
                throw new IOException(statusLine.getReasonPhrase());
            }
            LogUtilities.logDebug("Exiting", LogUtils.getLogger());
            String asText3 = readTree.get("status").asText();
            IOUtils.closeQuietly(execute, null);
            return asText3;
        } catch (Throwable th) {
            IOUtils.closeQuietly(null, null);
            throw th;
        }
    }

    private String getOktaVerifyState(CloseableHttpClient closeableHttpClient, String str, String str2) throws IOException {
        LogUtilities.logDebug(String.format("Entered with parameter value {%s}", str), LogUtils.getLogger());
        try {
            ObjectMapper objectMapper = new ObjectMapper();
            HttpPost httpPost = new HttpPost(str2);
            String substring = str2.substring(8, str2.indexOf("/", 8));
            httpPost.addHeader(HttpHeaders.ACCEPT, "application/json");
            httpPost.addHeader("Content-Type", "application/json");
            httpPost.addHeader(HttpHeaders.CACHE_CONTROL, "no-cache");
            HashMap hashMap = new HashMap();
            hashMap.put("stateToken", str);
            StringWriter stringWriter = new StringWriter();
            objectMapper.writeValue(stringWriter, hashMap);
            StringEntity stringEntity = new StringEntity(stringWriter.toString(), "UTF-8");
            stringEntity.setContentType("application/json");
            httpPost.setEntity(stringEntity);
            if (null != this.m_proxyHost && !this.m_proxyHost.isEmpty() && this.m_useProxyForIdpAuth.booleanValue() && !CheckNonProxyHost(substring, this.m_nonProxyHosts) && this.m_proxyUid != null && !this.m_proxyUid.isEmpty() && this.m_proxyPwd != null && !this.m_proxyPwd.isEmpty()) {
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(new AuthScope(this.m_proxyHost, this.m_proxyPort), new UsernamePasswordCredentials(this.m_proxyUid, this.m_proxyPwd));
                closeableHttpClient = HttpClients.custom().setDefaultCredentialsProvider(basicCredentialsProvider).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
                httpPost.setConfig(RequestConfig.custom().setProxy(new HttpHost(this.m_proxyHost, this.m_proxyPort)).build());
            }
            CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpPost);
            StatusLine statusLine = execute.getStatusLine();
            if (statusLine.getStatusCode() != 200) {
                throw new IOException(statusLine.getReasonPhrase());
            }
            JsonNode readTree = objectMapper.readTree(EntityUtils.toString(execute.getEntity()));
            if ("SUCCESS".equals(readTree.get("status").asText())) {
                LogUtilities.logDebug("Exiting", LogUtils.getLogger());
                String asText = readTree.get("sessionToken").asText();
                IOUtils.closeQuietly(execute, null);
                return asText;
            }
            if (!"MFA_CHALLENGE".equals(readTree.get("status").asText())) {
                throw new IOException("Okta Push Verification failed.");
            }
            LogUtilities.logDebug("Exiting", LogUtils.getLogger());
            String asText2 = readTree.get("factorResult").asText();
            IOUtils.closeQuietly(execute, null);
            return asText2;
        } catch (Throwable th) {
            IOUtils.closeQuietly(null, null);
            throw th;
        }
    }

    private String verifyTotpFactor(CloseableHttpClient closeableHttpClient, String str, String str2, String str3) throws IOException {
        LogUtilities.logDebug(String.format("Entered with parameter value {%s}", str3), LogUtils.getLogger());
        try {
            ObjectMapper objectMapper = new ObjectMapper();
            HttpPost httpPost = new HttpPost(str2);
            String substring = str2.substring(8, str2.indexOf("/", 8));
            httpPost.addHeader(HttpHeaders.ACCEPT, "application/json");
            httpPost.addHeader("Content-Type", "application/json");
            httpPost.addHeader(HttpHeaders.CACHE_CONTROL, "no-cache");
            HashMap hashMap = new HashMap();
            hashMap.put("stateToken", str);
            hashMap.put("passCode", str3);
            StringWriter stringWriter = new StringWriter();
            objectMapper.writeValue(stringWriter, hashMap);
            StringEntity stringEntity = new StringEntity(stringWriter.toString(), "UTF-8");
            stringEntity.setContentType("application/json");
            httpPost.setEntity(stringEntity);
            if (null != this.m_proxyHost && !this.m_proxyHost.isEmpty() && this.m_useProxyForIdpAuth.booleanValue() && !CheckNonProxyHost(substring, this.m_nonProxyHosts) && this.m_proxyUid != null && !this.m_proxyUid.isEmpty() && this.m_proxyPwd != null && !this.m_proxyPwd.isEmpty()) {
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(new AuthScope(this.m_proxyHost, this.m_proxyPort), new UsernamePasswordCredentials(this.m_proxyUid, this.m_proxyPwd));
                closeableHttpClient = HttpClients.custom().setDefaultCredentialsProvider(basicCredentialsProvider).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
                httpPost.setConfig(RequestConfig.custom().setProxy(new HttpHost(this.m_proxyHost, this.m_proxyPort)).build());
            }
            CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpPost);
            StatusLine statusLine = execute.getStatusLine();
            int statusCode = statusLine.getStatusCode();
            JsonNode readTree = objectMapper.readTree(EntityUtils.toString(execute.getEntity()));
            if (statusCode == 403 || statusCode == 401) {
                throw new IOException(readTree.get("errorSummary").asText());
            }
            if (statusCode != 200) {
                throw new IOException(statusLine.getReasonPhrase());
            }
            if (!"SUCCESS".equals(readTree.get("status").asText())) {
                throw new IOException("Okta TOTP Factor failed.");
            }
            LogUtilities.logDebug("Exiting", LogUtils.getLogger());
            String asText = readTree.get("sessionToken").asText();
            IOUtils.closeQuietly(execute, null);
            return asText;
        } catch (Throwable th) {
            IOUtils.closeQuietly(null, null);
            throw th;
        }
    }
}
