package org.jasig.cas.web.flow;

import org.jasig.cas.authentication.LdapAuthenticationException;
import org.jasig.cas.authentication.LdapPasswordPolicyEnforcementException;
import org.jasig.cas.authentication.PasswordPolicyEnforcer;
import org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.util.Assert;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-ldap-3.5.3.jar:org/jasig/cas/web/flow/PasswordPolicyEnforcementAction.class */
public final class PasswordPolicyEnforcementAction extends AbstractAction implements InitializingBean {
    private PasswordPolicyEnforcer passwordPolicyEnforcer;
    private String passwordPolicyUrl;

    public final PasswordPolicyEnforcer getPasswordPolicyEnforcer() {
        return this.passwordPolicyEnforcer;
    }

    public String getPasswordPolicyUrl() {
        return this.passwordPolicyUrl;
    }

    public void setPasswordPolicyEnforcer(PasswordPolicyEnforcer passwordPolicyEnforcer) {
        this.passwordPolicyEnforcer = passwordPolicyEnforcer;
    }

    public void setPasswordPolicyUrl(String str) {
        this.passwordPolicyUrl = str;
    }

    private void populateErrorsInstance(LdapAuthenticationException ldapAuthenticationException, RequestContext requestContext) {
        try {
            String code = ldapAuthenticationException.getCode();
            requestContext.getMessageContext().addMessage(new MessageBuilder().error().code(code).defaultText(code).build());
        } catch (Exception e) {
            if (this.logger.isErrorEnabled()) {
                this.logger.error(e.getMessage(), e);
            }
        }
    }

    private final Event warning() {
        return result("showWarning");
    }

    @Override // org.springframework.webflow.action.AbstractAction
    protected Event doExecute(RequestContext requestContext) throws Exception {
        Event error;
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Checking account status for password...");
        }
        String string = requestContext.getRequestScope().getString("serviceTicketId");
        String username = ((UsernamePasswordCredentials) requestContext.getFlowScope().get("credentials")).getUsername();
        Event error2 = error();
        try {
            try {
            } catch (LdapAuthenticationException e) {
                if (this.logger.isErrorEnabled()) {
                    this.logger.error(e.getMessage(), e);
                }
                populateErrorsInstance(e, requestContext);
                error = error();
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("Switching to flow event id " + error.getId() + " for user " + username);
                }
            }
            if (username == null && string == null) {
                if (this.logger.isErrorEnabled()) {
                    this.logger.error("No user principal or service ticket available.");
                }
                throw new LdapPasswordPolicyEnforcementException(BadCredentialsAuthenticationException.CODE, "No user principal or service ticket available.");
            }
            if (username != null || string == null) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("Retrieving number of days to password expiration date for user " + username);
                }
                long numberOfDaysToPasswordExpirationDate = getPasswordPolicyEnforcer().getNumberOfDaysToPasswordExpirationDate(username);
                if (numberOfDaysToPasswordExpirationDate == -1) {
                    error = success();
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("Password for " + username + " is not expiring");
                    }
                } else {
                    error = warning();
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("Password for " + username + " is expiring in " + numberOfDaysToPasswordExpirationDate + " days");
                    }
                    requestContext.getFlowScope().put("expireDays", Long.valueOf(numberOfDaysToPasswordExpirationDate));
                }
            } else {
                error = success();
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("Received service ticket " + string + " but no user id. This is not a login attempt, so skip password enforcement.");
                }
            }
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Switching to flow event id " + error.getId() + " for user " + username);
            }
            return error;
        } catch (Throwable th) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Switching to flow event id " + error2.getId() + " for user " + username);
            }
            throw th;
        }
    }

    @Override // org.springframework.webflow.action.AbstractAction
    protected void initAction() throws Exception {
        Assert.notNull(getPasswordPolicyEnforcer(), "password policy enforcer cannot be null");
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Initialized the action with password policy enforcer " + getPasswordPolicyEnforcer().getClass().getName());
        }
    }
}
