package org.apereo.cas.mfa.accepto.web.flow;

import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.mfa.accepto.AccepttoMultifactorTokenCredential;
import org.apereo.cas.web.support.WebUtils;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.context.session.SessionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.core.collection.LocalAttributeMap;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/mfa/accepto/web/flow/AccepttoMultifactorValidateChannelAction.class */
public class AccepttoMultifactorValidateChannelAction extends AbstractAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AccepttoMultifactorValidateChannelAction.class);
    private final SessionStore<J2EContext> sessionStore;
    private final AuthenticationSystemSupport authenticationSystemSupport;

    protected Event doExecute(RequestContext requestContext) {
        LocalAttributeMap localAttributeMap = new LocalAttributeMap();
        try {
            J2EContext j2EContext = new J2EContext(WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext), WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext), this.sessionStore);
            Object channel = AccepttoWebflowUtils.getChannel(j2EContext);
            if (channel == null) {
                LOGGER.debug("Unable to determine channel from session store; not a validation attempt");
                return null;
            }
            Authentication authentication = AccepttoWebflowUtils.getAuthentication(j2EContext);
            if (authentication == null) {
                LOGGER.debug("Unable to determine the original authentication attempt the session store");
                throw new AuthenticationException("Unable to determine authentication from session store");
            }
            WebUtils.putAuthentication(authentication, requestContext);
            Credential accepttoMultifactorTokenCredential = new AccepttoMultifactorTokenCredential(channel.toString());
            WebApplicationService service = WebUtils.getService(requestContext);
            LOGGER.debug("Cleaning up session store to remove [{}]", accepttoMultifactorTokenCredential);
            AccepttoWebflowUtils.resetChannelAndAuthentication(j2EContext);
            AccepttoWebflowUtils.setChannel(requestContext, null);
            LOGGER.debug("Attempting to authenticate channel [{}] with authentication [{}] and service [{}]", new Object[]{accepttoMultifactorTokenCredential, authentication, service});
            WebUtils.putAuthenticationResultBuilder(this.authenticationSystemSupport.handleAuthenticationTransaction(service, this.authenticationSystemSupport.establishAuthenticationContextFromInitial(authentication), new Credential[]{accepttoMultifactorTokenCredential}), requestContext);
            return new EventFactorySupport().event(this, "finalize");
        } catch (Exception e) {
            localAttributeMap.put("error", e);
            LOGGER.error(e.getMessage(), e);
            return new EventFactorySupport().event(this, "authenticationFailure", localAttributeMap);
        }
    }

    @Generated
    public AccepttoMultifactorValidateChannelAction(SessionStore<J2EContext> sessionStore, AuthenticationSystemSupport authenticationSystemSupport) {
        this.sessionStore = sessionStore;
        this.authenticationSystemSupport = authenticationSystemSupport;
    }
}
