package org.apereo.cas.mfa.accepto.web.flow;

import java.security.PublicKey;
import java.util.Map;
import lombok.Generated;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorProperties;
import org.apereo.cas.mfa.accepto.AccepttoApiUtils;
import org.apereo.cas.mfa.accepto.AccepttoEmailCredential;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/mfa/accepto/web/flow/AccepttoMultifactorDetermineUserAccountStatusAction.class */
public class AccepttoMultifactorDetermineUserAccountStatusAction extends AbstractAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AccepttoMultifactorDetermineUserAccountStatusAction.class);
    private final CasConfigurationProperties casProperties;
    private final PublicKey apiPublicKey;

    public Event doExecute(RequestContext requestContext) {
        EventFactorySupport eventFactorySupport = new EventFactorySupport();
        AccepttoMultifactorProperties acceptto = this.casProperties.getAuthn().getMfa().getAcceptto();
        Authentication inProgressAuthentication = WebUtils.getInProgressAuthentication();
        String userEmailAttribute = AccepttoApiUtils.getUserEmailAttribute(inProgressAuthentication, acceptto);
        try {
            LOGGER.trace("Contacting authentication API to inquire for account status of [{}]", userEmailAttribute);
            Map authenticate = AccepttoApiUtils.authenticate(inProgressAuthentication, acceptto, requestContext, this.apiPublicKey);
            String obj = ObjectUtils.defaultIfNull(authenticate.get("response_code"), "").toString();
            if (authenticate.containsKey("status") && obj.equalsIgnoreCase("approved")) {
                LOGGER.trace("Account status is approved for [{}]. Moving on...", userEmailAttribute);
                WebUtils.putCredential(requestContext, new AccepttoEmailCredential(userEmailAttribute));
                return eventFactorySupport.event(this, "approve");
            }
            if (authenticate.isEmpty()) {
                LOGGER.warn("No API response could be found for [{}]. Denying access...", userEmailAttribute);
                return eventFactorySupport.event(this, "deny");
            }
            if (!BooleanUtils.toBoolean(authenticate.get("success").toString())) {
                LOGGER.warn("API response did not return successfully for [{}]. Denying access...", userEmailAttribute);
                return eventFactorySupport.event(this, "deny");
            }
            if (!obj.equalsIgnoreCase("pair_device") || !authenticate.containsKey("invite_token")) {
                if (obj.equalsIgnoreCase("success") && authenticate.containsKey("channel")) {
                    AccepttoWebflowUtils.setChannel(requestContext, authenticate.get("channel").toString());
                    if (authenticate.containsKey("eguardian_user_id")) {
                        AccepttoWebflowUtils.setEGuardianUserId(requestContext, CollectionUtils.firstElement(authenticate.get("eguardian_user_id")).get().toString());
                    }
                }
                LOGGER.trace("Account status is verified for [{}]. Proceeding to MFA flow...", userEmailAttribute);
                return eventFactorySupport.event(this, "success");
            }
            String obj2 = authenticate.get("invite_token").toString();
            LOGGER.trace("Located invitation token as [{}] for [{}].", obj2, userEmailAttribute);
            String decodeInvitationToken = AccepttoApiUtils.decodeInvitationToken(obj2);
            LOGGER.trace("Decoded invitation token as [{}] for [{}].", decodeInvitationToken, userEmailAttribute);
            AccepttoWebflowUtils.setApplicationId(requestContext, acceptto.getApplicationId());
            AccepttoWebflowUtils.setInvitationToken(requestContext, decodeInvitationToken);
            if (authenticate.containsKey("eguardian_user_id")) {
                AccepttoWebflowUtils.setEGuardianUserId(requestContext, CollectionUtils.firstElement(authenticate.get("eguardian_user_id")).get().toString());
            }
            String generateQRCodeHash = AccepttoApiUtils.generateQRCodeHash(inProgressAuthentication, acceptto, decodeInvitationToken);
            LOGGER.trace("Generated QR hash [{}] for [{}] to register/pair device.", generateQRCodeHash, userEmailAttribute);
            AccepttoWebflowUtils.setInvitationTokenQRCode(requestContext, generateQRCodeHash);
            return eventFactorySupport.event(this, "register");
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            return eventFactorySupport.event(this, "deny");
        }
    }

    @Generated
    public AccepttoMultifactorDetermineUserAccountStatusAction(CasConfigurationProperties casConfigurationProperties, PublicKey publicKey) {
        this.casProperties = casConfigurationProperties;
        this.apiPublicKey = publicKey;
    }
}
