package org.apereo.cas.mfa.accepto.web.flow;

import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorProperties;
import org.apereo.cas.mfa.accepto.AccepttoApiUtils;
import org.apereo.cas.mfa.accepto.AccepttoEmailCredential;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.retry.annotation.Backoff;
import org.springframework.retry.annotation.Retryable;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.core.collection.LocalAttributeMap;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/mfa/accepto/web/flow/AccepttoMultifactorValidateUserDeviceRegistrationAction.class */
public class AccepttoMultifactorValidateUserDeviceRegistrationAction extends AbstractAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AccepttoMultifactorValidateUserDeviceRegistrationAction.class);
    private final CasConfigurationProperties casProperties;
    private final AuthenticationSystemSupport authenticationSystemSupport;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apereo/cas/mfa/accepto/web/flow/AccepttoMultifactorValidateUserDeviceRegistrationAction$AccepttoUserDeviceRegistrationException.class */
    public static class AccepttoUserDeviceRegistrationException extends RuntimeException {
        private static final long serialVersionUID = -8225610355713310470L;

        AccepttoUserDeviceRegistrationException(String str) {
            super(str);
        }
    }

    protected Event doExecute(RequestContext requestContext) {
        LocalAttributeMap localAttributeMap = new LocalAttributeMap();
        String userEmailAttribute = AccepttoApiUtils.getUserEmailAttribute(WebUtils.getInProgressAuthentication(), this.casProperties.getAuthn().getMfa().getAcceptto());
        try {
            if (verifyUserDeviceIsPaired()) {
                WebUtils.putCredential(requestContext, new AccepttoEmailCredential(userEmailAttribute));
                return new EventFactorySupport().event(this, "finalize");
            }
        } catch (Exception e) {
            localAttributeMap.put("error", e);
            LOGGER.error(e.getMessage(), e);
        }
        LOGGER.warn("Device linked to [{}] is not paired; authentication cannot proceed", userEmailAttribute);
        return new EventFactorySupport().event(this, "deny", localAttributeMap);
    }

    @Retryable(value = {AccepttoUserDeviceRegistrationException.class}, maxAttempts = 2, backoff = @Backoff(delay = 1000, maxDelay = 3000))
    public boolean verifyUserDeviceIsPaired() {
        AccepttoMultifactorProperties acceptto = this.casProperties.getAuthn().getMfa().getAcceptto();
        Authentication inProgressAuthentication = WebUtils.getInProgressAuthentication();
        String userEmailAttribute = AccepttoApiUtils.getUserEmailAttribute(inProgressAuthentication, acceptto);
        if (AccepttoApiUtils.isUserDevicePaired(inProgressAuthentication, acceptto)) {
            return true;
        }
        throw new AccepttoUserDeviceRegistrationException("Could not locate registered device for " + userEmailAttribute);
    }

    @Generated
    public AccepttoMultifactorValidateUserDeviceRegistrationAction(CasConfigurationProperties casConfigurationProperties, AuthenticationSystemSupport authenticationSystemSupport) {
        this.casProperties = casConfigurationProperties;
        this.authenticationSystemSupport = authenticationSystemSupport;
    }
}
