package org.apereo.cas.mfa.accepto.web.flow;

import java.security.PublicKey;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.utils.URIBuilder;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorProperties;
import org.apereo.cas.mfa.accepto.AccepttoApiUtils;
import org.apereo.cas.web.support.WebUtils;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.session.SessionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/mfa/accepto/web/flow/AccepttoMultifactorFetchChannelAction.class */
public class AccepttoMultifactorFetchChannelAction extends AbstractAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AccepttoMultifactorFetchChannelAction.class);
    private final CasConfigurationProperties casProperties;
    private final SessionStore<JEEContext> sessionStore;
    private final PublicKey apiPublicKey;

    public Event doExecute(RequestContext requestContext) throws Exception {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        JEEContext jEEContext = new JEEContext(httpServletRequestFromExternalWebflowContext, WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext), this.sessionStore);
        String authenticateAndFetchChannel = authenticateAndFetchChannel(requestContext);
        LOGGER.debug("Storing channel [{}] in session", authenticateAndFetchChannel);
        AccepttoWebflowUtils.storeChannelInSessionStore(authenticateAndFetchChannel, jEEContext);
        AccepttoWebflowUtils.storeAuthenticationInSessionStore(WebUtils.getInProgressAuthentication(), jEEContext);
        String buildAccepttoAuthenticationSelectionUrl = buildAccepttoAuthenticationSelectionUrl(httpServletRequestFromExternalWebflowContext, authenticateAndFetchChannel);
        LOGGER.debug("Redirecting to [{}]", buildAccepttoAuthenticationSelectionUrl);
        requestContext.getRequestScope().put("accepttoRedirectUrl", buildAccepttoAuthenticationSelectionUrl);
        return new EventFactorySupport().success(this);
    }

    protected String buildAccepttoAuthenticationSelectionUrl(HttpServletRequest httpServletRequest, String str) throws Exception {
        AccepttoMultifactorProperties acceptto = this.casProperties.getAuthn().getMfa().getAcceptto();
        return new URIBuilder(acceptto.getAuthnSelectionUrl() + "/mfa/index").addParameter("channel", str).addParameter("callback_url", WebUtils.getHttpRequestFullUrl(httpServletRequest)).build().toString();
    }

    protected String authenticateAndFetchChannel(RequestContext requestContext) {
        Optional<String> channel;
        try {
            channel = AccepttoWebflowUtils.getChannel(requestContext);
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
        }
        if (channel.isPresent()) {
            String str = channel.get();
            LOGGER.debug("Using existing channel retrieved as [{}}", str);
            return str;
        }
        Map authenticate = AccepttoApiUtils.authenticate(WebUtils.getInProgressAuthentication(), this.casProperties.getAuthn().getMfa().getAcceptto(), requestContext, this.apiPublicKey);
        LOGGER.debug("Received API results as [{}]", authenticate);
        if (authenticate.containsKey("channel")) {
            String obj = authenticate.get("channel").toString();
            String str2 = (String) authenticate.get("status");
            if (StringUtils.isNotBlank(str2) && ("denied".equalsIgnoreCase(str2) || "rejected".equalsIgnoreCase(str2))) {
                throw new AuthenticationException("Authentication attempt has been denied");
            }
            return obj;
        }
        throw new AuthenticationException("Unable to fetch channel for user");
    }

    @Generated
    public AccepttoMultifactorFetchChannelAction(CasConfigurationProperties casConfigurationProperties, SessionStore<JEEContext> sessionStore, PublicKey publicKey) {
        this.casProperties = casConfigurationProperties;
        this.sessionStore = sessionStore;
        this.apiPublicKey = publicKey;
    }
}
