package org.apereo.cas.mfa.accepto.web.flow.qr;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpResponse;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.adaptive.UnauthorizedAuthenticationException;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorProperties;
import org.apereo.cas.mfa.accepto.AccepttoEmailCredential;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoWebflowUtils;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.HttpUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.web.support.WebUtils;
import org.hjson.JsonValue;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.session.SessionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.core.collection.LocalAttributeMap;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/mfa/accepto/web/flow/qr/AccepttoQRCodeValidateWebSocketChannelAction.class */
public class AccepttoQRCodeValidateWebSocketChannelAction extends AbstractAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AccepttoQRCodeValidateWebSocketChannelAction.class);
    private static final ObjectMapper MAPPER = new ObjectMapper().findAndRegisterModules();
    private final CasConfigurationProperties casProperties;
    private final SessionStore<JEEContext> sessionStore;

    protected Event doExecute(RequestContext requestContext) {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        JEEContext jEEContext = new JEEContext(httpServletRequestFromExternalWebflowContext, WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext), this.sessionStore);
        String parameter = httpServletRequestFromExternalWebflowContext.getParameter("channel");
        if (parameter == null) {
            return returnError("Unable to locate websocket channel");
        }
        AccepttoMultifactorProperties acceptto = this.casProperties.getAuthn().getMfa().getAcceptto();
        String str = StringUtils.appendIfMissing(acceptto.getApiUrl(), "/", new CharSequence[0]) + "get_user_by_websocket_channel";
        LOGGER.trace("Contacting API [{}] to fetch email address", str);
        try {
            try {
                HttpResponse executePost = HttpUtils.executePost(str, CollectionUtils.wrap("uid", acceptto.getApplicationId(), "secret", acceptto.getSecret(), "websocket_channel", parameter), new HashMap(0));
                if (executePost != null) {
                    int statusCode = executePost.getStatusLine().getStatusCode();
                    LOGGER.debug("Response API status code is [{}]", Integer.valueOf(statusCode));
                    if (statusCode == 200) {
                        Map map = (Map) MAPPER.readValue(JsonValue.readHjson(IOUtils.toString(executePost.getEntity().getContent(), StandardCharsets.UTF_8)).toString(), Map.class);
                        LOGGER.debug("Received API results for channel [{}] as [{}]", parameter, map);
                        if (!BooleanUtils.toBoolean(map.get("success").toString())) {
                            String obj = map.get("message").toString();
                            LOGGER.error(obj);
                            Event returnError = returnError(obj);
                            HttpUtils.close(executePost);
                            return returnError;
                        }
                        String obj2 = map.get("user_email").toString();
                        LOGGER.trace("Storing channel [{}] in http session", parameter);
                        AccepttoWebflowUtils.storeChannelInSessionStore(parameter, jEEContext);
                        WebUtils.putCredential(requestContext, new AccepttoEmailCredential(obj2));
                        Event event = new EventFactorySupport().event(this, "finalize");
                        HttpUtils.close(executePost);
                        return event;
                    }
                    if (statusCode == 403) {
                        Event returnError2 = returnError("Invalid uid and secret combination; application not found");
                        HttpUtils.close(executePost);
                        return returnError2;
                    }
                    if (statusCode == 401) {
                        Event returnError3 = returnError("Email address provided is not a valid registered account");
                        HttpUtils.close(executePost);
                        return returnError3;
                    }
                }
                HttpUtils.close(executePost);
                return returnError("Unable to validate websocket channel");
            } catch (Exception e) {
                LoggingUtils.error(LOGGER, e);
                Event returnError4 = returnError(e.getMessage());
                HttpUtils.close((HttpResponse) null);
                return returnError4;
            }
        } catch (Throwable th) {
            HttpUtils.close((HttpResponse) null);
            throw th;
        }
    }

    private Event returnError(String str) {
        LocalAttributeMap localAttributeMap = new LocalAttributeMap();
        LOGGER.error(str);
        localAttributeMap.put("error", new AuthenticationException(new UnauthorizedAuthenticationException(str)));
        return new EventFactorySupport().event(this, "authenticationFailure", localAttributeMap);
    }

    @Generated
    public AccepttoQRCodeValidateWebSocketChannelAction(CasConfigurationProperties casConfigurationProperties, SessionStore<JEEContext> sessionStore) {
        this.casProperties = casConfigurationProperties;
        this.sessionStore = sessionStore;
    }
}
