package org.apereo.cas.adaptors.authy;

import com.authy.api.Token;
import com.authy.api.User;
import com.google.common.collect.Lists;
import java.security.GeneralSecurityException;
import java.util.HashMap;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.HandlerResult;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.web.support.WebUtils;
import org.springframework.webflow.execution.RequestContextHolder;

/* loaded from: input_file:org/apereo/cas/adaptors/authy/AuthyAuthenticationHandler.class */
public class AuthyAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {
    private Boolean forceVerification = Boolean.FALSE;
    private final AuthyClientInstance instance;

    public AuthyAuthenticationHandler(AuthyClientInstance authyClientInstance) {
        this.instance = authyClientInstance;
    }

    protected HandlerResult doAuthentication(Credential credential) throws GeneralSecurityException, PreventedException {
        AuthyTokenCredential authyTokenCredential = (AuthyTokenCredential) credential;
        Principal principal = WebUtils.getAuthentication(RequestContextHolder.getRequestContext()).getPrincipal();
        User orCreateUser = this.instance.getOrCreateUser(principal);
        if (!orCreateUser.isOk()) {
            throw new FailedLoginException(AuthyClientInstance.getErrorMessage(orCreateUser.getError()));
        }
        Integer valueOf = Integer.valueOf(orCreateUser.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("force", this.forceVerification.toString());
        Token verify = this.instance.getAuthyTokens().verify(valueOf.intValue(), authyTokenCredential.getToken(), hashMap);
        if (verify.isOk()) {
            return createHandlerResult(authyTokenCredential, principal, Lists.newArrayList());
        }
        throw new FailedLoginException(AuthyClientInstance.getErrorMessage(verify.getError()));
    }

    public void setForceVerification(Boolean bool) {
        this.forceVerification = bool;
    }

    public boolean supports(Credential credential) {
        return AuthyTokenCredential.class.isAssignableFrom(credential.getClass());
    }
}
