package org.apereo.cas.adaptors.authy;

import com.authy.api.Token;
import com.authy.api.User;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.MultifactorAuthenticationHandler;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.support.WebUtils;
import org.jooq.lambda.Unchecked;

/* loaded from: input_file:org/apereo/cas/adaptors/authy/AuthyAuthenticationHandler.class */
public class AuthyAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler implements MultifactorAuthenticationHandler {
    private final boolean forceVerification;
    private final AuthyClientInstance instance;

    public AuthyAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, AuthyClientInstance authyClientInstance, boolean z, Integer num) {
        super(str, servicesManager, principalFactory, num);
        this.instance = authyClientInstance;
        this.forceVerification = z;
    }

    public boolean supports(Credential credential) {
        return AuthyTokenCredential.class.isAssignableFrom(credential.getClass());
    }

    public boolean supports(Class<? extends Credential> cls) {
        return AuthyTokenCredential.class.isAssignableFrom(cls);
    }

    protected AuthenticationHandlerExecutionResult doAuthentication(Credential credential) throws GeneralSecurityException {
        AuthyTokenCredential authyTokenCredential = (AuthyTokenCredential) credential;
        Principal principal = ((Authentication) Objects.requireNonNull(WebUtils.getInProgressAuthentication(), "CAS has no reference to an authentication event to locate a principal")).getPrincipal();
        User user = (User) Unchecked.supplier(() -> {
            return this.instance.getOrCreateUser(principal);
        }).get();
        if (!user.isOk()) {
            throw new FailedLoginException(AuthyClientInstance.getErrorMessage(user.getError()));
        }
        HashMap hashMap = new HashMap(1);
        hashMap.put("force", Boolean.toString(this.forceVerification));
        Token token = (Token) Unchecked.supplier(() -> {
            return verifyAuthyToken(authyTokenCredential, user, hashMap);
        }).get();
        if (token.isOk()) {
            return createHandlerResult(authyTokenCredential, principal, new ArrayList(0));
        }
        throw new FailedLoginException(AuthyClientInstance.getErrorMessage(token.getError()));
    }

    private Token verifyAuthyToken(AuthyTokenCredential authyTokenCredential, User user, Map<String, String> map) throws Exception {
        return this.instance.getAuthyClient().getTokens().verify(user.getId(), authyTokenCredential.getToken(), map);
    }
}
