package org.apereo.cas.adaptors.duo;

import com.duosecurity.duoweb.DuoWeb;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.net.URL;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import javax.annotation.PostConstruct;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.util.http.HttpMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.Assert;

/* loaded from: input_file:org/apereo/cas/adaptors/duo/DuoAuthenticationService.class */
public class DuoAuthenticationService {
    private static final String RESULT_KEY_RESPONSE = "response";
    private static final String RESULT_KEY_STAT = "stat";
    private transient Logger logger = LoggerFactory.getLogger(getClass());
    private HttpClient httpClient;

    @Autowired
    private CasConfigurationProperties casProperties;

    @PostConstruct
    private void initialize() {
        Assert.hasLength(this.casProperties.getAuthn().getMfa().getDuo().getDuoApiHost(), "Duo API host cannot be blank");
        Assert.hasLength(this.casProperties.getAuthn().getMfa().getDuo().getDuoIntegrationKey(), "Duo integration key cannot be blank");
        Assert.hasLength(this.casProperties.getAuthn().getMfa().getDuo().getDuoSecretKey(), "Duo secret key cannot be blank");
        Assert.hasLength(this.casProperties.getAuthn().getMfa().getDuo().getDuoApplicationKey(), "Duo application key cannot be blank");
    }

    public String generateSignedRequestToken(String str) {
        return DuoWeb.signRequest(this.casProperties.getAuthn().getMfa().getDuo().getDuoIntegrationKey(), this.casProperties.getAuthn().getMfa().getDuo().getDuoSecretKey(), this.casProperties.getAuthn().getMfa().getDuo().getDuoApplicationKey(), str);
    }

    public String authenticate(String str) throws Exception {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("No signed request token was passed to verify");
        }
        this.logger.debug("Calling DuoWeb.verifyResponse with signed request token '{}'", str);
        return DuoWeb.verifyResponse(this.casProperties.getAuthn().getMfa().getDuo().getDuoIntegrationKey(), this.casProperties.getAuthn().getMfa().getDuo().getDuoSecretKey(), this.casProperties.getAuthn().getMfa().getDuo().getDuoApplicationKey(), str);
    }

    public boolean canPing() {
        try {
            String concat = this.casProperties.getAuthn().getMfa().getDuo().getDuoApiHost().concat("/rest/v1/ping");
            if (!concat.startsWith("http")) {
                concat = "https://" + concat;
            }
            HttpMessage sendMessageToEndPoint = this.httpClient.sendMessageToEndPoint(new URL(concat));
            if (sendMessageToEndPoint != null) {
                String decode = URLDecoder.decode(sendMessageToEndPoint.getMessage(), StandardCharsets.UTF_8.name());
                this.logger.debug("Received Duo ping response {}", decode);
                JsonNode readTree = new ObjectMapper().readTree(decode);
                if (readTree.has(RESULT_KEY_RESPONSE) && readTree.has(RESULT_KEY_STAT) && readTree.get(RESULT_KEY_RESPONSE).asText().equalsIgnoreCase("pong") && readTree.get(RESULT_KEY_STAT).asText().equalsIgnoreCase("OK")) {
                    return true;
                }
                this.logger.warn("Could not reach/ping Duo. Response returned is {}", readTree);
            }
            return false;
        } catch (Exception e) {
            this.logger.warn("Pinging Duo has failed with error: {}", e.getMessage(), e);
            return false;
        }
    }

    public void setHttpClient(HttpClient httpClient) {
        this.httpClient = httpClient;
    }

    public String getDuoApiHost() {
        return this.casProperties.getAuthn().getMfa().getDuo().getDuoApiHost();
    }
}
