package org.apereo.cas.web.flow;

import com.nimbusds.jwt.JWTClaimsSet;
import java.time.Clock;
import java.time.Instant;
import java.time.LocalDateTime;
import lombok.Generated;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationService;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.notifications.CommunicationsManager;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.events.CasEventRepository;
import org.apereo.cas.support.events.authentication.adaptive.CasRiskyAuthenticationVerifiedEvent;
import org.apereo.cas.support.events.dao.CasEvent;
import org.apereo.cas.token.JwtBuilder;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.http.HttpRequestUtils;
import org.apereo.cas.web.flow.actions.BaseCasWebflowAction;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.context.ApplicationContext;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/RiskAuthenticationCheckTokenAction.class */
public class RiskAuthenticationCheckTokenAction extends BaseCasWebflowAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(RiskAuthenticationCheckTokenAction.class);
    public static final String PARAMETER_NAME_RISK_TOKEN = "rsk";
    protected final CasEventRepository casEventRepository;
    protected final CommunicationsManager communicationsManager;
    protected final ServicesManager servicesManager;
    protected final PrincipalResolver principalResolver;
    protected final CipherExecutor riskVerificationCipherExecutor;
    protected final ObjectProvider<GeoLocationService> geoLocationService;
    protected final CasConfigurationProperties casProperties;

    protected Event doExecuteInternal(RequestContext requestContext) throws Throwable {
        try {
            ApplicationContext applicationContext = requestContext.getActiveFlow().getApplicationContext();
            String required = requestContext.getRequestParameters().getRequired(PARAMETER_NAME_RISK_TOKEN);
            JWTClaimsSet unpack = new JwtBuilder(this.riskVerificationCipherExecutor, applicationContext, this.servicesManager, this.principalResolver, this.casProperties).unpack(required);
            CasEvent casEvent = new CasEvent();
            casEvent.setType(CasRiskyAuthenticationVerifiedEvent.class.getCanonicalName());
            long epochMilli = Instant.now(Clock.systemUTC()).toEpochMilli();
            casEvent.putTimestamp(Long.valueOf(epochMilli));
            casEvent.setCreationTime(DateTimeUtils.zonedDateTimeOf(epochMilli).toString());
            casEvent.put("riskToken", required);
            casEvent.putClientIpAddress(unpack.getStringClaim("clientIpAddress"));
            casEvent.putServerIpAddress(ClientInfoHolder.getClientInfo().getServerIpAddress());
            casEvent.putAgent(unpack.getStringClaim("userAgent"));
            casEvent.putGeoLocation(HttpRequestUtils.getHttpServletRequestGeoLocation(unpack.getStringClaim("geoLocation")));
            casEvent.setPrincipalId(unpack.getSubject());
            if (LocalDateTime.now(Clock.systemUTC()).isBefore(DateTimeUtils.localDateTimeOf(unpack.getExpirationTime()))) {
                this.casEventRepository.save(casEvent);
                return success();
            }
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
        }
        requestContext.getMessageContext().addMessage(new MessageBuilder().error().code("screen.risk.authnconfirmed.message").build());
        return error();
    }

    @Generated
    public RiskAuthenticationCheckTokenAction(CasEventRepository casEventRepository, CommunicationsManager communicationsManager, ServicesManager servicesManager, PrincipalResolver principalResolver, CipherExecutor cipherExecutor, ObjectProvider<GeoLocationService> objectProvider, CasConfigurationProperties casConfigurationProperties) {
        this.casEventRepository = casEventRepository;
        this.communicationsManager = communicationsManager;
        this.servicesManager = servicesManager;
        this.principalResolver = principalResolver;
        this.riskVerificationCipherExecutor = cipherExecutor;
        this.geoLocationService = objectProvider;
        this.casProperties = casConfigurationProperties;
    }
}
