package org.apereo.cas.adaptors.gauth.web.flow;

import com.warrenstrange.googleauth.GoogleAuthenticatorKey;
import org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAccount;
import org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAccountRegistry;
import org.apereo.cas.adaptors.gauth.GoogleAuthenticatorInstance;
import org.apereo.cas.web.support.WebUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.stereotype.Component;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;
import org.springframework.webflow.execution.RequestContextHolder;

@RefreshScope
@Component("googleAccountRegistrationAction")
/* loaded from: input_file:org/apereo/cas/adaptors/gauth/web/flow/GoogleAccountCheckRegistrationAction.class */
public class GoogleAccountCheckRegistrationAction extends AbstractAction {

    @Value("${cas.mfa.gauth.issuer:CAS}")
    private String issuer;

    @Value("${cas.mfa.gauth.label:CAS}")
    private String label;

    @Autowired
    @Qualifier("googleAuthenticatorAccountRegistry")
    private GoogleAuthenticatorAccountRegistry accountRegistry;

    @Autowired
    @Qualifier("googleAuthenticatorInstance")
    private GoogleAuthenticatorInstance googleAuthenticatorInstance;

    protected Event doExecute(RequestContext requestContext) throws Exception {
        String id = WebUtils.getAuthentication(RequestContextHolder.getRequestContext()).getPrincipal().getId();
        if (this.accountRegistry.contains(id)) {
            return success();
        }
        GoogleAuthenticatorKey createCredentials = this.googleAuthenticatorInstance.createCredentials();
        GoogleAuthenticatorAccount googleAuthenticatorAccount = new GoogleAuthenticatorAccount(createCredentials.getKey(), createCredentials.getVerificationCode(), createCredentials.getScratchCodes());
        String str = "otpauth://totp/" + this.label + ':' + id + "?secret=" + googleAuthenticatorAccount.getSecretKey() + "&issuer=" + this.issuer;
        requestContext.getFlowScope().put("key", googleAuthenticatorAccount);
        requestContext.getFlowScope().put("keyUri", str);
        return new EventFactorySupport().event(this, "register");
    }
}
