package org.apereo.cas.adaptors.gauth;

import com.warrenstrange.googleauth.IGoogleAuthenticator;
import java.security.GeneralSecurityException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.HandlerResult;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.web.support.WebUtils;
import org.springframework.webflow.execution.RequestContextHolder;

/* loaded from: input_file:org/apereo/cas/adaptors/gauth/GoogleAuthenticatorAuthenticationHandler.class */
public class GoogleAuthenticatorAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {
    private IGoogleAuthenticator googleAuthenticatorInstance;

    protected HandlerResult doAuthentication(Credential credential) throws GeneralSecurityException, PreventedException {
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = (GoogleAuthenticatorTokenCredential) credential;
        if (!NumberUtils.isCreatable(googleAuthenticatorTokenCredential.getToken())) {
            throw new PreventedException("Invalid non-numeric OTP format specified.", new IllegalArgumentException());
        }
        int parseInt = Integer.parseInt(googleAuthenticatorTokenCredential.getToken());
        this.logger.debug("Received OTP {}", Integer.valueOf(parseInt));
        String id = WebUtils.getAuthentication(RequestContextHolder.getRequestContext()).getPrincipal().getId();
        this.logger.debug("Received principal id {}", id);
        String secretKey = this.googleAuthenticatorInstance.getCredentialRepository().getSecretKey(id);
        if (StringUtils.isBlank(secretKey)) {
            throw new AccountNotFoundException(id + " cannot be found in the registry");
        }
        if (this.googleAuthenticatorInstance.authorize(secretKey, parseInt)) {
            return createHandlerResult(googleAuthenticatorTokenCredential, this.principalFactory.createPrincipal(id), null);
        }
        throw new FailedLoginException("Failed to authenticate code " + parseInt);
    }

    public boolean supports(Credential credential) {
        return GoogleAuthenticatorTokenCredential.class.isAssignableFrom(credential.getClass());
    }

    public IGoogleAuthenticator getGoogleAuthenticatorInstance() {
        return this.googleAuthenticatorInstance;
    }

    public void setGoogleAuthenticatorInstance(IGoogleAuthenticator iGoogleAuthenticator) {
        this.googleAuthenticatorInstance = iGoogleAuthenticator;
    }
}
