package org.apereo.cas.support.openid.authentication.handler.support;

import java.security.GeneralSecurityException;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.authentication.AbstractAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.metadata.BasicCredentialMetaData;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.openid.authentication.principal.OpenIdCredential;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.registry.TicketRegistry;

@Deprecated(since = "6.2.0")
/* loaded from: input_file:org/apereo/cas/support/openid/authentication/handler/support/OpenIdCredentialsAuthenticationHandler.class */
public class OpenIdCredentialsAuthenticationHandler extends AbstractAuthenticationHandler {
    private final TicketRegistry ticketRegistry;

    public OpenIdCredentialsAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, TicketRegistry ticketRegistry, Integer num) {
        super(str, servicesManager, principalFactory, num);
        this.ticketRegistry = ticketRegistry;
    }

    public AuthenticationHandlerExecutionResult authenticate(Credential credential) throws GeneralSecurityException {
        OpenIdCredential openIdCredential = (OpenIdCredential) credential;
        TicketGrantingTicket ticket = this.ticketRegistry.getTicket(openIdCredential.getTicketGrantingTicketId(), TicketGrantingTicket.class);
        if (ticket == null || ticket.isExpired()) {
            throw new FailedLoginException("Ticket-granting ticket is null or expired.");
        }
        Principal principal = ticket.getAuthentication().getPrincipal();
        if (principal.getId().equals(openIdCredential.getUsername())) {
            return new DefaultAuthenticationHandlerExecutionResult(this, new BasicCredentialMetaData(openIdCredential), principal);
        }
        throw new FailedLoginException("Principal ID mismatch");
    }

    public boolean supports(Class<? extends Credential> cls) {
        return OpenIdCredential.class.isAssignableFrom(cls);
    }

    public boolean supports(Credential credential) {
        return credential instanceof OpenIdCredential;
    }
}
