package org.apereo.cas.authentication;

import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Optional;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apereo.cas.api.PasswordlessTokenRepository;
import org.apereo.cas.authentication.credential.OneTimePasswordCredential;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.ServicesManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/authentication/PasswordlessTokenAuthenticationHandler.class */
public class PasswordlessTokenAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(PasswordlessTokenAuthenticationHandler.class);
    private final PasswordlessTokenRepository passwordlessTokenRepository;

    public PasswordlessTokenAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer num, PasswordlessTokenRepository passwordlessTokenRepository) {
        super(str, servicesManager, principalFactory, num);
        this.passwordlessTokenRepository = passwordlessTokenRepository;
    }

    protected AuthenticationHandlerExecutionResult doAuthentication(Credential credential, Service service) throws GeneralSecurityException {
        OneTimePasswordCredential oneTimePasswordCredential = (OneTimePasswordCredential) credential;
        Optional<String> findToken = this.passwordlessTokenRepository.findToken(oneTimePasswordCredential.getId());
        if (findToken.isPresent() && findToken.get().equalsIgnoreCase(oneTimePasswordCredential.getPassword())) {
            return createHandlerResult(credential, this.principalFactory.createPrincipal(oneTimePasswordCredential.getId()), new ArrayList(0));
        }
        throw new FailedLoginException("Passwordless authentication has failed");
    }

    public boolean supports(Class<? extends Credential> cls) {
        return OneTimePasswordCredential.class.isAssignableFrom(cls);
    }

    public boolean supports(Credential credential) {
        if (credential instanceof OneTimePasswordCredential) {
            return true;
        }
        LOGGER.debug("Credential is not one of one-time password and is not accepted by handler [{}]", getName());
        return false;
    }
}
