package org.apereo.cas.adaptors.radius.authentication;

import java.net.SocketTimeoutException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.security.auth.login.FailedLoginException;
import net.jradius.exception.TimeoutException;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.adaptors.radius.RadiusServer;
import org.apereo.cas.adaptors.radius.RadiusUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.HandlerResult;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContextHolder;

/* loaded from: input_file:org/apereo/cas/adaptors/radius/authentication/RadiusTokenAuthenticationHandler.class */
public class RadiusTokenAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger(RadiusTokenAuthenticationHandler.class);
    private final List<RadiusServer> servers;
    private final boolean failoverOnException;
    private final boolean failoverOnAuthenticationFailure;

    public RadiusTokenAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, List<RadiusServer> list, boolean z, boolean z2) {
        super(str, servicesManager, principalFactory, (Integer) null);
        this.servers = list;
        this.failoverOnException = z;
        this.failoverOnAuthenticationFailure = z2;
        LOGGER.debug("Using [{}]", getClass().getSimpleName());
    }

    public boolean supports(Credential credential) {
        return RadiusTokenCredential.class.isAssignableFrom(credential.getClass());
    }

    protected HandlerResult doAuthentication(Credential credential) throws GeneralSecurityException, PreventedException {
        try {
            String token = ((RadiusTokenCredential) credential).getToken();
            String id = WebUtils.getAuthentication(RequestContextHolder.getRequestContext()).getPrincipal().getId();
            Pair authenticate = RadiusUtils.authenticate(id, token, this.servers, this.failoverOnAuthenticationFailure, this.failoverOnException);
            if (((Boolean) authenticate.getKey()).booleanValue()) {
                return createHandlerResult(credential, this.principalFactory.createPrincipal(id, (Map) ((Optional) authenticate.getValue()).get()), new ArrayList());
            }
            throw new FailedLoginException("Radius authentication failed for user " + id);
        } catch (Exception e) {
            throw new FailedLoginException("Radius authentication failed " + e.getMessage());
        }
    }

    public boolean canPing() {
        String simpleName = getClass().getSimpleName();
        for (RadiusServer radiusServer : this.servers) {
            LOGGER.debug("Attempting to ping RADIUS server [{}] via simulating an authentication request. If the server responds successfully, mock authentication will fail correctly.", radiusServer);
            try {
                radiusServer.authenticate(simpleName, simpleName);
                return true;
            } catch (Exception e) {
                LOGGER.debug("Pinging RADIUS server was successful. Response [{}]", e.getMessage());
                return true;
            } catch (TimeoutException | SocketTimeoutException e2) {
                LOGGER.debug("Server [{}] is not available", radiusServer);
            }
        }
        return false;
    }
}
