package org.apereo.cas.adaptors.radius.authentication;

import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import net.jradius.packet.attribute.value.AttributeValue;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.adaptors.radius.RadiusServer;
import org.apereo.cas.adaptors.radius.RadiusUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/adaptors/radius/authentication/RadiusTokenAuthenticationHandler.class */
public class RadiusTokenAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(RadiusTokenAuthenticationHandler.class);
    private final List<RadiusServer> servers;
    private final boolean failoverOnException;
    private final boolean failoverOnAuthenticationFailure;

    public RadiusTokenAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, List<RadiusServer> list, boolean z, boolean z2, Integer num) {
        super(str, servicesManager, principalFactory, num);
        this.servers = list;
        this.failoverOnException = z;
        this.failoverOnAuthenticationFailure = z2;
        LOGGER.debug("Using [{}]", getClass().getSimpleName());
    }

    public boolean supports(Credential credential) {
        return RadiusTokenCredential.class.isAssignableFrom(credential.getClass());
    }

    public boolean supports(Class<? extends Credential> cls) {
        return RadiusTokenCredential.class.isAssignableFrom(cls);
    }

    protected AuthenticationHandlerExecutionResult doAuthentication(Credential credential) throws GeneralSecurityException {
        try {
            String token = ((RadiusTokenCredential) credential).getToken();
            Authentication inProgressAuthentication = WebUtils.getInProgressAuthentication();
            if (inProgressAuthentication == null) {
                throw new IllegalArgumentException("CAS has no reference to an authentication event to locate a principal");
            }
            Principal principal = inProgressAuthentication.getPrincipal();
            String id = principal.getId();
            Optional empty = Optional.empty();
            Map attributes = principal.getAttributes();
            if (attributes.containsKey("State")) {
                LOGGER.debug("Found state attribute in principal attributes for multifactor authentication");
                Optional firstElement = CollectionUtils.firstElement(attributes.get("State"));
                if (firstElement.isPresent()) {
                    empty = Optional.of(((AttributeValue) AttributeValue.class.cast(firstElement.get())).getValueObject());
                }
            }
            Pair authenticate = RadiusUtils.authenticate(id, token, this.servers, this.failoverOnAuthenticationFailure, this.failoverOnException, empty);
            if (((Boolean) authenticate.getKey()).booleanValue()) {
                return createHandlerResult(credential, this.principalFactory.createPrincipal(id, (Map) ((Optional) authenticate.getValue()).get()), new ArrayList());
            }
            throw new FailedLoginException("Radius authentication failed for user " + id);
        } catch (Exception e) {
            throw new FailedLoginException("Radius authentication failed " + e.getMessage());
        }
    }
}
