package org.apereo.cas.mfa.simple;

import java.security.GeneralSecurityException;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.TransientSessionTicket;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/mfa/simple/CasSimpleMultifactorAuthenticationHandler.class */
public class CasSimpleMultifactorAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CasSimpleMultifactorAuthenticationHandler.class);
    public static final String PROPERTY_PRINCIPAL = "principal";
    private final TicketRegistry ticketRegistry;

    public CasSimpleMultifactorAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, TicketRegistry ticketRegistry, Integer num) {
        super(str, servicesManager, principalFactory, num);
        this.ticketRegistry = ticketRegistry;
    }

    protected AuthenticationHandlerExecutionResult doAuthentication(Credential credential) throws GeneralSecurityException {
        CasSimpleMultifactorTokenCredential casSimpleMultifactorTokenCredential = (CasSimpleMultifactorTokenCredential) credential;
        LOGGER.debug("Received token [{}]", casSimpleMultifactorTokenCredential.getId());
        Authentication inProgressAuthentication = WebUtils.getInProgressAuthentication();
        String id = inProgressAuthentication.getPrincipal().getId();
        LOGGER.debug("Received principal id [{}]. Attempting to locate token in registry...", id);
        TransientSessionTicket ticket = this.ticketRegistry.getTicket(casSimpleMultifactorTokenCredential.getId(), TransientSessionTicket.class);
        if (ticket == null) {
            LOGGER.warn("Authorization of token [{}] has failed. Token is not found in registry", casSimpleMultifactorTokenCredential.getId());
            throw new FailedLoginException("Failed to authenticate code " + casSimpleMultifactorTokenCredential.getId());
        }
        if (!ticket.getProperties().containsKey(PROPERTY_PRINCIPAL)) {
            LOGGER.warn("Unable to locate principal for token [{}]", casSimpleMultifactorTokenCredential.getId());
            this.ticketRegistry.deleteTicket(ticket.getId());
            throw new FailedLoginException("Failed to authenticate code " + casSimpleMultifactorTokenCredential.getId());
        }
        Principal principal = (Principal) Principal.class.cast(ticket.getProperties().get(PROPERTY_PRINCIPAL));
        if (!principal.equals(inProgressAuthentication.getPrincipal())) {
            LOGGER.warn("Principal assigned to token [{}] is unauthorized for of token [{}]", principal.getId(), casSimpleMultifactorTokenCredential.getId());
            this.ticketRegistry.deleteTicket(ticket.getId());
            throw new FailedLoginException("Failed to authenticate code " + casSimpleMultifactorTokenCredential.getId());
        }
        if (ticket.isExpired()) {
            LOGGER.warn("Authorization of token [{}] has failed. Token found in registry has expired", casSimpleMultifactorTokenCredential.getId());
            this.ticketRegistry.deleteTicket(ticket.getId());
            throw new FailedLoginException("Failed to authenticate code " + casSimpleMultifactorTokenCredential.getId());
        }
        this.ticketRegistry.deleteTicket(ticket.getId());
        LOGGER.debug("Validated token [{}] successfully for [{}]. Creating authentication result and building principal...", casSimpleMultifactorTokenCredential.getId(), id);
        return createHandlerResult(casSimpleMultifactorTokenCredential, this.principalFactory.createPrincipal(id));
    }

    public boolean supports(Class<? extends Credential> cls) {
        return CasSimpleMultifactorTokenCredential.class.isAssignableFrom(cls);
    }

    public boolean supports(Credential credential) {
        return CasSimpleMultifactorTokenCredential.class.isAssignableFrom(credential.getClass());
    }
}
