package org.apereo.cas.adaptors.swivel;

import com.swiveltechnologies.pinsafe.client.agent.AgentXmlRequest;
import java.security.GeneralSecurityException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.login.FailedLoginException;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.HandlerResult;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.configuration.model.support.mfa.SwivelMultifactorProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;
import org.springframework.webflow.execution.RequestContextHolder;

/* loaded from: input_file:org/apereo/cas/adaptors/swivel/SwivelAuthenticationHandler.class */
public class SwivelAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {
    private static final String SWIVEL_ERR_CODE_AUTHN_FAIL = "swivel.server.error";
    private final SwivelMultifactorProperties swivelProperties;
    private static final Logger LOGGER = LoggerFactory.getLogger(SwivelAuthenticationHandler.class);
    private static final Map<String, String> ERROR_MAP = createErrorCodeMap();

    public SwivelAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, SwivelMultifactorProperties swivelMultifactorProperties) {
        super(str, servicesManager, principalFactory, (Integer) null);
        this.swivelProperties = swivelMultifactorProperties;
    }

    protected HandlerResult doAuthentication(Credential credential) throws GeneralSecurityException {
        SwivelCredential swivelCredential = (SwivelCredential) credential;
        if (swivelCredential == null || StringUtils.isBlank(swivelCredential.getToken())) {
            throw new IllegalArgumentException("No credential could be found or credential token is blank");
        }
        RequestContext requestContext = RequestContextHolder.getRequestContext();
        if (requestContext == null) {
            throw new IllegalArgumentException("No request context could be found to locate an authentication event");
        }
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        if (authentication == null) {
            throw new IllegalArgumentException("Request context has no reference to an authentication event to locate a principal");
        }
        String id = authentication.getPrincipal().getId();
        LOGGER.debug("Received principal id [{}]", id);
        return sendAuthenticationRequestToSwivel(swivelCredential, id);
    }

    private HandlerResult sendAuthenticationRequestToSwivel(SwivelCredential swivelCredential, String str) throws FailedLoginException {
        if (StringUtils.isBlank(this.swivelProperties.getSwivelUrl()) || StringUtils.isBlank(this.swivelProperties.getSharedSecret())) {
            throw new FailedLoginException("Swivel url/shared secret is not specified and cannot be blank.");
        }
        if (StringUtils.isBlank(swivelCredential.getId()) || StringUtils.isBlank(swivelCredential.getToken())) {
            throw new FailedLoginException("Swivel credentials are not specified can cannot be blank");
        }
        LOGGER.debug("Preparing Swivel request to [{}]", this.swivelProperties.getSwivelUrl());
        AgentXmlRequest agentXmlRequest = new AgentXmlRequest(this.swivelProperties.getSwivelUrl(), this.swivelProperties.getSharedSecret());
        agentXmlRequest.setIgnoreSSLErrors(this.swivelProperties.isIgnoreSslErrors());
        try {
            LOGGER.debug("Submitting Swivel request to [{}] for [{}]", this.swivelProperties.getSwivelUrl(), str);
            agentXmlRequest.login(str, "", swivelCredential.getToken());
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
        }
        if (!agentXmlRequest.send()) {
            LOGGER.error("Swivel request error: [{}], [{}], [{}]", new Object[]{Integer.valueOf(agentXmlRequest.getResponseCode()), agentXmlRequest.getAgentError(), agentXmlRequest.getResponse()});
            throw new FailedLoginException("Failed to authenticate swivel token: " + agentXmlRequest.getResponse());
        }
        if (agentXmlRequest.actionSucceeded()) {
            LOGGER.debug("Successful Swivel authentication for [{}]", str);
            return createHandlerResult(swivelCredential, this.principalFactory.createPrincipal(str), null);
        }
        String agentError = StringUtils.isBlank(agentXmlRequest.getAgentError()) ? SWIVEL_ERR_CODE_AUTHN_FAIL : agentXmlRequest.getAgentError();
        LOGGER.error("Failed Swivel MFA authentication for [{}] ([{}])", str, agentError);
        throw new FailedLoginException(ERROR_MAP.getOrDefault(agentError, SWIVEL_ERR_CODE_AUTHN_FAIL));
    }

    public boolean supports(Credential credential) {
        return SwivelCredential.class.isAssignableFrom(credential.getClass());
    }

    private static Map<String, String> createErrorCodeMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("AGENT_ERROR_NO_OTC", "swivel.auth.otc.malformed");
        hashMap.put("AGENT_ERROR_BAD_OTC", "swivel.auth.otc.malformed");
        hashMap.put("AGENT_ERROR_NO_PIN", "swivel.auth.pin.notset");
        hashMap.put("AGENT_ERROR_USER_LOCKED", "swivel.auth.user.locked");
        hashMap.put("AGENT_ERROR_NO_SECURITY_STRINGS", "swivel.auth.user.locked");
        hashMap.put("AGENT_ERROR_AGENT_ACCESS", "swivel.auth.user.notallowed");
        hashMap.put("AGENT_ERROR_USER_NOT_IN_GROUP", "swivel.auth.user.notallowed");
        hashMap.put("AGENT_ERROR_NO_USER_FOUND", "swivel.auth.user.unknown");
        hashMap.put("AGENT_ERROR_NO_AUTH", "swivel.auth.user.unknown");
        hashMap.put("AGENT_ERROR_USERNAME", "swivel.auth.user.unknown");
        hashMap.put("AGENT_ERROR_SESSION", "swivel.server.session.error");
        hashMap.put("AGENT_ERROR_GENERAL", SWIVEL_ERR_CODE_AUTHN_FAIL);
        return hashMap;
    }
}
