package org.apereo.cas.adaptors.swivel;

import com.swiveltechnologies.pinsafe.client.agent.AgentXmlRequest;
import java.security.GeneralSecurityException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.MultifactorAuthenticationHandler;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.model.support.mfa.SwivelMultifactorAuthenticationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;

@Deprecated(since = "6.6")
/* loaded from: input_file:org/apereo/cas/adaptors/swivel/SwivelAuthenticationHandler.class */
public class SwivelAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler implements MultifactorAuthenticationHandler {
    private static final String SWIVEL_ERR_CODE_AUTHN_FAIL = "swivel.server.error";
    private final SwivelMultifactorAuthenticationProperties swivelProperties;
    private final ObjectProvider<MultifactorAuthenticationProvider> multifactorAuthenticationProvider;

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SwivelAuthenticationHandler.class);
    private static final Map<String, String> ERROR_MAP = createErrorCodeMap();

    public SwivelAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, SwivelMultifactorAuthenticationProperties swivelMultifactorAuthenticationProperties, ObjectProvider<MultifactorAuthenticationProvider> objectProvider) {
        super(str, servicesManager, principalFactory, Integer.valueOf(swivelMultifactorAuthenticationProperties.getOrder()));
        this.swivelProperties = swivelMultifactorAuthenticationProperties;
        this.multifactorAuthenticationProvider = objectProvider;
    }

    private static Map<String, String> createErrorCodeMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("AGENT_ERROR_NO_OTC", "swivel.auth.otc.malformed");
        hashMap.put("AGENT_ERROR_BAD_OTC", "swivel.auth.otc.malformed");
        hashMap.put("AGENT_ERROR_NO_PIN", "swivel.auth.pin.notset");
        hashMap.put("AGENT_ERROR_USER_LOCKED", "swivel.auth.user.locked");
        hashMap.put("AGENT_ERROR_NO_SECURITY_STRINGS", "swivel.auth.user.locked");
        hashMap.put("AGENT_ERROR_AGENT_ACCESS", "swivel.auth.user.notallowed");
        hashMap.put("AGENT_ERROR_USER_NOT_IN_GROUP", "swivel.auth.user.notallowed");
        hashMap.put("AGENT_ERROR_NO_USER_FOUND", "swivel.auth.user.unknown");
        hashMap.put("AGENT_ERROR_NO_AUTH", "swivel.auth.user.unknown");
        hashMap.put("AGENT_ERROR_USERNAME", "swivel.auth.user.unknown");
        hashMap.put("AGENT_ERROR_SESSION", "swivel.server.session.error");
        hashMap.put("AGENT_ERROR_GENERAL", SWIVEL_ERR_CODE_AUTHN_FAIL);
        return hashMap;
    }

    protected AuthenticationHandlerExecutionResult doAuthentication(Credential credential, Service service) throws GeneralSecurityException {
        String id = WebUtils.getInProgressAuthentication().getPrincipal().getId();
        LOGGER.debug("Received principal id [{}]", id);
        return sendAuthenticationRequestToSwivel((SwivelTokenCredential) credential, id);
    }

    private AuthenticationHandlerExecutionResult sendAuthenticationRequestToSwivel(SwivelTokenCredential swivelTokenCredential, String str) throws FailedLoginException {
        LOGGER.debug("Preparing Swivel request to [{}]", this.swivelProperties.getSwivelUrl());
        AgentXmlRequest agentXmlRequest = new AgentXmlRequest(this.swivelProperties.getSwivelUrl(), this.swivelProperties.getSharedSecret());
        agentXmlRequest.setIgnoreSSLErrors(this.swivelProperties.isIgnoreSslErrors());
        LOGGER.debug("Submitting Swivel request to [{}] for [{}]", this.swivelProperties.getSwivelUrl(), str);
        agentXmlRequest.login(str, "", swivelTokenCredential.getToken());
        if (!agentXmlRequest.send()) {
            LOGGER.error("Swivel request error: [{}], [{}], [{}]", new Object[]{Integer.valueOf(agentXmlRequest.getResponseCode()), agentXmlRequest.getAgentError(), agentXmlRequest.getResponse()});
            throw new FailedLoginException("Failed to authenticate swivel token: " + agentXmlRequest.getResponse());
        }
        if (agentXmlRequest.actionSucceeded()) {
            LOGGER.debug("Successful Swivel authentication for [{}]", str);
            return createHandlerResult(swivelTokenCredential, this.principalFactory.createPrincipal(str));
        }
        String agentError = StringUtils.isBlank(agentXmlRequest.getAgentError()) ? SWIVEL_ERR_CODE_AUTHN_FAIL : agentXmlRequest.getAgentError();
        LOGGER.error("Failed Swivel MFA authentication for [{}] ([{}])", str, agentError);
        throw new FailedLoginException(ERROR_MAP.getOrDefault(agentError, SWIVEL_ERR_CODE_AUTHN_FAIL));
    }

    public boolean supports(Class<? extends Credential> cls) {
        return SwivelTokenCredential.class.isAssignableFrom(cls);
    }

    public boolean supports(Credential credential) {
        return SwivelTokenCredential.class.isAssignableFrom(credential.getClass());
    }

    @Generated
    public SwivelMultifactorAuthenticationProperties getSwivelProperties() {
        return this.swivelProperties;
    }

    @Generated
    public ObjectProvider<MultifactorAuthenticationProvider> getMultifactorAuthenticationProvider() {
        return this.multifactorAuthenticationProvider;
    }
}
