package com.supwisdom.institute.cas.site.web.flow.actions;

import com.supwisdom.institute.cas.site.account.Account;
import com.supwisdom.institute.cas.site.account.service.AccountService;
import com.supwisdom.institute.cas.site.authentication.SHA256PasswordEncoder;
import com.supwisdom.institute.cas.site.federated.authentication.FederatedUserinfo;
import com.supwisdom.institute.cas.site.federated.authentication.principal.FederatedClientCredential;
import com.supwisdom.institute.cas.site.federation.Federation;
import com.supwisdom.institute.cas.site.federation.FederationManager;
import com.supwisdom.institute.cas.site.federation.FederationRepository;
import java.security.GeneralSecurityException;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import javax.servlet.http.HttpServletRequest;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.web.flow.actions.AbstractAuthenticationAction;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:com/supwisdom/institute/cas/site/web/flow/actions/FederatedBindAccountAction.class */
public class FederatedBindAccountAction extends AbstractAuthenticationAction {
    private static final Logger log = LoggerFactory.getLogger(FederatedBindAccountAction.class);
    private static final String DEFAULT_MESSAGE_BUNDLE_PREFIX = "authenticationFailure.";

    @Autowired
    private AccountService accountService;

    @Autowired
    private FederationRepository redisFederationRepository;

    @Autowired
    private FederationManager federationManager;
    private SHA256PasswordEncoder sha256PasswordEncoder;
    private final PasswordEncoder passwordEncoder;
    public static final String EVENT_ID_CAPTCHA_ERROR = "captchaError";
    public static final String EVENT_ID_ERROR = "federatedBindAccountError";

    public FederatedBindAccountAction(CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver, CasWebflowEventResolver casWebflowEventResolver, AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy, PasswordEncoder passwordEncoder) {
        super(casDelegatingWebflowEventResolver, casWebflowEventResolver, adaptiveAuthenticationPolicy);
        this.sha256PasswordEncoder = new SHA256PasswordEncoder();
        this.passwordEncoder = passwordEncoder;
    }

    protected Event doExecute(RequestContext requestContext) {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        Credential credential = WebUtils.getCredential(requestContext);
        if (!(credential instanceof FederatedClientCredential)) {
            return error();
        }
        FederatedClientCredential federatedClientCredential = (FederatedClientCredential) credential;
        FederatedUserinfo federatedUserinfo = federatedClientCredential.getFederatedUserinfo();
        String parameter = httpServletRequestFromExternalWebflowContext.getParameter("username");
        String parameter2 = httpServletRequestFromExternalWebflowContext.getParameter("password");
        if (parameter == null || parameter.isEmpty()) {
            return getError(requestContext);
        }
        if (parameter2 == null || parameter2.isEmpty()) {
            return getError(requestContext);
        }
        try {
            Account loadAccountByUsername = this.accountService.loadAccountByUsername(parameter);
            if (loadAccountByUsername == null) {
                throw new AccountNotFoundException("Account not found");
            }
            if (loadAccountByUsername.getPassword().startsWith("{SHA256}")) {
                if (!this.sha256PasswordEncoder.matches(parameter2 + loadAccountByUsername.getUserNo(), loadAccountByUsername.getPassword())) {
                    throw new FailedLoginException("SHA256 Password does not match value on record.");
                }
            } else if (!matches(parameter2, loadAccountByUsername.getPassword())) {
                throw new FailedLoginException("Password does not match value on record.");
            }
            if (!loadAccountByUsername.getEnabled().booleanValue()) {
                throw new AccountDisabledException("Account has been disabled");
            }
            if (!loadAccountByUsername.getAccountNonExpired().booleanValue()) {
                throw new AccountExpiredException("Account has expired");
            }
            if (!loadAccountByUsername.getAccountNonLocked().booleanValue()) {
                throw new AccountLockedException("Account has locked");
            }
            if (!loadAccountByUsername.getCredentialsNonExpired().booleanValue()) {
                throw new AccountPasswordMustChangeException("Password has expired");
            }
            try {
                Federation federation = new Federation();
                federation.setUserNo(loadAccountByUsername.getUserNo());
                federation.setFederatedType(federatedUserinfo.getFederatedType());
                federation.setFederatedId(federatedUserinfo.getFederatedId());
                this.federationManager.create(federation);
            } catch (Exception e) {
                e.printStackTrace();
            }
            if (this.redisFederationRepository.loadByFederatedTypeId(federatedUserinfo.getFederatedType(), federatedUserinfo.getFederatedId()) == null) {
                return getError(requestContext);
            }
            requestContext.getFlowScope().put("originalUsername", "");
            federatedClientCredential.setAccount(loadAccountByUsername);
            WebUtils.putCredential(requestContext, federatedClientCredential);
            return super.doExecute(requestContext);
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            if (!(e2 instanceof GeneralSecurityException)) {
                return getError(requestContext);
            }
            requestContext.getMessageContext().addMessage(new MessageBuilder().error().code(DEFAULT_MESSAGE_BUNDLE_PREFIX.concat(e2.getClass().getSimpleName())).build());
            return getEventFactorySupport().event(this, EVENT_ID_ERROR);
        }
    }

    private Event getCaptchaError(RequestContext requestContext) {
        requestContext.getMessageContext().addMessage(new MessageBuilder().error().code("captchaError").defaultText("captchaError").build());
        return getEventFactorySupport().event(this, "captchaError");
    }

    private Event getError(RequestContext requestContext) {
        requestContext.getMessageContext().addMessage(new MessageBuilder().error().code(EVENT_ID_ERROR).defaultText(EVENT_ID_ERROR).build());
        return getEventFactorySupport().event(this, EVENT_ID_ERROR);
    }

    protected boolean matches(CharSequence charSequence, String str) {
        return this.passwordEncoder.matches(charSequence, str);
    }

    public void setAccountService(AccountService accountService) {
        this.accountService = accountService;
    }

    public void setRedisFederationRepository(FederationRepository federationRepository) {
        this.redisFederationRepository = federationRepository;
    }

    public void setFederationManager(FederationManager federationManager) {
        this.federationManager = federationManager;
    }

    public void setSha256PasswordEncoder(SHA256PasswordEncoder sHA256PasswordEncoder) {
        this.sha256PasswordEncoder = sHA256PasswordEncoder;
    }

    public AccountService getAccountService() {
        return this.accountService;
    }

    public FederationRepository getRedisFederationRepository() {
        return this.redisFederationRepository;
    }

    public FederationManager getFederationManager() {
        return this.federationManager;
    }

    public SHA256PasswordEncoder getSha256PasswordEncoder() {
        return this.sha256PasswordEncoder;
    }

    public PasswordEncoder getPasswordEncoder() {
        return this.passwordEncoder;
    }
}
