package com.supwisdom.institute.cas.site.passwordless.authentication;

import com.alibaba.fastjson.JSONObject;
import com.supwisdom.institute.cas.site.account.Account;
import com.supwisdom.institute.cas.site.authentication.CasServerAccountCredential;
import com.supwisdom.institute.cas.site.authentication.exceptions.AccountNonActivatedException;
import com.supwisdom.institute.cas.site.lock.service.LockValidator;
import com.supwisdom.institute.cas.site.passwordless.api.PasswordlessTokenRepository;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.Optional;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/supwisdom/institute/cas/site/passwordless/authentication/PasswordlessTokenAuthenticationHandler.class */
public class PasswordlessTokenAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {
    private static final Logger log = LoggerFactory.getLogger(PasswordlessTokenAuthenticationHandler.class);

    @Autowired
    private LockValidator lockValidator;
    private final PasswordlessTokenRepository passwordlessTokenRepository;

    public PasswordlessTokenAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer num, PasswordlessTokenRepository passwordlessTokenRepository) {
        super(str, servicesManager, principalFactory, num);
        this.passwordlessTokenRepository = passwordlessTokenRepository;
    }

    protected AuthenticationHandlerExecutionResult doAuthentication(Credential credential) throws GeneralSecurityException {
        PasswordlessTokenCredential passwordlessTokenCredential = (PasswordlessTokenCredential) credential;
        String id = passwordlessTokenCredential.getId();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        Optional<String> findToken = this.passwordlessTokenRepository.findToken(id);
        if (!findToken.isPresent()) {
            throw new FailedLoginException("Passwordless authentication has failed");
        }
        Account account = passwordlessTokenCredential.getAccount();
        if (account == null) {
            throw new AccountNotFoundException("Account not found");
        }
        if (!account.getActivation().booleanValue()) {
            throw new AccountNonActivatedException("Account not activated");
        }
        if (!account.getEnabled().booleanValue()) {
            throw new AccountDisabledException("Account has been disabled");
        }
        if (!account.getAccountNonExpired().booleanValue()) {
            throw new AccountExpiredException("Account has expired");
        }
        if (!account.getAccountNonLocked().booleanValue() && this.lockValidator.isAccountLock(account.getUsername())) {
            throw new AccountLockedException("Account has locked");
        }
        String string = JSONObject.parseObject(findToken.get()).getString("token");
        if (string == null || !string.equalsIgnoreCase(passwordlessTokenCredential.getPassword())) {
            throw new FailedLoginException("Passwordless authentication has failed");
        }
        linkedHashMap.put("account", account);
        return createHandlerResult(new CasServerAccountCredential(account, id, string, false), this.principalFactory.createPrincipal(account.getUsername(), linkedHashMap), new ArrayList());
    }

    public boolean supports(Credential credential) {
        if (PasswordlessTokenCredential.class.isInstance(credential)) {
            return true;
        }
        log.debug("Credential is not one of one-time password and is not accepted by handler [{}]", getName());
        return false;
    }
}
