package com.supwisdom.institute.cas.site.qr.code.authentication;

import com.supwisdom.institute.cas.site.account.Account;
import com.supwisdom.institute.cas.site.account.service.AccountService;
import com.supwisdom.institute.cas.site.authentication.CasServerAccountCredential;
import com.supwisdom.institute.cas.site.authentication.exceptions.AccountNonActivatedException;
import com.supwisdom.institute.cas.site.common.util.CertUtil;
import com.supwisdom.institute.cas.site.common.util.HttpUtil;
import com.supwisdom.institute.cas.site.common.util.RSAUtils;
import com.supwisdom.institute.cas.site.lock.service.LockValidator;
import com.supwisdom.institute.cas.site.qr.code.QrCode;
import com.supwisdom.institute.cas.site.qr.code.QrCodeStore;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import org.apache.http.HttpResponse;
import org.apereo.cas.authentication.AbstractAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.BasicCredentialMetaData;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;

/* loaded from: input_file:com/supwisdom/institute/cas/site/qr/code/authentication/QrCodeAuthenticationHandler.class */
public class QrCodeAuthenticationHandler extends AbstractAuthenticationHandler {
    private static final Logger log = LoggerFactory.getLogger(QrCodeAuthenticationHandler.class);

    @Autowired
    private LockValidator lockValidator;

    @Autowired
    private AccountService accountService;
    private final QrCodeStore redisQrCodeStore;

    @Value("${superapp.token.signing.key.url:http://localhost:8080/auth-server/jwt/publicKey}")
    private String signingKeyUrl;
    private RSAPublicKey casRSAPublicKey;

    public QrCodeAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer num, QrCodeStore qrCodeStore) {
        super(str, servicesManager, principalFactory, num);
        this.redisQrCodeStore = qrCodeStore;
    }

    public boolean supports(Credential credential) {
        return QrCodeCredential.class.isInstance(credential);
    }

    public AuthenticationHandlerExecutionResult authenticate(Credential credential) throws GeneralSecurityException, PreventedException {
        QrCodeCredential qrCodeCredential = (QrCodeCredential) credential;
        log.debug("qrCodeCredential is [{}]", qrCodeCredential.getId());
        String id = qrCodeCredential.getId();
        QrCode loadQrCode = this.redisQrCodeStore.loadQrCode(id);
        if (loadQrCode == null) {
            this.redisQrCodeStore.removeQrCode(id);
            throw new AccountNotFoundException("QrCode has expired");
        }
        if (!QrCode.QR_CODE_STATUS_AUTHED.equals(loadQrCode.getStatus())) {
            this.redisQrCodeStore.removeQrCode(id);
            throw new AccountNotFoundException("QrCode is invalid");
        }
        String apptoken = loadQrCode.getApptoken();
        if (apptoken == null) {
            throw new AccountNotFoundException("QrCode is invalid");
        }
        try {
            String subject = getClaimsFromToken(apptoken).getSubject();
            if (subject == null) {
                throw new AccountNotFoundException("Account not found, username is null");
            }
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            try {
                Account loadAccountByUsername = this.accountService.loadAccountByUsername(subject);
                if (loadAccountByUsername == null) {
                    throw new AccountNotFoundException("Account not found");
                }
                if (!loadAccountByUsername.getActivation().booleanValue()) {
                    throw new AccountNonActivatedException("Account not activated");
                }
                if (!loadAccountByUsername.getEnabled().booleanValue()) {
                    throw new AccountDisabledException("Account has been disabled");
                }
                if (!loadAccountByUsername.getAccountNonExpired().booleanValue()) {
                    throw new AccountExpiredException("Account has expired");
                }
                if (!loadAccountByUsername.getAccountNonLocked().booleanValue() && this.lockValidator.isAccountLock(loadAccountByUsername.getUsername())) {
                    throw new AccountLockedException("Account has locked");
                }
                linkedHashMap.put("account", loadAccountByUsername);
                return new DefaultAuthenticationHandlerExecutionResult(this, new BasicCredentialMetaData(new CasServerAccountCredential(subject, apptoken, false, loadAccountByUsername, null)), this.principalFactory.createPrincipal(loadAccountByUsername.getUsername(), linkedHashMap), new ArrayList(0));
            } catch (GeneralSecurityException e) {
                log.error(e.getMessage(), e);
                throw e;
            } catch (Exception e2) {
                log.error(e2.getMessage(), e2);
                throw new AccountNotFoundException(subject + " not found from [" + this.accountService.getClass().getName() + "]");
            }
        } catch (Exception e3) {
            throw new AccountNotFoundException(e3.getMessage());
        }
    }

    private Claims getClaimsFromToken(String str) {
        if (this.casRSAPublicKey == null) {
            String str2 = null;
            HttpResponse httpResponse = null;
            try {
                try {
                    try {
                        httpResponse = HttpUtil.executeGet(this.signingKeyUrl);
                        StringBuilder sb = new StringBuilder();
                        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpResponse.getEntity().getContent(), RSAUtils.CHARSET), 8192);
                        while (true) {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            }
                            sb.append(readLine);
                        }
                        log.debug("Fetch response [{}]", sb.toString());
                        str2 = sb.toString();
                        if (httpResponse != null) {
                            HttpUtil.close(httpResponse);
                        }
                    } catch (UnsupportedOperationException e) {
                        e.printStackTrace();
                        if (httpResponse != null) {
                            HttpUtil.close(httpResponse);
                        }
                    }
                } catch (UnsupportedEncodingException e2) {
                    e2.printStackTrace();
                    if (httpResponse != null) {
                        HttpUtil.close(httpResponse);
                    }
                } catch (IOException e3) {
                    e3.printStackTrace();
                    if (httpResponse != null) {
                        HttpUtil.close(httpResponse);
                    }
                }
                if (str2 != null) {
                    try {
                        this.casRSAPublicKey = CertUtil.stringToPublicKey(str2);
                    } catch (NoSuchAlgorithmException e4) {
                        e4.printStackTrace();
                    } catch (InvalidKeySpecException e5) {
                        e5.printStackTrace();
                    }
                }
            } catch (Throwable th) {
                if (httpResponse != null) {
                    HttpUtil.close(httpResponse);
                }
                throw th;
            }
        }
        Claims claims = null;
        if (this.casRSAPublicKey != null) {
            try {
                claims = (Claims) Jwts.parser().setSigningKey(this.casRSAPublicKey).parseClaimsJws(str).getBody();
            } catch (Exception e6) {
                claims = null;
                this.casRSAPublicKey = null;
            }
        }
        if (claims != null) {
            return claims;
        }
        return null;
    }
}
