package com.supwisdom.institute.cas.site.mfa.web.flow;

import com.alibaba.fastjson.JSONObject;
import com.supwisdom.institute.cas.site.attest.guard.AppPushGuardRemote;
import com.supwisdom.institute.cas.site.attest.guard.FaceVerifyGuardRemote;
import com.supwisdom.institute.cas.site.attest.guard.QrCodeGuardRemote;
import com.supwisdom.institute.cas.site.attest.guard.SecureEmailGuardRemote;
import com.supwisdom.institute.cas.site.attest.guard.SecurePhoneGuardRemote;
import com.supwisdom.institute.cas.site.config.Config;
import com.supwisdom.institute.cas.site.config.ConfigManager;
import com.supwisdom.institute.cas.site.mfa.state.MfaState;
import com.supwisdom.institute.cas.site.mfa.state.MfaStateStore;
import com.supwisdom.institute.cas.site.qr.code.QrCode;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:com/supwisdom/institute/cas/site/mfa/web/flow/MfaVerifyAction.class */
public class MfaVerifyAction extends AbstractAction {
    private static final Logger log = LoggerFactory.getLogger(MfaVerifyAction.class);
    public static final String EVENT_ID_MFA_VERIFY_ERROR = "mfaVerifyError";
    private final ConfigManager configManager;

    @Autowired
    private AppPushGuardRemote appPushGuardRemote;

    @Autowired
    private SecureEmailGuardRemote secureEmailGuardRemote;

    @Autowired
    private SecurePhoneGuardRemote securePhoneGuardRemote;

    @Autowired
    private QrCodeGuardRemote qrCodeGuardRemote;

    @Autowired
    private FaceVerifyGuardRemote faceVerifyGuardRemote;

    @Autowired
    private MfaStateStore mfaStateStore;

    @Value("${cas-server-site.mfa.mobile.skip:true}")
    private boolean mfaMobileSkip;

    @Value("${cas-server-site.mfa.service.skip.ids:}")
    private String mfaServiceSkipIds;

    private String getConfigValue(String str, String str2) {
        Config config = this.configManager.getConfigs().get(str);
        return (config == null || !StringUtils.isNotBlank(config.getConfigValue())) ? str2 : config.getConfigValue();
    }

    protected Event doExecute(RequestContext requestContext) throws Exception {
        JSONObject verify;
        if (!"submit".equals(requestContext.getCurrentEvent().getId())) {
            requestContext.getFlowScope().put("mfaVeriySuccess", true);
            log.warn("MfaVerifyAction.doExecute request isn't UsernamePassword. skip!");
            return null;
        }
        boolean booleanValue = Boolean.valueOf(String.valueOf(requestContext.getFlowScope().get("isMobile"))).booleanValue();
        if (this.mfaMobileSkip && booleanValue) {
            log.warn("MfaVerifyAction.doExecute request not from PC. skip!");
            return null;
        }
        log.debug("Located service [{}] from the context", WebUtils.getService(requestContext));
        RegisteredService registeredService = WebUtils.getRegisteredService(requestContext);
        log.debug("Located registeredService [{}] from the context", registeredService);
        if (StringUtils.isNotBlank(this.mfaServiceSkipIds) && ("," + this.mfaServiceSkipIds + ",").indexOf(String.valueOf(registeredService.getId())) > 0) {
            log.warn("MfaVerifyAction.doExecute request from service {}. skip!", registeredService.getName());
            return null;
        }
        boolean booleanValue2 = Boolean.valueOf(getConfigValue("casServer.config.mfaEnabled", "false")).booleanValue();
        if (!booleanValue2) {
            log.debug("MfaVerifyAction.doExecute mfaEnabled is {}, no need to verify. skip!", Boolean.valueOf(booleanValue2));
            return null;
        }
        String str = requestContext.getRequestParameters().get("mfaState");
        log.debug("MfaVerifyAction.doExecute load stateKey from Request, {}", str);
        if (StringUtils.isBlank(str)) {
            log.error("MfaVerifyAction.doExecute stateKey is blank.");
            return getError(requestContext);
        }
        MfaState loadState = this.mfaStateStore.loadState(str);
        if (loadState == null) {
            log.error("MfaVerifyAction.doExecute mfaState is null.");
            return getError(requestContext);
        }
        if (!loadState.isMfaNeeded()) {
            log.debug("MfaVerifyAction.doExecute mfaNeeded is {}, no need to verify. skip!", Boolean.valueOf(loadState.isMfaNeeded()));
            return null;
        }
        String username = loadState.getUsername();
        String remoteIp = loadState.getRemoteIp();
        String userAgent = loadState.getUserAgent();
        String type = loadState.getType();
        String gid = loadState.getGid();
        String str2 = null;
        if ("apppush".equals(type)) {
            JSONObject verify2 = this.appPushGuardRemote.verify(gid, username, remoteIp, userAgent, str, null);
            if (verify2 != null) {
                str2 = verify2.getString("status");
            }
        } else if ("secureemail".equals(type)) {
            JSONObject verify3 = this.secureEmailGuardRemote.verify(gid, username, remoteIp, userAgent, str, null);
            if (verify3 != null) {
                str2 = verify3.getString("status");
            }
        } else if ("securephone".equals(type)) {
            JSONObject verify4 = this.securePhoneGuardRemote.verify(gid, username, remoteIp, userAgent, str, null);
            if (verify4 != null) {
                str2 = verify4.getString("status");
            }
        } else if ("qrcode".equals(type)) {
            JSONObject verify5 = this.qrCodeGuardRemote.verify(gid, username, remoteIp, userAgent, str, null);
            if (verify5 != null) {
                str2 = verify5.getString("status");
            }
        } else if ("faceverify".equals(type) && (verify = this.faceVerifyGuardRemote.verify(gid, username, remoteIp, userAgent, str, null)) != null) {
            str2 = verify.getString("status");
        }
        log.debug("MfaVerifyAction.doExecute verify status, {}", str2);
        this.mfaStateStore.expireState(str);
        if (QrCode.QR_CODE_STATUS_SCANED.equals(str2)) {
            log.info("MfaVerifyAction.doExecute verify success. status is {}", str2);
            return null;
        }
        log.error("MfaVerifyAction.doExecute verify fail. status is {}", str2);
        return getError(requestContext);
    }

    private Event getError(RequestContext requestContext) {
        requestContext.getMessageContext().addMessage(new MessageBuilder().error().code(EVENT_ID_MFA_VERIFY_ERROR).defaultText(EVENT_ID_MFA_VERIFY_ERROR).build());
        return getEventFactorySupport().event(this, EVENT_ID_MFA_VERIFY_ERROR);
    }

    public MfaVerifyAction(ConfigManager configManager) {
        this.configManager = configManager;
    }
}
