package com.supwisdom.institute.cas.site.mfa.web;

import com.alibaba.fastjson.JSONObject;
import com.supwisdom.institute.cas.site.account.Account;
import com.supwisdom.institute.cas.site.account.service.AccountService;
import com.supwisdom.institute.cas.site.attest.detect.Detector;
import com.supwisdom.institute.cas.site.attest.guard.AppPushGuardRemote;
import com.supwisdom.institute.cas.site.attest.guard.SecureEmailGuardRemote;
import com.supwisdom.institute.cas.site.attest.guard.SecurePhoneGuardRemote;
import com.supwisdom.institute.cas.site.common.util.EncodeUtils;
import com.supwisdom.institute.cas.site.config.Config;
import com.supwisdom.institute.cas.site.config.ConfigManager;
import com.supwisdom.institute.cas.site.mfa.state.MfaState;
import com.supwisdom.institute.cas.site.mfa.state.MfaStateStore;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.util.HttpRequestUtils;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller("mfaController")
/* loaded from: input_file:com/supwisdom/institute/cas/site/mfa/web/MfaController.class */
public class MfaController {
    private static final Logger log = LoggerFactory.getLogger(MfaController.class);

    @Autowired
    private ConfigManager configManager;

    @Autowired
    private AccountService accountService;

    @Autowired
    @Qualifier("usernameLoginIpDetector")
    private Detector usernameLoginIpDetector;

    @Autowired
    private AppPushGuardRemote appPushGuardRemote;

    @Autowired
    private SecureEmailGuardRemote secureEmailGuardRemote;

    @Autowired
    private SecurePhoneGuardRemote securePhoneGuardRemote;

    @Autowired
    private MfaStateStore mfaStateStore;

    private String getConfigValue(String str, String str2) {
        Config config = this.configManager.getConfigs().get(str);
        return (config == null || !StringUtils.isNotBlank(config.getConfigValue())) ? str2 : config.getConfigValue();
    }

    private Boolean getConfigValue(String str, Boolean bool) {
        Config config = this.configManager.getConfigs().get(str);
        return (config == null || !StringUtils.isNotBlank(config.getConfigValue())) ? bool : Boolean.valueOf(config.getConfigValue());
    }

    @PostMapping(path = {"/mfa/detect"})
    @ResponseBody
    public JSONObject detect(@RequestParam(name = "username") String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        JSONObject jSONObject = new JSONObject();
        JSONObject jSONObject2 = new JSONObject();
        boolean booleanValue = getConfigValue("casServer.config.mfaEnabled", (Boolean) false).booleanValue();
        jSONObject2.put("mfaEnabled", Boolean.valueOf(booleanValue));
        if (!booleanValue) {
            jSONObject2.put("state", (Object) null);
            jSONObject2.put("need", false);
            jSONObject.put("code", 0);
            jSONObject.put("data", jSONObject2);
            return jSONObject;
        }
        List<Account> loadAccountsByUsername = this.accountService.loadAccountsByUsername(str);
        if (loadAccountsByUsername == null || loadAccountsByUsername.size() <= 0) {
            log.error("MfaController.detect username[{}] not found.", str);
            MfaState mfaState = new MfaState();
            mfaState.setMfaNeeded(false);
            jSONObject2.put("state", this.mfaStateStore.createState(mfaState, 3600L));
            jSONObject2.put("need", false);
            jSONObject.put("code", 0);
            jSONObject.put("data", jSONObject2);
            return jSONObject;
        }
        ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
        String httpServletRequestUserAgent = HttpRequestUtils.getHttpServletRequestUserAgent(httpServletRequest);
        String clientIpAddress = clientInfo != null ? clientInfo.getClientIpAddress() : "unknown.ip";
        String configValue = getConfigValue("casServer.config.mfaStrategyBlacklist", "");
        boolean detect = StringUtils.isNotBlank(configValue) ? new StringBuilder().append(",").append(configValue).append(",").toString().indexOf(new StringBuilder().append(",").append(str).append(",").toString()) >= 0 : getConfigValue("casServer.config.mfaStrategyDynamic", (Boolean) false).booleanValue() ? this.usernameLoginIpDetector.detect(str, clientIpAddress, httpServletRequestUserAgent) : getConfigValue("casServer.config.mfaStrategyStatic", (Boolean) false).booleanValue();
        boolean booleanValue2 = getConfigValue("casServer.config.mfaTypeAppPush", (Boolean) false).booleanValue();
        boolean booleanValue3 = getConfigValue("casServer.config.mfaTypeSecurePhone", (Boolean) false).booleanValue();
        boolean booleanValue4 = getConfigValue("casServer.config.mfaTypeSecureEmail", (Boolean) false).booleanValue();
        boolean booleanValue5 = getConfigValue("casServer.config.mfaTypeFaceVerify", (Boolean) false).booleanValue();
        jSONObject2.put("mfaTypeAppPush", Boolean.valueOf(booleanValue2));
        jSONObject2.put("mfaTypeSecurePhone", Boolean.valueOf(booleanValue3));
        jSONObject2.put("mfaTypeSecureEmail", Boolean.valueOf(booleanValue4));
        jSONObject2.put("mfaTypeFaceVerify", Boolean.valueOf(booleanValue5));
        MfaState mfaState2 = new MfaState();
        mfaState2.setMfaNeeded(detect);
        mfaState2.setUsername(str);
        mfaState2.setRemoteIp(clientIpAddress);
        mfaState2.setUserAgent(httpServletRequestUserAgent);
        log.debug("detect, stateData {}", mfaState2);
        jSONObject2.put("state", this.mfaStateStore.createState(mfaState2, 3600L));
        jSONObject2.put("need", Boolean.valueOf(detect));
        jSONObject.put("code", 0);
        jSONObject.put("data", jSONObject2);
        return jSONObject;
    }

    @GetMapping({"/mfa/initByType/{type}"})
    @ResponseBody
    public JSONObject initByType(@PathVariable(name = "type") String str, @RequestParam(name = "state") String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        JSONObject jSONObject = new JSONObject();
        JSONObject jSONObject2 = new JSONObject();
        MfaState loadState = this.mfaStateStore.loadState(str2);
        String username = loadState.getUsername();
        String remoteIp = loadState.getRemoteIp();
        String userAgent = loadState.getUserAgent();
        List<Account> loadAccountsByUsername = this.accountService.loadAccountsByUsername(username);
        if (loadAccountsByUsername == null || loadAccountsByUsername.size() <= 0) {
            log.error("MfaController.detect username[{}] not found.", username);
            JSONObject jSONObject3 = new JSONObject();
            jSONObject3.put("message", "fail_0");
            jSONObject.put("code", -1);
            jSONObject.put("error", jSONObject3);
            return jSONObject;
        }
        String str3 = null;
        String str4 = null;
        if ("apppush".equals(str)) {
            JSONObject init = this.appPushGuardRemote.init(username, remoteIp, userAgent, str2, null);
            if (init != null) {
                str3 = init.getString("attestServerUrl");
                str4 = init.getString("gid");
            }
        } else if ("secureemail".equals(str)) {
            JSONObject init2 = this.secureEmailGuardRemote.init(username, remoteIp, userAgent, str2, null);
            if (init2 != null) {
                str3 = init2.getString("attestServerUrl");
                str4 = init2.getString("gid");
            }
        } else if ("securephone".equals(str)) {
            JSONObject init3 = this.securePhoneGuardRemote.init(username, remoteIp, userAgent, str2, null);
            if (init3 != null) {
                str3 = init3.getString("attestServerUrl");
                str4 = init3.getString("gid");
            }
        } else if ("faceverify".equals(str)) {
        }
        if (StringUtils.isBlank(str4)) {
            jSONObject.put("code", -1);
            jSONObject.put("error", "not support");
        } else {
            Account account = loadAccountsByUsername.get(0);
            String securePhone = account.getSecurePhone();
            String secureEmail = account.getSecureEmail();
            jSONObject2.put("securePhone", EncodeUtils.encodeMobile(securePhone));
            jSONObject2.put("secureEmail", EncodeUtils.encodeEmailAddress(secureEmail));
            loadState.setType(str);
            loadState.setGid(str4);
            this.mfaStateStore.renewState(str2, loadState, 3600L);
            log.debug("renew stateData {} to redis with stateKey {}", loadState, str2);
            jSONObject2.put("attestServerUrl", str3);
            jSONObject2.put("gid", str4);
            jSONObject.put("code", 0);
            jSONObject.put("data", jSONObject2);
        }
        return jSONObject;
    }
}
