package com.supwisdom.institute.cas.site.web.flow.actions;

import com.supwisdom.institute.cas.site.account.PasswordDetectVO;
import com.supwisdom.institute.cas.site.account.service.AccountService;
import com.supwisdom.institute.cas.site.authentication.CasServerAccountCredential;
import com.supwisdom.institute.cas.site.common.util.RSAUtils;
import com.supwisdom.institute.cas.site.common.util.UserAgentUtils;
import com.supwisdom.institute.cas.site.config.Config;
import com.supwisdom.institute.cas.site.config.ConfigManager;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:com/supwisdom/institute/cas/site/web/flow/actions/CasServerUserPasswordDetectAction.class */
public class CasServerUserPasswordDetectAction extends AbstractAction {
    private static final Logger log = LoggerFactory.getLogger(CasServerUserPasswordDetectAction.class);

    @Autowired
    private AccountService accountService;
    private final String casServerPrefix;
    private final ConfigManager configManager;
    private final ServiceFactory serviceFactory;
    private final TicketRegistrySupport ticketRegistrySupport;

    private String getConfigValue(String str, String str2) {
        Map<String, Config> configs = this.configManager.getConfigs();
        if (configs.containsKey(str)) {
            Config config = configs.get(str);
            if (StringUtils.isNotBlank(config.getConfigValue())) {
                return String.valueOf(config.getConfigValue());
            }
        }
        return str2;
    }

    private boolean getConfigValue(String str, boolean z) {
        Map<String, Config> configs = this.configManager.getConfigs();
        if (configs.containsKey(str)) {
            Config config = configs.get(str);
            if (StringUtils.isNotBlank(config.getConfigValue())) {
                return Boolean.valueOf(config.getConfigValue()).booleanValue();
            }
        }
        return z;
    }

    private String[] getConfigValue(String str, String[] strArr) {
        Map<String, Config> configs = this.configManager.getConfigs();
        if (configs.containsKey(str)) {
            Config config = configs.get(str);
            if (StringUtils.isNotBlank(config.getConfigValue())) {
                return String.valueOf(config.getConfigValue()).split(",");
            }
        }
        return strArr;
    }

    protected Event doExecute(RequestContext requestContext) throws Exception {
        Integer passwordStatus;
        if (!requestContext.getFlowScope().getBoolean("ALREADY_REDIRECT_SECURITY_CENTER", false).booleanValue() && getConfigValue("casServer.userPasswordDetect.enabled", false)) {
            String httpServletRequestUserAgentFromRequestContext = WebUtils.getHttpServletRequestUserAgentFromRequestContext(requestContext);
            log.debug("CasServerUserPasswordDetectAction.doExecute, Request user agent [{}]", httpServletRequestUserAgentFromRequestContext);
            if (!UserAgentUtils.isSuperApp(httpServletRequestUserAgentFromRequestContext) && !UserAgentUtils.isWhiteList(httpServletRequestUserAgentFromRequestContext, getConfigValue("casServer.userPasswordDetect.userAgent.whiteList", new String[0]))) {
                CasServerAccountCredential credential = WebUtils.getCredential(requestContext);
                log.debug("Credential: {}", credential);
                Authentication authenticationFrom = this.ticketRegistrySupport.getAuthenticationFrom(WebUtils.getTicketGrantingTicketId(requestContext));
                if (authenticationFrom == null) {
                    return null;
                }
                String[] configValue = getConfigValue("casServer.userPasswordDetect.warning.code", new String[0]);
                String configValue2 = getConfigValue("casServer.userPasswordDetect.warning.url", "");
                if (StringUtils.isBlank(configValue2) || configValue.length == 0) {
                    return null;
                }
                if (credential == null) {
                    passwordStatus = this.accountService.loadAccountByUsername(authenticationFrom.getPrincipal().getId()).getPasswordStatus();
                } else {
                    if (!(credential instanceof CasServerAccountCredential)) {
                        return null;
                    }
                    CasServerAccountCredential casServerAccountCredential = credential;
                    log.debug("CasServerAccountCredential: {}", casServerAccountCredential);
                    passwordStatus = casServerAccountCredential.getAccount().getPasswordStatus();
                    if (passwordStatus == null || passwordStatus.intValue() != 0) {
                        PasswordDetectVO detectPassword = this.accountService.detectPassword(casServerAccountCredential.getUsername(), casServerAccountCredential.getPassword());
                        passwordStatus = Integer.valueOf(detectPassword.getPasswordStatus());
                        log.warn(detectPassword.getWarning());
                    }
                }
                Boolean bool = false;
                if (passwordStatus == null) {
                    bool = true;
                } else if (passwordStatus.intValue() > 0) {
                    int length = configValue.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        if (String.valueOf(passwordStatus.intValue()).equals(configValue[i])) {
                            bool = true;
                            break;
                        }
                        i++;
                    }
                }
                if (bool.booleanValue()) {
                    WebApplicationService service = WebUtils.getService(requestContext);
                    String str = null;
                    if (service != null) {
                        try {
                            str = URLEncoder.encode(this.casServerPrefix + "/login?service=" + URLEncoder.encode(service.getId(), RSAUtils.CHARSET), RSAUtils.CHARSET);
                        } catch (UnsupportedEncodingException e) {
                            log.warn("urlEncoder error, string is {}, e is {}", service.getId(), e.getMessage());
                        }
                    }
                    String str2 = configValue2;
                    if (str != null) {
                        str2 = str2 + "?redirect_uri=" + str;
                    }
                    WebUtils.putService(requestContext, this.serviceFactory.createService(str2));
                    requestContext.getFlowScope().put("ALREADY_REDIRECT_SECURITY_CENTER", true);
                }
                return null;
            }
            return null;
        }
        return null;
    }

    public CasServerUserPasswordDetectAction(String str, ConfigManager configManager, ServiceFactory serviceFactory, TicketRegistrySupport ticketRegistrySupport) {
        this.casServerPrefix = str;
        this.configManager = configManager;
        this.serviceFactory = serviceFactory;
        this.ticketRegistrySupport = ticketRegistrySupport;
    }
}
