package com.supwisdom.institute.cas.site.secauth.web.flow;

import com.supwisdom.institute.cas.site.account.Account;
import com.supwisdom.institute.cas.site.attest.detect.Detector;
import com.supwisdom.institute.cas.site.config.Config;
import com.supwisdom.institute.cas.site.config.ConfigManager;
import com.supwisdom.institute.cas.site.secauth.silencestate.SecSilenceStateStore;
import com.supwisdom.institute.cas.site.secauth.state.SecState;
import com.supwisdom.institute.cas.site.secauth.state.SecStateStore;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.AbstractTicketException;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:com/supwisdom/institute/cas/site/secauth/web/flow/SecDetectAction.class */
public class SecDetectAction extends AbstractAction {
    private static final Logger log = LoggerFactory.getLogger(SecDetectAction.class);
    public static final String EVENT_ID_SEC_AUTH = "secAuth";
    private final ConfigManager configManager;
    private final TicketRegistrySupport ticketRegistrySupport;
    private final AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies;
    private final ServicesManager servicesManager;

    @Autowired
    @Qualifier("usernameLoginIpDetector")
    private Detector usernameLoginIpDetector;

    @Autowired
    private SecStateStore secStateStore;

    @Autowired
    private SecSilenceStateStore secSilenceStateStore;

    private Boolean getConfigValue(String str, Boolean bool) {
        Config config = this.configManager.getConfigs().get(str);
        if (config != null && StringUtils.isNotBlank(config.getConfigValue())) {
            try {
                return Boolean.valueOf(config.getConfigValue());
            } catch (Exception e) {
            }
        }
        return bool;
    }

    private Integer getConfigValue(String str, Integer num) {
        Config config = this.configManager.getConfigs().get(str);
        if (config != null && StringUtils.isNotBlank(config.getConfigValue())) {
            try {
                return Integer.valueOf(config.getConfigValue());
            } catch (Exception e) {
            }
        }
        return num;
    }

    protected Event doExecute(RequestContext requestContext) throws Exception {
        if (!getConfigValue("casServer.config.secEnabled", (Boolean) false).booleanValue()) {
            return null;
        }
        WebApplicationService service = WebUtils.getService(requestContext);
        log.debug("Service asking for service ticket is [{}]", service);
        String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
        log.debug("Ticket-granting ticket found in the context is [{}]", ticketGrantingTicketId);
        boolean z = requestContext.getFlowScope().contains("loginByUsernamePassword") && "true".equals(String.valueOf(requestContext.getFlowScope().get("loginByUsernamePassword")));
        boolean z2 = requestContext.getFlowScope().contains("loginForCreateTGT") && "true".equals(String.valueOf(requestContext.getFlowScope().get("loginForCreateTGT")));
        boolean z3 = requestContext.getFlowScope().contains("mfaVeriySuccess") && "true".equals(String.valueOf(requestContext.getFlowScope().get("mfaVeriySuccess")));
        boolean z4 = requestContext.getFlowScope().contains("secVeriySuccess") && "true".equals(String.valueOf(requestContext.getFlowScope().get("secVeriySuccess")));
        int intValue = getConfigValue("casServer.config.secTimeSilenceInMinutes", (Integer) 10).intValue();
        boolean booleanValue = getConfigValue("casServer.config.secStrategyStaticFirst", (Boolean) false).booleanValue();
        Long valueOf = Long.valueOf(intValue * 60);
        if (booleanValue) {
            if (z2) {
                if (z4) {
                    this.secSilenceStateStore.renewSilenceState(ticketGrantingTicketId, Long.valueOf(System.currentTimeMillis()), valueOf);
                    log.debug("SecDetectAction.doExecute, login first time, sec verified, skip");
                    requestContext.getFlowScope().remove("secVeriySuccess");
                    return null;
                }
                log.warn("SecDetectAction.doExecute, login first time, need sec detect");
            }
        } else {
            if (z3 || !z) {
                this.secSilenceStateStore.renewSilenceState(ticketGrantingTicketId, Long.valueOf(System.currentTimeMillis()), valueOf);
                log.debug("SecDetectAction.doExecute, mfa verified, skip");
                return null;
            }
            if (z4) {
                this.secSilenceStateStore.renewSilenceState(ticketGrantingTicketId, Long.valueOf(System.currentTimeMillis()), valueOf);
                log.debug("SecDetectAction.doExecute, sec verified, skip");
                requestContext.getFlowScope().remove("secVeriySuccess");
                return null;
            }
        }
        if (this.secSilenceStateStore.loadSilenceState(ticketGrantingTicketId) != null) {
            log.debug("SecDetectAction.doExecute, sec is in silence time, skip");
            return null;
        }
        Account account = null;
        try {
            RegisteredService findServiceBy = this.servicesManager.findServiceBy(this.authenticationRequestServiceSelectionStrategies.resolveService(service));
            log.debug("Registered service asking for service ticket is [{}]", findServiceBy);
            if (findServiceBy == null) {
                return null;
            }
            Map properties = findServiceBy.getProperties();
            boolean z5 = false;
            if (properties != null && properties.containsKey("secEnabled")) {
                z5 = "true".equalsIgnoreCase(((RegisteredServiceProperty) properties.get("secEnabled")).getValue());
            }
            if (!z5) {
                log.debug("SecDetectAction.doExecute, service secEnabled is false, skip");
                return null;
            }
            Authentication authenticationFrom = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicketId);
            if (authenticationFrom == null) {
                throw new InvalidTicketException(new AuthenticationException("No authentication found for ticket " + ticketGrantingTicketId), ticketGrantingTicketId);
            }
            Map attributes = authenticationFrom.getPrincipal().getAttributes();
            if (attributes.containsKey("account")) {
                Set collection = CollectionUtils.toCollection(attributes.get("account"));
                if (!collection.isEmpty()) {
                    Object next = collection.iterator().next();
                    if (Account.class.isInstance(next)) {
                        account = (Account) next;
                    }
                }
            }
            if (account == null) {
                log.warn("SecDetectAction.doExecute, account is null");
                return null;
            }
            ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
            String httpServletRequestUserAgentFromRequestContext = WebUtils.getHttpServletRequestUserAgentFromRequestContext();
            String clientIpAddress = clientInfo != null ? clientInfo.getClientIpAddress() : "unknown.ip";
            String username = account.getUsername();
            boolean booleanValue2 = getConfigValue("casServer.config.secTypeAppPush", (Boolean) false).booleanValue();
            boolean booleanValue3 = getConfigValue("casServer.config.secTypeSecurePhone", (Boolean) false).booleanValue();
            boolean booleanValue4 = getConfigValue("casServer.config.secTypeSecureEmail", (Boolean) false).booleanValue();
            boolean booleanValue5 = getConfigValue("casServer.config.secTypeFaceVerify", (Boolean) false).booleanValue();
            requestContext.getFlowScope().put("secTypeAppPush", Boolean.valueOf(booleanValue2));
            requestContext.getFlowScope().put("secTypeSecurePhone", Boolean.valueOf(booleanValue3));
            requestContext.getFlowScope().put("secTypeSecureEmail", Boolean.valueOf(booleanValue4));
            requestContext.getFlowScope().put("secTypeFaceVerify", Boolean.valueOf(booleanValue5));
            String userId = account.getUserId();
            String securePhone = account.getSecurePhone();
            String secureEmail = account.getSecureEmail();
            SecState secState = new SecState();
            secState.setSecNeeded(true);
            secState.setUsername(username);
            secState.setRemoteIp(clientIpAddress);
            secState.setUserAgent(httpServletRequestUserAgentFromRequestContext);
            secState.setUserId(userId);
            secState.setSecurePhone(securePhone);
            secState.setSecureEmail(secureEmail);
            requestContext.getFlowScope().put("secState", this.secStateStore.createState(secState, 3600L));
            requestContext.getFlowScope().put("secNeed", true);
            return getEventFactorySupport().event(this, EVENT_ID_SEC_AUTH);
        } catch (AbstractTicketException e) {
            log.error("SecDetectAction.doExecute, error is {}", e.getMessage());
            return null;
        }
    }

    public SecDetectAction(ConfigManager configManager, TicketRegistrySupport ticketRegistrySupport, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, ServicesManager servicesManager) {
        this.configManager = configManager;
        this.ticketRegistrySupport = ticketRegistrySupport;
        this.authenticationRequestServiceSelectionStrategies = authenticationServiceSelectionPlan;
        this.servicesManager = servicesManager;
    }
}
