package com.supwisdom.institute.cas.site.qr.code.web.flow;

import com.supwisdom.institute.cas.site.account.Account;
import com.supwisdom.institute.cas.site.common.util.RSAUtils;
import com.supwisdom.institute.cas.site.qr.code.QrCode;
import com.supwisdom.institute.cas.site.qr.code.QrCodeStore;
import com.supwisdom.institute.cas.site.qr.code.authentication.QrCodeCredential;
import com.supwisdom.institute.cas.site.web.flow.actions.CasServerMultiAccountAction;
import com.supwisdom.institute.cas.site.web.flow.model.AccountModel;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:com/supwisdom/institute/cas/site/qr/code/web/flow/QrCodeAuthenticationAction.class */
public class QrCodeAuthenticationAction extends AbstractNonInteractiveCredentialsAction {
    private static final Logger log = LoggerFactory.getLogger(QrCodeAuthenticationAction.class);
    private final ServicesManager servicesManager;
    private final QrCodeStore redisQrCodeStore;

    public QrCodeAuthenticationAction(CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver, CasWebflowEventResolver casWebflowEventResolver, AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy, ServicesManager servicesManager, QrCodeStore qrCodeStore) {
        super(casDelegatingWebflowEventResolver, casWebflowEventResolver, adaptiveAuthenticationPolicy);
        this.servicesManager = servicesManager;
        this.redisQrCodeStore = qrCodeStore;
    }

    protected Event doExecute(RequestContext requestContext) {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        WebApplicationService service = WebUtils.getService(requestContext);
        requestContext.getFlashScope().put("currentMenu", requestContext.getRequestParameters().get("currentMenu"));
        if (service != null) {
            RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, this.servicesManager.findServiceBy(service));
        }
        String parameter = httpServletRequestFromExternalWebflowContext.getParameter("qrCodeKey");
        log.debug("Received qrCode from paramter: [{}]", parameter);
        if (StringUtils.isNotBlank(parameter)) {
            try {
                QrCode loadQrCode = this.redisQrCodeStore.loadQrCode(parameter);
                if (loadQrCode == null) {
                    this.redisQrCodeStore.removeQrCode(parameter);
                    return null;
                }
                if (!QrCode.QR_CODE_STATUS_AUTHED.equals(loadQrCode.getStatus())) {
                    this.redisQrCodeStore.removeQrCode(parameter);
                    return null;
                }
                QrCodeCredential qrCodeCredential = new QrCodeCredential(parameter, service);
                log.debug("Received qrCode authentication request [{}] ", qrCodeCredential);
                List<Account> accounts = loadQrCode.getAccounts();
                if (accounts == null || accounts.isEmpty()) {
                    return null;
                }
                if (accounts.size() == 1) {
                    requestContext.getFlowScope().put("originalUsername", "");
                    qrCodeCredential.setAccount(accounts.get(0));
                    WebUtils.putCredential(requestContext, qrCodeCredential);
                    return super.doExecute(requestContext);
                }
                if (accounts.size() > 1) {
                    Account account = null;
                    ArrayList arrayList = new ArrayList();
                    for (Account account2 : accounts) {
                        AccountModel accountModel = new AccountModel();
                        accountModel.setNormal(account2.isNormal());
                        accountModel.setDefaultAccount(account2.isDefaultAccount());
                        accountModel.setId(account2.getId());
                        accountModel.setName(account2.getName());
                        accountModel.setUsernameOrigin(account2.getUsername());
                        accountModel.setUsername(encodeUsername(account2.getUsername()));
                        accountModel.setUsernameEncrypt(rsaEncrypt(account2.getUsername()));
                        accountModel.setIdentity(account2.getIdentity());
                        accountModel.setOrganization(account2.getOrganization());
                        accountModel.setIdentityTypeCode(account2.getIdentityTypeCode());
                        accountModel.setIdentityTypeName(account2.getIdentityTypeName());
                        arrayList.add(accountModel);
                        if (account2.isDefaultAccount() && account2.isNormal()) {
                            account = account2;
                        }
                    }
                    if (account != null) {
                        qrCodeCredential.setAccount(account);
                        WebUtils.putCredential(requestContext, qrCodeCredential);
                        return super.doExecute(requestContext);
                    }
                    Collections.sort(arrayList);
                    requestContext.getFlowScope().put("casServerMultiAccounts", arrayList);
                    return getEventFactorySupport().event(this, CasServerMultiAccountAction.EVENT_ID_SELECT_ACCOUNT);
                }
            } catch (Exception e) {
                log.warn(e.getMessage(), e);
            }
        }
        return error();
    }

    protected Event doPreExecute(RequestContext requestContext) throws Exception {
        return null;
    }

    protected Credential constructCredentialsFromRequest(RequestContext requestContext) {
        return null;
    }

    private String rsaEncrypt(String str) {
        return "__RSA__" + RSAUtils.publicEncrypt(str, RSAUtils.instance().getPublicKey());
    }

    private String encodeUsername(String str) {
        if (StringUtils.isNotBlank(str)) {
            return str.length() > 5 ? str.replaceAll("(.{2}).*(.{2})", "$1****$2") : str.replaceAll("(.{1}).*(.{1})", "$1****$2");
        }
        return null;
    }
}
