package com.supwisdom.institute.cas.site.federated.authentication.handler.support;

import com.supwisdom.institute.cas.site.account.Account;
import com.supwisdom.institute.cas.site.authentication.exceptions.AccountNonActivatedException;
import com.supwisdom.institute.cas.site.authx.log.enums.AuthnFailReason;
import com.supwisdom.institute.cas.site.federated.authentication.FederatedClientFactory;
import com.supwisdom.institute.cas.site.federated.authentication.principal.FederatedClientCredential;
import com.supwisdom.institute.cas.site.lock.service.LockValidator;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/supwisdom/institute/cas/site/federated/authentication/handler/support/FederatedAuthenticationHandler.class */
public class FederatedAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {
    private static final Logger log = LoggerFactory.getLogger(FederatedAuthenticationHandler.class);

    @Autowired
    private LockValidator lockValidator;
    protected final Map<String, FederatedClientFactory.FederatedClient> clients;

    public FederatedAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, Map<String, FederatedClientFactory.FederatedClient> map) {
        super(str, servicesManager, principalFactory, (Integer) null);
        this.clients = map;
    }

    public boolean supports(Credential credential) {
        return credential != null && FederatedClientCredential.class.isAssignableFrom(credential.getClass());
    }

    protected AuthenticationHandlerExecutionResult doAuthentication(Credential credential) throws GeneralSecurityException, PreventedException {
        try {
            FederatedClientCredential federatedClientCredential = (FederatedClientCredential) credential;
            log.debug("Located federation credentials as [{}]", federatedClientCredential);
            FederatedClientFactory.FederatedClient federatedClient = this.clients.get(federatedClientCredential.getFederatedName());
            log.debug("Federated client is: [{}]", federatedClient);
            if (federatedClient == null) {
                throw new IllegalArgumentException(AuthnFailReason.LOGIN_FAILED.name());
            }
            Account account = federatedClientCredential.getAccount();
            log.debug("Final account is: [{}]", account);
            if (account == null) {
                throw new AccountNotFoundException(AuthnFailReason.ACCOUNT_NOT_FOUND.name());
            }
            account.setLoginType("Federated");
            if (!account.getActivation().booleanValue()) {
                throw new AccountNonActivatedException(AuthnFailReason.ACCOUNT_NON_ACTIVATED.name());
            }
            if (!account.getEnabled().booleanValue()) {
                throw new AccountDisabledException(AuthnFailReason.ACCOUNT_DISABLED.name());
            }
            if (!account.getAccountNonExpired().booleanValue()) {
                throw new AccountExpiredException(AuthnFailReason.ACCOUNT_EXPIRED.name());
            }
            if (account.getAccountNonLocked().booleanValue() || !this.lockValidator.isAccountLock(account.getUsername())) {
                return createResult(federatedClientCredential, account, federatedClient);
            }
            throw new AccountLockedException(AuthnFailReason.ACCOUNT_LOCKED.name());
        } catch (GeneralSecurityException e) {
            log.error(e.getMessage(), e);
            throw e;
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new PreventedException(e2);
        }
    }

    protected AuthenticationHandlerExecutionResult createResult(FederatedClientCredential federatedClientCredential, Account account, FederatedClientFactory.FederatedClient federatedClient) throws GeneralSecurityException {
        if (account == null) {
            throw new FailedLoginException("Authentication did not produce a user account for: " + federatedClientCredential);
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (StringUtils.isBlank(account.getUsername())) {
            throw new FailedLoginException("No identifier found for this user account: " + account);
        }
        linkedHashMap.put("account", account);
        Principal createPrincipal = this.principalFactory.createPrincipal(account.getUsername(), linkedHashMap);
        log.debug("Constructed authenticated principal [{}] based on user account [{}]", createPrincipal, account);
        return createHandlerResult(federatedClientCredential, createPrincipal, new ArrayList(0));
    }
}
