package com.supwisdom.institute.cas.site.secauth.web.flow;

import com.alibaba.fastjson.JSONObject;
import com.supwisdom.institute.cas.site.attest.guard.AppPushGuardRemote;
import com.supwisdom.institute.cas.site.attest.guard.OtpGuardRemote;
import com.supwisdom.institute.cas.site.attest.guard.SecureEmailGuardRemote;
import com.supwisdom.institute.cas.site.attest.guard.SecurePhoneGuardRemote;
import com.supwisdom.institute.cas.site.config.ConfigUtil;
import com.supwisdom.institute.cas.site.qr.code.QrCode;
import com.supwisdom.institute.cas.site.secauth.state.SecState;
import com.supwisdom.institute.cas.site.secauth.state.SecStateStore;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:com/supwisdom/institute/cas/site/secauth/web/flow/SecVerifyAction.class */
public class SecVerifyAction extends AbstractAction {
    private static final Logger log = LoggerFactory.getLogger(SecVerifyAction.class);

    @Autowired
    private AppPushGuardRemote appPushGuardRemote;

    @Autowired
    private SecureEmailGuardRemote secureEmailGuardRemote;

    @Autowired
    private SecurePhoneGuardRemote securePhoneGuardRemote;

    @Autowired
    private OtpGuardRemote otpGuardRemote;

    @Autowired
    private SecStateStore secStateStore;

    protected Event doExecute(RequestContext requestContext) throws Exception {
        JSONObject verify;
        boolean configValue = ConfigUtil.instance().getConfigValue("casServer.config.secEnabled", false);
        if (!configValue) {
            requestContext.getFlowScope().put("secVeriySuccess", true);
            log.debug("SecVerifyAction.doExecute secEnabled is {}, no need to verify. skip!", Boolean.valueOf(configValue));
            return success();
        }
        if (requestContext.getFlowScope().contains("mfaVeriySuccess") && "true".equals(String.valueOf(requestContext.getFlowScope().get("mfaVeriySuccess")))) {
            requestContext.getFlowScope().put("secVeriySuccess", true);
            log.debug("SecVerifyAction.doExecute mfaVeriySuccess is true, no need to verify. skip!");
            return success();
        }
        String str = requestContext.getRequestParameters().get("secState");
        log.debug("SecVerifyAction.doExecute load stateKey from Request, {}", str);
        if (StringUtils.isBlank(str)) {
            log.error("SecVerifyAction.doExecute stateKey is blank.");
            return error();
        }
        SecState loadState = this.secStateStore.loadState(str);
        if (loadState == null) {
            log.error("SecVerifyAction.doExecute secState is null.");
            return error();
        }
        if (!loadState.isSecNeeded()) {
            requestContext.getFlowScope().put("secVeriySuccess", true);
            log.debug("SecVerifyAction.doExecute secNeeded is {}, no need to verify. skip!", Boolean.valueOf(loadState.isSecNeeded()));
            return success();
        }
        boolean configValue2 = ConfigUtil.instance().getConfigValue("casServer.config.secTypeAppPush", false);
        boolean configValue3 = ConfigUtil.instance().getConfigValue("casServer.config.secTypeSecurePhone", false);
        boolean configValue4 = ConfigUtil.instance().getConfigValue("casServer.config.secTypeSecureEmail", false);
        boolean configValue5 = ConfigUtil.instance().getConfigValue("casServer.config.secTypeFaceVerify", false);
        boolean configValue6 = ConfigUtil.instance().getConfigValue("casServer.config.secTypeOtp", false);
        String username = loadState.getUsername();
        String remoteIp = loadState.getRemoteIp();
        String userAgent = loadState.getUserAgent();
        String type = loadState.getType();
        String gid = loadState.getGid();
        String str2 = null;
        if ("apppush".equals(type) && configValue2) {
            JSONObject verify2 = this.appPushGuardRemote.verify(gid, username, remoteIp, userAgent, str, null);
            if (verify2 != null) {
                str2 = verify2.getString("status");
            }
        } else if ("secureemail".equals(type) && configValue4) {
            JSONObject verify3 = this.secureEmailGuardRemote.verify(gid, username, remoteIp, userAgent, str, null);
            if (verify3 != null) {
                str2 = verify3.getString("status");
            }
        } else if ("securephone".equals(type) && configValue3) {
            JSONObject verify4 = this.securePhoneGuardRemote.verify(gid, username, remoteIp, userAgent, str, null);
            if (verify4 != null) {
                str2 = verify4.getString("status");
            }
        } else if ((!"faceverify".equals(type) || !configValue5) && "otp".equals(type) && configValue6 && (verify = this.otpGuardRemote.verify(gid, username, remoteIp, userAgent, str, null)) != null) {
            str2 = verify.getString("status");
        }
        log.debug("SecVerifyAction.doExecute verify status, {}", str2);
        this.secStateStore.expireState(str);
        if (!QrCode.QR_CODE_STATUS_SCANED.equals(str2)) {
            log.error("SecVerifyAction.doExecute verify fail. status is {}", str2);
            return error();
        }
        requestContext.getFlowScope().put("secVeriySuccess", true);
        log.info("SecVerifyAction.doExecute verify success. status is {}", str2);
        return success();
    }
}
