package net.unicon.cas.mfa.web.flow;

import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.validation.constraints.NotNull;
import net.unicon.cas.addons.authentication.AuthenticationSupport;
import net.unicon.cas.mfa.authentication.MultiFactorAuthenticationRequestContext;
import net.unicon.cas.mfa.authentication.MultiFactorAuthenticationRequestResolver;
import net.unicon.cas.mfa.authentication.MultiFactorAuthenticationTransactionContext;
import net.unicon.cas.mfa.authentication.RequestedAuthenticationMethodRankingStrategy;
import net.unicon.cas.mfa.web.flow.event.ErroringMultiFactorAuthenticationSpringWebflowEventBuilder;
import net.unicon.cas.mfa.web.flow.event.MultiFactorAuthenticationSpringWebflowEventBuilder;
import net.unicon.cas.mfa.web.flow.event.ServiceAuthenticationMethodMultiFactorAuthenticationSpringWebflowEventBuilder;
import net.unicon.cas.mfa.web.flow.util.MultiFactorRequestContextUtils;
import net.unicon.cas.mfa.web.support.AuthenticationMethodVerifier;
import net.unicon.cas.mfa.web.support.MultiFactorAuthenticationSupportingWebApplicationService;
import org.apache.commons.lang.StringUtils;
import org.jasig.cas.CentralAuthenticationService;
import org.jasig.cas.authentication.Authentication;
import org.jasig.cas.authentication.AuthenticationManager;
import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.authentication.principal.Credentials;
import org.jasig.cas.authentication.principal.SimpleWebApplicationServiceImpl;
import org.jasig.cas.authentication.principal.WebApplicationService;
import org.jasig.cas.ticket.TicketException;
import org.jasig.cas.web.bind.CredentialsBinder;
import org.jasig.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.binding.message.MessageContext;
import org.springframework.util.Assert;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.definition.FlowDefinition;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-mfa-java-1.0.0-RC3.jar:net/unicon/cas/mfa/web/flow/AbstractMultiFactorAuthenticationViaFormAction.class */
public abstract class AbstractMultiFactorAuthenticationViaFormAction extends AbstractAction {

    @NotNull
    protected AuthenticationManager authenticationManager;

    @NotNull
    protected CentralAuthenticationService cas;

    @NotNull
    protected CredentialsBinder credentialsBinder;
    protected final MultiFactorAuthenticationRequestResolver multiFactorAuthenticationRequestResolver;
    protected final AuthenticationSupport authenticationSupport;
    protected final AuthenticationMethodVerifier authenticationMethodVerifier;
    private final RequestedAuthenticationMethodRankingStrategy authnMethodRankingStrategy;
    private final String hostname;
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private boolean destroyPreviousSingleSignOnSession = true;
    private MultiFactorAuthenticationSpringWebflowEventBuilder successfulEventBuilder = new ServiceAuthenticationMethodMultiFactorAuthenticationSpringWebflowEventBuilder();
    private MultiFactorAuthenticationSpringWebflowEventBuilder errorEventBuilder = new ErroringMultiFactorAuthenticationSpringWebflowEventBuilder();

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractMultiFactorAuthenticationViaFormAction(MultiFactorAuthenticationRequestResolver multiFactorAuthenticationRequestResolver, AuthenticationSupport authenticationSupport, AuthenticationMethodVerifier authenticationMethodVerifier, RequestedAuthenticationMethodRankingStrategy requestedAuthenticationMethodRankingStrategy, String str) {
        this.multiFactorAuthenticationRequestResolver = multiFactorAuthenticationRequestResolver;
        this.authenticationSupport = authenticationSupport;
        this.authenticationMethodVerifier = authenticationMethodVerifier;
        this.authnMethodRankingStrategy = requestedAuthenticationMethodRankingStrategy;
        this.hostname = str;
    }

    public final void doBind(RequestContext requestContext, Credentials credentials) throws Exception {
        HttpServletRequest httpServletRequest = WebUtils.getHttpServletRequest(requestContext);
        if (this.credentialsBinder == null || !this.credentialsBinder.supports(credentials.getClass())) {
            return;
        }
        this.credentialsBinder.bind(httpServletRequest, credentials);
    }

    private boolean isMultiFactorAuthenticationRequest(RequestContext requestContext) {
        return MultiFactorRequestContextUtils.getMfaTransaction(requestContext) != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Event doMultiFactorAuthentication(RequestContext requestContext, Credentials credentials, MessageContext messageContext, String str) throws Exception {
        Assert.notNull(str);
        Assert.notNull(credentials);
        try {
            if (this.destroyPreviousSingleSignOnSession) {
                String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
                if (!StringUtils.isBlank(ticketGrantingTicketId)) {
                    this.cas.destroyTicketGrantingTicket(ticketGrantingTicketId);
                }
            }
            Authentication authenticate = this.authenticationManager.authenticate(credentials);
            if (MultiFactorRequestContextUtils.getMultifactorWebApplicationService(requestContext) == null) {
                List<MultiFactorAuthenticationRequestContext> mfaRequestOrNull = getMfaRequestOrNull(authenticate, WebUtils.getService(requestContext), requestContext);
                if (mfaRequestOrNull == null) {
                    MultiFactorRequestContextUtils.setMultifactorWebApplicationService(requestContext, getHighestRankedMfaRequestFromMfaTransaction(requestContext));
                } else {
                    MultiFactorRequestContextUtils.setMultifactorWebApplicationService(requestContext, addToMfaTransactionAndGetHighestRankedMfaRequest(mfaRequestOrNull, requestContext));
                }
            }
            Event multiFactorAuthenticationSuccessful = multiFactorAuthenticationSuccessful(authenticate, requestContext, credentials, messageContext, str);
            MultiFactorRequestContextUtils.setAuthentication(requestContext, authenticate);
            return multiFactorAuthenticationSuccessful;
        } catch (AuthenticationException e) {
            populateErrorsInstance(e.getCode(), messageContext);
            MultiFactorRequestContextUtils.setAuthenticationExceptionInFlowScope(requestContext, e);
            this.logger.error(e.getMessage(), (Throwable) e);
            return getErrorEvent(requestContext);
        }
    }

    protected abstract Event doAuthentication(RequestContext requestContext, Credentials credentials, MessageContext messageContext, String str) throws Exception;

    protected final boolean isValidLoginTicket(RequestContext requestContext, MessageContext messageContext) {
        String loginTicketFromFlowScope = WebUtils.getLoginTicketFromFlowScope(requestContext);
        String loginTicketFromRequest = WebUtils.getLoginTicketFromRequest(requestContext);
        if (loginTicketFromFlowScope.equals(loginTicketFromRequest)) {
            return true;
        }
        this.logger.warn("Invalid login ticket {}", loginTicketFromRequest);
        messageContext.addMessage(new MessageBuilder().error().code("INVALID_TICKET").arg(loginTicketFromRequest).defaultText("INVALID_TICKET").build());
        return false;
    }

    private Event submit(RequestContext requestContext, Credentials credentials, MessageContext messageContext, String str) throws Exception {
        return isMultiFactorAuthenticationRequest(requestContext) ? isValidLoginTicket(requestContext, messageContext) ? doMultiFactorAuthentication(requestContext, credentials, messageContext, str) : getErrorEvent(requestContext) : doAuthentication(requestContext, credentials, messageContext, str);
    }

    protected abstract Event multiFactorAuthenticationSuccessful(Authentication authentication, RequestContext requestContext, Credentials credentials, MessageContext messageContext, String str) throws TicketException;

    public final void setCredentialsBinder(CredentialsBinder credentialsBinder) {
        this.credentialsBinder = credentialsBinder;
    }

    public final void setCentralAuthenticationService(CentralAuthenticationService centralAuthenticationService) {
        this.cas = centralAuthenticationService;
    }

    public void setSuccessfulEventBuilder(MultiFactorAuthenticationSpringWebflowEventBuilder multiFactorAuthenticationSpringWebflowEventBuilder) {
        this.successfulEventBuilder = multiFactorAuthenticationSpringWebflowEventBuilder;
    }

    public void setErrorEventBuilder(MultiFactorAuthenticationSpringWebflowEventBuilder multiFactorAuthenticationSpringWebflowEventBuilder) {
        this.errorEventBuilder = multiFactorAuthenticationSpringWebflowEventBuilder;
    }

    public void setDestroyPreviousSingleSignOnSession(boolean z) {
        this.destroyPreviousSingleSignOnSession = z;
    }

    public final void setMultiFactorAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Event getErrorEvent(RequestContext requestContext) {
        Event buildEvent = this.errorEventBuilder.buildEvent(requestContext);
        FlowDefinition activeFlow = requestContext.getActiveFlow();
        this.logger.debug("Returning an error event [{}] in the active flow id [{}]", buildEvent.getId(), activeFlow != null ? activeFlow.getId() : "[none]");
        return buildEvent;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Event getSuccessEvent(RequestContext requestContext) {
        return this.successfulEventBuilder.buildEvent(requestContext);
    }

    @Override // org.springframework.webflow.action.AbstractAction, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
    }

    protected final void populateErrorsInstance(String str, MessageContext messageContext) {
        try {
            messageContext.addMessage(new MessageBuilder().error().code(str).defaultText(str).build());
        } catch (Exception e) {
            this.logger.error(e.getMessage(), (Throwable) e);
        }
    }

    @Override // org.springframework.webflow.action.AbstractAction
    protected final Event doExecute(RequestContext requestContext) throws Exception {
        Credentials credentials = (Credentials) requestContext.getFlowScope().get("credentials");
        MessageContext messageContext = requestContext.getMessageContext();
        if (credentials != null) {
            return submit(requestContext, credentials, messageContext, credentials.toString());
        }
        this.logger.warn("Credentials could not be determined, or no username was associated with the request.");
        return getErrorEvent(requestContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<MultiFactorAuthenticationRequestContext> getMfaRequestOrNull(Authentication authentication, WebApplicationService webApplicationService, RequestContext requestContext) {
        WebApplicationService webApplicationService2 = webApplicationService;
        if (webApplicationService == null) {
            webApplicationService2 = new SimpleWebApplicationServiceImpl(this.hostname, null);
        }
        List<MultiFactorAuthenticationRequestContext> resolve = this.multiFactorAuthenticationRequestResolver.resolve(authentication, webApplicationService2);
        if (resolve != null) {
            for (MultiFactorAuthenticationRequestContext multiFactorAuthenticationRequestContext : resolve) {
                this.authenticationMethodVerifier.verifyAuthenticationMethod(multiFactorAuthenticationRequestContext.getMfaService().getAuthenticationMethod(), multiFactorAuthenticationRequestContext.getMfaService(), (HttpServletRequest) HttpServletRequest.class.cast(requestContext.getExternalContext().getNativeRequest()));
                this.logger.info("There is an existing mfa request for service [{}] with a requested authentication method of [{}]", multiFactorAuthenticationRequestContext.getMfaService().getId(), multiFactorAuthenticationRequestContext.getMfaService().getAuthenticationMethod());
            }
            this.logger.debug("Resolved {} multifactor authentication requests", Integer.valueOf(resolve.size()));
            if (resolve.size() == 0) {
                this.logger.debug("No multifactor authentication requests could be resolved.");
                return null;
            }
        }
        return resolve;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MultiFactorAuthenticationSupportingWebApplicationService addToMfaTransactionAndGetHighestRankedMfaRequest(List<MultiFactorAuthenticationRequestContext> list, RequestContext requestContext) {
        MultiFactorAuthenticationTransactionContext mfaTransaction = MultiFactorRequestContextUtils.getMfaTransaction(requestContext);
        if (mfaTransaction == null && list.size() > 0) {
            mfaTransaction = new MultiFactorAuthenticationTransactionContext(list.get(0).getMfaService().getId());
        }
        Iterator<MultiFactorAuthenticationRequestContext> it = list.iterator();
        while (it.hasNext()) {
            mfaTransaction.addMfaRequest(it.next());
        }
        MultiFactorRequestContextUtils.setMfaTransaction(requestContext, mfaTransaction);
        return getHighestRankedMfaRequestFromMfaTransaction(requestContext);
    }

    private MultiFactorAuthenticationSupportingWebApplicationService getHighestRankedMfaRequestFromMfaTransaction(RequestContext requestContext) {
        return this.authnMethodRankingStrategy.computeHighestRankingAuthenticationMethod(MultiFactorRequestContextUtils.getMfaTransaction(requestContext));
    }
}
