package com.toopher.integrations.cas.authentication.handler;

import com.toopher.api.ToopherIframe;
import com.toopher.integrations.cas.ToopherConfig;
import com.toopher.integrations.cas.authentication.handler.ToopherAuthenticationException;
import com.toopher.integrations.cas.authentication.principal.ToopherCredentials;
import java.util.Map;
import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.authentication.handler.AuthenticationHandler;
import org.jasig.cas.authentication.principal.Credentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-mfa-toopher-1.0.0-RC1.jar:com/toopher/integrations/cas/authentication/handler/ToopherAuthenticationHandler.class */
public class ToopherAuthenticationHandler implements AuthenticationHandler {
    private ToopherConfig toopherConfig;
    private static final String PAIRING_DEACTIVATED = "707";
    private static final String USER_OPT_OUT = "704";
    private static final String USER_UNKNOWN = "705";
    private static final String OTHER_ERROR = "601";
    private static final String PAIRING_NOT_AUTHORIZED_SIG = "Pairing has not been authorized to authenticate";
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Override // org.jasig.cas.authentication.handler.AuthenticationHandler
    public boolean authenticate(Credentials credentials) throws AuthenticationException {
        ToopherCredentials toopherCredentials = (ToopherCredentials) credentials;
        this.logger.debug("Authenticate: username={}", toopherCredentials.getUsername());
        checkAndThrowToopherAuthenticationExceptions(toopherCredentials.getRequestParameters());
        Map<String, String> validate = ToopherIframe.validate(this.toopherConfig.getConsumerSecret(), toopherCredentials.getRequestParameters(), 100L);
        if (validate == null) {
            throw ToopherAuthenticationException.InvalidSignatureToopherException.getInstance();
        }
        if (!validate.containsKey("session_token") || validate.get("session_token").equals(toopherCredentials.getLoginTicketId())) {
            checkAndThrowToopherAuthenticationExceptions(validate);
            return validate.get("granted").toLowerCase().equals("true") && !validate.get("pending").toLowerCase().equals("true");
        }
        this.logger.warn("valid data, but for a different loginTokenID!");
        return false;
    }

    @Override // org.jasig.cas.authentication.handler.AuthenticationHandler
    public boolean supports(Credentials credentials) {
        return credentials.getClass() == ToopherCredentials.class;
    }

    public ToopherConfig getToopherConfig() {
        return this.toopherConfig;
    }

    public void setToopherConfig(ToopherConfig toopherConfig) {
        this.toopherConfig = toopherConfig;
    }

    private void checkAndThrowToopherAuthenticationExceptions(Map<String, String> map) throws ToopherAuthenticationException {
        if (map.containsKey("error_code")) {
            String str = map.get("error_code");
            String str2 = map.get("error_message");
            this.logger.error("Received error flag from Toopher [{}]:[{}]", str, str2);
            if (str.equals(PAIRING_DEACTIVATED)) {
                throw ToopherAuthenticationException.PairingDeactivatedToopherException.getInstance();
            }
            if (str.equals(USER_OPT_OUT)) {
                throw ToopherAuthenticationException.UserOptOutToopherException.getInstance();
            }
            if (str.equals(USER_UNKNOWN)) {
                throw ToopherAuthenticationException.UnknownUserToopherException.getInstance();
            }
            if (str.equals(OTHER_ERROR) && str2.contains(PAIRING_NOT_AUTHORIZED_SIG)) {
                throw ToopherAuthenticationException.PairingNotAuthorizedToopherException.getInstance();
            }
            this.logger.warn("Unknown error returned by Toopher API: error_code = " + str + ", error_message = '" + str2 + "'");
            throw ToopherAuthenticationException.getInstance();
        }
    }
}
