package org.apereo.cas.adaptors.jdbc;

import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import javax.sql.DataSource;
import lombok.Generated;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.UsernamePasswordCredential;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.IncorrectResultSizeDataAccessException;

/* loaded from: input_file:org/apereo/cas/adaptors/jdbc/QueryDatabaseAuthenticationHandler.class */
public class QueryDatabaseAuthenticationHandler extends AbstractJdbcUsernamePasswordAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(QueryDatabaseAuthenticationHandler.class);
    private final String sql;
    private final String fieldPassword;
    private final String fieldExpired;
    private final String fieldDisabled;
    private final Map<String, Object> principalAttributeMap;

    public QueryDatabaseAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer num, DataSource dataSource, String str2, String str3, String str4, String str5, Map<String, Object> map) {
        super(str, servicesManager, principalFactory, num, dataSource);
        this.sql = str2;
        this.fieldPassword = str3;
        this.fieldExpired = str4;
        this.fieldDisabled = str5;
        this.principalAttributeMap = map;
    }

    protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential, String str) throws GeneralSecurityException, PreventedException {
        Object obj;
        Object obj2;
        if (StringUtils.isBlank(this.sql) || getJdbcTemplate() == null) {
            throw new GeneralSecurityException("Authentication handler is not configured correctly. No SQL statement or JDBC template is found.");
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap(this.principalAttributeMap.size());
        String username = usernamePasswordCredential.getUsername();
        String password = usernamePasswordCredential.getPassword();
        try {
            Map queryForMap = getJdbcTemplate().queryForMap(this.sql, new Object[]{username});
            String str2 = (String) queryForMap.get(this.fieldPassword);
            if ((StringUtils.isNotBlank(str) && !matches(str, str2)) || (StringUtils.isBlank(str) && !StringUtils.equals(password, str2))) {
                throw new FailedLoginException("Password does not match value on record.");
            }
            if (StringUtils.isNotBlank(this.fieldDisabled) && (obj2 = queryForMap.get(this.fieldDisabled)) != null && (Boolean.TRUE.equals(Boolean.valueOf(BooleanUtils.toBoolean(obj2.toString()))) || obj2.equals(1))) {
                throw new AccountDisabledException("Account has been disabled");
            }
            if (StringUtils.isNotBlank(this.fieldExpired) && (obj = queryForMap.get(this.fieldExpired)) != null && (Boolean.TRUE.equals(Boolean.valueOf(BooleanUtils.toBoolean(obj.toString()))) || obj.equals(1))) {
                throw new AccountPasswordMustChangeException("Password has expired");
            }
            this.principalAttributeMap.forEach((str3, obj3) -> {
                Object obj3 = queryForMap.get(str3);
                if (obj3 == null) {
                    LOGGER.warn("Requested attribute [{}] could not be found in the query results", str3);
                } else {
                    LOGGER.debug("Found attribute [{}] from the query results", str3);
                    ((Collection) obj3).forEach(str3 -> {
                        LOGGER.debug("Principal attribute [{}] is virtually remapped/renamed to [{}]", str3, str3);
                        linkedHashMap.put(str3, CollectionUtils.wrap(obj3.toString()));
                    });
                }
            });
            return createHandlerResult(usernamePasswordCredential, this.principalFactory.createPrincipal(username, linkedHashMap), new ArrayList(0));
        } catch (IncorrectResultSizeDataAccessException e) {
            if (e.getActualSize() == 0) {
                throw new AccountNotFoundException(username + " not found with SQL query");
            }
            throw new FailedLoginException("Multiple records found for " + username);
        } catch (DataAccessException e2) {
            throw new PreventedException("SQL exception while executing query for " + username, e2);
        }
    }
}
