package org.apereo.cas.adaptors.rest;

import java.security.GeneralSecurityException;
import java.util.ArrayList;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.HandlerResult;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.UsernamePasswordCredential;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.SimplePrincipal;
import org.apereo.cas.services.ServicesManager;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.client.HttpClientErrorException;

/* loaded from: input_file:org/apereo/cas/adaptors/rest/RestAuthenticationHandler.class */
public class RestAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {
    private final RestAuthenticationApi api;

    public RestAuthenticationHandler(String str, RestAuthenticationApi restAuthenticationApi) {
        super(str, (ServicesManager) null, (PrincipalFactory) null, (Integer) null);
        this.api = restAuthenticationApi;
    }

    protected HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential, String str) throws GeneralSecurityException, PreventedException {
        try {
            ResponseEntity<SimplePrincipal> authenticate = this.api.authenticate(new UsernamePasswordCredential(usernamePasswordCredential.getUsername(), usernamePasswordCredential.getPassword()));
            if (authenticate.getStatusCode() != HttpStatus.OK) {
                throw new FailedLoginException("Rest endpoint returned an unknown response for " + usernamePasswordCredential.getUsername());
            }
            SimplePrincipal simplePrincipal = (SimplePrincipal) authenticate.getBody();
            if (simplePrincipal == null || StringUtils.isBlank(simplePrincipal.getId())) {
                throw new FailedLoginException("Could not determine authentication response from rest endpoint for " + usernamePasswordCredential.getUsername());
            }
            return createHandlerResult(usernamePasswordCredential, this.principalFactory.createPrincipal(simplePrincipal.getId(), simplePrincipal.getAttributes()), new ArrayList());
        } catch (HttpClientErrorException e) {
            if (e.getStatusCode() == HttpStatus.FORBIDDEN) {
                throw new AccountDisabledException("Could not authenticate forbidden account for " + usernamePasswordCredential.getUsername());
            }
            if (e.getStatusCode() == HttpStatus.UNAUTHORIZED) {
                throw new FailedLoginException("Could not authenticate account for " + usernamePasswordCredential.getUsername());
            }
            if (e.getStatusCode() == HttpStatus.NOT_FOUND) {
                throw new AccountNotFoundException("Could not locate account for " + usernamePasswordCredential.getUsername());
            }
            if (e.getStatusCode() == HttpStatus.LOCKED) {
                throw new AccountLockedException("Could not authenticate locked account for " + usernamePasswordCredential.getUsername());
            }
            if (e.getStatusCode() == HttpStatus.PRECONDITION_REQUIRED) {
                throw new AccountPasswordMustChangeException("Account password must change for " + usernamePasswordCredential.getUsername());
            }
            if (e.getStatusCode() == HttpStatus.PRECONDITION_FAILED) {
                throw new AccountExpiredException("Could not authenticate expired account for " + usernamePasswordCredential.getUsername());
            }
            throw new FailedLoginException("Rest endpoint returned an unknown status code " + e.getStatusCode() + " for " + usernamePasswordCredential.getUsername());
        }
    }
}
