package org.apereo.cas.adaptors.rest;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apereo.cas.DefaultMessageDescriptor;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.MessageDescriptor;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.support.password.PasswordExpiringWarningMessageDescriptor;
import org.apereo.cas.configuration.model.support.rest.RestAuthenticationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.cas.util.HttpUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:org/apereo/cas/adaptors/rest/RestAuthenticationHandler.class */
public class RestAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {
    public static final String HEADER_NAME_CAS_PASSWORD_EXPIRATION_DATE = "X-CAS-PasswordExpirationDate";
    public static final String HEADER_NAME_CAS_WARNING = "X-CAS-Warning";
    private final RestAuthenticationProperties properties;

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(RestAuthenticationHandler.class);
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(true).build().toObjectMapper();

    /* renamed from: org.apereo.cas.adaptors.rest.RestAuthenticationHandler$1, reason: invalid class name */
    /* loaded from: input_file:org/apereo/cas/adaptors/rest/RestAuthenticationHandler$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$springframework$http$HttpStatus = new int[HttpStatus.values().length];

        static {
            try {
                $SwitchMap$org$springframework$http$HttpStatus[HttpStatus.OK.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$springframework$http$HttpStatus[HttpStatus.FORBIDDEN.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$springframework$http$HttpStatus[HttpStatus.UNAUTHORIZED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$springframework$http$HttpStatus[HttpStatus.NOT_FOUND.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$springframework$http$HttpStatus[HttpStatus.LOCKED.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$springframework$http$HttpStatus[HttpStatus.PRECONDITION_FAILED.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$springframework$http$HttpStatus[HttpStatus.PRECONDITION_REQUIRED.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    public RestAuthenticationHandler(ServicesManager servicesManager, PrincipalFactory principalFactory, RestAuthenticationProperties restAuthenticationProperties) {
        super(restAuthenticationProperties.getName(), servicesManager, principalFactory, restAuthenticationProperties.getOrder());
        this.properties = restAuthenticationProperties;
    }

    protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential, String str) throws GeneralSecurityException {
        HttpResponse httpResponse = (HttpResponse) null;
        try {
            HttpResponse execute = HttpUtils.execute(HttpUtils.HttpExecutionRequest.builder().basicAuthUsername(usernamePasswordCredential.getUsername()).basicAuthPassword(usernamePasswordCredential.toPassword()).method(HttpMethod.POST).url(this.properties.getUri()).build());
            HttpStatus resolve = HttpStatus.resolve(((HttpResponse) Objects.requireNonNull(execute)).getStatusLine().getStatusCode());
            switch (AnonymousClass1.$SwitchMap$org$springframework$http$HttpStatus[((HttpStatus) Objects.requireNonNull(resolve)).ordinal()]) {
                case 1:
                    AuthenticationHandlerExecutionResult buildPrincipalFromResponse = buildPrincipalFromResponse(usernamePasswordCredential, execute);
                    HttpUtils.close(execute);
                    return buildPrincipalFromResponse;
                case 2:
                    throw new AccountDisabledException("Could not authenticate forbidden account for " + usernamePasswordCredential.getUsername());
                case 3:
                    throw new FailedLoginException("Could not authenticate account for " + usernamePasswordCredential.getUsername());
                case 4:
                    throw new AccountNotFoundException("Could not locate account for " + usernamePasswordCredential.getUsername());
                case 5:
                    throw new AccountLockedException("Could not authenticate locked account for " + usernamePasswordCredential.getUsername());
                case 6:
                    throw new AccountExpiredException("Could not authenticate expired account for " + usernamePasswordCredential.getUsername());
                case 7:
                    throw new AccountPasswordMustChangeException("Account password must change for " + usernamePasswordCredential.getUsername());
                default:
                    throw new FailedLoginException("Rest endpoint returned an unknown status code " + resolve + " for " + usernamePasswordCredential.getUsername());
            }
        } catch (Throwable th) {
            HttpUtils.close(httpResponse);
            throw th;
        }
    }

    protected AuthenticationHandlerExecutionResult buildPrincipalFromResponse(UsernamePasswordCredential usernamePasswordCredential, HttpResponse httpResponse) throws GeneralSecurityException {
        try {
            String iOUtils = IOUtils.toString(httpResponse.getEntity().getContent(), StandardCharsets.UTF_8);
            LOGGER.debug("REST authentication response received: [{}]", iOUtils);
            Principal principal = (Principal) MAPPER.readValue(iOUtils, Principal.class);
            return createHandlerResult(usernamePasswordCredential, this.principalFactory.createPrincipal(principal.getId(), principal.getAttributes()), getWarnings(httpResponse));
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            throw new FailedLoginException("Unable to detect the authentication principal for " + usernamePasswordCredential.getUsername());
        }
    }

    protected List<MessageDescriptor> getWarnings(HttpResponse httpResponse) {
        ArrayList arrayList = new ArrayList(2);
        Header firstHeader = httpResponse.getFirstHeader(HEADER_NAME_CAS_PASSWORD_EXPIRATION_DATE);
        if (firstHeader != null) {
            arrayList.add(new PasswordExpiringWarningMessageDescriptor((String) null, Duration.between(Instant.now(Clock.systemUTC()), DateTimeUtils.convertToZonedDateTime(firstHeader.getValue())).toDays()));
        }
        Header[] headers = httpResponse.getHeaders(HEADER_NAME_CAS_WARNING);
        if (headers != null) {
            Stream map = Arrays.stream(headers).map((v0) -> {
                return v0.getValue();
            }).map(DefaultMessageDescriptor::new);
            Objects.requireNonNull(arrayList);
            map.forEach((v1) -> {
                r1.add(v1);
            });
        }
        return arrayList;
    }
}
