package org.apereo.cas.authentication;

import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.soap.generated.GetSoapAuthenticationRequest;
import org.apereo.cas.authentication.soap.generated.GetSoapAuthenticationResponse;
import org.apereo.cas.authentication.soap.generated.ObjectFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:org/apereo/cas/authentication/SoapAuthenticationHandler.class */
public class SoapAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SoapAuthenticationHandler.class);
    private final SoapAuthenticationClient soapAuthenticationClient;

    public SoapAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer num, SoapAuthenticationClient soapAuthenticationClient) {
        super(str, servicesManager, principalFactory, num);
        this.soapAuthenticationClient = soapAuthenticationClient;
    }

    protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential, String str) throws GeneralSecurityException {
        this.soapAuthenticationClient.setCredentials(usernamePasswordCredential);
        GetSoapAuthenticationRequest createGetSoapAuthenticationRequest = new ObjectFactory().createGetSoapAuthenticationRequest();
        createGetSoapAuthenticationRequest.setUsername(usernamePasswordCredential.getUsername());
        GetSoapAuthenticationResponse sendRequest = this.soapAuthenticationClient.sendRequest(createGetSoapAuthenticationRequest);
        if (sendRequest.getStatus() == HttpStatus.OK.value()) {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            sendRequest.getAttributes().forEach(mapItemType -> {
                linkedHashMap.put(mapItemType.getKey().toString(), (List) CollectionUtils.toCollection(mapItemType.getValue(), ArrayList.class));
            });
            return createHandlerResult(usernamePasswordCredential, this.principalFactory.createPrincipal(sendRequest.getUsername(), linkedHashMap), new ArrayList());
        }
        HttpStatus valueOf = HttpStatus.valueOf(sendRequest.getStatus());
        if (valueOf.equals(HttpStatus.FORBIDDEN)) {
            throw new AccountDisabledException("Could not authenticate forbidden account for " + usernamePasswordCredential.getUsername());
        }
        if (valueOf.equals(HttpStatus.UNAUTHORIZED)) {
            throw new FailedLoginException("Could not authenticate account for " + usernamePasswordCredential.getUsername());
        }
        if (valueOf.equals(HttpStatus.NOT_FOUND)) {
            throw new AccountNotFoundException("Could not locate account for " + usernamePasswordCredential.getUsername());
        }
        if (valueOf.equals(HttpStatus.LOCKED)) {
            throw new AccountLockedException("Could not authenticate locked account for " + usernamePasswordCredential.getUsername());
        }
        if (valueOf.equals(HttpStatus.PRECONDITION_FAILED)) {
            throw new AccountExpiredException("Could not authenticate expired account for " + usernamePasswordCredential.getUsername());
        }
        if (valueOf.equals(HttpStatus.PRECONDITION_REQUIRED)) {
            throw new AccountPasswordMustChangeException("Account password must change for " + usernamePasswordCredential.getUsername());
        }
        throw new FailedLoginException("SOAP endpoint returned an unknown status code " + valueOf + " for " + usernamePasswordCredential.getUsername());
    }
}
