package org.apereo.cas.syncope.authentication;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpResponse;
import org.apache.syncope.common.lib.to.UserTO;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.HttpUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/syncope/authentication/SyncopeAuthenticationHandler.class */
public class SyncopeAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SyncopeAuthenticationHandler.class);
    private final ObjectMapper objectMapper;
    private final String syncopeUrl;
    private final String syncopeDomain;

    public SyncopeAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, String str2, String str3) {
        super(str, servicesManager, principalFactory, (Integer) null);
        this.objectMapper = new IgnoringJaxbModuleJacksonObjectMapper().findAndRegisterModules();
        this.syncopeUrl = str2;
        this.syncopeDomain = str3;
    }

    protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential, String str) {
        try {
            HttpResponse executeGet = HttpUtils.executeGet(StringUtils.appendIfMissing(this.syncopeUrl, "/rest/users/self", new CharSequence[0]), usernamePasswordCredential.getUsername(), usernamePasswordCredential.getPassword(), new HashMap(), CollectionUtils.wrap("X-Syncope-Domain", this.syncopeDomain));
            LOGGER.debug("Received http response status as [{}]", executeGet.getStatusLine());
            if (executeGet.getStatusLine().getStatusCode() != 200) {
                HttpUtils.close(executeGet);
                throw new FailedLoginException("Could not authenticate account for " + usernamePasswordCredential.getUsername());
            }
            String iOUtils = IOUtils.toString(executeGet.getEntity().getContent(), StandardCharsets.UTF_8);
            LOGGER.debug("Received user object as [{}]", iOUtils);
            UserTO userTO = (UserTO) this.objectMapper.readValue(iOUtils, UserTO.class);
            if (userTO.isSuspended()) {
                throw new AccountDisabledException("Could not authenticate forbidden account for " + usernamePasswordCredential.getUsername());
            }
            if (userTO.isMustChangePassword()) {
                throw new AccountPasswordMustChangeException("Account password must change for " + usernamePasswordCredential.getUsername());
            }
            AuthenticationHandlerExecutionResult createHandlerResult = createHandlerResult(usernamePasswordCredential, this.principalFactory.createPrincipal(userTO.getUsername(), buildSyncopeUserAttributes(userTO)), new ArrayList());
            HttpUtils.close(executeGet);
            return createHandlerResult;
        } catch (Throwable th) {
            HttpUtils.close((HttpResponse) null);
            throw th;
        }
    }

    private static Map<String, List<Object>> buildSyncopeUserAttributes(UserTO userTO) {
        HashMap hashMap = new HashMap();
        if (userTO.getRoles() != null) {
            hashMap.put("syncopeUserRoles", List.of(userTO.getRoles()));
        }
        if (userTO.getSecurityQuestion() != null) {
            hashMap.put("syncopeUserSecurityQuestion", List.of(userTO.getSecurityQuestion()));
        }
        hashMap.put("syncopeUserStatus", List.of(StringUtils.defaultIfBlank(userTO.getStatus(), "OK")));
        hashMap.put("syncopeUserType", List.of(userTO.getType()));
        if (userTO.getRealm() != null) {
            hashMap.put("syncopeUserRealm", List.of(userTO.getRealm()));
        }
        hashMap.put("syncopeUserCreator", List.of(StringUtils.defaultIfBlank(userTO.getCreator(), "NA")));
        if (userTO.getCreationDate() != null) {
            hashMap.put("syncopeUserCreationDate", List.of(userTO.getCreationDate().toString()));
        }
        Date changePwdDate = userTO.getChangePwdDate();
        if (changePwdDate != null) {
            hashMap.put("syncopeUserChangePwdDate", List.of(changePwdDate.toString()));
        }
        Date lastLoginDate = userTO.getLastLoginDate();
        if (lastLoginDate != null) {
            hashMap.put("syncopeUserLastLoginDate", List.of(lastLoginDate));
        }
        if (userTO.getDynRoles() != null && !userTO.getDynRoles().isEmpty()) {
            hashMap.put("syncopeUserDynRoles", List.of(userTO.getDynRoles()));
        }
        if (userTO.getDynRealms() != null && !userTO.getDynRealms().isEmpty()) {
            hashMap.put("syncopeUserDynRealms", List.of(userTO.getDynRealms()));
        }
        if (userTO.getMemberships() != null && !userTO.getMemberships().isEmpty()) {
            hashMap.put("syncopeUserMemberships", (List) userTO.getMemberships().stream().map((v0) -> {
                return v0.getGroupName();
            }).collect(Collectors.toList()));
        }
        if (userTO.getMemberships() != null && !userTO.getMemberships().isEmpty()) {
            hashMap.put("syncopeUserDynMemberships", (List) userTO.getDynMemberships().stream().map((v0) -> {
                return v0.getGroupName();
            }).collect(Collectors.toList()));
        }
        if (userTO.getRelationships() != null && !userTO.getRelationships().isEmpty()) {
            hashMap.put("syncopeUserRelationships", (List) userTO.getRelationships().stream().map((v0) -> {
                return v0.getType();
            }).collect(Collectors.toList()));
        }
        userTO.getPlainAttrs().forEach(attrTO -> {
            hashMap.put("syncopeUserAttr" + attrTO.getSchema(), attrTO.getValues());
        });
        return hashMap;
    }
}
