package org.apereo.cas.syncope.authentication;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpResponse;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.HttpUtils;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;

/* loaded from: input_file:org/apereo/cas/syncope/authentication/SyncopeAuthenticationHandler.class */
public class SyncopeAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SyncopeAuthenticationHandler.class);
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(false).build().toObjectMapper();
    private final String syncopeUrl;
    private final String syncopeDomain;

    public SyncopeAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, String str2, String str3) {
        super(str, servicesManager, principalFactory, (Integer) null);
        this.syncopeUrl = str2;
        this.syncopeDomain = str3;
    }

    private static Map<String, List<Object>> buildSyncopeUserAttributes(JsonNode jsonNode) {
        HashMap hashMap = new HashMap();
        if (jsonNode.has("securityQuestion") && !jsonNode.get("securityQuestion").isNull()) {
            hashMap.put("syncopeUserSecurityQuestion", List.of(jsonNode.get("securityQuestion").asText()));
        }
        hashMap.put("syncopeUserStatus", List.of(jsonNode.get("status").asText()));
        hashMap.put("syncopeUserRealm", List.of(jsonNode.get("realm").asText()));
        hashMap.put("syncopeUserCreator", List.of(jsonNode.get("creator").asText()));
        hashMap.put("syncopeUserCreationDate", List.of(jsonNode.get("creationDate").asText()));
        if (jsonNode.has("changePwdDate") && !jsonNode.get("changePwdDate").isNull()) {
            hashMap.put("syncopeUserChangePwdDate", List.of(jsonNode.get("changePwdDate").asText()));
        }
        if (jsonNode.has("lastLoginDate") && !jsonNode.get("lastLoginDate").isNull()) {
            hashMap.put("syncopeUserLastLoginDate", List.of(jsonNode.get("lastLoginDate").asText()));
        }
        ArrayList arrayList = jsonNode.has("roles") ? (ArrayList) MAPPER.convertValue(jsonNode.get("roles"), ArrayList.class) : new ArrayList(0);
        if (!arrayList.isEmpty()) {
            hashMap.put("syncopeUserRoles", arrayList);
        }
        ArrayList arrayList2 = jsonNode.has("dynRoles") ? (ArrayList) MAPPER.convertValue(jsonNode.get("dynRoles"), ArrayList.class) : new ArrayList(0);
        if (!arrayList2.isEmpty()) {
            hashMap.put("syncopeUserDynRoles", arrayList2);
        }
        ArrayList arrayList3 = jsonNode.has("dynRealms") ? (ArrayList) MAPPER.convertValue(jsonNode.get("dynRealms"), ArrayList.class) : new ArrayList(0);
        if (!arrayList3.isEmpty()) {
            hashMap.put("syncopeUserDynRealms", arrayList3);
        }
        if (jsonNode.has("memberships")) {
            ArrayList arrayList4 = new ArrayList();
            jsonNode.get("memberships").forEach(jsonNode2 -> {
                arrayList4.add(jsonNode2.get("groupName").asText());
            });
            if (!arrayList4.isEmpty()) {
                hashMap.put("syncopeUserMemberships", arrayList4);
            }
        }
        if (jsonNode.has("dynMemberships")) {
            ArrayList arrayList5 = new ArrayList();
            jsonNode.get("dynMemberships").forEach(jsonNode3 -> {
                arrayList5.add(jsonNode3.get("groupName").asText());
            });
            if (!arrayList5.isEmpty()) {
                hashMap.put("syncopeUserDynMemberships", arrayList5);
            }
        }
        if (jsonNode.has("relationships")) {
            ArrayList arrayList6 = new ArrayList();
            jsonNode.get("relationships").forEach(jsonNode4 -> {
                arrayList6.add(jsonNode4.get("type").asText() + ";" + jsonNode4.get("otherEndName").asText());
            });
            if (!arrayList6.isEmpty()) {
                hashMap.put("syncopeUserRelationships", arrayList6);
            }
        }
        if (jsonNode.has("plainAttrs")) {
            jsonNode.get("plainAttrs").forEach(jsonNode5 -> {
                hashMap.put("syncopeUserAttr_" + jsonNode5.get("schema").asText(), (List) MAPPER.convertValue(jsonNode5.get("values"), ArrayList.class));
            });
        }
        if (jsonNode.has("derAttrs")) {
            jsonNode.get("derAttrs").forEach(jsonNode6 -> {
                hashMap.put("syncopeUserAttr_" + jsonNode6.get("schema").asText(), (List) MAPPER.convertValue(jsonNode6.get("values"), ArrayList.class));
            });
        }
        if (jsonNode.has("virAttrs")) {
            jsonNode.get("virAttrs").forEach(jsonNode7 -> {
                hashMap.put("syncopeUserAttr_" + jsonNode7.get("schema").asText(), (List) MAPPER.convertValue(jsonNode7.get("values"), ArrayList.class));
            });
        }
        return hashMap;
    }

    protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential, String str) {
        Optional<JsonNode> authenticateSyncopeUser = authenticateSyncopeUser(usernamePasswordCredential);
        if (!authenticateSyncopeUser.isPresent()) {
            throw new FailedLoginException("Could not authenticate account for " + usernamePasswordCredential.getUsername());
        }
        JsonNode jsonNode = authenticateSyncopeUser.get();
        LOGGER.debug("Received user object as [{}]", jsonNode);
        if (jsonNode.has("suspended") && jsonNode.get("suspended").asBoolean()) {
            throw new AccountDisabledException("Could not authenticate forbidden account for " + usernamePasswordCredential.getUsername());
        }
        if (jsonNode.has("mustChangePassword") && jsonNode.get("mustChangePassword").asBoolean()) {
            throw new AccountPasswordMustChangeException("Account password must change for " + usernamePasswordCredential.getUsername());
        }
        return createHandlerResult(usernamePasswordCredential, this.principalFactory.createPrincipal(jsonNode.get("username").asText(), buildSyncopeUserAttributes(jsonNode)), new ArrayList(0));
    }

    protected Optional<JsonNode> authenticateSyncopeUser(UsernamePasswordCredential usernamePasswordCredential) {
        HttpResponse httpResponse = null;
        try {
            httpResponse = (HttpResponse) Objects.requireNonNull(HttpUtils.execute(HttpUtils.HttpExecutionRequest.builder().method(HttpMethod.GET).url(StringUtils.appendIfMissing(this.syncopeUrl, "/rest/users/self", new CharSequence[0])).basicAuthUsername(usernamePasswordCredential.getUsername()).basicAuthPassword(usernamePasswordCredential.getPassword()).headers(CollectionUtils.wrap("X-Syncope-Domain", this.syncopeDomain)).build()));
            LOGGER.debug("Received http response status as [{}]", httpResponse.getStatusLine());
            if (httpResponse.getStatusLine().getStatusCode() != 200) {
                HttpUtils.close(httpResponse);
                return Optional.empty();
            }
            String iOUtils = IOUtils.toString(httpResponse.getEntity().getContent(), StandardCharsets.UTF_8);
            LOGGER.debug("Received user object as [{}]", iOUtils);
            Optional<JsonNode> of = Optional.of(MAPPER.readTree(iOUtils));
            HttpUtils.close(httpResponse);
            return of;
        } catch (Throwable th) {
            HttpUtils.close(httpResponse);
            throw th;
        }
    }
}
