package net.unicon.cas.mfa.authentication.handler;

import com.authy.AuthyApiClient;
import com.authy.api.Error;
import com.authy.api.Token;
import com.authy.api.Tokens;
import com.authy.api.User;
import com.authy.api.Users;
import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import javax.validation.constraints.NotNull;
import net.unicon.cas.mfa.web.flow.util.MultiFactorRequestContextUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.http.HttpHost;
import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.jasig.cas.authentication.principal.Principal;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContextHolder;

/* loaded from: input_file:WEB-INF/classes/net/unicon/cas/mfa/authentication/handler/AuthyAuthenticationHandler.class */
public final class AuthyAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler implements Serializable {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthyAuthenticationHandler.class);
    private static final long serialVersionUID = 4372937413518364597L;
    private final AuthyApiClient authyClient;
    private final Users authyUsers;
    private final Tokens authyTokens;
    private String mailAttribute = "mail";
    private String phoneAttribute = "phone";
    private Boolean forceVerification = Boolean.FALSE;
    private AuthyUserAccountStore authyUserAccountStore = new InMemoryAuthyUserAccountStore();

    /* loaded from: input_file:WEB-INF/classes/net/unicon/cas/mfa/authentication/handler/AuthyAuthenticationHandler$AuthyAuthenticationException.class */
    private class AuthyAuthenticationException extends AuthenticationException {
        private static final long serialVersionUID = -1005618075810046279L;

        public AuthyAuthenticationException(String str, String str2, String str3) {
            super(str, str2, str3);
        }
    }

    public AuthyAuthenticationHandler(@NotNull String str, @NotNull String str2) throws MalformedURLException {
        this.authyClient = new AuthyApiClient(str, str2, new URL(str2).getProtocol().equals(HttpHost.DEFAULT_SCHEME_NAME));
        this.authyUsers = this.authyClient.getUsers();
        this.authyTokens = this.authyClient.getTokens();
    }

    @Override // org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler
    protected boolean authenticateUsernamePasswordInternal(UsernamePasswordCredentials usernamePasswordCredentials) throws AuthenticationException {
        Principal multiFactorPrimaryPrincipal = MultiFactorRequestContextUtils.getMultiFactorPrimaryPrincipal(RequestContextHolder.getRequestContext());
        if (!this.authyUserAccountStore.contains(multiFactorPrimaryPrincipal)) {
            String str = (String) multiFactorPrimaryPrincipal.getAttributes().get(this.mailAttribute);
            if (StringUtils.isBlank(str)) {
                throw new AuthyAuthenticationException("authy.registration.email.error", "No email address found for " + multiFactorPrimaryPrincipal.getId(), "emailError");
            }
            String str2 = (String) multiFactorPrimaryPrincipal.getAttributes().get(this.phoneAttribute);
            if (StringUtils.isBlank(str2)) {
                throw new AuthyAuthenticationException("authy.registration.phone.error", "No phone number found for " + multiFactorPrimaryPrincipal.getId(), "phoneError");
            }
            User createUser = this.authyUsers.createUser(str, str2);
            if (!createUser.isOk()) {
                throw new AuthyAuthenticationException("authy.registration.error", getAuthyErrorMessage(createUser.getError()), "error");
            }
            this.authyUserAccountStore.add(Long.valueOf(createUser.getId()), multiFactorPrimaryPrincipal);
        }
        Long l = this.authyUserAccountStore.get(multiFactorPrimaryPrincipal);
        HashMap hashMap = new HashMap();
        hashMap.put("force", this.forceVerification.toString());
        Token verify = this.authyTokens.verify(l.intValue(), usernamePasswordCredentials.getUsername(), hashMap);
        if (verify.isOk()) {
            return true;
        }
        throw new AuthyAuthenticationException("authy.verification.error", getAuthyErrorMessage(verify.getError()), "error");
    }

    public void setMailAttribute(String str) {
        this.mailAttribute = str;
    }

    public void setPhoneAttribute(String str) {
        this.phoneAttribute = str;
    }

    public void setForceVerification(Boolean bool) {
        this.forceVerification = bool;
    }

    public void setAuthyUserAccountStore(AuthyUserAccountStore authyUserAccountStore) {
        this.authyUserAccountStore = authyUserAccountStore;
    }

    private String getAuthyErrorMessage(Error error) {
        StringBuilder sb = new StringBuilder();
        if (error != null) {
            sb.append("Authy Error");
            if (StringUtils.isNotBlank(error.getCountryCode())) {
                sb.append(": Country Code: " + error.getCountryCode());
            }
            if (StringUtils.isNotBlank(error.getMessage())) {
                sb.append(": Message: " + error.getMessage());
            }
        } else {
            sb.append("An unknown error has occurred. Check your API key and URL settings.");
        }
        return sb.toString();
    }
}
