package org.apereo.cas.pm.web.flow.actions;

import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
import javax.servlet.http.HttpServletRequest;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.pm.BasePasswordManagementService;
import org.apereo.cas.pm.PasswordManagementService;
import org.apereo.cas.web.support.WebUtils;
import org.jose4j.jwk.RsaJsonWebKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-pm-webflow-5.2.4.jar:org/apereo/cas/pm/web/flow/actions/VerifySecurityQuestionsAction.class */
public class VerifySecurityQuestionsAction extends AbstractAction {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) VerifySecurityQuestionsAction.class);
    private final PasswordManagementService passwordManagementService;

    @Autowired
    private CasConfigurationProperties casProperties;

    public VerifySecurityQuestionsAction(PasswordManagementService passwordManagementService) {
        this.passwordManagementService = passwordManagementService;
    }

    @Override // org.springframework.webflow.action.AbstractAction
    protected Event doExecute(RequestContext requestContext) {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        String string = requestContext.getFlowScope().getString("username");
        if (!this.casProperties.getAuthn().getPm().getReset().isSecurityQuestionsEnabled()) {
            LOGGER.debug("Security questions are not enabled");
            return success();
        }
        Map<String, String> securityQuestions = this.passwordManagementService.getSecurityQuestions(string);
        List<String> canonicalizeSecurityQuestions = BasePasswordManagementService.canonicalizeSecurityQuestions(securityQuestions);
        AtomicInteger atomicInteger = new AtomicInteger(0);
        return canonicalizeSecurityQuestions.stream().filter(str -> {
            return this.passwordManagementService.isValidSecurityQuestionAnswer(string, str, (String) securityQuestions.get(str), httpServletRequestFromExternalWebflowContext.getParameter(RsaJsonWebKey.SECOND_PRIME_FACTOR_MEMBER_NAME + atomicInteger.getAndIncrement()));
        }).count() == ((long) securityQuestions.size()) ? success() : error();
    }
}
