package org.apereo.cas.authentication.policy;

import com.fasterxml.jackson.annotation.JsonTypeInfo;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.util.Optional;
import java.util.Set;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apache.hc.core5.http.HttpResponse;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationPolicyExecutionResult;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.configuration.model.core.authentication.RestAuthenticationPolicyProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.http.HttpExecutionRequest;
import org.apereo.cas.util.http.HttpUtils;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;

@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-api-7.0.0-RC8.jar:org/apereo/cas/authentication/policy/RestfulAuthenticationPolicy.class */
public class RestfulAuthenticationPolicy extends BaseAuthenticationPolicy {
    private static final long serialVersionUID = -7688729533538097898L;
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(false).build().toObjectMapper();
    private final RestAuthenticationPolicyProperties properties;

    private static Exception handleResponseStatusCode(HttpStatus httpStatus, Principal principal) {
        return (httpStatus == HttpStatus.FORBIDDEN || httpStatus == HttpStatus.METHOD_NOT_ALLOWED) ? new AccountDisabledException("Could not authenticate forbidden account for " + principal.getId()) : httpStatus == HttpStatus.UNAUTHORIZED ? new FailedLoginException("Could not authenticate account for " + principal.getId()) : httpStatus == HttpStatus.NOT_FOUND ? new AccountNotFoundException("Could not locate account for " + principal.getId()) : httpStatus == HttpStatus.LOCKED ? new AccountLockedException("Could not authenticate locked account for " + principal.getId()) : httpStatus == HttpStatus.PRECONDITION_FAILED ? new AccountExpiredException("Could not authenticate expired account for " + principal.getId()) : httpStatus == HttpStatus.PRECONDITION_REQUIRED ? new AccountPasswordMustChangeException("Account password must change for " + principal.getId()) : new FailedLoginException("Rest endpoint returned an unknown status code " + String.valueOf(httpStatus));
    }

    /* JADX WARN: Type inference failed for: r0v8, types: [org.apereo.cas.util.http.HttpExecutionRequest$HttpExecutionRequestBuilder] */
    @Override // org.apereo.cas.authentication.AuthenticationPolicy
    public AuthenticationPolicyExecutionResult isSatisfiedBy(Authentication authentication, Set<AuthenticationHandler> set, ConfigurableApplicationContext configurableApplicationContext, Optional<Serializable> optional) throws Exception {
        Principal principal = authentication.getPrincipal();
        try {
            HttpResponse execute = HttpUtils.execute(HttpExecutionRequest.builder().url(this.properties.getUrl()).basicAuthPassword(this.properties.getBasicAuthUsername()).basicAuthUsername(this.properties.getBasicAuthPassword()).method(HttpMethod.POST).entity(MAPPER.writeValueAsString(principal)).headers(CollectionUtils.wrap("Content-Type", "application/json")).build());
            HttpStatus valueOf = HttpStatus.valueOf(execute.getCode());
            if (valueOf != HttpStatus.OK) {
                throw new GeneralSecurityException(handleResponseStatusCode(valueOf, principal));
            }
            AuthenticationPolicyExecutionResult success = AuthenticationPolicyExecutionResult.success();
            HttpUtils.close(execute);
            return success;
        } catch (Throwable th) {
            HttpUtils.close(null);
            throw th;
        }
    }

    @Generated
    public RestfulAuthenticationPolicy() {
        this.properties = null;
    }

    @Override // org.apereo.cas.authentication.policy.BaseAuthenticationPolicy
    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        return (obj instanceof RestfulAuthenticationPolicy) && ((RestfulAuthenticationPolicy) obj).canEqual(this) && super.equals(obj);
    }

    @Override // org.apereo.cas.authentication.policy.BaseAuthenticationPolicy
    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof RestfulAuthenticationPolicy;
    }

    @Override // org.apereo.cas.authentication.policy.BaseAuthenticationPolicy
    @Generated
    public int hashCode() {
        return super.hashCode();
    }

    @Generated
    public RestAuthenticationPolicyProperties getProperties() {
        return this.properties;
    }

    @Generated
    public RestfulAuthenticationPolicy(RestAuthenticationPolicyProperties restAuthenticationPolicyProperties) {
        this.properties = restAuthenticationPolicyProperties;
    }
}
