package org.apereo.cas.authentication.policy;

import com.fasterxml.jackson.annotation.JsonTypeInfo;
import java.security.GeneralSecurityException;
import java.util.Set;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.HttpUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.HttpServerErrorException;
import org.springframework.web.client.RestTemplate;

@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-api-6.2.1.jar:org/apereo/cas/authentication/policy/RestfulAuthenticationPolicy.class */
public class RestfulAuthenticationPolicy extends BaseAuthenticationPolicy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RestfulAuthenticationPolicy.class);
    private static final long serialVersionUID = -7688729533538097898L;
    private String endpoint;
    private String basicAuthUsername;
    private String basicAuthPassword;

    public RestfulAuthenticationPolicy(String str) {
        this.endpoint = str;
    }

    private static Exception handleResponseStatusCode(HttpStatus httpStatus, Principal principal) {
        return (httpStatus == HttpStatus.FORBIDDEN || httpStatus == HttpStatus.METHOD_NOT_ALLOWED) ? new AccountDisabledException("Could not authenticate forbidden account for " + principal.getId()) : httpStatus == HttpStatus.UNAUTHORIZED ? new FailedLoginException("Could not authenticate account for " + principal.getId()) : httpStatus == HttpStatus.NOT_FOUND ? new AccountNotFoundException("Could not locate account for " + principal.getId()) : httpStatus == HttpStatus.LOCKED ? new AccountLockedException("Could not authenticate locked account for " + principal.getId()) : httpStatus == HttpStatus.PRECONDITION_FAILED ? new AccountExpiredException("Could not authenticate expired account for " + principal.getId()) : httpStatus == HttpStatus.PRECONDITION_REQUIRED ? new AccountPasswordMustChangeException("Account password must change for " + principal.getId()) : new FailedLoginException("Rest endpoint returned an unknown status code " + httpStatus);
    }

    @Override // org.apereo.cas.authentication.AuthenticationPolicy
    public boolean isSatisfiedBy(Authentication authentication, Set<AuthenticationHandler> set, ConfigurableApplicationContext configurableApplicationContext) throws Exception {
        Principal principal = authentication.getPrincipal();
        try {
            HttpEntity<Principal> buildHttpEntity = buildHttpEntity(principal);
            LOGGER.debug("Checking authentication policy for [{}] via POST at [{}]", principal, this.endpoint);
            HttpStatus statusCode = new RestTemplate().exchange(this.endpoint, HttpMethod.POST, buildHttpEntity, String.class, new Object[0]).getStatusCode();
            if (statusCode != HttpStatus.OK) {
                throw new GeneralSecurityException(handleResponseStatusCode(statusCode, principal));
            }
            return true;
        } catch (HttpClientErrorException | HttpServerErrorException e) {
            throw new GeneralSecurityException(handleResponseStatusCode(e.getStatusCode(), authentication.getPrincipal()));
        } catch (Exception e2) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.error(e2.getMessage(), (Throwable) e2);
                return false;
            }
            LOGGER.error(e2.getMessage());
            return false;
        }
    }

    protected HttpEntity<Principal> buildHttpEntity(Principal principal) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setAccept(CollectionUtils.wrap(MediaType.APPLICATION_JSON));
        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
        if (StringUtils.isNotBlank(this.basicAuthUsername) && StringUtils.isNotBlank(this.basicAuthPassword)) {
            httpHeaders.putAll(HttpUtils.createBasicAuthHeaders(this.basicAuthUsername, this.basicAuthPassword));
        }
        return new HttpEntity<>(principal, httpHeaders);
    }

    @Generated
    public RestfulAuthenticationPolicy() {
    }

    @Override // org.apereo.cas.authentication.policy.BaseAuthenticationPolicy
    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof RestfulAuthenticationPolicy)) {
            return false;
        }
        RestfulAuthenticationPolicy restfulAuthenticationPolicy = (RestfulAuthenticationPolicy) obj;
        if (!restfulAuthenticationPolicy.canEqual(this) || !super.equals(obj)) {
            return false;
        }
        String str = this.endpoint;
        String str2 = restfulAuthenticationPolicy.endpoint;
        if (str == null) {
            if (str2 != null) {
                return false;
            }
        } else if (!str.equals(str2)) {
            return false;
        }
        String str3 = this.basicAuthUsername;
        String str4 = restfulAuthenticationPolicy.basicAuthUsername;
        if (str3 == null) {
            if (str4 != null) {
                return false;
            }
        } else if (!str3.equals(str4)) {
            return false;
        }
        String str5 = this.basicAuthPassword;
        String str6 = restfulAuthenticationPolicy.basicAuthPassword;
        return str5 == null ? str6 == null : str5.equals(str6);
    }

    @Override // org.apereo.cas.authentication.policy.BaseAuthenticationPolicy
    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof RestfulAuthenticationPolicy;
    }

    @Override // org.apereo.cas.authentication.policy.BaseAuthenticationPolicy
    @Generated
    public int hashCode() {
        int hashCode = super.hashCode();
        String str = this.endpoint;
        int hashCode2 = (hashCode * 59) + (str == null ? 43 : str.hashCode());
        String str2 = this.basicAuthUsername;
        int hashCode3 = (hashCode2 * 59) + (str2 == null ? 43 : str2.hashCode());
        String str3 = this.basicAuthPassword;
        return (hashCode3 * 59) + (str3 == null ? 43 : str3.hashCode());
    }

    @Generated
    public void setEndpoint(String str) {
        this.endpoint = str;
    }

    @Generated
    public void setBasicAuthUsername(String str) {
        this.basicAuthUsername = str;
    }

    @Generated
    public void setBasicAuthPassword(String str) {
        this.basicAuthPassword = str;
    }

    @Generated
    public String getEndpoint() {
        return this.endpoint;
    }

    @Generated
    public String getBasicAuthUsername() {
        return this.basicAuthUsername;
    }

    @Generated
    public String getBasicAuthPassword() {
        return this.basicAuthPassword;
    }

    @Generated
    public RestfulAuthenticationPolicy(String str, String str2, String str3) {
        this.endpoint = str;
        this.basicAuthUsername = str2;
        this.basicAuthPassword = str3;
    }
}
