package org.jasig.cas.adaptors.radius.authentication.handler.support;

import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import javax.annotation.Resource;
import javax.security.auth.login.FailedLoginException;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
import net.jradius.packet.attribute.RadiusAttribute;
import org.jasig.cas.adaptors.radius.RadiusResponse;
import org.jasig.cas.adaptors.radius.RadiusServer;
import org.jasig.cas.authentication.HandlerResult;
import org.jasig.cas.authentication.PreventedException;
import org.jasig.cas.authentication.UsernamePasswordCredential;
import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component("radiusAuthenticationHandler")
/* loaded from: input_file:org/jasig/cas/adaptors/radius/authentication/handler/support/RadiusAuthenticationHandler.class */
public class RadiusAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {

    @NotNull
    @Resource(name = "radiusServers")
    @Size(min = 1)
    private List<RadiusServer> servers;

    @Value("${cas.radius.failover.authn:false}")
    private boolean failoverOnException;

    @Value("${cas.radius.failover.exception:false}")
    private boolean failoverOnAuthenticationFailure;

    public RadiusAuthenticationHandler() {
        this.logger.debug("Using {}", getClass().getSimpleName());
    }

    protected final HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential) throws GeneralSecurityException, PreventedException {
        RadiusResponse authenticate;
        String encode = getPasswordEncoder().encode(usernamePasswordCredential.getPassword());
        String username = usernamePasswordCredential.getUsername();
        for (RadiusServer radiusServer : this.servers) {
            this.logger.debug("Attempting to authenticate {} at {}", username, radiusServer);
            try {
                authenticate = radiusServer.authenticate(username, encode);
            } catch (PreventedException e) {
                if (!this.failoverOnException) {
                    throw e;
                }
                this.logger.warn("failoverOnException enabled -- trying next server.", e);
            }
            if (authenticate != null) {
                HashMap hashMap = new HashMap();
                for (RadiusAttribute radiusAttribute : authenticate.getAttributes()) {
                    hashMap.put(radiusAttribute.getAttributeName(), radiusAttribute.getValue().toString());
                }
                return createHandlerResult(usernamePasswordCredential, this.principalFactory.createPrincipal(username, hashMap), new ArrayList());
            }
            if (!this.failoverOnAuthenticationFailure) {
                throw new FailedLoginException("Radius authentication failed for user " + username);
            }
            this.logger.debug("failoverOnAuthenticationFailure enabled -- trying next server");
        }
        throw new FailedLoginException("Radius authentication failed for user " + username);
    }

    public final void setFailoverOnAuthenticationFailure(boolean z) {
        this.failoverOnAuthenticationFailure = z;
    }

    public final void setFailoverOnException(boolean z) {
        this.failoverOnException = z;
    }

    public final void setServers(List<RadiusServer> list) {
        this.servers = list;
    }
}
