package org.apereo.cas.gauth;

import java.security.GeneralSecurityException;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.MultifactorAuthenticationHandler;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.gauth.credential.GoogleAuthenticatorTokenCredential;
import org.apereo.cas.gauth.token.GoogleAuthenticatorToken;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialValidator;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;

/* loaded from: input_file:org/apereo/cas/gauth/GoogleAuthenticatorAuthenticationHandler.class */
public class GoogleAuthenticatorAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler implements MultifactorAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(GoogleAuthenticatorAuthenticationHandler.class);
    private final OneTimeTokenCredentialValidator<GoogleAuthenticatorTokenCredential, GoogleAuthenticatorToken> validator;
    private final ObjectProvider<MultifactorAuthenticationProvider> multifactorAuthenticationProvider;

    public GoogleAuthenticatorAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, OneTimeTokenCredentialValidator<GoogleAuthenticatorTokenCredential, GoogleAuthenticatorToken> oneTimeTokenCredentialValidator, Integer num, ObjectProvider<MultifactorAuthenticationProvider> objectProvider) {
        super(str, servicesManager, principalFactory, num);
        this.validator = oneTimeTokenCredentialValidator;
        this.multifactorAuthenticationProvider = objectProvider;
    }

    public boolean supports(Class<? extends Credential> cls) {
        return GoogleAuthenticatorTokenCredential.class.isAssignableFrom(cls);
    }

    public boolean supports(Credential credential) {
        return GoogleAuthenticatorTokenCredential.class.isAssignableFrom(credential.getClass());
    }

    protected AuthenticationHandlerExecutionResult doAuthentication(Credential credential, Service service) throws GeneralSecurityException, PreventedException {
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = (GoogleAuthenticatorTokenCredential) credential;
        Authentication inProgressAuthentication = WebUtils.getInProgressAuthentication();
        GoogleAuthenticatorToken validate = this.validator.validate(inProgressAuthentication, googleAuthenticatorTokenCredential);
        if (validate == null) {
            LOGGER.warn("Authorization of OTP token [{}] has failed", credential);
            throw new FailedLoginException("Failed to authenticate code " + credential);
        }
        String id = inProgressAuthentication.getPrincipal().getId();
        LOGGER.debug("Validated OTP token [{}] successfully for [{}]", validate, id);
        this.validator.store(validate);
        LOGGER.debug("Creating authentication result and building principal for [{}]", id);
        return createHandlerResult(googleAuthenticatorTokenCredential, this.principalFactory.createPrincipal(id));
    }

    @Generated
    public OneTimeTokenCredentialValidator<GoogleAuthenticatorTokenCredential, GoogleAuthenticatorToken> getValidator() {
        return this.validator;
    }

    @Generated
    public ObjectProvider<MultifactorAuthenticationProvider> getMultifactorAuthenticationProvider() {
        return this.multifactorAuthenticationProvider;
    }
}
