package org.apereo.cas.okta;

import com.okta.authn.sdk.AuthenticationStateHandlerAdapter;
import com.okta.authn.sdk.resource.AuthenticationResponse;
import com.okta.authn.sdk.resource.User;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.MessageDescriptor;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.support.password.PasswordPolicyContext;
import org.apereo.cas.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/okta/OktaAuthenticationStateHandlerAdapter.class */
public class OktaAuthenticationStateHandlerAdapter extends AuthenticationStateHandlerAdapter {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(OktaAuthenticationStateHandlerAdapter.class);
    private final AuthenticationPasswordPolicyHandlingStrategy passwordPolicyHandlingStrategy;
    private final PasswordPolicyContext passwordPolicyConfiguration;
    private String username;
    private Exception failureException;
    private final Map<String, List<Object>> userAttributes = new HashMap(0);
    private List<MessageDescriptor> warnings = new ArrayList(0);

    public void handleUnknown(AuthenticationResponse authenticationResponse) {
        this.failureException = new AccountNotFoundException(authenticationResponse.getStatusString());
    }

    public void handleUnauthenticated(AuthenticationResponse authenticationResponse) {
        this.failureException = new FailedLoginException(authenticationResponse.getStatusString());
    }

    public void handleSuccess(AuthenticationResponse authenticationResponse) {
        if (!StringUtils.isNotBlank(authenticationResponse.getSessionToken())) {
            handleUnauthenticated(authenticationResponse);
            return;
        }
        User user = authenticationResponse.getUser();
        this.username = user.getLogin();
        this.userAttributes.put("sessionToken", CollectionUtils.wrapList(new Object[]{authenticationResponse.getSessionToken()}));
        this.userAttributes.put("status", CollectionUtils.wrapList(new Object[]{authenticationResponse.getStatusString()}));
        this.userAttributes.put("type", CollectionUtils.wrapList(new Object[]{authenticationResponse.getType()}));
        this.userAttributes.put("expiration", CollectionUtils.wrapList(new Object[]{authenticationResponse.getExpiresAt()}));
        this.userAttributes.put("id", CollectionUtils.wrapList(new Object[]{user.getId()}));
        this.userAttributes.put("passwordChanged", CollectionUtils.wrapList(new Object[]{user.getPasswordChanged()}));
        user.getProfile().forEach((str, str2) -> {
            this.userAttributes.put(str, CollectionUtils.wrapList(new Object[]{str2}));
        });
    }

    public void handlePasswordWarning(AuthenticationResponse authenticationResponse) {
        try {
            if (this.passwordPolicyHandlingStrategy.supports(authenticationResponse)) {
                this.warnings = this.passwordPolicyHandlingStrategy.handle(authenticationResponse, this.passwordPolicyConfiguration);
            }
        } catch (Exception e) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.error(e.getMessage(), e);
            } else {
                LOGGER.error(e.getMessage());
            }
        }
        handleUnknown(authenticationResponse);
    }

    public void handlePasswordExpired(AuthenticationResponse authenticationResponse) {
        this.failureException = new AccountExpiredException(authenticationResponse.getStatusString());
    }

    public void handlePasswordReset(AuthenticationResponse authenticationResponse) {
        this.failureException = new AccountPasswordMustChangeException(authenticationResponse.getStatusString());
    }

    public void handleLockedOut(AuthenticationResponse authenticationResponse) {
        this.failureException = new AccountLockedException(authenticationResponse.getStatusString());
    }

    public void throwExceptionIfNecessary() throws Exception {
        if (this.failureException != null) {
            throw this.failureException;
        }
    }

    @Generated
    public OktaAuthenticationStateHandlerAdapter(AuthenticationPasswordPolicyHandlingStrategy authenticationPasswordPolicyHandlingStrategy, PasswordPolicyContext passwordPolicyContext) {
        this.passwordPolicyHandlingStrategy = authenticationPasswordPolicyHandlingStrategy;
        this.passwordPolicyConfiguration = passwordPolicyContext;
    }

    @Generated
    public AuthenticationPasswordPolicyHandlingStrategy getPasswordPolicyHandlingStrategy() {
        return this.passwordPolicyHandlingStrategy;
    }

    @Generated
    public PasswordPolicyContext getPasswordPolicyConfiguration() {
        return this.passwordPolicyConfiguration;
    }

    @Generated
    public Map<String, List<Object>> getUserAttributes() {
        return this.userAttributes;
    }

    @Generated
    public String getUsername() {
        return this.username;
    }

    @Generated
    public Exception getFailureException() {
        return this.failureException;
    }

    @Generated
    public List<MessageDescriptor> getWarnings() {
        return this.warnings;
    }
}
