package org.apereo.cas.okta;

import com.okta.authn.sdk.client.AuthenticationClient;
import com.okta.authn.sdk.client.AuthenticationClientBuilder;
import com.okta.authn.sdk.client.AuthenticationClients;
import com.okta.sdk.client.Proxy;
import java.security.GeneralSecurityException;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.configuration.model.support.okta.OktaAuthenticationProperties;
import org.apereo.cas.services.ServicesManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/okta/OktaAuthenticationHandler.class */
public class OktaAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(OktaAuthenticationHandler.class);
    private final OktaAuthenticationProperties properties;
    private AuthenticationClient oktaAuthenticationClient;

    public OktaAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, OktaAuthenticationProperties oktaAuthenticationProperties) {
        super(str, servicesManager, principalFactory, Integer.valueOf(oktaAuthenticationProperties.getOrder()));
        this.properties = oktaAuthenticationProperties;
        this.oktaAuthenticationClient = getAuthenticationClient();
    }

    protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential, String str) throws GeneralSecurityException {
        try {
            String username = usernamePasswordCredential.getUsername();
            OktaAuthenticationStateHandlerAdapter oktaAuthenticationStateHandlerAdapter = new OktaAuthenticationStateHandlerAdapter(getPasswordPolicyHandlingStrategy(), getPasswordPolicyConfiguration());
            this.oktaAuthenticationClient.authenticate(username, usernamePasswordCredential.getPassword().toCharArray(), (String) null, oktaAuthenticationStateHandlerAdapter);
            oktaAuthenticationStateHandlerAdapter.throwExceptionIfNecessary();
            LOGGER.debug("Created principal for id [{}] and [{}] attributes", oktaAuthenticationStateHandlerAdapter.getUsername(), oktaAuthenticationStateHandlerAdapter.getUserAttributes());
            return createHandlerResult(usernamePasswordCredential, this.principalFactory.createPrincipal(oktaAuthenticationStateHandlerAdapter.getUsername(), oktaAuthenticationStateHandlerAdapter.getUserAttributes()), oktaAuthenticationStateHandlerAdapter.getWarnings());
        } catch (Exception e) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.error(e.getMessage(), e);
            } else {
                LOGGER.error(e.getMessage());
            }
            throw new FailedLoginException("Invalid credentials: " + e.getMessage());
        }
    }

    protected AuthenticationClient getAuthenticationClient() {
        AuthenticationClientBuilder connectionTimeout = AuthenticationClients.builder().setOrgUrl(this.properties.getOrganizationUrl()).setConnectionTimeout(this.properties.getConnectionTimeout());
        if (StringUtils.isNotBlank(this.properties.getProxyHost()) && this.properties.getProxyPort() > 0) {
            if (StringUtils.isNotBlank(this.properties.getProxyUsername()) && StringUtils.isNotBlank(this.properties.getProxyPassword())) {
                connectionTimeout.setProxy(new Proxy(this.properties.getProxyHost(), this.properties.getProxyPort(), this.properties.getProxyUsername(), this.properties.getProxyPassword()));
            } else {
                connectionTimeout.setProxy(new Proxy(this.properties.getProxyHost(), this.properties.getProxyPort()));
            }
        }
        return connectionTimeout.build();
    }

    @Generated
    public OktaAuthenticationProperties getProperties() {
        return this.properties;
    }

    @Generated
    public AuthenticationClient getOktaAuthenticationClient() {
        return this.oktaAuthenticationClient;
    }

    @Generated
    public void setOktaAuthenticationClient(AuthenticationClient authenticationClient) {
        this.oktaAuthenticationClient = authenticationClient;
    }
}
