package org.apereo.cas.adaptors.generic;

import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.AuthenticationPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.MessageDescriptor;
import org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.ResourceUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;

@Deprecated(since = "6.6.0")
/* loaded from: input_file:org/apereo/cas/adaptors/generic/ShiroAuthenticationHandler.class */
public class ShiroAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(ShiroAuthenticationHandler.class);
    private final Set<String> requiredRoles;
    private final Set<String> requiredPermissions;

    public ShiroAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, Set<String> set, Set<String> set2) {
        super(str, servicesManager, principalFactory, (Integer) null);
        this.requiredRoles = set;
        this.requiredPermissions = set2;
    }

    protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential, String str) throws GeneralSecurityException {
        try {
            UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(usernamePasswordCredential.getUsername(), usernamePasswordCredential.getPassword());
            if (usernamePasswordCredential instanceof RememberMeUsernamePasswordCredential) {
                usernamePasswordToken.setRememberMe(((RememberMeUsernamePasswordCredential) RememberMeUsernamePasswordCredential.class.cast(usernamePasswordCredential)).isRememberMe());
            }
            Subject currentExecutingSubject = getCurrentExecutingSubject();
            currentExecutingSubject.login(usernamePasswordToken);
            checkSubjectRolesAndPermissions(currentExecutingSubject);
            AuthenticationPasswordPolicyHandlingStrategy passwordPolicyHandlingStrategy = getPasswordPolicyHandlingStrategy();
            ArrayList arrayList = new ArrayList();
            if (passwordPolicyHandlingStrategy != null) {
                LOGGER.debug("Attempting to examine and handle password policy via [{}]", passwordPolicyHandlingStrategy.getClass().getSimpleName());
                arrayList.addAll(passwordPolicyHandlingStrategy.handle(this.principalFactory.createPrincipal(usernamePasswordToken.getUsername()), getPasswordPolicyConfiguration()));
            }
            return createAuthenticatedSubjectResult(usernamePasswordCredential, currentExecutingSubject, arrayList);
        } catch (AuthenticationException e) {
            throw new FailedLoginException(e.getMessage());
        } catch (ExpiredCredentialsException e2) {
            throw new CredentialExpiredException(e2.getMessage());
        } catch (DisabledAccountException e3) {
            throw new AccountDisabledException(e3.getMessage());
        } catch (UnknownAccountException e4) {
            throw new AccountNotFoundException(e4.getMessage());
        } catch (LockedAccountException | ExcessiveAttemptsException e5) {
            throw new AccountLockedException(e5.getMessage());
        }
    }

    protected void checkSubjectRolesAndPermissions(Subject subject) throws FailedLoginException {
        if (this.requiredRoles != null) {
            for (String str : this.requiredRoles) {
                if (!subject.hasRole(str)) {
                    throw new FailedLoginException("Required role " + str + " does not exist");
                }
            }
        }
        if (this.requiredPermissions != null) {
            for (String str2 : this.requiredPermissions) {
                if (!subject.isPermitted(str2)) {
                    throw new FailedLoginException("Required permission " + str2 + " cannot be located");
                }
            }
        }
    }

    protected AuthenticationHandlerExecutionResult createAuthenticatedSubjectResult(Credential credential, Subject subject, List<MessageDescriptor> list) {
        return createHandlerResult(credential, this.principalFactory.createPrincipal(subject.getPrincipal().toString()), list);
    }

    protected Subject getCurrentExecutingSubject() {
        return SecurityUtils.getSubject();
    }

    public void loadShiroConfiguration(Resource resource) {
        Resource prepareClasspathResourceIfNeeded = ResourceUtils.prepareClasspathResourceIfNeeded(resource);
        if (prepareClasspathResourceIfNeeded == null || !prepareClasspathResourceIfNeeded.exists()) {
            LOGGER.debug("Shiro configuration is not defined");
        } else {
            String uri = prepareClasspathResourceIfNeeded.getURI().toString();
            LOGGER.debug("Loading Shiro configuration from [{}]", uri);
            SecurityUtils.setSecurityManager((SecurityManager) new IniSecurityManagerFactory(uri).getInstance());
        }
    }
}
