package uk.ac.diamond.cas.abfab.radius.authentication.handler;

import java.security.GeneralSecurityException;
import java.util.List;
import javax.management.AttributeNotFoundException;
import javax.security.auth.login.FailedLoginException;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
import net.jradius.exception.UnknownAttributeException;
import net.jradius.packet.AccessAccept;
import net.jradius.packet.RadiusPacket;
import org.jasig.cas.adaptors.radius.RadiusServer;
import org.jasig.cas.authentication.PreventedException;
import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.jasig.cas.authentication.principal.Principal;
import org.jasig.cas.authentication.principal.SimplePrincipal;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.parse.XMLParserException;
import uk.ac.diamond.cas.abfab.radius.ABFABRadiusServerImpl;

/* loaded from: input_file:uk/ac/diamond/cas/abfab/radius/authentication/handler/ABFABRadiusAuthenticationHandler.class */
public class ABFABRadiusAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {

    @NotNull
    @Size(min = 1)
    private List<RadiusServer> servers;
    private boolean failoverOnException;
    private boolean failoverOnAuthenticationFailure;
    private String principalIdentifierURN;

    protected final Principal authenticateUsernamePasswordInternal(String str, String str2) throws GeneralSecurityException, PreventedException {
        String attributeValue;
        for (RadiusServer radiusServer : this.servers) {
            this.logger.debug("Attempting to authenticate {} at {}", str, radiusServer);
            try {
                if (radiusServer instanceof ABFABRadiusServerImpl) {
                    RadiusPacket authenticateEx = ((ABFABRadiusServerImpl) radiusServer).authenticateEx(str, str2);
                    if (authenticateEx instanceof AccessAccept) {
                        try {
                            try {
                                String assertion = new SAMLAssertionAttributeFilter(authenticateEx.getAttributes()).getAssertion();
                                this.logger.debug("Successfully extracted SAML assertion from RADIUS response: {}", assertion);
                                SAMLAssertionAttributeExtractor sAMLAssertionAttributeExtractor = new SAMLAssertionAttributeExtractor(assertion);
                                if (!sAMLAssertionAttributeExtractor.isEmpty()) {
                                    this.logger.debug("Successfully parsed SAML assertion into XML document");
                                }
                                try {
                                    if (sAMLAssertionAttributeExtractor.getAttributeStatement().hasChildren()) {
                                        this.logger.debug("Found attribute statement in SAML2 assertion.");
                                    }
                                    attributeValue = sAMLAssertionAttributeExtractor.getAttributeValue(this.principalIdentifierURN);
                                } catch (UnmarshallingException e) {
                                    this.logger.error("Authentication was successful, unable to load the SAML assertion for information retrieval!");
                                } catch (IndexOutOfBoundsException e2) {
                                    this.logger.error("Authentication was successful, no attribute statement found in the SAML assertion!");
                                } catch (AttributeNotFoundException e3) {
                                    this.logger.error("Authentication was successful, unable to retrieve attribute {} from SAML assertion!", this.principalIdentifierURN);
                                }
                            } catch (Exception e4) {
                                this.logger.error("Authentication was successful, but another error occurred: " + e4.toString());
                            } catch (ConfigurationException e5) {
                                this.logger.error("Authentication was successful, but SAML library initialisation failed!");
                            }
                        } catch (XMLParserException e6) {
                            this.logger.error("Authentication was successful, but parsing the included SAML assertion failed!");
                        } catch (UnknownAttributeException e7) {
                            this.logger.error("Authentication was successful, but SAML assertion was not present in RADIUS response!");
                        }
                        if (attributeValue.isEmpty()) {
                            this.logger.info("Authentication was successful. Credential mapping for {} failed. Continuing with existing credentials", str);
                            return new SimplePrincipal(str);
                        }
                        this.logger.info("Authentication was successful. Credential {} mapped to {}", str, attributeValue);
                        return new SimplePrincipal(attributeValue);
                    }
                    if (!this.failoverOnAuthenticationFailure) {
                        throw new FailedLoginException();
                    }
                    this.logger.debug("failoverOnAuthenticationFailure enabled -- trying next server");
                } else {
                    if (radiusServer.authenticate(str, str2)) {
                        return new SimplePrincipal(str);
                    }
                    if (!this.failoverOnAuthenticationFailure) {
                        throw new FailedLoginException();
                    }
                    this.logger.debug("failoverOnAuthenticationFailure enabled -- trying next server");
                }
            } catch (PreventedException e8) {
                if (!this.failoverOnException) {
                    throw e8;
                }
                this.logger.warn("failoverOnException enabled -- trying next server.", e8);
            }
        }
        throw new FailedLoginException();
    }

    public void setFailoverOnAuthenticationFailure(boolean z) {
        this.failoverOnAuthenticationFailure = z;
    }

    public void setFailoverOnException(boolean z) {
        this.failoverOnException = z;
    }

    public void setPrincipalIdentifierURN(String str) {
        this.principalIdentifierURN = str;
    }

    public void setServers(List<RadiusServer> list) {
        this.servers = list;
    }
}
