package com.centit.framework.cas.actions;

import com.centit.framework.cas.audit.AuditPolicy;
import com.centit.framework.cas.audit.LoginLogger;
import com.centit.framework.cas.config.StrategyProperties;
import com.centit.framework.cas.model.AbstractPasswordCredential;
import com.centit.framework.cas.model.ComplexAuthCredential;
import com.centit.support.algorithm.NumberBaseOpt;
import com.centit.support.algorithm.StringBaseOpt;
import com.centit.support.image.CaptchaImageUtil;
import java.util.HashMap;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.adaptive.UnauthorizedAuthenticationException;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.CasWebflowConstants;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.core.collection.LocalAttributeMap;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/centit-cas-login-plugin-1.2-SNAPSHOT.jar:com/centit/framework/cas/actions/AbstractComplexAuthenticationAction.class */
public abstract class AbstractComplexAuthenticationAction extends AbstractAction {
    private String supportAuthType;
    private AuditPolicy auditPolicy;
    private LoginLogger loginLogger;
    private StrategyProperties strategyConfig;
    private final CasDelegatingWebflowEventResolver initialAuthenticationAttemptWebflowEventResolver;
    private final AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy;
    private final CasWebflowEventResolver serviceTicketRequestWebflowEventResolver;

    public AbstractComplexAuthenticationAction(CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver, CasWebflowEventResolver casWebflowEventResolver, AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy) {
        this.initialAuthenticationAttemptWebflowEventResolver = casDelegatingWebflowEventResolver;
        this.serviceTicketRequestWebflowEventResolver = casWebflowEventResolver;
        this.adaptiveAuthenticationPolicy = adaptiveAuthenticationPolicy;
    }

    public void setSupportAuthType(String str) {
        this.supportAuthType = str;
    }

    public abstract ComplexAuthCredential doPrepareExecute(RequestContext requestContext);

    protected Event makeError(RequestContext requestContext, String str, String str2) {
        requestContext.getMessageContext().addMessage(new MessageBuilder().error().code(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE).source(str).defaultText(str2).build());
        AuthenticationException authenticationException = new AuthenticationException(str2, CollectionUtils.wrap(AuthenticationException.class.getSimpleName(), AuthenticationException.class), new HashMap(0));
        onFailedLogin(requestContext);
        return new Event(this, CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, new LocalAttributeMap("error", authenticationException));
    }

    @Override // org.springframework.webflow.action.AbstractAction
    protected Event doExecute(RequestContext requestContext) {
        ComplexAuthCredential doPrepareExecute = doPrepareExecute(requestContext);
        if (doPrepareExecute == null) {
            return makeError(requestContext, "credentialError", "请输入正确的验证信息！");
        }
        HttpSession session = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext).getSession();
        session.setAttribute("_currentAuthType", doPrepareExecute.getAuthType());
        if (StringUtils.isNotBlank(doPrepareExecute.getAuthType()) && !StringUtils.equals(this.supportAuthType, doPrepareExecute.getAuthType())) {
            return new Event(this, "changeAuth");
        }
        String checkInput = doPrepareExecute.checkInput();
        if (StringUtils.isNotBlank(checkInput)) {
            return makeError(requestContext, "inputError", checkInput);
        }
        requestContext.getFlowScope().put("credential", doPrepareExecute);
        if (doPrepareExecute instanceof AbstractPasswordCredential) {
            String castObjectToString = StringBaseOpt.castObjectToString(session.getAttribute(CaptchaImageUtil.SESSIONCHECKCODE));
            if (StringUtils.isNotBlank(castObjectToString) && !CaptchaImageUtil.checkcodeMatch(castObjectToString, ((AbstractPasswordCredential) doPrepareExecute).getValidateCode())) {
                return makeError(requestContext, "captchaError", "验证码输入错误！");
            }
        }
        String httpServletRequestUserAgentFromRequestContext = WebUtils.getHttpServletRequestUserAgentFromRequestContext();
        GeoLocationRequest httpServletRequestGeoLocationFromRequestContext = WebUtils.getHttpServletRequestGeoLocationFromRequestContext();
        if (!this.adaptiveAuthenticationPolicy.apply(httpServletRequestUserAgentFromRequestContext, httpServletRequestGeoLocationFromRequestContext)) {
            return new Event(this, CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, new LocalAttributeMap("error", new AuthenticationException("Adaptive authentication policy does not allow this request for " + httpServletRequestUserAgentFromRequestContext + " and " + httpServletRequestGeoLocationFromRequestContext, CollectionUtils.wrap(UnauthorizedAuthenticationException.class.getSimpleName(), UnauthorizedAuthenticationException.class), new HashMap(0))));
        }
        Event resolveSingle = this.serviceTicketRequestWebflowEventResolver.resolveSingle(requestContext);
        if (resolveSingle != null) {
            fireEventHooks(resolveSingle, requestContext);
            return resolveSingle;
        }
        Event resolveSingle2 = this.initialAuthenticationAttemptWebflowEventResolver.resolveSingle(requestContext);
        if (resolveSingle2.getId().equals("success")) {
            Authentication authentication = WebUtils.getAuthentication(requestContext);
            if (this.auditPolicy != null && !this.auditPolicy.apply(doPrepareExecute, authentication, requestContext)) {
                resolveSingle2 = makeError(requestContext, "autidNotPass", "IP地址和Mac地址审核不通过!");
            }
        }
        fireEventHooks(resolveSingle2, requestContext);
        return resolveSingle2;
    }

    private void fireEventHooks(Event event, RequestContext requestContext) {
        String id = event.getId();
        boolean z = -1;
        switch (id.hashCode()) {
            case -1867169789:
                if (id.equals("success")) {
                    z = 2;
                    break;
                }
                break;
            case 3641990:
                if (id.equals("warn")) {
                    z = true;
                    break;
                }
                break;
            case 96784904:
                if (id.equals("error")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                onError(requestContext);
                return;
            case true:
                onWarn(requestContext);
                return;
            case true:
                onSuccess(requestContext);
                return;
            default:
                onFailedLogin(requestContext);
                return;
        }
    }

    protected void onWarn(RequestContext requestContext) {
        this.loginLogger.logWarn((ComplexAuthCredential) WebUtils.getCredential(requestContext), ClientInfoHolder.getClientInfo());
    }

    protected void onSuccess(RequestContext requestContext) {
        this.loginLogger.logSuccess((ComplexAuthCredential) WebUtils.getCredential(requestContext), ClientInfoHolder.getClientInfo(), WebUtils.getAuthentication(requestContext));
    }

    protected void onError(RequestContext requestContext) {
        this.loginLogger.logError((ComplexAuthCredential) WebUtils.getCredential(requestContext), ClientInfoHolder.getClientInfo());
    }

    protected void onFailedLogin(RequestContext requestContext) {
        this.loginLogger.logFailedLogin((ComplexAuthCredential) WebUtils.getCredential(requestContext), ClientInfoHolder.getClientInfo());
        HttpSession session = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext).getSession();
        int intValue = NumberBaseOpt.castObjectToInteger(session.getAttribute("_failValidateTimes"), 0).intValue() + 1;
        if (intValue >= this.strategyConfig.getMaxFailTimesBeforeValidateCode().intValue()) {
            session.setAttribute("_needValidateCode", true);
            session.setAttribute(CaptchaImageUtil.SESSIONCHECKCODE, "session_checkcode_need_change");
        } else {
            session.setAttribute("_needValidateCode", false);
        }
        session.setAttribute("_failValidateTimes", Integer.valueOf(intValue));
    }

    public void setAuditPolicy(AuditPolicy auditPolicy) {
        this.auditPolicy = auditPolicy;
    }

    public void setLoginLogger(LoginLogger loginLogger) {
        this.loginLogger = loginLogger;
    }

    public void setStrategyConfig(StrategyProperties strategyProperties) {
        this.strategyConfig = strategyProperties;
    }
}
