package org.apereo.cas.authentication.policy;

import java.security.GeneralSecurityException;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationPolicy;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:BOOT-INF/lib/cas-server-core-authentication-api-5.3.10.jar:org/apereo/cas/authentication/policy/RestfulAuthenticationPolicy.class */
public class RestfulAuthenticationPolicy implements AuthenticationPolicy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RestfulAuthenticationPolicy.class);
    private final transient RestTemplate restTemplate;
    private final String endpoint;

    @Override // org.apereo.cas.authentication.AuthenticationPolicy
    public boolean isSatisfiedBy(Authentication authentication) throws Exception {
        Principal principal = authentication.getPrincipal();
        try {
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.setAccept(CollectionUtils.wrap(MediaType.APPLICATION_JSON));
            HttpEntity<?> httpEntity = new HttpEntity<>(principal, httpHeaders);
            LOGGER.debug("Checking authentication policy for [{}] via POST at [{}]", principal, this.endpoint);
            ResponseEntity exchange = this.restTemplate.exchange(this.endpoint, HttpMethod.POST, httpEntity, String.class, new Object[0]);
            if (exchange == null) {
                LOGGER.warn("[{}] returned no responses", this.endpoint);
                throw new GeneralSecurityException("No response returned from REST endpoint to determine authentication policy");
            }
            HttpStatus statusCode = exchange.getStatusCode();
            if (statusCode != HttpStatus.OK) {
                throw new GeneralSecurityException(handleResponseStatusCode(statusCode, principal));
            }
            return true;
        } catch (HttpClientErrorException e) {
            throw new GeneralSecurityException(handleResponseStatusCode(e.getStatusCode(), principal));
        }
    }

    private Exception handleResponseStatusCode(HttpStatus httpStatus, Principal principal) {
        return (httpStatus == HttpStatus.FORBIDDEN || httpStatus == HttpStatus.METHOD_NOT_ALLOWED) ? new AccountDisabledException("Could not authenticate forbidden account for " + principal.getId()) : httpStatus == HttpStatus.UNAUTHORIZED ? new FailedLoginException("Could not authenticate account for " + principal.getId()) : httpStatus == HttpStatus.NOT_FOUND ? new AccountNotFoundException("Could not locate account for " + principal.getId()) : httpStatus == HttpStatus.LOCKED ? new AccountLockedException("Could not authenticate locked account for " + principal.getId()) : httpStatus == HttpStatus.PRECONDITION_FAILED ? new AccountExpiredException("Could not authenticate expired account for " + principal.getId()) : httpStatus == HttpStatus.PRECONDITION_REQUIRED ? new AccountPasswordMustChangeException("Account password must change for " + principal.getId()) : new FailedLoginException("Rest endpoint returned an unknown status code " + httpStatus);
    }

    @Generated
    public RestfulAuthenticationPolicy(RestTemplate restTemplate, String str) {
        this.restTemplate = restTemplate;
        this.endpoint = str;
    }
}
