package org.apereo.cas.adaptors.duo.authn.web;

import java.security.GeneralSecurityException;
import java.util.ArrayList;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.HandlerResult;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;

/* loaded from: input_file:org/apereo/cas/adaptors/duo/authn/web/DuoAuthenticationHandler.class */
public class DuoAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {
    private DuoAuthenticationService duoAuthenticationService;

    protected HandlerResult doAuthentication(Credential credential) throws GeneralSecurityException, PreventedException {
        try {
            DuoCredential duoCredential = (DuoCredential) credential;
            if (!duoCredential.isValid()) {
                throw new GeneralSecurityException("Duo credential validation failed. Ensure a username  and the signed Duo response is configured and passed. Credential received: " + duoCredential);
            }
            String authenticate = this.duoAuthenticationService.authenticate(duoCredential.getSignedDuoResponse());
            this.logger.debug("Response from Duo verify: [{}]", authenticate);
            String username = duoCredential.getUsername();
            if (!authenticate.equals(username)) {
                throw new FailedLoginException("Duo authentication username " + username + " does not match Duo response: " + authenticate);
            }
            this.logger.info("Successful Duo authentication for [{}]", username);
            return createHandlerResult(credential, this.principalFactory.createPrincipal(authenticate), new ArrayList());
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
            throw new FailedLoginException(e.getMessage());
        }
    }

    public boolean supports(Credential credential) {
        return DuoCredential.class.isAssignableFrom(credential.getClass());
    }

    public void setDuoAuthenticationService(DuoAuthenticationService duoAuthenticationService) {
        this.duoAuthenticationService = duoAuthenticationService;
    }
}
