package org.apereo.cas.adaptors.duo.authn.api;

import com.duosecurity.client.Http;
import javax.annotation.PostConstruct;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpMethod;
import org.springframework.util.Assert;

/* loaded from: input_file:org/apereo/cas/adaptors/duo/authn/api/DuoApiAuthenticationService.class */
public class DuoApiAuthenticationService {
    private static final int API_VERSION = 2;
    private transient Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private CasConfigurationProperties casProperties;

    @PostConstruct
    private void initialize() {
        Assert.hasLength(this.casProperties.getAuthn().getMfa().getDuo().getDuoApiHost(), "Duo API host cannot be blank");
        Assert.hasLength(this.casProperties.getAuthn().getMfa().getDuo().getDuoIntegrationKey(), "Duo integration key cannot be blank");
        Assert.hasLength(this.casProperties.getAuthn().getMfa().getDuo().getDuoSecretKey(), "Duo secret key cannot be blank");
        Assert.hasLength(this.casProperties.getAuthn().getMfa().getDuo().getDuoApplicationKey(), "Duo application key cannot be blank");
    }

    public boolean authenticate(DuoApiCredential duoApiCredential) {
        try {
            Principal principal = duoApiCredential.getAuthentication().getPrincipal();
            Http http = new Http(HttpMethod.POST.name(), this.casProperties.getAuthn().getMfa().getDuo().getDuoApiHost(), "/auth/v2/auth");
            http.addParam("username", principal.getId());
            http.addParam("factor", "auto");
            http.addParam("device", "auto");
            http.signRequest(this.casProperties.getAuthn().getMfa().getDuo().getDuoIntegrationKey(), this.casProperties.getAuthn().getMfa().getDuo().getDuoSecretKey(), API_VERSION);
            JSONObject jSONObject = (JSONObject) http.executeRequest();
            this.logger.debug("Duo authentication response: {}", jSONObject);
            return "allow".equalsIgnoreCase(jSONObject.getString("result"));
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
            return false;
        }
    }
}
