package org.jasig.cas.adaptors.radius.authentication.handler.support;

import java.security.GeneralSecurityException;
import java.util.List;
import javax.security.auth.login.FailedLoginException;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
import org.jasig.cas.adaptors.radius.RadiusServer;
import org.jasig.cas.authentication.HandlerResult;
import org.jasig.cas.authentication.PreventedException;
import org.jasig.cas.authentication.UsernamePasswordCredential;
import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.jasig.cas.authentication.principal.SimplePrincipal;

/* loaded from: input_file:org/jasig/cas/adaptors/radius/authentication/handler/support/RadiusAuthenticationHandler.class */
public class RadiusAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {

    @NotNull
    @Size(min = 1)
    private List<RadiusServer> servers;
    private boolean failoverOnException;
    private boolean failoverOnAuthenticationFailure;

    protected final HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential) throws GeneralSecurityException, PreventedException {
        String username = usernamePasswordCredential.getUsername();
        for (RadiusServer radiusServer : this.servers) {
            this.logger.debug("Attempting to authenticate {} at {}", username, radiusServer);
            try {
            } catch (PreventedException e) {
                if (!this.failoverOnException) {
                    throw e;
                }
                this.logger.warn("failoverOnException enabled -- trying next server.", e);
            }
            if (radiusServer.authenticate(username, usernamePasswordCredential.getPassword())) {
                return createHandlerResult(usernamePasswordCredential, new SimplePrincipal(username), null);
            }
            if (!this.failoverOnAuthenticationFailure) {
                throw new FailedLoginException();
            }
            this.logger.debug("failoverOnAuthenticationFailure enabled -- trying next server");
        }
        throw new FailedLoginException();
    }

    public final void setFailoverOnAuthenticationFailure(boolean z) {
        this.failoverOnAuthenticationFailure = z;
    }

    public final void setFailoverOnException(boolean z) {
        this.failoverOnException = z;
    }

    public final void setServers(List<RadiusServer> list) {
        this.servers = list;
    }
}
