package org.apereo.cas.adaptors.jdbc;

import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import javax.sql.DataSource;
import lombok.Generated;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.configuration.model.support.jdbc.authn.QueryJdbcAuthenticationProperties;
import org.apereo.cas.monitor.Monitorable;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.IncorrectResultSizeDataAccessException;

@Monitorable
/* loaded from: input_file:org/apereo/cas/adaptors/jdbc/QueryDatabaseAuthenticationHandler.class */
public class QueryDatabaseAuthenticationHandler extends AbstractJdbcUsernamePasswordAuthenticationHandler<QueryJdbcAuthenticationProperties> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(QueryDatabaseAuthenticationHandler.class);

    public QueryDatabaseAuthenticationHandler(QueryJdbcAuthenticationProperties queryJdbcAuthenticationProperties, ServicesManager servicesManager, PrincipalFactory principalFactory, DataSource dataSource) {
        super(queryJdbcAuthenticationProperties, servicesManager, principalFactory, dataSource);
        if (StringUtils.isBlank(queryJdbcAuthenticationProperties.getFieldPassword())) {
            LOGGER.warn("When the password field is left undefined, CAS will skip comparing database and user passwords for equality , (specially if the query results do not contain the password field),and will instead only rely on a successful query execution with returned results in order to verify credentials");
        }
    }

    protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential, String str) throws Throwable {
        String username = usernamePasswordCredential.getUsername();
        String password = usernamePasswordCredential.toPassword();
        try {
            Map<String, Object> query = query(usernamePasswordCredential);
            if (query.containsKey(this.properties.getFieldPassword())) {
                String str2 = (String) query.get(this.properties.getFieldPassword());
                boolean z = StringUtils.isNotBlank(str) && !matches(str, str2);
                boolean z2 = StringUtils.isBlank(str) && !StringUtils.equals(password, str2);
                if (z || z2) {
                    throw new FailedLoginException("Password does not match value on record.");
                }
            } else {
                LOGGER.debug("Password field is not found in the query results. Checking for result count...");
                if (!query.containsKey("total")) {
                    throw new FailedLoginException("Missing field 'total' from the query results for " + username);
                }
                Object obj = query.get("total");
                if (obj == null || !NumberUtils.isCreatable(obj.toString())) {
                    throw new FailedLoginException("Missing field value 'total' from the query results for " + username + " or value not parseable as a number");
                }
                if (NumberUtils.createNumber(obj.toString()).longValue() != 1) {
                    throw new FailedLoginException("No records found for user " + username);
                }
            }
            if (StringUtils.isNotBlank(this.properties.getFieldDisabled()) && query.containsKey(this.properties.getFieldDisabled())) {
                String obj2 = query.get(this.properties.getFieldDisabled()).toString();
                if (BooleanUtils.toBoolean(obj2) || "1".equals(obj2)) {
                    throw new AccountDisabledException("Account has been disabled");
                }
            }
            if (StringUtils.isNotBlank(this.properties.getFieldExpired()) && query.containsKey(this.properties.getFieldExpired())) {
                String obj3 = query.get(this.properties.getFieldExpired()).toString();
                if (BooleanUtils.toBoolean(obj3) || "1".equals(obj3)) {
                    throw new AccountPasswordMustChangeException("Password has expired");
                }
            }
            return createHandlerResult(usernamePasswordCredential, this.principalFactory.createPrincipal(username, collectPrincipalAttributes(query)), new ArrayList(0));
        } catch (DataAccessException e) {
            throw new PreventedException(e);
        } catch (IncorrectResultSizeDataAccessException e2) {
            if (e2.getActualSize() == 0) {
                throw new AccountNotFoundException(username + " not found with SQL query");
            }
            throw new FailedLoginException("Multiple records found for " + username);
        }
    }

    protected Map<String, Object> query(UsernamePasswordCredential usernamePasswordCredential) {
        String resolve = SpringExpressionLanguageValueResolver.getInstance().resolve(this.properties.getSql());
        if (resolve.contains("?")) {
            return getJdbcTemplate().queryForMap(resolve, new Object[]{usernamePasswordCredential.getUsername()});
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("username", usernamePasswordCredential.getUsername());
        linkedHashMap.put("password", usernamePasswordCredential.toPassword());
        return getNamedParameterJdbcTemplate().queryForMap(resolve, linkedHashMap);
    }
}
