package org.apereo.cas.okta;

import com.okta.authn.sdk.client.AuthenticationClient;
import java.security.GeneralSecurityException;
import java.util.Objects;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.configuration.model.support.okta.OktaAuthenticationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.LoggingUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/okta/OktaAuthenticationHandler.class */
public class OktaAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(OktaAuthenticationHandler.class);
    private final OktaAuthenticationProperties properties;
    private final AuthenticationClient oktaAuthenticationClient;

    public OktaAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, OktaAuthenticationProperties oktaAuthenticationProperties, AuthenticationClient authenticationClient) {
        super(str, servicesManager, principalFactory, Integer.valueOf(oktaAuthenticationProperties.getOrder()));
        this.properties = oktaAuthenticationProperties;
        this.oktaAuthenticationClient = authenticationClient;
    }

    protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential, String str) throws GeneralSecurityException {
        try {
            String username = usernamePasswordCredential.getUsername();
            OktaAuthenticationStateHandlerAdapter oktaAuthenticationStateHandlerAdapter = new OktaAuthenticationStateHandlerAdapter(getPasswordPolicyHandlingStrategy(), getPasswordPolicyConfiguration());
            Objects.requireNonNull(this.oktaAuthenticationClient.authenticate(username, usernamePasswordCredential.getPassword(), (String) null, oktaAuthenticationStateHandlerAdapter), "Authentication response cannot be null");
            oktaAuthenticationStateHandlerAdapter.throwExceptionIfNecessary();
            LOGGER.debug("Created principal for id [{}] and [{}] attributes", oktaAuthenticationStateHandlerAdapter.getUsername(), oktaAuthenticationStateHandlerAdapter.getUserAttributes());
            return createHandlerResult(usernamePasswordCredential, this.principalFactory.createPrincipal(oktaAuthenticationStateHandlerAdapter.getUsername(), oktaAuthenticationStateHandlerAdapter.getUserAttributes()), oktaAuthenticationStateHandlerAdapter.getWarnings());
        } catch (Throwable th) {
            LoggingUtils.error(LOGGER, th);
            throw new FailedLoginException("Invalid credentials: " + th.getMessage());
        }
    }

    @Generated
    public OktaAuthenticationProperties getProperties() {
        return this.properties;
    }

    @Generated
    public AuthenticationClient getOktaAuthenticationClient() {
        return this.oktaAuthenticationClient;
    }
}
