package org.apereo.cas.support.pac4j.web.flow;

import java.io.Serializable;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.principal.ClientCredential;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.web.support.WebUtils;
import org.pac4j.core.client.BaseClient;
import org.pac4j.core.client.Clients;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.exception.HttpAction;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/support/pac4j/web/flow/DelegatedClientAuthenticationAction.class */
public class DelegatedClientAuthenticationAction extends AbstractAction {
    public static final String STOP_WEBFLOW = "stopWebflow";
    public static final String STOP = "stop";
    public static final String CLIENT_ACTION = "clientAction";
    public static final String PAC4J_URLS = "pac4jUrls";
    public static final String VIEW_ID_STOP_WEBFLOW = "casPac4jStopWebflow";
    private static final Logger LOGGER = LoggerFactory.getLogger(DelegatedClientAuthenticationAction.class);
    private static final Pattern PAC4J_CLIENT_SUFFIX_PATTERN = Pattern.compile("Client\\d*");
    private final Clients clients;
    private final AuthenticationSystemSupport authenticationSystemSupport;
    private final CentralAuthenticationService centralAuthenticationService;
    private final String themeParamName;
    private final String localParamName;
    private final boolean autoRedirect;

    /* loaded from: input_file:org/apereo/cas/support/pac4j/web/flow/DelegatedClientAuthenticationAction$ProviderLoginPageConfiguration.class */
    public static class ProviderLoginPageConfiguration implements Serializable {
        private static final long serialVersionUID = 6216882278086699364L;
        private final String name;
        private final String redirectUrl;
        private final String type;

        ProviderLoginPageConfiguration(String str, String str2, String str3) {
            this.name = str;
            this.redirectUrl = str2;
            this.type = str3;
        }

        public String getName() {
            return this.name;
        }

        public String getRedirectUrl() {
            return this.redirectUrl;
        }

        public String getType() {
            return this.type;
        }
    }

    public DelegatedClientAuthenticationAction(Clients clients, AuthenticationSystemSupport authenticationSystemSupport, CentralAuthenticationService centralAuthenticationService, String str, String str2, boolean z) {
        this.clients = clients;
        this.authenticationSystemSupport = authenticationSystemSupport;
        this.centralAuthenticationService = centralAuthenticationService;
        this.themeParamName = str;
        this.localParamName = str2;
        this.autoRedirect = z;
    }

    protected Event doExecute(RequestContext requestContext) throws Exception {
        Set set;
        HttpServletRequest httpServletRequest = WebUtils.getHttpServletRequest(requestContext);
        HttpServletResponse httpServletResponse = WebUtils.getHttpServletResponse(requestContext);
        HttpSession session = httpServletRequest.getSession();
        J2EContext pac4jJ2EContext = WebUtils.getPac4jJ2EContext(httpServletRequest, httpServletResponse);
        String parameter = httpServletRequest.getParameter(this.clients.getClientNameParameter());
        LOGGER.debug("clientName: [{}]", parameter);
        if (hasDelegationRequestFailed(httpServletRequest, httpServletResponse.getStatus()).isPresent()) {
            return stopWebflow();
        }
        if (StringUtils.isNotBlank(parameter)) {
            BaseClient findClient = this.clients.findClient(parameter);
            LOGGER.debug("Client: [{}]", findClient);
            try {
                Credentials credentials = findClient.getCredentials(pac4jJ2EContext);
                LOGGER.debug("Retrieved credentials: [{}]", credentials);
                Service service = (Service) session.getAttribute("service");
                requestContext.getFlowScope().put("service", service);
                LOGGER.debug("Retrieve service: [{}]", service);
                if (service != null) {
                    httpServletRequest.setAttribute("service", service.getId());
                }
                restoreRequestAttribute(httpServletRequest, session, this.themeParamName);
                restoreRequestAttribute(httpServletRequest, session, this.localParamName);
                restoreRequestAttribute(httpServletRequest, session, "method");
                if (credentials != null) {
                    WebUtils.putTicketGrantingTicketInScopes(requestContext, this.centralAuthenticationService.createTicketGrantingTicket(this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, new Credential[]{new ClientCredential(credentials)})));
                    return success();
                }
            } catch (Exception e) {
                LOGGER.debug("The request requires http action", e);
                return stopWebflow();
            }
        }
        prepareForLoginPage(requestContext);
        if (httpServletResponse.getStatus() == HttpStatus.UNAUTHORIZED.value()) {
            return stopWebflow();
        }
        if (!this.autoRedirect || (set = (Set) requestContext.getFlowScope().get(PAC4J_URLS, Set.class)) == null || set.size() != 1) {
            return error();
        }
        ProviderLoginPageConfiguration providerLoginPageConfiguration = (ProviderLoginPageConfiguration) set.stream().findFirst().get();
        LOGGER.debug("Auto-redirecting to client url [{}]", providerLoginPageConfiguration.getRedirectUrl());
        httpServletResponse.sendRedirect(providerLoginPageConfiguration.getRedirectUrl());
        requestContext.getExternalContext().recordResponseComplete();
        return stopWebflow();
    }

    protected void prepareForLoginPage(RequestContext requestContext) throws HttpAction {
        HttpServletRequest httpServletRequest = WebUtils.getHttpServletRequest(requestContext);
        HttpServletResponse httpServletResponse = WebUtils.getHttpServletResponse(requestContext);
        HttpSession session = httpServletRequest.getSession();
        J2EContext pac4jJ2EContext = WebUtils.getPac4jJ2EContext(httpServletRequest, httpServletResponse);
        WebApplicationService service = WebUtils.getService(requestContext);
        LOGGER.debug("save service: [{}]", service);
        session.setAttribute("service", service);
        saveRequestParameter(httpServletRequest, session, this.themeParamName);
        saveRequestParameter(httpServletRequest, session, this.localParamName);
        saveRequestParameter(httpServletRequest, session, "method");
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        this.clients.findAllClients().stream().filter(client -> {
            return client instanceof IndirectClient;
        }).forEach(client2 -> {
            try {
                String name = client2.getName();
                String lowerCase = PAC4J_CLIENT_SUFFIX_PATTERN.matcher(client2.getClass().getSimpleName()).replaceAll("").toLowerCase();
                String location = ((IndirectClient) client2).getRedirectAction(pac4jJ2EContext).getLocation();
                LOGGER.debug("[{}] -> [{}]", name, location);
                linkedHashSet.add(new ProviderLoginPageConfiguration(name, location, lowerCase));
            } catch (HttpAction e) {
                if (e.getCode() == HttpStatus.UNAUTHORIZED.value()) {
                    LOGGER.debug("Authentication request was denied from the provider [{}]", client2.getName());
                } else {
                    LOGGER.warn(e.getMessage(), e);
                }
            } catch (Exception e2) {
                LOGGER.error("Cannot process client [{}]", client2, e2);
            }
        });
        if (!linkedHashSet.isEmpty()) {
            requestContext.getFlowScope().put(PAC4J_URLS, linkedHashSet);
        } else if (httpServletResponse.getStatus() != HttpStatus.UNAUTHORIZED.value()) {
            LOGGER.warn("No clients could be determined based on the provided configuration");
        }
    }

    private static void restoreRequestAttribute(HttpServletRequest httpServletRequest, HttpSession httpSession, String str) {
        httpServletRequest.setAttribute(str, (String) httpSession.getAttribute(str));
    }

    private static void saveRequestParameter(HttpServletRequest httpServletRequest, HttpSession httpSession, String str) {
        String parameter = httpServletRequest.getParameter(str);
        if (parameter != null) {
            httpSession.setAttribute(str, parameter);
        }
    }

    private Event stopWebflow() {
        return new Event(this, STOP);
    }

    public static Optional<ModelAndView> hasDelegationRequestFailed(HttpServletRequest httpServletRequest, int i) {
        Map parameterMap = httpServletRequest.getParameterMap();
        if (!parameterMap.containsKey("error") && !parameterMap.containsKey("error_code") && !parameterMap.containsKey("error_description") && !parameterMap.containsKey("error_message")) {
            return Optional.empty();
        }
        HashMap hashMap = new HashMap();
        if (parameterMap.containsKey("error_code")) {
            hashMap.put("code", StringEscapeUtils.escapeHtml4(httpServletRequest.getParameter("error_code")));
        } else {
            hashMap.put("code", Integer.valueOf(i));
        }
        hashMap.put("error", StringEscapeUtils.escapeHtml4(httpServletRequest.getParameter("error")));
        hashMap.put("reason", StringEscapeUtils.escapeHtml4(httpServletRequest.getParameter("error_reason")));
        if (parameterMap.containsKey("error_description")) {
            hashMap.put("description", StringEscapeUtils.escapeHtml4(httpServletRequest.getParameter("error_description")));
        } else if (parameterMap.containsKey("error_message")) {
            hashMap.put("description", StringEscapeUtils.escapeHtml4(httpServletRequest.getParameter("error_message")));
        }
        hashMap.put("service", httpServletRequest.getAttribute("service"));
        hashMap.put("client", StringEscapeUtils.escapeHtml4(httpServletRequest.getParameter("client_name")));
        LOGGER.debug("Delegation request has failed. Details are [{}]", hashMap);
        return Optional.of(new ModelAndView(VIEW_ID_STOP_WEBFLOW, hashMap));
    }
}
