package org.apereo.cas.web;

import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.http.client.utils.URIBuilder;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.ticket.TransientSessionTicket;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext;
import org.apereo.cas.web.view.DynamicHtmlView;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.http.RedirectionAction;
import org.pac4j.core.exception.http.WithContentAction;
import org.pac4j.core.exception.http.WithLocationAction;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.stereotype.Controller;
import org.springframework.web.servlet.View;
import org.springframework.web.servlet.view.RedirectView;

@Controller
/* loaded from: input_file:org/apereo/cas/web/BaseDelegatedAuthenticationController.class */
public abstract class BaseDelegatedAuthenticationController {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(BaseDelegatedAuthenticationController.class);
    protected static final String ENDPOINT_RESPONSE = "login/{clientName}";
    private final DelegatedClientAuthenticationConfigurationContext configurationContext;

    protected Optional<RedirectionAction> getRedirectionAction(IndirectClient indirectClient, WebContext webContext, TransientSessionTicket transientSessionTicket) {
        Map properties = transientSessionTicket.getProperties();
        if (properties.containsKey("ForceAuthn")) {
            webContext.setRequestAttribute("ForceAuthn", true);
        }
        if (properties.containsKey("Passive")) {
            webContext.setRequestAttribute("Passive", true);
        }
        if (transientSessionTicket.getService() != null) {
            configureWebContextForRegisteredService(webContext, transientSessionTicket);
        }
        this.configurationContext.getDelegatedClientAuthenticationRequestCustomizers().stream().sorted(AnnotationAwareOrderComparator.INSTANCE).filter(delegatedClientAuthenticationRequestCustomizer -> {
            return delegatedClientAuthenticationRequestCustomizer.supports(indirectClient, webContext);
        }).forEach(delegatedClientAuthenticationRequestCustomizer2 -> {
            delegatedClientAuthenticationRequestCustomizer2.customize(indirectClient, webContext);
        });
        return indirectClient.getRedirectionActionBuilder().getRedirectionAction(webContext, this.configurationContext.getSessionStore());
    }

    protected void configureWebContextForRegisteredServiceProperties(RegisteredService registeredService, WebContext webContext, List<RegisteredServiceProperty.RegisteredServiceProperties> list) {
        list.stream().filter(registeredServiceProperties -> {
            return registeredServiceProperties.isAssignedTo(registeredService);
        }).forEach(registeredServiceProperties2 -> {
            webContext.setRequestAttribute(registeredServiceProperties2.getPropertyName(), registeredServiceProperties2.getTypedPropertyValue(registeredService));
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public View buildRedirectViewBackToFlow(String str, HttpServletRequest httpServletRequest) throws Exception {
        URIBuilder uRIBuilder = new URIBuilder(this.configurationContext.getCasProperties().getServer().getLoginUrl());
        httpServletRequest.getParameterMap().forEach((str2, strArr) -> {
            uRIBuilder.addParameter(str2, httpServletRequest.getParameter(str2));
        });
        uRIBuilder.addParameter("client_name", str);
        String uRIBuilder2 = uRIBuilder.toString();
        LOGGER.debug("Received response from client [{}]; Redirecting to [{}]", str, uRIBuilder2);
        return new RedirectView(uRIBuilder2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public View getResultingView(IndirectClient indirectClient, WebContext webContext, TransientSessionTicket transientSessionTicket) throws Exception {
        indirectClient.init();
        if (!indirectClient.isInitialized()) {
            throw new IllegalStateException("Unable to initialize client " + indirectClient.getName() + ". Verify the client configuration details.");
        }
        Optional<RedirectionAction> redirectionAction = getRedirectionAction(indirectClient, webContext, transientSessionTicket);
        if (redirectionAction.isPresent()) {
            RedirectionAction redirectionAction2 = redirectionAction.get();
            LOGGER.debug("Determined final redirect action for client [{}] as [{}]", indirectClient, redirectionAction2);
            if (redirectionAction2 instanceof WithLocationAction) {
                String uRIBuilder = new URIBuilder(((WithLocationAction) WithLocationAction.class.cast(redirectionAction2)).getLocation()).toString();
                LOGGER.debug("Redirecting client [{}] to [{}] based on identifier [{}]", new Object[]{indirectClient.getName(), uRIBuilder, transientSessionTicket.getId()});
                return new RedirectView(uRIBuilder);
            }
            if (redirectionAction2 instanceof WithContentAction) {
                return new DynamicHtmlView(((WithContentAction) WithContentAction.class.cast(redirectionAction2)).getContent());
            }
        }
        LOGGER.warn("Unable to determine redirect action for client [{}]", indirectClient);
        return null;
    }

    protected void configureWebContextForRegisteredService(WebContext webContext, TransientSessionTicket transientSessionTicket) {
        RegisteredService findServiceBy = this.configurationContext.getServicesManager().findServiceBy(transientSessionTicket.getService());
        this.configurationContext.getRegisteredServiceAccessStrategyEnforcer().execute(AuditableContext.builder().service(transientSessionTicket.getService()).registeredService(findServiceBy).build()).throwExceptionIfNeeded();
        if (findServiceBy.getProperties().isEmpty()) {
            return;
        }
        configureWebContextForRegisteredServiceProperties(findServiceBy, webContext, (List) Arrays.stream(RegisteredServiceProperty.RegisteredServiceProperties.values()).filter(registeredServiceProperties -> {
            return registeredServiceProperties.isMemberOf(RegisteredServiceProperty.RegisteredServicePropertyGroups.DELEGATED_AUTHN);
        }).collect(Collectors.toList()));
        configureWebContextForRegisteredServiceProperties(findServiceBy, webContext, (List) Arrays.stream(RegisteredServiceProperty.RegisteredServiceProperties.values()).filter(registeredServiceProperties2 -> {
            return registeredServiceProperties2.isMemberOf(RegisteredServiceProperty.RegisteredServicePropertyGroups.DELEGATED_AUTHN_SAML2);
        }).collect(Collectors.toList()));
        configureWebContextForRegisteredServiceProperties(findServiceBy, webContext, (List) Arrays.stream(RegisteredServiceProperty.RegisteredServiceProperties.values()).filter(registeredServiceProperties3 -> {
            return registeredServiceProperties3.isMemberOf(RegisteredServiceProperty.RegisteredServicePropertyGroups.DELEGATED_AUTHN_OIDC);
        }).collect(Collectors.toList()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Generated
    public BaseDelegatedAuthenticationController(DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext) {
        this.configurationContext = delegatedClientAuthenticationConfigurationContext;
    }

    @Generated
    public DelegatedClientAuthenticationConfigurationContext getConfigurationContext() {
        return this.configurationContext;
    }
}
