package org.apereo.cas.web.flow.actions;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.hc.core5.net.URIBuilder;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.authentication.principal.provision.DelegatedAuthenticationFailureException;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.ticket.TransientSessionTicket;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationWebflowManager;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.cas.web.view.DynamicHtmlView;
import org.jooq.lambda.Unchecked;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.http.RedirectionAction;
import org.pac4j.core.exception.http.WithContentAction;
import org.pac4j.core.exception.http.WithLocationAction;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/actions/DelegatedClientAuthenticationRedirectAction.class */
public class DelegatedClientAuthenticationRedirectAction extends BaseCasWebflowAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DelegatedClientAuthenticationRedirectAction.class);
    protected final DelegatedClientAuthenticationConfigurationContext configContext;
    protected final DelegatedClientAuthenticationWebflowManager delegatedClientAuthenticationWebflowManager;

    protected Event doExecuteInternal(RequestContext requestContext) throws Throwable {
        TransientSessionTicket transientSessionTicket = (TransientSessionTicket) requestContext.getFlowScope().get(TransientSessionTicket.class.getName(), TransientSessionTicket.class);
        IndirectClient locateClientIdentityProvider = locateClientIdentityProvider(transientSessionTicket);
        initializeClientIdentityProvider(locateClientIdentityProvider);
        RedirectionAction redirectionAction = getRedirectionAction(transientSessionTicket, requestContext);
        LOGGER.debug("Determined final redirect action for client [{}] as [{}]", locateClientIdentityProvider, redirectionAction.toString());
        if (redirectionAction instanceof WithLocationAction) {
            LOGGER.debug("Redirecting client [{}] based on identifier [{}]", locateClientIdentityProvider.getName(), transientSessionTicket.getId());
            handleIdentityProviderWithExternalRedirect(requestContext, locateClientIdentityProvider, redirectionAction);
        }
        if (redirectionAction instanceof WithContentAction) {
            handleIdentityProviderWithDynamicContent(requestContext, locateClientIdentityProvider, redirectionAction);
        }
        return new EventFactorySupport().event(this, "success");
    }

    protected RedirectionAction getRedirectionAction(TransientSessionTicket transientSessionTicket, RequestContext requestContext) {
        JEEContext jEEContext = new JEEContext(WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext), WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext));
        Map properties = transientSessionTicket.getProperties();
        if (properties.containsKey("ForceAuthn")) {
            jEEContext.setRequestAttribute("ForceAuthn", true);
        }
        if (properties.containsKey("Passive")) {
            jEEContext.setRequestAttribute("Passive", true);
        }
        Optional.ofNullable(transientSessionTicket.getService()).ifPresent(Unchecked.consumer(service -> {
            configureWebContextForRegisteredService(jEEContext, transientSessionTicket);
        }));
        Optional findClient = this.configContext.getIdentityProviders().findClient((String) transientSessionTicket.getProperty(Client.class.getName(), String.class));
        Class<IndirectClient> cls = IndirectClient.class;
        Objects.requireNonNull(IndirectClient.class);
        return (RedirectionAction) findClient.map((v1) -> {
            return r1.cast(v1);
        }).stream().peek(indirectClient -> {
            this.configContext.getDelegatedClientAuthenticationRequestCustomizers().stream().filter((v0) -> {
                return BeanSupplier.isNotProxy(v0);
            }).sorted(AnnotationAwareOrderComparator.INSTANCE).filter(Unchecked.predicate(delegatedClientAuthenticationRequestCustomizer -> {
                return delegatedClientAuthenticationRequestCustomizer.supports(indirectClient, jEEContext);
            })).forEach(Unchecked.consumer(delegatedClientAuthenticationRequestCustomizer2 -> {
                delegatedClientAuthenticationRequestCustomizer2.customize(indirectClient, jEEContext);
            }));
        }).map(indirectClient2 -> {
            return indirectClient2.getRedirectionActionBuilder().getRedirectionAction(new CallContext(jEEContext, this.configContext.getSessionStore()));
        }).flatMap((v0) -> {
            return v0.stream();
        }).findFirst().orElseThrow();
    }

    protected void configureWebContextForRegisteredService(WebContext webContext, TransientSessionTicket transientSessionTicket) throws Throwable {
        RegisteredService findServiceBy = this.configContext.getServicesManager().findServiceBy(transientSessionTicket.getService());
        this.configContext.getRegisteredServiceAccessStrategyEnforcer().execute(AuditableContext.builder().service(transientSessionTicket.getService()).registeredService(findServiceBy).build()).throwExceptionIfNeeded();
        if (findServiceBy.getProperties().isEmpty()) {
            return;
        }
        configureWebContextForRegisteredServiceProperties(findServiceBy, webContext, (List) Arrays.stream(RegisteredServiceProperty.RegisteredServiceProperties.values()).filter(registeredServiceProperties -> {
            return registeredServiceProperties.isMemberOf(RegisteredServiceProperty.RegisteredServicePropertyGroups.DELEGATED_AUTHN);
        }).collect(Collectors.toList()));
        configureWebContextForRegisteredServiceProperties(findServiceBy, webContext, (List) Arrays.stream(RegisteredServiceProperty.RegisteredServiceProperties.values()).filter(registeredServiceProperties2 -> {
            return registeredServiceProperties2.isMemberOf(RegisteredServiceProperty.RegisteredServicePropertyGroups.DELEGATED_AUTHN_SAML2);
        }).collect(Collectors.toList()));
        configureWebContextForRegisteredServiceProperties(findServiceBy, webContext, (List) Arrays.stream(RegisteredServiceProperty.RegisteredServiceProperties.values()).filter(registeredServiceProperties3 -> {
            return registeredServiceProperties3.isMemberOf(RegisteredServiceProperty.RegisteredServicePropertyGroups.DELEGATED_AUTHN_OIDC);
        }).collect(Collectors.toList()));
    }

    protected void initializeClientIdentityProvider(IndirectClient indirectClient) throws Throwable {
        indirectClient.init();
        FunctionUtils.throwIf(!indirectClient.isInitialized(), DelegatedAuthenticationFailureException::new);
    }

    protected IndirectClient locateClientIdentityProvider(TransientSessionTicket transientSessionTicket) {
        Optional findClient = this.configContext.getIdentityProviders().findClient((String) transientSessionTicket.getProperty(Client.class.getName(), String.class));
        Class<IndirectClient> cls = IndirectClient.class;
        Objects.requireNonNull(IndirectClient.class);
        return (IndirectClient) findClient.map((v1) -> {
            return r1.cast(v1);
        }).stream().findFirst().orElseThrow();
    }

    protected void handleIdentityProviderWithDynamicContent(RequestContext requestContext, IndirectClient indirectClient, RedirectionAction redirectionAction) throws Exception {
        DynamicHtmlView dynamicHtmlView = new DynamicHtmlView(((WithContentAction) redirectionAction).getContent());
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        HttpServletResponse httpServletResponseFromExternalWebflowContext = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
        LOGGER.debug("Rendering dynamic content [{}] for client [{}]", dynamicHtmlView.html(), indirectClient.getName());
        dynamicHtmlView.render(Map.of(), httpServletRequestFromExternalWebflowContext, httpServletResponseFromExternalWebflowContext);
        requestContext.getExternalContext().recordResponseComplete();
    }

    protected void handleIdentityProviderWithExternalRedirect(RequestContext requestContext, IndirectClient indirectClient, RedirectionAction redirectionAction) throws Exception {
        String uRIBuilder = new URIBuilder(((WithLocationAction) redirectionAction).getLocation()).toString();
        LOGGER.debug("Redirecting to [{}] via client [{}]", uRIBuilder, indirectClient.getName());
        requestContext.getExternalContext().requestExternalRedirect(uRIBuilder);
    }

    protected void configureWebContextForRegisteredServiceProperties(RegisteredService registeredService, WebContext webContext, List<RegisteredServiceProperty.RegisteredServiceProperties> list) {
        list.stream().filter(registeredServiceProperties -> {
            return registeredServiceProperties.isAssignedTo(registeredService);
        }).forEach(registeredServiceProperties2 -> {
            webContext.setRequestAttribute(registeredServiceProperties2.getPropertyName(), registeredServiceProperties2.getTypedPropertyValue(registeredService));
        });
    }

    @Generated
    public DelegatedClientAuthenticationRedirectAction(DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext, DelegatedClientAuthenticationWebflowManager delegatedClientAuthenticationWebflowManager) {
        this.configContext = delegatedClientAuthenticationConfigurationContext;
        this.delegatedClientAuthenticationWebflowManager = delegatedClientAuthenticationWebflowManager;
    }
}
