package org.apereo.cas.web;

import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.entity.SamlIdentityProviderEntity;
import org.apereo.cas.entity.SamlIdentityProviderEntityParser;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.validation.DelegatedAuthenticationAccessStrategyHelper;
import org.apereo.cas.web.support.ArgumentExtractor;
import org.pac4j.core.client.Clients;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.saml.client.SAML2Client;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.View;
import org.springframework.web.servlet.view.RedirectView;

@RequestMapping(path = {"/idp/discovery"})
@RestController("identityProviderDiscoveryFeedController")
/* loaded from: input_file:org/apereo/cas/web/SamlIdentityProviderDiscoveryFeedController.class */
public class SamlIdentityProviderDiscoveryFeedController {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlIdentityProviderDiscoveryFeedController.class);
    private final CasConfigurationProperties casProperties;
    private final List<SamlIdentityProviderEntityParser> parsers;
    private final Clients clients;
    private final DelegatedAuthenticationAccessStrategyHelper delegatedAuthenticationAccessStrategyHelper;
    private final ArgumentExtractor argumentExtractor;
    private final SessionStore<JEEContext> sessionStore;

    @GetMapping(path = {"/feed"}, produces = {"application/json"})
    public Collection<SamlIdentityProviderEntity> getDiscoveryFeed() {
        return (Collection) this.parsers.stream().map((v0) -> {
            return v0.getIdentityProviders();
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toSet());
    }

    @GetMapping
    public ModelAndView home() {
        HashMap hashMap = new HashMap();
        Stream filter = this.clients.findAllClients().stream().filter(client -> {
            return client instanceof SAML2Client;
        });
        Class<SAML2Client> cls = SAML2Client.class;
        Objects.requireNonNull(SAML2Client.class);
        List list = (List) filter.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.getServiceProviderResolvedEntityId();
        }).collect(Collectors.toList());
        LOGGER.debug("Using service provider entity id [{}]", list);
        hashMap.put("entityIds", list);
        hashMap.put("casServerPrefix", this.casProperties.getServer().getPrefix());
        return new ModelAndView("casSamlIdPDiscoveryView", hashMap);
    }

    @GetMapping(path = {"redirect"})
    public View redirect(@RequestParam("entityID") String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        SamlIdentityProviderEntity orElseThrow = getDiscoveryFeed().stream().filter(samlIdentityProviderEntity -> {
            return samlIdentityProviderEntity.getEntityID().equals(str);
        }).findFirst().orElseThrow();
        Stream filter = this.clients.findAllClients().stream().filter(client -> {
            return client instanceof SAML2Client;
        });
        Class<SAML2Client> cls = SAML2Client.class;
        Objects.requireNonNull(SAML2Client.class);
        SAML2Client sAML2Client = (SAML2Client) filter.map((v1) -> {
            return r1.cast(v1);
        }).filter(sAML2Client2 -> {
            return sAML2Client2.getIdentityProviderResolvedEntityId().equalsIgnoreCase(orElseThrow.getEntityID());
        }).findFirst().orElseThrow();
        JEEContext jEEContext = new JEEContext(httpServletRequest, httpServletResponse, this.sessionStore);
        WebApplicationService extractService = this.argumentExtractor.extractService(httpServletRequest);
        if (this.delegatedAuthenticationAccessStrategyHelper.isDelegatedClientAuthorizedForService(sAML2Client, extractService)) {
            Optional resolve = DelegatedClientIdentityProviderConfigurationFactory.builder().service(extractService).client(sAML2Client).webContext(jEEContext).casProperties(this.casProperties).build().resolve();
            if (resolve.isPresent()) {
                return new RedirectView("/" + ((DelegatedClientIdentityProviderConfiguration) resolve.get()).getRedirectUrl(), true, true, true);
            }
        }
        throw new UnauthorizedServiceException("screen.service.error.message", "");
    }

    @Generated
    public SamlIdentityProviderDiscoveryFeedController(CasConfigurationProperties casConfigurationProperties, List<SamlIdentityProviderEntityParser> list, Clients clients, DelegatedAuthenticationAccessStrategyHelper delegatedAuthenticationAccessStrategyHelper, ArgumentExtractor argumentExtractor, SessionStore<JEEContext> sessionStore) {
        this.casProperties = casConfigurationProperties;
        this.parsers = list;
        this.clients = clients;
        this.delegatedAuthenticationAccessStrategyHelper = delegatedAuthenticationAccessStrategyHelper;
        this.argumentExtractor = argumentExtractor;
        this.sessionStore = sessionStore;
    }
}
