package org.jasig.cas.web.flow;

import java.util.Iterator;
import java.util.Map;
import javax.validation.constraints.NotNull;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.jasig.cas.CasProtocolConstants;
import org.jasig.cas.CentralAuthenticationService;
import org.jasig.cas.authentication.AuthenticationException;
import org.jasig.cas.authentication.AuthenticationSystemSupport;
import org.jasig.cas.authentication.AuthenticationTransaction;
import org.jasig.cas.authentication.Credential;
import org.jasig.cas.authentication.DefaultAuthenticationContextBuilder;
import org.jasig.cas.authentication.DefaultAuthenticationSystemSupport;
import org.jasig.cas.authentication.HandlerResult;
import org.jasig.cas.authentication.MessageDescriptor;
import org.jasig.cas.authentication.principal.WebApplicationService;
import org.jasig.cas.ticket.AbstractTicketException;
import org.jasig.cas.ticket.TicketCreationException;
import org.jasig.cas.ticket.TicketGrantingTicket;
import org.jasig.cas.web.support.WebUtils;
import org.jasig.inspektr.aspect.TraceLogAspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.binding.message.MessageContext;
import org.springframework.stereotype.Component;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.core.collection.LocalAttributeMap;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

@Component("authenticationViaFormAction")
/* loaded from: input_file:WEB-INF/lib/cas-server-webapp-actions-4.2.0-RC2.jar:org/jasig/cas/web/flow/AuthenticationViaFormAction.class */
public class AuthenticationViaFormAction {
    public static final String SUCCESS_WITH_WARNINGS = "successWithWarnings";
    public static final String AUTHENTICATION_FAILURE = "authenticationFailure";
    public static final String PUBLIC_WORKSTATION_ATTRIBUTE = "publicWorkstation";

    @NotNull
    @Autowired
    @Qualifier("centralAuthenticationService")
    private CentralAuthenticationService centralAuthenticationService;

    @NotNull
    @Autowired
    @Qualifier("warnCookieGenerator")
    private CookieGenerator warnCookieGenerator;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    protected final Logger logger = LoggerFactory.getLogger(getClass());

    @NotNull
    @Autowired(required = false)
    @Qualifier("defaultAuthenticationSystemSupport")
    private AuthenticationSystemSupport authenticationSystemSupport = new DefaultAuthenticationSystemSupport();

    /* loaded from: input_file:WEB-INF/lib/cas-server-webapp-actions-4.2.0-RC2.jar:org/jasig/cas/web/flow/AuthenticationViaFormAction$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        @Override // org.aspectj.runtime.internal.AroundClosure
        public Object run(Object[] objArr) {
            Object[] objArr2 = this.state;
            return AuthenticationViaFormAction.submit_aroundBody0((AuthenticationViaFormAction) objArr2[0], (RequestContext) objArr2[1], (Credential) objArr2[2], (MessageContext) objArr2[3], (JoinPoint) objArr2[4]);
        }
    }

    public final Event submit(RequestContext requestContext, Credential credential, MessageContext messageContext) {
        return (Event) TraceLogAspect.aspectOf().traceMethod(new AjcClosure1(new Object[]{this, requestContext, credential, messageContext, Factory.makeJP(ajc$tjp_0, (Object) this, (Object) this, new Object[]{requestContext, credential, messageContext})}).linkClosureAndJoinPoint(69648));
    }

    protected boolean checkLoginTicketIfExists(RequestContext requestContext) {
        String loginTicketFromFlowScope = WebUtils.getLoginTicketFromFlowScope(requestContext);
        String loginTicketFromRequest = WebUtils.getLoginTicketFromRequest(requestContext);
        this.logger.trace("Comparing login ticket in the flow scope [{}] with login ticket in the request [{}]", loginTicketFromFlowScope, loginTicketFromRequest);
        return StringUtils.equals(loginTicketFromFlowScope, loginTicketFromRequest);
    }

    protected Event returnInvalidLoginTicketEvent(RequestContext requestContext, MessageContext messageContext) {
        this.logger.warn("Invalid login ticket [{}]", WebUtils.getLoginTicketFromRequest(requestContext));
        messageContext.addMessage(new MessageBuilder().error().code("error.invalid.loginticket").build());
        return newEvent("error");
    }

    protected boolean isRequestAskingForServiceTicket(RequestContext requestContext) {
        return (!StringUtils.isNotBlank(requestContext.getRequestParameters().get(CasProtocolConstants.PARAMETER_RENEW)) || WebUtils.getTicketGrantingTicketId(requestContext) == null || WebUtils.getService(requestContext) == null) ? false : true;
    }

    protected Event grantServiceTicket(RequestContext requestContext, Credential credential) {
        String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
        try {
            WebApplicationService service = WebUtils.getService(requestContext);
            DefaultAuthenticationContextBuilder defaultAuthenticationContextBuilder = new DefaultAuthenticationContextBuilder(this.authenticationSystemSupport.getPrincipalElectionStrategy());
            this.authenticationSystemSupport.getAuthenticationTransactionManager().handle(AuthenticationTransaction.wrap(credential), defaultAuthenticationContextBuilder);
            WebUtils.putServiceTicketInRequestScope(requestContext, this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, defaultAuthenticationContextBuilder.build(service)));
            WebUtils.putWarnCookieIfRequestParameterPresent(this.warnCookieGenerator, requestContext);
            return newEvent("warn");
        } catch (AuthenticationException e) {
            return newEvent(AUTHENTICATION_FAILURE, e);
        } catch (TicketCreationException unused) {
            this.logger.warn("Invalid attempt to access service using renew=true with different credential. Ending SSO session.");
            this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicketId);
            return newEvent("error");
        } catch (AbstractTicketException e2) {
            return newEvent("error", e2);
        }
    }

    protected Event createTicketGrantingTicket(RequestContext requestContext, Credential credential, MessageContext messageContext) {
        try {
            WebApplicationService service = WebUtils.getService(requestContext);
            DefaultAuthenticationContextBuilder defaultAuthenticationContextBuilder = new DefaultAuthenticationContextBuilder(this.authenticationSystemSupport.getPrincipalElectionStrategy());
            this.authenticationSystemSupport.getAuthenticationTransactionManager().handle(AuthenticationTransaction.wrap(credential), defaultAuthenticationContextBuilder);
            TicketGrantingTicket createTicketGrantingTicket = this.centralAuthenticationService.createTicketGrantingTicket(defaultAuthenticationContextBuilder.build(service));
            WebUtils.putTicketGrantingTicketInScopes(requestContext, createTicketGrantingTicket);
            WebUtils.putWarnCookieIfRequestParameterPresent(this.warnCookieGenerator, requestContext);
            putPublicWorkstationToFlowIfRequestParameterPresent(requestContext);
            return addWarningMessagesToMessageContextIfNeeded(createTicketGrantingTicket, messageContext) ? newEvent(SUCCESS_WITH_WARNINGS) : newEvent("success");
        } catch (AuthenticationException e) {
            this.logger.debug(e.getMessage(), (Throwable) e);
            return newEvent(AUTHENTICATION_FAILURE, e);
        } catch (Exception e2) {
            this.logger.debug(e2.getMessage(), (Throwable) e2);
            return newEvent("error", e2);
        }
    }

    protected boolean addWarningMessagesToMessageContextIfNeeded(TicketGrantingTicket ticketGrantingTicket, MessageContext messageContext) {
        boolean z = false;
        Iterator<Map.Entry<String, HandlerResult>> it = ticketGrantingTicket.getAuthentication().getSuccesses().entrySet().iterator();
        while (it.hasNext()) {
            Iterator<MessageDescriptor> it2 = it.next().getValue().getWarnings().iterator();
            while (it2.hasNext()) {
                addWarningToContext(messageContext, it2.next());
                z = true;
            }
        }
        return z;
    }

    private static void putPublicWorkstationToFlowIfRequestParameterPresent(RequestContext requestContext) {
        if (StringUtils.isNotBlank(requestContext.getExternalContext().getRequestParameterMap().get(PUBLIC_WORKSTATION_ATTRIBUTE))) {
            requestContext.getFlowScope().put(PUBLIC_WORKSTATION_ATTRIBUTE, Boolean.TRUE);
        }
    }

    private Event newEvent(String str) {
        return new Event(this, str);
    }

    private Event newEvent(String str, Exception exc) {
        return new Event(this, str, new LocalAttributeMap("error", exc));
    }

    private static void addWarningToContext(MessageContext messageContext, MessageDescriptor messageDescriptor) {
        messageContext.addMessage(new MessageBuilder().warning().code(messageDescriptor.getCode()).defaultText(messageDescriptor.getDefaultMessage()).args(messageDescriptor.getParams()).build());
    }

    public void setCentralAuthenticationService(CentralAuthenticationService centralAuthenticationService) {
        this.centralAuthenticationService = centralAuthenticationService;
    }

    public void setWarnCookieGenerator(CookieGenerator cookieGenerator) {
        this.warnCookieGenerator = cookieGenerator;
    }

    public void setAuthenticationSystemSupport(AuthenticationSystemSupport authenticationSystemSupport) {
        this.authenticationSystemSupport = authenticationSystemSupport;
    }

    static {
        ajc$preClinit();
    }

    static final Event submit_aroundBody0(AuthenticationViaFormAction authenticationViaFormAction, RequestContext requestContext, Credential credential, MessageContext messageContext, JoinPoint joinPoint) {
        return !authenticationViaFormAction.checkLoginTicketIfExists(requestContext) ? authenticationViaFormAction.returnInvalidLoginTicketEvent(requestContext, messageContext) : authenticationViaFormAction.isRequestAskingForServiceTicket(requestContext) ? authenticationViaFormAction.grantServiceTicket(requestContext, credential) : authenticationViaFormAction.createTicketGrantingTicket(requestContext, credential, messageContext);
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("AuthenticationViaFormAction.java", AuthenticationViaFormAction.class);
        ajc$tjp_0 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("11", "submit", "org.jasig.cas.web.flow.AuthenticationViaFormAction", "org.springframework.webflow.execution.RequestContext:org.jasig.cas.authentication.Credential:org.springframework.binding.message.MessageContext", "context:credential:messageContext", "", "org.springframework.webflow.execution.Event"), 86);
    }
}
