package org.apereo.cas.web.flow.configurer;

import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apereo.cas.authentication.PrincipalException;
import org.apereo.cas.authentication.RememberMeCredential;
import org.apereo.cas.authentication.RememberMeUsernamePasswordCredential;
import org.apereo.cas.authentication.UsernamePasswordCredential;
import org.apereo.cas.authentication.adaptive.UnauthorizedAuthenticationException;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.exceptions.InvalidLoginLocationException;
import org.apereo.cas.authentication.exceptions.InvalidLoginTimeException;
import org.apereo.cas.authentication.principal.Response;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.services.UnauthorizedServiceForPrincipalException;
import org.apereo.cas.services.UnauthorizedSsoServiceException;
import org.apereo.cas.ticket.UnsatisfiedAuthenticationPolicyException;
import org.apereo.cas.web.flow.CasWebflowConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.webflow.action.SetAction;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.ActionState;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.ViewState;
import org.springframework.webflow.engine.builder.BinderConfiguration;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.engine.support.TransitionExecutingFlowExecutionExceptionHandler;
import org.springframework.webflow.execution.repository.NoSuchFlowExecutionException;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-api-5.3.10.jar:org/apereo/cas/web/flow/configurer/DefaultLoginWebflowConfigurer.class */
public class DefaultLoginWebflowConfigurer extends AbstractCasWebflowConfigurer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultLoginWebflowConfigurer.class);

    public DefaultLoginWebflowConfigurer(FlowBuilderServices flowBuilderServices, FlowDefinitionRegistry flowDefinitionRegistry, ApplicationContext applicationContext, CasConfigurationProperties casConfigurationProperties) {
        super(flowBuilderServices, flowDefinitionRegistry, applicationContext, casConfigurationProperties);
    }

    @Override // org.apereo.cas.web.flow.configurer.AbstractCasWebflowConfigurer
    protected void doInitialize() {
        Flow loginFlow = getLoginFlow();
        if (loginFlow != null) {
            createInitialFlowActions(loginFlow);
            createDefaultGlobalExceptionHandlers(loginFlow);
            createDefaultEndStates(loginFlow);
            createDefaultDecisionStates(loginFlow);
            createDefaultActionStates(loginFlow);
            createDefaultViewStates(loginFlow);
            createRememberMeAuthnWebflowConfig(loginFlow);
            setStartState(loginFlow, CasWebflowConstants.STATE_ID_INITIAL_AUTHN_REQUEST_VALIDATION_CHECK);
        }
    }

    protected void createInitialFlowActions(Flow flow) {
        flow.getStartActionList().add(createEvaluateAction(CasWebflowConstants.ACTION_ID_INIT_FLOW_SETUP));
    }

    protected void createDefaultViewStates(Flow flow) {
        createAuthenticationWarningMessagesView(flow);
    }

    protected void createAuthenticationWarningMessagesView(Flow flow) {
        ViewState createViewState = createViewState(flow, CasWebflowConstants.VIEW_ID_SHOW_AUTHN_WARNING_MSGS, "casLoginMessageView");
        createViewState.getEntryActionList().add(new SetAction(createExpression("requestScope.messages"), createExpression("messageContext.allMessages")));
        createTransitionForState(createViewState, CasWebflowConstants.TRANSITION_ID_PROCEED, CasWebflowConstants.STATE_ID_PROCEED_FROM_AUTHENTICATION_WARNINGS_VIEW);
        ActionState createActionState = createActionState(flow, CasWebflowConstants.STATE_ID_PROCEED_FROM_AUTHENTICATION_WARNINGS_VIEW);
        createActionState.getActionList().add(createEvaluateAction(CasWebflowConstants.ACTION_ID_SEND_TICKET_GRANTING_TICKET));
        createStateDefaultTransition(createActionState, CasWebflowConstants.STATE_ID_SERVICE_CHECK);
    }

    protected void createRememberMeAuthnWebflowConfig(Flow flow) {
        if (!this.casProperties.getTicket().getTgt().getRememberMe().isEnabled()) {
            createFlowVariable(flow, "credential", UsernamePasswordCredential.class);
        } else {
            createFlowVariable(flow, "credential", RememberMeUsernamePasswordCredential.class);
            getViewStateBinderConfiguration((ViewState) getState(flow, CasWebflowConstants.STATE_ID_VIEW_LOGIN_FORM, ViewState.class)).addBinding(new BinderConfiguration.Binding(RememberMeCredential.REQUEST_PARAMETER_REMEMBER_ME, null, false));
        }
    }

    protected void createDefaultActionStates(Flow flow) {
        createInitialAuthenticationRequestValidationCheckAction(flow);
        createCreateTicketGrantingTicketAction(flow);
        createSendTicketGrantingTicketAction(flow);
        createGenerateServiceTicketAction(flow);
        createGatewayServicesMgmtAction(flow);
        createServiceAuthorizationCheckAction(flow);
        createRedirectToServiceActionState(flow);
        createHandleAuthenticationFailureAction(flow);
        createTerminateSessionAction(flow);
        createTicketGrantingTicketCheckAction(flow);
    }

    protected void createTicketGrantingTicketCheckAction(Flow flow) {
        ActionState createActionState = createActionState(flow, CasWebflowConstants.STATE_ID_TICKET_GRANTING_TICKET_CHECK, CasWebflowConstants.ACTION_ID_TICKET_GRANTING_TICKET_CHECK);
        createTransitionForState(createActionState, CasWebflowConstants.TRANSITION_ID_TGT_NOT_EXISTS, CasWebflowConstants.STATE_ID_GATEWAY_REQUEST_CHECK);
        createTransitionForState(createActionState, CasWebflowConstants.TRANSITION_ID_TGT_INVALID, CasWebflowConstants.STATE_ID_TERMINATE_SESSION);
        createTransitionForState(createActionState, CasWebflowConstants.TRANSITION_ID_TGT_VALID, CasWebflowConstants.STATE_ID_HAS_SERVICE_CHECK);
    }

    protected void createInitialAuthenticationRequestValidationCheckAction(Flow flow) {
        ActionState createActionState = createActionState(flow, CasWebflowConstants.STATE_ID_INITIAL_AUTHN_REQUEST_VALIDATION_CHECK, CasWebflowConstants.ACTION_ID_INITIAL_AUTHN_REQUEST_VALIDATION);
        createTransitionForState(createActionState, CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, CasWebflowConstants.STATE_ID_HANDLE_AUTHN_FAILURE);
        createTransitionForState(createActionState, "error", CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM);
        createTransitionForState(createActionState, "success", CasWebflowConstants.STATE_ID_TICKET_GRANTING_TICKET_CHECK);
        createTransitionForState(createActionState, CasWebflowConstants.TRANSITION_ID_SUCCESS_WITH_WARNINGS, CasWebflowConstants.VIEW_ID_SHOW_AUTHN_WARNING_MSGS);
    }

    protected void createTerminateSessionAction(Flow flow) {
        createStateDefaultTransition(createActionState(flow, CasWebflowConstants.STATE_ID_TERMINATE_SESSION, createEvaluateAction(CasWebflowConstants.ACTION_ID_TERMINATE_SESSION)), CasWebflowConstants.STATE_ID_GATEWAY_REQUEST_CHECK);
    }

    protected void createSendTicketGrantingTicketAction(Flow flow) {
        createTransitionForState(createActionState(flow, CasWebflowConstants.STATE_ID_SEND_TICKET_GRANTING_TICKET, CasWebflowConstants.ACTION_ID_SEND_TICKET_GRANTING_TICKET), "success", CasWebflowConstants.STATE_ID_SERVICE_CHECK);
    }

    protected void createCreateTicketGrantingTicketAction(Flow flow) {
        ActionState createActionState = createActionState(flow, CasWebflowConstants.STATE_ID_CREATE_TICKET_GRANTING_TICKET, CasWebflowConstants.ACTION_ID_CREATE_TICKET_GRANTING_TICKET);
        createTransitionForState(createActionState, "success", CasWebflowConstants.STATE_ID_SEND_TICKET_GRANTING_TICKET);
        createTransitionForState(createActionState, CasWebflowConstants.TRANSITION_ID_SUCCESS_WITH_WARNINGS, CasWebflowConstants.VIEW_ID_SHOW_AUTHN_WARNING_MSGS);
    }

    protected void createGenerateServiceTicketAction(Flow flow) {
        ActionState createActionState = createActionState(flow, CasWebflowConstants.STATE_ID_GENERATE_SERVICE_TICKET, createEvaluateAction(CasWebflowConstants.ACTION_ID_GENERATE_SERVICE_TICKET));
        createTransitionForState(createActionState, "success", "redirect");
        createTransitionForState(createActionState, "warn", "warn");
        createTransitionForState(createActionState, CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, CasWebflowConstants.STATE_ID_HANDLE_AUTHN_FAILURE);
        createTransitionForState(createActionState, "error", CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM);
        createTransitionForState(createActionState, "gateway", CasWebflowConstants.STATE_ID_GATEWAY_SERVICES_MGMT_CHECK);
    }

    protected void createHandleAuthenticationFailureAction(Flow flow) {
        ActionState createActionState = createActionState(flow, CasWebflowConstants.STATE_ID_HANDLE_AUTHN_FAILURE, CasWebflowConstants.ACTION_ID_AUTHENTICATION_EXCEPTION_HANDLER);
        createTransitionForState(createActionState, AccountDisabledException.class.getSimpleName(), CasWebflowConstants.VIEW_ID_ACCOUNT_DISABLED);
        createTransitionForState(createActionState, AccountLockedException.class.getSimpleName(), CasWebflowConstants.VIEW_ID_ACCOUNT_LOCKED);
        createTransitionForState(createActionState, AccountPasswordMustChangeException.class.getSimpleName(), CasWebflowConstants.VIEW_ID_MUST_CHANGE_PASSWORD);
        createTransitionForState(createActionState, CredentialExpiredException.class.getSimpleName(), CasWebflowConstants.VIEW_ID_EXPIRED_PASSWORD);
        createTransitionForState(createActionState, InvalidLoginLocationException.class.getSimpleName(), CasWebflowConstants.VIEW_ID_INVALID_WORKSTATION);
        createTransitionForState(createActionState, InvalidLoginTimeException.class.getSimpleName(), CasWebflowConstants.VIEW_ID_INVALID_AUTHENTICATION_HOURS);
        createTransitionForState(createActionState, FailedLoginException.class.getSimpleName(), CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM);
        createTransitionForState(createActionState, AccountNotFoundException.class.getSimpleName(), CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM);
        createTransitionForState(createActionState, UnauthorizedServiceForPrincipalException.class.getSimpleName(), CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM);
        createTransitionForState(createActionState, PrincipalException.class.getSimpleName(), CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM);
        createTransitionForState(createActionState, UnsatisfiedAuthenticationPolicyException.class.getSimpleName(), CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM);
        createTransitionForState(createActionState, UnauthorizedAuthenticationException.class.getSimpleName(), CasWebflowConstants.VIEW_ID_AUTHENTICATION_BLOCKED);
        createTransitionForState(createActionState, CasWebflowConstants.STATE_ID_SERVICE_UNAUTHZ_CHECK, CasWebflowConstants.STATE_ID_SERVICE_UNAUTHZ_CHECK);
        createStateDefaultTransition(createActionState, CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM);
    }

    protected void createRedirectToServiceActionState(Flow flow) {
        ActionState createActionState = createActionState(flow, "redirect", CasWebflowConstants.ACTION_ID_REDIRECT_TO_SERVICE);
        createTransitionForState(createActionState, Response.ResponseType.POST.name().toLowerCase(), CasWebflowConstants.STATE_ID_POST_VIEW);
        createTransitionForState(createActionState, Response.ResponseType.HEADER.name().toLowerCase(), CasWebflowConstants.STATE_ID_HEADER_VIEW);
        createTransitionForState(createActionState, Response.ResponseType.REDIRECT.name().toLowerCase(), CasWebflowConstants.STATE_ID_REDIRECT_VIEW);
    }

    protected void createServiceAuthorizationCheckAction(Flow flow) {
        createStateDefaultTransition(createActionState(flow, CasWebflowConstants.STATE_ID_SERVICE_AUTHZ_CHECK, CasWebflowConstants.STATE_ID_SERVICE_AUTHZ_CHECK), CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM);
    }

    protected void createGatewayServicesMgmtAction(Flow flow) {
        createTransitionForState(createActionState(flow, CasWebflowConstants.STATE_ID_GATEWAY_SERVICES_MGMT_CHECK, CasWebflowConstants.STATE_ID_GATEWAY_SERVICES_MGMT_CHECK), "success", "redirect");
    }

    protected void createDefaultEndStates(Flow flow) {
        createRedirectUnauthorizedServiceUrlEndState(flow);
        createServiceErrorEndState(flow);
        createRedirectEndState(flow);
        createPostEndState(flow);
        createInjectHeadersActionState(flow);
        createGenericLoginSuccessEndState(flow);
        createServiceWarningViewState(flow);
        createEndWebflowEndState(flow);
    }

    protected void createEndWebflowEndState(Flow flow) {
        createEndState(flow, CasWebflowConstants.STATE_ID_END_WEBFLOW);
    }

    protected void createRedirectEndState(Flow flow) {
        createEndState(flow, CasWebflowConstants.STATE_ID_REDIRECT_VIEW, "requestScope.url", true);
    }

    protected void createPostEndState(Flow flow) {
        createEndState(flow, CasWebflowConstants.STATE_ID_POST_VIEW, CasWebflowConstants.VIEW_ID_POST_RESPONSE);
    }

    protected void createInjectHeadersActionState(Flow flow) {
        ActionState createActionState = createActionState(flow, CasWebflowConstants.STATE_ID_HEADER_VIEW, "injectResponseHeadersAction");
        createTransitionForState(createActionState, "success", CasWebflowConstants.STATE_ID_END_WEBFLOW);
        createTransitionForState(createActionState, "redirect", CasWebflowConstants.STATE_ID_REDIRECT_VIEW);
    }

    protected void createRedirectUnauthorizedServiceUrlEndState(Flow flow) {
        createEndState(flow, CasWebflowConstants.STATE_ID_VIEW_REDIR_UNAUTHZ_URL, "flowScope.unauthorizedRedirectUrl", true).getEntryActionList().add(createEvaluateAction("redirectUnauthorizedServiceUrlAction"));
    }

    protected void createServiceErrorEndState(Flow flow) {
        createEndState(flow, CasWebflowConstants.STATE_ID_VIEW_SERVICE_ERROR, CasWebflowConstants.VIEW_ID_SERVICE_ERROR);
    }

    protected void createGenericLoginSuccessEndState(Flow flow) {
        createEndState(flow, CasWebflowConstants.STATE_ID_VIEW_GENERIC_LOGIN_SUCCESS, CasWebflowConstants.VIEW_ID_GENERIC_SUCCESS).getEntryActionList().add(createEvaluateAction("genericSuccessViewAction"));
    }

    protected void createServiceWarningViewState(Flow flow) {
        createTransitionForState(createViewState(flow, CasWebflowConstants.STATE_ID_SHOW_WARNING_VIEW, CasWebflowConstants.VIEW_ID_CONFIRM), "success", "finalizeWarning");
        createTransitionForState(createActionState(flow, "finalizeWarning", createEvaluateAction("serviceWarningAction")), "redirect", "redirect");
    }

    protected void createDefaultGlobalExceptionHandlers(Flow flow) {
        TransitionExecutingFlowExecutionExceptionHandler transitionExecutingFlowExecutionExceptionHandler = new TransitionExecutingFlowExecutionExceptionHandler();
        transitionExecutingFlowExecutionExceptionHandler.add(UnauthorizedSsoServiceException.class, CasWebflowConstants.STATE_ID_VIEW_LOGIN_FORM);
        transitionExecutingFlowExecutionExceptionHandler.add(NoSuchFlowExecutionException.class, CasWebflowConstants.STATE_ID_VIEW_SERVICE_ERROR);
        transitionExecutingFlowExecutionExceptionHandler.add(UnauthorizedServiceException.class, CasWebflowConstants.STATE_ID_SERVICE_UNAUTHZ_CHECK);
        transitionExecutingFlowExecutionExceptionHandler.add(UnauthorizedServiceForPrincipalException.class, CasWebflowConstants.STATE_ID_SERVICE_UNAUTHZ_CHECK);
        transitionExecutingFlowExecutionExceptionHandler.add(PrincipalException.class, CasWebflowConstants.STATE_ID_SERVICE_UNAUTHZ_CHECK);
        flow.getExceptionHandlerSet().add(transitionExecutingFlowExecutionExceptionHandler);
    }

    protected void createDefaultDecisionStates(Flow flow) {
        createServiceUnauthorizedCheckDecisionState(flow);
        createServiceCheckDecisionState(flow);
        createWarnDecisionState(flow);
        createGatewayRequestCheckDecisionState(flow);
        createHasServiceCheckDecisionState(flow);
        createRenewCheckDecisionState(flow);
    }

    protected void createServiceUnauthorizedCheckDecisionState(Flow flow) {
        createDecisionState(flow, CasWebflowConstants.STATE_ID_SERVICE_UNAUTHZ_CHECK, "flowScope.unauthorizedRedirectUrl != null", CasWebflowConstants.STATE_ID_VIEW_REDIR_UNAUTHZ_URL, CasWebflowConstants.STATE_ID_VIEW_SERVICE_ERROR).getEntryActionList().add(createEvaluateAction("setServiceUnauthorizedRedirectUrlAction"));
    }

    protected void createServiceCheckDecisionState(Flow flow) {
        createDecisionState(flow, CasWebflowConstants.STATE_ID_SERVICE_CHECK, "flowScope.service != null", CasWebflowConstants.STATE_ID_GENERATE_SERVICE_TICKET, CasWebflowConstants.STATE_ID_VIEW_GENERIC_LOGIN_SUCCESS);
    }

    protected void createWarnDecisionState(Flow flow) {
        createDecisionState(flow, "warn", "flowScope.warnCookieValue", CasWebflowConstants.STATE_ID_SHOW_WARNING_VIEW, "redirect");
    }

    protected void createGatewayRequestCheckDecisionState(Flow flow) {
        createDecisionState(flow, CasWebflowConstants.STATE_ID_GATEWAY_REQUEST_CHECK, "requestParameters.gateway != '' and requestParameters.gateway != null and flowScope.service != null", CasWebflowConstants.STATE_ID_GATEWAY_SERVICES_MGMT_CHECK, CasWebflowConstants.STATE_ID_SERVICE_AUTHZ_CHECK);
    }

    protected void createHasServiceCheckDecisionState(Flow flow) {
        createDecisionState(flow, CasWebflowConstants.STATE_ID_HAS_SERVICE_CHECK, "flowScope.service != null", CasWebflowConstants.STATE_ID_RENEW_REQUEST_CHECK, CasWebflowConstants.STATE_ID_VIEW_GENERIC_LOGIN_SUCCESS);
    }

    protected void createRenewCheckDecisionState(Flow flow) {
        createDecisionState(flow, CasWebflowConstants.STATE_ID_RENEW_REQUEST_CHECK, this.casProperties.getSso().isRenewAuthnEnabled() ? "requestParameters.renew != '' and requestParameters.renew != null" : "true", CasWebflowConstants.STATE_ID_SERVICE_AUTHZ_CHECK, CasWebflowConstants.STATE_ID_GENERATE_SERVICE_TICKET);
    }
}
