package org.apereo.cas.web.flow.login;

import jakarta.servlet.http.HttpServletRequest;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.principal.NullPrincipal;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategy;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.http.HttpRequestUtils;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.flow.SingleSignOnParticipationRequest;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategy;
import org.apereo.cas.web.flow.actions.BaseCasWebflowAction;
import org.apereo.cas.web.support.ArgumentExtractor;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-actions-core-7.2.0-RC4.jar:org/apereo/cas/web/flow/login/InitialFlowSetupAction.class */
public class InitialFlowSetupAction extends BaseCasWebflowAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) InitialFlowSetupAction.class);
    private final List<ArgumentExtractor> argumentExtractors;
    private final ServicesManager servicesManager;
    private final AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies;
    private final CasCookieBuilder ticketGrantingTicketCookieGenerator;
    private final CasCookieBuilder warnCookieGenerator;
    private final CasConfigurationProperties casProperties;
    private final AuthenticationEventExecutionPlan authenticationEventExecutionPlan;
    private final SingleSignOnParticipationStrategy renewalStrategy;
    private final TicketRegistrySupport ticketRegistrySupport;

    protected static void configureWebflowForPostParameters(RequestContext requestContext) {
        if (WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext).getMethod().equalsIgnoreCase(HttpMethod.POST.name())) {
            WebUtils.putInitialHttpRequestPostParameters(requestContext);
        }
    }

    @Override // org.apereo.cas.web.flow.actions.BaseCasWebflowAction
    protected Event doExecuteInternal(RequestContext requestContext) throws Throwable {
        configureCookieGenerators(requestContext);
        configureWebflowForPostParameters(requestContext);
        configureWebflowForCustomFields(requestContext);
        configureWebflowForServices(requestContext);
        configureWebflowContext(requestContext);
        configureWebflowForSsoParticipation(requestContext, configureWebflowForTicketGrantingTicket(requestContext));
        return success();
    }

    protected String configureWebflowForTicketGrantingTicket(RequestContext requestContext) {
        String retrieveCookieValue = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext));
        LOGGER.trace("Retrieved the ticket-granting ticket identifier in the login webflow: [{}]", retrieveCookieValue);
        TicketGrantingTicket ticketGrantingTicket = this.ticketRegistrySupport.getTicketGrantingTicket(retrieveCookieValue);
        LOGGER.trace("Retrieved the ticket-granting ticket in the login webflow: [{}]", ticketGrantingTicket);
        if (ticketGrantingTicket != null) {
            WebUtils.putTicketGrantingTicketInScopes(requestContext, ticketGrantingTicket.getId());
            return ticketGrantingTicket.getId();
        }
        clearTicketGrantingCookieFromContext(requestContext);
        return null;
    }

    protected void clearTicketGrantingCookieFromContext(RequestContext requestContext) {
        this.ticketGrantingTicketCookieGenerator.removeAll(WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext), WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext));
        WebUtils.putTicketGrantingTicketInScopes(requestContext, "");
    }

    protected void configureWebflowForCustomFields(RequestContext requestContext) {
        WebUtils.putCustomLoginFormFields(requestContext, this.casProperties.getView().getCustomLoginFormFields());
    }

    protected void configureWebflowForServices(RequestContext requestContext) {
        if (HttpStatus.valueOf(WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext).getStatus()).isError()) {
            throw UnauthorizedServiceException.denied("Denied");
        }
        WebApplicationService service = WebUtils.getService(this.argumentExtractors, requestContext);
        if (service != null) {
            LOGGER.debug("Placing service in context scope: [{}]", service.getId());
            Service service2 = (Service) FunctionUtils.doUnchecked(() -> {
                return this.authenticationRequestServiceSelectionStrategies.resolveService(service);
            });
            RegisteredService findServiceBy = this.servicesManager.findServiceBy(service2);
            RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, findServiceBy);
            if (findServiceBy != null && findServiceBy.getAccessStrategy().isServiceAccessAllowed(findServiceBy, service2)) {
                LOGGER.debug("Placing registered service [{}] with id [{}] in context scope", findServiceBy.getServiceId(), Long.valueOf(findServiceBy.getId()));
                WebUtils.putRegisteredService(requestContext, findServiceBy);
                WebUtils.putWildcardedRegisteredService(requestContext, RegisteredServiceProperty.RegisteredServiceProperties.WILDCARDED_SERVICE_DEFINITION.isAssignedTo(findServiceBy));
                RegisteredServiceAccessStrategy accessStrategy = findServiceBy.getAccessStrategy();
                if (accessStrategy.getUnauthorizedRedirectUrl() != null) {
                    LOGGER.debug("Placing registered service's unauthorized redirect url [{}] with id [{}] in context scope", accessStrategy.getUnauthorizedRedirectUrl(), findServiceBy.getServiceId());
                    WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(requestContext, accessStrategy.getUnauthorizedRedirectUrl());
                }
            }
            WebUtils.putServiceIntoFlowScope(requestContext, service);
        }
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [org.apereo.cas.web.flow.SingleSignOnParticipationRequest$SingleSignOnParticipationRequestBuilder] */
    protected void configureWebflowForSsoParticipation(RequestContext requestContext, String str) throws Throwable {
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().requestContext(requestContext).httpServletRequest(WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext)).httpServletResponse(WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext)).build();
        if ((this.renewalStrategy.supports(build) && this.renewalStrategy.isParticipating(build)) || !StringUtils.isNotBlank(str)) {
            return;
        }
        Authentication authenticationFrom = this.ticketRegistrySupport.getAuthenticationFrom(str);
        WebUtils.putExistingSingleSignOnSessionAvailable(requestContext, authenticationFrom != null);
        WebUtils.putExistingSingleSignOnSessionPrincipal(requestContext, (Principal) Optional.ofNullable(authenticationFrom).map((v0) -> {
            return v0.getPrincipal();
        }).orElseGet(NullPrincipal::getInstance));
        WebUtils.putTicketGrantingTicketInScopes(requestContext, "");
    }

    protected void configureWebflowContext(RequestContext requestContext) {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        WebUtils.putWarningCookie(requestContext, Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(httpServletRequestFromExternalWebflowContext)));
        WebUtils.putGeoLocationTrackingIntoFlowScope(requestContext, Boolean.valueOf(this.casProperties.getEvents().getCore().isTrackGeolocation()));
        WebUtils.putRememberMeAuthenticationEnabled(requestContext, Boolean.valueOf(this.casProperties.getTicket().getTgt().getRememberMe().isEnabled()));
        WebUtils.putStaticAuthenticationIntoFlowScope(requestContext, Boolean.valueOf((this.casProperties.getAuthn().getAccept().isEnabled() && StringUtils.isNotBlank(this.casProperties.getAuthn().getAccept().getUsers())) || StringUtils.isNotBlank(this.casProperties.getAuthn().getReject().getUsers())));
        if (this.casProperties.getAuthn().getPolicy().isSourceSelectionEnabled()) {
            WebUtils.putAvailableAuthenticationHandleNames(requestContext, determineAuthenticationHandlersForSourceSelection(requestContext));
        }
        requestContext.getFlowScope().put("httpRequestSecure", Boolean.valueOf(httpServletRequestFromExternalWebflowContext.isSecure()));
        requestContext.getFlowScope().put("httpRequestMethod", httpServletRequestFromExternalWebflowContext.getMethod());
        requestContext.getFlowScope().put("httpRequestHeaders", HttpRequestUtils.getRequestHeaders(httpServletRequestFromExternalWebflowContext));
    }

    protected List<String> determineAuthenticationHandlersForSourceSelection(RequestContext requestContext) {
        Set<String> requiredAuthenticationHandlers;
        List<String> list = (List) this.authenticationEventExecutionPlan.getAuthenticationHandlers().stream().filter(authenticationHandler -> {
            return authenticationHandler.supports(UsernamePasswordCredential.class);
        }).map(authenticationHandler2 -> {
            return StringUtils.capitalize(authenticationHandler2.getName().trim());
        }).distinct().sorted().collect(Collectors.toList());
        RegisteredService registeredService = WebUtils.getRegisteredService(requestContext);
        if (registeredService != null && registeredService.getAuthenticationPolicy() != null && (requiredAuthenticationHandlers = registeredService.getAuthenticationPolicy().getRequiredAuthenticationHandlers()) != null && !requiredAuthenticationHandlers.isEmpty()) {
            list.removeIf(str -> {
                return !requiredAuthenticationHandlers.contains(str);
            });
        }
        return list;
    }

    protected void configureCookieGenerators(RequestContext requestContext) {
        String contextPath = requestContext.getExternalContext().getContextPath();
        String str = StringUtils.isNotBlank(contextPath) ? contextPath + "/" : "/";
        if (this.casProperties.getWarningCookie().isAutoConfigureCookiePath()) {
            String cookiePath = this.warnCookieGenerator.getCookiePath();
            if (StringUtils.isBlank(cookiePath)) {
                LOGGER.debug("Setting path for cookies for warn cookie generator to: [{}]", str);
                this.warnCookieGenerator.setCookiePath(str);
            } else {
                LOGGER.trace("Warning cookie is set to [{}] with path [{}]", this.warnCookieGenerator.getCookieDomain(), cookiePath);
            }
        }
        if (this.casProperties.getTgc().isAutoConfigureCookiePath()) {
            String cookiePath2 = this.ticketGrantingTicketCookieGenerator.getCookiePath();
            if (!StringUtils.isBlank(cookiePath2)) {
                LOGGER.trace("Ticket-granting cookie domain is [{}] with path [{}]", this.ticketGrantingTicketCookieGenerator.getCookieDomain(), cookiePath2);
            } else {
                LOGGER.debug("Setting path for cookies for TGC cookie generator to: [{}]", str);
                this.ticketGrantingTicketCookieGenerator.setCookiePath(str);
            }
        }
    }

    @Generated
    public InitialFlowSetupAction(List<ArgumentExtractor> list, ServicesManager servicesManager, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, CasCookieBuilder casCookieBuilder, CasCookieBuilder casCookieBuilder2, CasConfigurationProperties casConfigurationProperties, AuthenticationEventExecutionPlan authenticationEventExecutionPlan, SingleSignOnParticipationStrategy singleSignOnParticipationStrategy, TicketRegistrySupport ticketRegistrySupport) {
        this.argumentExtractors = list;
        this.servicesManager = servicesManager;
        this.authenticationRequestServiceSelectionStrategies = authenticationServiceSelectionPlan;
        this.ticketGrantingTicketCookieGenerator = casCookieBuilder;
        this.warnCookieGenerator = casCookieBuilder2;
        this.casProperties = casConfigurationProperties;
        this.authenticationEventExecutionPlan = authenticationEventExecutionPlan;
        this.renewalStrategy = singleSignOnParticipationStrategy;
        this.ticketRegistrySupport = ticketRegistrySupport;
    }

    @Generated
    public List<ArgumentExtractor> getArgumentExtractors() {
        return this.argumentExtractors;
    }

    @Generated
    public ServicesManager getServicesManager() {
        return this.servicesManager;
    }

    @Generated
    public AuthenticationServiceSelectionPlan getAuthenticationRequestServiceSelectionStrategies() {
        return this.authenticationRequestServiceSelectionStrategies;
    }

    @Generated
    public CasCookieBuilder getTicketGrantingTicketCookieGenerator() {
        return this.ticketGrantingTicketCookieGenerator;
    }

    @Generated
    public CasCookieBuilder getWarnCookieGenerator() {
        return this.warnCookieGenerator;
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }

    @Generated
    public AuthenticationEventExecutionPlan getAuthenticationEventExecutionPlan() {
        return this.authenticationEventExecutionPlan;
    }

    @Generated
    public SingleSignOnParticipationStrategy getRenewalStrategy() {
        return this.renewalStrategy;
    }

    @Generated
    public TicketRegistrySupport getTicketRegistrySupport() {
        return this.ticketRegistrySupport;
    }
}
