package org.apereo.cas.web.flow.account;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.time.Clock;
import java.time.LocalDateTime;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.apereo.cas.audit.AuditTrailExecutionPlan;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationService;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredServicePrincipalAccessStrategyEnforcer;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.web.flow.actions.BaseCasWebflowAction;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.audit.AuditTrailManager;
import org.jooq.lambda.Unchecked;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-actions-core-7.3.0-RC2.jar:org/apereo/cas/web/flow/account/PrepareAccountProfileViewAction.class */
public class PrepareAccountProfileViewAction extends BaseCasWebflowAction {
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(false).build().toObjectMapper();
    private final TicketRegistry ticketRegistry;
    private final ServicesManager servicesManager;
    private final CasConfigurationProperties casProperties;
    private final AuditTrailExecutionPlan auditTrailManager;
    private final GeoLocationService geoLocationService;
    private final RegisteredServicePrincipalAccessStrategyEnforcer principalAccessStrategyEnforcer;

    @Override // org.apereo.cas.web.flow.actions.BaseCasWebflowAction
    protected Event doExecuteInternal(RequestContext requestContext) {
        String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
        ((Optional) FunctionUtils.doAndHandle(() -> {
            return Optional.of((TicketGrantingTicket) this.ticketRegistry.getTicket(ticketGrantingTicketId, TicketGrantingTicket.class));
        }, th -> {
            return Optional.empty();
        }).get()).ifPresent(ticketGrantingTicket -> {
            WebUtils.putAuthentication(ticketGrantingTicket.getAuthentication(), requestContext);
            WebApplicationService service = WebUtils.getService(requestContext);
            if (this.casProperties.getView().isAuthorizedServicesOnSuccessfulLogin()) {
                buildAuthorizedServices(requestContext, ticketGrantingTicket, service);
            }
            buildAuditLogRecords(requestContext, ticketGrantingTicket);
            buildActiveSingleSignOnSessions(requestContext, ticketGrantingTicket);
        });
        return success();
    }

    protected void buildActiveSingleSignOnSessions(RequestContext requestContext, TicketGrantingTicket ticketGrantingTicket) {
        Stream<? extends Ticket> sessionsFor = this.ticketRegistry.getSessionsFor(ticketGrantingTicket.getAuthentication().getPrincipal().getId());
        Class<TicketGrantingTicket> cls = TicketGrantingTicket.class;
        Objects.requireNonNull(TicketGrantingTicket.class);
        WebUtils.putSingleSignOnSessions(requestContext, (List) sessionsFor.map((v1) -> {
            return r1.cast(v1);
        }).map(ticketGrantingTicket2 -> {
            AccountSingleSignOnSession accountSingleSignOnSession = new AccountSingleSignOnSession(ticketGrantingTicket2);
            accountSingleSignOnSession.setGeoLocation((String) FunctionUtils.doIf(BeanSupplier.isNotProxy(this.geoLocationService), () -> {
                return this.geoLocationService.locate(accountSingleSignOnSession.getClientIpAddress()).build();
            }, () -> {
                return "N/A";
            }).get());
            accountSingleSignOnSession.setPayload((String) FunctionUtils.doUnchecked(() -> {
                return MAPPER.writerWithDefaultPrettyPrinter().writeValueAsString(accountSingleSignOnSession);
            }));
            return accountSingleSignOnSession;
        }).collect(Collectors.toList()));
    }

    protected void buildAuthorizedServices(RequestContext requestContext, TicketGrantingTicket ticketGrantingTicket, WebApplicationService webApplicationService) {
        Map<String, Object> merge = CollectionUtils.merge(ticketGrantingTicket.getAuthentication().getAttributes(), ticketGrantingTicket.getAuthentication().getPrincipal().getAttributes());
        WebUtils.putAuthorizedServices(requestContext, (List) this.servicesManager.getAllServices().stream().filter(registeredService -> {
            return ((Boolean) FunctionUtils.doAndHandle(() -> {
                return this.principalAccessStrategyEnforcer.authorize(RegisteredServicePrincipalAccessStrategyEnforcer.PrincipalAccessStrategyContext.builder().registeredService(registeredService).principalId(ticketGrantingTicket.getAuthentication().getPrincipal().getId()).principalAttributes(merge).service(webApplicationService).applicationContext(requestContext.getActiveFlow().getApplicationContext()).build());
            }, th -> {
                return false;
            }).get()).booleanValue();
        }).sorted().collect(Collectors.toList()));
    }

    protected void buildAuditLogRecords(RequestContext requestContext, TicketGrantingTicket ticketGrantingTicket) {
        List list = (List) this.auditTrailManager.getAuditRecords(Map.of(AuditTrailManager.WhereClauseFields.DATE, LocalDateTime.now(Clock.systemUTC()).minusMonths(2L), AuditTrailManager.WhereClauseFields.PRINCIPAL, ticketGrantingTicket.getAuthentication().getPrincipal().getId())).stream().sorted(Comparator.comparing((v0) -> {
            return v0.getWhenActionWasPerformed();
        }).reversed()).map(Unchecked.function(auditActionContext -> {
            return new AccountAuditActionContext(auditActionContext, MAPPER.writerWithDefaultPrettyPrinter().writeValueAsString(auditActionContext));
        })).collect(Collectors.toList());
        FunctionUtils.doIf(!list.isEmpty(), obj -> {
            requestContext.getFlowScope().put("auditLog", list);
        }).accept(list);
    }

    @Generated
    public PrepareAccountProfileViewAction(TicketRegistry ticketRegistry, ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties, AuditTrailExecutionPlan auditTrailExecutionPlan, GeoLocationService geoLocationService, RegisteredServicePrincipalAccessStrategyEnforcer registeredServicePrincipalAccessStrategyEnforcer) {
        this.ticketRegistry = ticketRegistry;
        this.servicesManager = servicesManager;
        this.casProperties = casConfigurationProperties;
        this.auditTrailManager = auditTrailExecutionPlan;
        this.geoLocationService = geoLocationService;
        this.principalAccessStrategyEnforcer = registeredServicePrincipalAccessStrategyEnforcer;
    }
}
