package org.apereo.cas.web.flow;

import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.ticket.AbstractTicketException;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/AbstractNonInteractiveCredentialsAction.class */
public abstract class AbstractNonInteractiveCredentialsAction extends AbstractAction {
    protected transient Logger logger = LoggerFactory.getLogger(getClass());
    protected PrincipalFactory principalFactory;
    private AuthenticationSystemSupport authenticationSystemSupport;
    private CentralAuthenticationService centralAuthenticationService;
    private CookieGenerator warnCookieGenerator;

    protected boolean isRenewPresent(RequestContext requestContext) {
        return StringUtils.hasText(requestContext.getRequestParameters().get("renew"));
    }

    protected Event doExecute(RequestContext requestContext) {
        Credential constructCredentialsFromRequest = constructCredentialsFromRequest(requestContext);
        if (constructCredentialsFromRequest == null) {
            this.logger.warn("No credentials detected. Navigating to error...");
            return error();
        }
        String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
        WebApplicationService service = WebUtils.getService(requestContext);
        if (ticketGrantingTicketId != null && service != null && isRenewPresent(requestContext)) {
            try {
                WebUtils.putServiceTicketInRequestScope(requestContext, this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, new Credential[]{constructCredentialsFromRequest})));
                onWarn(requestContext, constructCredentialsFromRequest);
                return result("warn");
            } catch (AbstractTicketException e) {
                this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicketId);
                this.logger.debug("Attempted to generate a ServiceTicket using renew=true with different credential", e);
            } catch (AuthenticationException e2) {
                onError(requestContext, constructCredentialsFromRequest);
                return error();
            }
        }
        try {
            WebUtils.putTicketGrantingTicketInScopes(requestContext, this.centralAuthenticationService.createTicketGrantingTicket(this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, new Credential[]{constructCredentialsFromRequest})));
            onSuccess(requestContext, constructCredentialsFromRequest);
            return success();
        } catch (Exception e3) {
            this.logger.warn(e3.getMessage(), e3);
            onError(requestContext, constructCredentialsFromRequest);
            return error();
        }
    }

    public CentralAuthenticationService getCentralAuthenticationService() {
        return this.centralAuthenticationService;
    }

    public void setCentralAuthenticationService(CentralAuthenticationService centralAuthenticationService) {
        this.centralAuthenticationService = centralAuthenticationService;
    }

    public void setPrincipalFactory(PrincipalFactory principalFactory) {
        this.principalFactory = principalFactory;
    }

    protected void onError(RequestContext requestContext, Credential credential) {
    }

    protected void onSuccess(RequestContext requestContext, Credential credential) {
    }

    public PrincipalFactory getPrincipalFactory() {
        return this.principalFactory;
    }

    public AuthenticationSystemSupport getAuthenticationSystemSupport() {
        return this.authenticationSystemSupport;
    }

    protected void onWarn(RequestContext requestContext, Credential credential) {
        WebUtils.putWarnCookieIfRequestParameterPresent(this.warnCookieGenerator, requestContext);
    }

    protected abstract Credential constructCredentialsFromRequest(RequestContext requestContext);

    public void setAuthenticationSystemSupport(AuthenticationSystemSupport authenticationSystemSupport) {
        this.authenticationSystemSupport = authenticationSystemSupport;
    }

    public void setWarnCookieGenerator(CookieGenerator cookieGenerator) {
        this.warnCookieGenerator = cookieGenerator;
    }
}
