package org.apereo.cas.web.flow.resolver.impl;

import java.net.URI;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Comparator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationResultBuilder;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.metadata.BasicCredentialMetaData;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.ticket.AbstractTicketException;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.webflow.core.collection.AttributeMap;
import org.springframework.webflow.core.collection.LocalAttributeMap;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/resolver/impl/DefaultCasDelegatingWebflowEventResolver.class */
public class DefaultCasDelegatingWebflowEventResolver extends AbstractCasWebflowEventResolver implements CasDelegatingWebflowEventResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultCasDelegatingWebflowEventResolver.class);
    private final List<CasWebflowEventResolver> orderedResolvers;
    private final CasWebflowEventResolver selectiveResolver;

    public DefaultCasDelegatingWebflowEventResolver(CasWebflowEventResolutionConfigurationContext casWebflowEventResolutionConfigurationContext, CasWebflowEventResolver casWebflowEventResolver) {
        super(casWebflowEventResolutionConfigurationContext);
        this.orderedResolvers = new ArrayList(0);
        this.selectiveResolver = casWebflowEventResolver;
    }

    @Override // org.apereo.cas.web.flow.resolver.CasWebflowEventResolver
    public Set<Event> resolveInternal(RequestContext requestContext) {
        Credential credentialFromContext = getCredentialFromContext(requestContext);
        WebApplicationService service = WebUtils.getService(requestContext);
        if (credentialFromContext != null) {
            try {
                AuthenticationResultBuilder handleInitialAuthenticationTransaction = getConfigurationContext().getAuthenticationSystemSupport().handleInitialAuthenticationTransaction(service, new Credential[]{credentialFromContext});
                handleInitialAuthenticationTransaction.collect(new BasicCredentialMetaData(credentialFromContext, CollectionUtils.wrap("UserAgent", WebUtils.getHttpServletRequestUserAgentFromRequestContext(requestContext), "GeoLocation", WebUtils.getHttpServletRequestGeoLocationFromRequestContext(requestContext))));
                handleInitialAuthenticationTransaction.getInitialAuthentication().ifPresent(authentication -> {
                    WebUtils.putAuthenticationResultBuilder(handleInitialAuthenticationTransaction, requestContext);
                    WebUtils.putAuthentication(authentication, requestContext);
                });
            } catch (Exception e) {
                Event returnAuthenticationExceptionEventIfNeeded = returnAuthenticationExceptionEventIfNeeded(e, credentialFromContext, service);
                if (returnAuthenticationExceptionEventIfNeeded == null) {
                    FunctionUtils.doIf(LOGGER.isDebugEnabled(), obj -> {
                        LOGGER.debug(e.getMessage(), e);
                    }, obj2 -> {
                        LoggingUtils.warn(LOGGER, e.getMessage(), e);
                    }).accept(e);
                    returnAuthenticationExceptionEventIfNeeded = newEvent("error", e);
                }
                HttpServletResponse httpServletResponseFromExternalWebflowContext = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
                httpServletResponseFromExternalWebflowContext.setStatus(HttpStatus.UNAUTHORIZED.value());
                LOGGER.debug("Authentication request failed with [{}], resulting in event [{}]", Integer.valueOf(httpServletResponseFromExternalWebflowContext.getStatus()), returnAuthenticationExceptionEventIfNeeded);
                return CollectionUtils.wrapSet(returnAuthenticationExceptionEventIfNeeded);
            }
        }
        RegisteredService determineRegisteredServiceForEvent = determineRegisteredServiceForEvent(requestContext, service);
        LOGGER.trace("Attempting to resolve candidate authentication events for service [{}]", service);
        Collection<Event> resolveCandidateAuthenticationEvents = resolveCandidateAuthenticationEvents(requestContext, service, determineRegisteredServiceForEvent);
        if (resolveCandidateAuthenticationEvents.isEmpty()) {
            LOGGER.trace("No candidate authentication events were resolved for service [{}]", service);
        } else {
            LOGGER.trace("Authentication events resolved for [{}] are [{}]. Selecting final event...", service, resolveCandidateAuthenticationEvents);
            WebUtils.putResolvedEventsAsAttribute(requestContext, resolveCandidateAuthenticationEvents);
            Event resolveSingle = this.selectiveResolver.resolveSingle(requestContext);
            LOGGER.debug("The final authentication event resolved for [{}] is [{}]", service, resolveSingle);
            if (resolveSingle != null) {
                return CollectionUtils.wrapSet(resolveSingle);
            }
        }
        AuthenticationResultBuilder authenticationResultBuilder = WebUtils.getAuthenticationResultBuilder(requestContext);
        if (authenticationResultBuilder == null) {
            throw new IllegalArgumentException((Throwable) new AuthenticationException("Unable to locate authentication object in the webflow context"));
        }
        return CollectionUtils.wrapSet(grantTicketGrantingTicketToAuthenticationResult(requestContext, authenticationResultBuilder, service));
    }

    @Override // org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver
    public void addDelegate(CasWebflowEventResolver casWebflowEventResolver) {
        if (casWebflowEventResolver == null || !BeanSupplier.isNotProxy(casWebflowEventResolver)) {
            return;
        }
        this.orderedResolvers.add(casWebflowEventResolver);
    }

    @Override // org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver
    public void addDelegate(CasWebflowEventResolver casWebflowEventResolver, int i) {
        if (casWebflowEventResolver == null || !BeanSupplier.isNotProxy(casWebflowEventResolver)) {
            return;
        }
        this.orderedResolvers.add(i, casWebflowEventResolver);
    }

    protected Collection<Event> resolveCandidateAuthenticationEvents(RequestContext requestContext, Service service, RegisteredService registeredService) {
        return (Collection) this.orderedResolvers.stream().filter((v0) -> {
            return BeanSupplier.isNotProxy(v0);
        }).map(casWebflowEventResolver -> {
            LOGGER.debug("Resolving candidate authentication event for service [{}] using [{}]", service, casWebflowEventResolver.getName());
            return casWebflowEventResolver.resolveSingle(requestContext);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).sorted(Comparator.comparing((v0) -> {
            return v0.getId();
        })).collect(Collectors.toList());
    }

    private RegisteredService determineRegisteredServiceForEvent(RequestContext requestContext, Service service) {
        if (service == null) {
            return null;
        }
        LOGGER.trace("Locating authentication event in the request context...");
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        if (authentication == null) {
            throw new IllegalArgumentException((Throwable) new AuthenticationException("Unable to locate authentication object in the webflow context"));
        }
        LOGGER.trace("Locating service [{}] in service registry to determine authentication policy", service);
        RegisteredService findServiceBy = getConfigurationContext().getServicesManager().findServiceBy(service);
        LOGGER.trace("Enforcing access strategy policies for registered service [{}] and principal [{}]", findServiceBy, authentication.getPrincipal());
        URI unauthorizedRedirectUrl = findServiceBy.getAccessStrategy().getUnauthorizedRedirectUrl();
        if (unauthorizedRedirectUrl != null) {
            WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(requestContext, unauthorizedRedirectUrl);
        }
        getConfigurationContext().getRegisteredServiceAccessStrategyEnforcer().execute(AuditableContext.builder().service(service).authentication(authentication).registeredService(findServiceBy).build()).throwExceptionIfNeeded();
        return findServiceBy;
    }

    private Event returnAuthenticationExceptionEventIfNeeded(Exception exc, Credential credential, WebApplicationService webApplicationService) {
        Optional of = ((exc instanceof AuthenticationException) || (exc instanceof AbstractTicketException)) ? Optional.of(exc) : ((exc.getCause() instanceof AuthenticationException) || (exc.getCause() instanceof AbstractTicketException)) ? Optional.of(exc.getCause()) : Optional.empty();
        Class<Exception> cls = Exception.class;
        Objects.requireNonNull(Exception.class);
        return (Event) of.map(cls::cast).map(exc2 -> {
            FunctionUtils.doIf(LOGGER.isDebugEnabled(), obj -> {
                LOGGER.debug(exc2.getMessage(), exc2);
            }, obj2 -> {
                LOGGER.warn(exc2.getMessage());
            }).accept(exc);
            LocalAttributeMap localAttributeMap = new LocalAttributeMap("error", exc2);
            localAttributeMap.put(Credential.class.getName(), credential);
            localAttributeMap.put(WebApplicationService.class.getName(), webApplicationService);
            return newEvent("authenticationFailure", (AttributeMap) localAttributeMap);
        }).orElse(null);
    }
}
