package org.apereo.cas.web.flow.resolver;

import com.google.common.collect.ImmutableSet;
import java.util.Set;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationResultBuilder;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.ticket.AbstractTicketException;
import org.apereo.cas.web.flow.CasWebflowConstants;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.aspect.TraceLogAspect;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

@RefreshScope
@Component("initialAuthenticationAttemptWebflowEventResolver")
/* loaded from: input_file:org/apereo/cas/web/flow/resolver/InitialAuthenticationAttemptWebflowEventResolver.class */
public class InitialAuthenticationAttemptWebflowEventResolver extends AbstractCasWebflowEventResolver {

    @Autowired
    @Qualifier("requestParameterAuthenticationPolicyWebflowEventResolver")
    private CasWebflowEventResolver requestParameterAuthenticationPolicyWebflowEventResolver;

    @Autowired
    @Qualifier("registeredServiceAuthenticationPolicyWebflowEventResolver")
    private CasWebflowEventResolver registeredServiceAuthenticationPolicyWebflowEventResolver;

    @Autowired
    @Qualifier("principalAttributeAuthenticationPolicyWebflowEventResolver")
    private CasWebflowEventResolver principalAttributeAuthenticationPolicyWebflowEventResolver;

    @Autowired
    @Qualifier("registeredServicePrincipalAttributeAuthenticationPolicyWebflowEventResolver")
    private CasWebflowEventResolver registeredServicePrincipalAttributeAuthenticationPolicyWebflowEventResolver;

    @Autowired
    @Qualifier("selectiveAuthenticationProviderWebflowEventResolver")
    private CasWebflowEventResolver selectiveAuthenticationProviderWebflowEventResolver;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;

    /* loaded from: input_file:org/apereo/cas/web/flow/resolver/InitialAuthenticationAttemptWebflowEventResolver$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return InitialAuthenticationAttemptWebflowEventResolver.resolveInternal_aroundBody0((InitialAuthenticationAttemptWebflowEventResolver) objArr2[0], (RequestContext) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    @Override // org.apereo.cas.web.flow.resolver.AbstractCasWebflowEventResolver
    public Set<Event> resolveInternal(RequestContext requestContext) {
        return (Set) TraceLogAspect.aspectOf().traceMethod(new AjcClosure1(new Object[]{this, requestContext, Factory.makeJP(ajc$tjp_0, this, this, requestContext)}).linkClosureAndJoinPoint(69648));
    }

    protected Set<Event> resolveCandidateAuthenticationEvents(RequestContext requestContext, Service service, RegisteredService registeredService) {
        this.logger.debug("Evaluating authentication policy for {} based on principal attribute requirements only when accessing {}", registeredService.getServiceId(), service);
        Event resolveSingle = this.registeredServicePrincipalAttributeAuthenticationPolicyWebflowEventResolver.resolveSingle(requestContext);
        this.logger.debug("Evaluating authentication policy based on principal attribute requirements for {}", service);
        Event resolveSingle2 = this.principalAttributeAuthenticationPolicyWebflowEventResolver.resolveSingle(requestContext);
        this.logger.debug("Evaluating authentication policy for {}", service);
        Event resolveSingle3 = this.registeredServiceAuthenticationPolicyWebflowEventResolver.resolveSingle(requestContext);
        this.logger.debug("Evaluating authentication policy for {} based on request parameters", service);
        Event resolveSingle4 = this.requestParameterAuthenticationPolicyWebflowEventResolver.resolveSingle(requestContext);
        ImmutableSet.Builder builder = ImmutableSet.builder();
        if (resolveSingle4 != null) {
            builder.add(resolveSingle4);
        }
        if (resolveSingle != null) {
            builder.add(resolveSingle);
        }
        if (resolveSingle2 != null) {
            builder.add(resolveSingle2);
        }
        if (resolveSingle3 != null) {
            builder.add(resolveSingle3);
        }
        return builder.build();
    }

    private Event returnAuthenticationExceptionEventIfNeeded(Exception exc) {
        Exception exc2;
        if ((exc instanceof AuthenticationException) || (exc instanceof AbstractTicketException)) {
            exc2 = exc;
        } else {
            if (!(exc.getCause() instanceof AuthenticationException) && !(exc.getCause() instanceof AbstractTicketException)) {
                return null;
            }
            exc2 = (Exception) exc.getCause();
        }
        this.logger.debug(exc2.getMessage(), exc2);
        return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, exc2);
    }

    static {
        ajc$preClinit();
    }

    static final Set resolveInternal_aroundBody0(InitialAuthenticationAttemptWebflowEventResolver initialAuthenticationAttemptWebflowEventResolver, RequestContext requestContext, JoinPoint joinPoint) {
        try {
            Credential credentialFromContext = initialAuthenticationAttemptWebflowEventResolver.getCredentialFromContext(requestContext);
            if (credentialFromContext != null) {
                AuthenticationResultBuilder handleInitialAuthenticationTransaction = initialAuthenticationAttemptWebflowEventResolver.authenticationSystemSupport.handleInitialAuthenticationTransaction(new Credential[]{credentialFromContext});
                if (handleInitialAuthenticationTransaction.getInitialAuthentication().isPresent()) {
                    WebUtils.putAuthenticationResultBuilder(handleInitialAuthenticationTransaction, requestContext);
                    WebUtils.putAuthentication((Authentication) handleInitialAuthenticationTransaction.getInitialAuthentication().get(), requestContext);
                }
            }
            WebApplicationService service = WebUtils.getService(requestContext);
            if (service != null) {
                initialAuthenticationAttemptWebflowEventResolver.logger.debug("Locating service {} in service registry to determine authentication policy", service);
                RegisteredService findServiceBy = initialAuthenticationAttemptWebflowEventResolver.servicesManager.findServiceBy(service);
                RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, findServiceBy);
                Set<Event> resolveCandidateAuthenticationEvents = initialAuthenticationAttemptWebflowEventResolver.resolveCandidateAuthenticationEvents(requestContext, service, findServiceBy);
                if (!resolveCandidateAuthenticationEvents.isEmpty()) {
                    initialAuthenticationAttemptWebflowEventResolver.putResolvedEventsAsAttribute(requestContext, resolveCandidateAuthenticationEvents);
                    Event resolveSingle = initialAuthenticationAttemptWebflowEventResolver.selectiveAuthenticationProviderWebflowEventResolver.resolveSingle(requestContext);
                    if (resolveSingle != null) {
                        return ImmutableSet.of(resolveSingle);
                    }
                }
            }
            AuthenticationResultBuilder authenticationResultBuilder = WebUtils.getAuthenticationResultBuilder(requestContext);
            if (authenticationResultBuilder == null) {
                throw new IllegalArgumentException("No authentication result builder can be located in the context");
            }
            return ImmutableSet.of(initialAuthenticationAttemptWebflowEventResolver.grantTicketGrantingTicketToAuthenticationResult(requestContext, authenticationResultBuilder, service));
        } catch (Exception e) {
            Event returnAuthenticationExceptionEventIfNeeded = initialAuthenticationAttemptWebflowEventResolver.returnAuthenticationExceptionEventIfNeeded(e);
            if (returnAuthenticationExceptionEventIfNeeded == null) {
                initialAuthenticationAttemptWebflowEventResolver.logger.warn(e.getMessage(), e);
                returnAuthenticationExceptionEventIfNeeded = initialAuthenticationAttemptWebflowEventResolver.newEvent(CasWebflowConstants.TRANSITION_ID_ERROR, e);
            }
            WebUtils.getHttpServletResponse(requestContext).setStatus(HttpStatus.UNAUTHORIZED.value());
            return ImmutableSet.of(returnAuthenticationExceptionEventIfNeeded);
        }
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("InitialAuthenticationAttemptWebflowEventResolver.java", InitialAuthenticationAttemptWebflowEventResolver.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "resolveInternal", "org.apereo.cas.web.flow.resolver.InitialAuthenticationAttemptWebflowEventResolver", "org.springframework.webflow.execution.RequestContext", "context", "", "java.util.Set"), 58);
    }
}
