package org.apereo.cas.web.flow.configurer;

import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.authentication.PrincipalException;
import org.apereo.cas.authentication.RememberMeUsernamePasswordCredential;
import org.apereo.cas.authentication.UsernamePasswordCredential;
import org.apereo.cas.authentication.adaptive.UnauthorizedAuthenticationException;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.exceptions.InvalidLoginLocationException;
import org.apereo.cas.authentication.exceptions.InvalidLoginTimeException;
import org.apereo.cas.authentication.principal.Response;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.services.UnauthorizedServiceForPrincipalException;
import org.apereo.cas.services.UnauthorizedSsoServiceException;
import org.apereo.cas.ticket.UnsatisfiedAuthenticationPolicyException;
import org.springframework.context.ApplicationContext;
import org.springframework.webflow.action.SetAction;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.ActionState;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.TransitionableState;
import org.springframework.webflow.engine.ViewState;
import org.springframework.webflow.engine.builder.BinderConfiguration;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.engine.support.TransitionExecutingFlowExecutionExceptionHandler;
import org.springframework.webflow.execution.Action;
import org.springframework.webflow.execution.repository.NoSuchFlowExecutionException;

/* loaded from: input_file:org/apereo/cas/web/flow/configurer/DefaultWebflowConfigurer.class */
public class DefaultWebflowConfigurer extends AbstractCasWebflowConfigurer {
    public DefaultWebflowConfigurer(FlowBuilderServices flowBuilderServices, FlowDefinitionRegistry flowDefinitionRegistry, ApplicationContext applicationContext, CasConfigurationProperties casConfigurationProperties) {
        super(flowBuilderServices, flowDefinitionRegistry, applicationContext, casConfigurationProperties);
    }

    @Override // org.apereo.cas.web.flow.configurer.AbstractCasWebflowConfigurer
    protected void doInitialize() {
        Flow loginFlow = getLoginFlow();
        if (loginFlow != null) {
            createInitialFlowActions(loginFlow);
            createDefaultGlobalExceptionHandlers(loginFlow);
            createDefaultEndStates(loginFlow);
            createDefaultDecisionStates(loginFlow);
            createDefaultActionStates(loginFlow);
            createDefaultViewStates(loginFlow);
            createRememberMeAuthnWebflowConfig(loginFlow);
        }
    }

    protected void createInitialFlowActions(Flow flow) {
        flow.getStartActionList().add(createEvaluateAction("initialFlowSetupAction"));
    }

    protected void createDefaultViewStates(Flow flow) {
        createAuthenticationWarningMessagesView(flow);
    }

    protected void createAuthenticationWarningMessagesView(Flow flow) {
        ViewState createViewState = createViewState(flow, "showAuthenticationWarningMessages", "casLoginMessageView");
        createViewState.getEntryActionList().add(new SetAction(createExpression("requestScope.messages"), createExpression("messageContext.allMessages")));
        createTransitionForState(createViewState, "proceed", "proceedFromAuthenticationWarningView");
        ActionState createActionState = createActionState(flow, "proceedFromAuthenticationWarningView");
        createActionState.getActionList().add(createEvaluateAction("sendTicketGrantingTicketAction"));
        createStateDefaultTransition((TransitionableState) createActionState, "serviceCheck");
    }

    protected void createRememberMeAuthnWebflowConfig(Flow flow) {
        if (!this.casProperties.getTicket().getTgt().getRememberMe().isEnabled()) {
            createFlowVariable(flow, "credential", UsernamePasswordCredential.class);
        } else {
            createFlowVariable(flow, "credential", RememberMeUsernamePasswordCredential.class);
            getViewStateBinderConfiguration((ViewState) getState(flow, "viewLoginForm", ViewState.class)).addBinding(new BinderConfiguration.Binding("rememberMe", (String) null, false));
        }
    }

    protected void createDefaultActionStates(Flow flow) {
        createSendTicketGrantingTicketAction(flow);
        createGenerateServiceTicketAction(flow);
        createTerminateSessionAction(flow);
        createGatewayServicesMgmtAction(flow);
        createServiceAuthorizationCheckAction(flow);
        createRedirectToServiceActionState(flow);
        createHandleAuthenticationFailureAction(flow);
    }

    private void createSendTicketGrantingTicketAction(Flow flow) {
        createTransitionForState(createActionState(flow, "sendTicketGrantingTicket", (Action) createEvaluateAction("sendTicketGrantingTicketAction")), "success", "serviceCheck");
    }

    protected void createGenerateServiceTicketAction(Flow flow) {
        ActionState createActionState = createActionState(flow, "generateServiceTicket", (Action) createEvaluateAction("generateServiceTicketAction"));
        createTransitionForState(createActionState, "success", "redirect");
        createTransitionForState(createActionState, "warn", "warn");
        createTransitionForState(createActionState, "authenticationFailure", "handleAuthenticationFailure");
        createTransitionForState(createActionState, "error", "initializeLoginForm");
        createTransitionForState(createActionState, "gateway", "gatewayServicesManagementCheck");
    }

    protected void createHandleAuthenticationFailureAction(Flow flow) {
        ActionState createActionState = createActionState(flow, "handleAuthenticationFailure", (Action) createEvaluateAction("authenticationExceptionHandler"));
        createTransitionForState(createActionState, AccountDisabledException.class.getSimpleName(), "casAccountDisabledView");
        createTransitionForState(createActionState, AccountLockedException.class.getSimpleName(), "casAccountLockedView");
        createTransitionForState(createActionState, AccountPasswordMustChangeException.class.getSimpleName(), "casMustChangePassView");
        createTransitionForState(createActionState, CredentialExpiredException.class.getSimpleName(), "casExpiredPassView");
        createTransitionForState(createActionState, InvalidLoginLocationException.class.getSimpleName(), "casBadWorkstationView");
        createTransitionForState(createActionState, InvalidLoginTimeException.class.getSimpleName(), "casBadHoursView");
        createTransitionForState(createActionState, FailedLoginException.class.getSimpleName(), "initializeLoginForm");
        createTransitionForState(createActionState, AccountNotFoundException.class.getSimpleName(), "initializeLoginForm");
        createTransitionForState(createActionState, UnauthorizedServiceForPrincipalException.class.getSimpleName(), "initializeLoginForm");
        createTransitionForState(createActionState, PrincipalException.class.getSimpleName(), "initializeLoginForm");
        createTransitionForState(createActionState, UnsatisfiedAuthenticationPolicyException.class.getSimpleName(), "initializeLoginForm");
        createTransitionForState(createActionState, UnauthorizedAuthenticationException.class.getSimpleName(), "casAuthenticationBlockedView");
        createTransitionForState(createActionState, "serviceUnauthorizedCheck", "serviceUnauthorizedCheck");
        createStateDefaultTransition((TransitionableState) createActionState, "initializeLoginForm");
    }

    protected void createRedirectToServiceActionState(Flow flow) {
        ActionState createActionState = createActionState(flow, "redirect", (Action) createEvaluateAction("redirectToServiceAction"));
        createTransitionForState(createActionState, Response.ResponseType.POST.name().toLowerCase(), "postView");
        createTransitionForState(createActionState, Response.ResponseType.HEADER.name().toLowerCase(), "headerView");
        createTransitionForState(createActionState, Response.ResponseType.REDIRECT.name().toLowerCase(), "redirectView");
    }

    private void createServiceAuthorizationCheckAction(Flow flow) {
        createStateDefaultTransition((TransitionableState) createActionState(flow, "serviceAuthorizationCheck", (Action) createEvaluateAction("serviceAuthorizationCheck")), "initializeLoginForm");
    }

    protected void createGatewayServicesMgmtAction(Flow flow) {
        createTransitionForState(createActionState(flow, "gatewayServicesManagementCheck", (Action) createEvaluateAction("gatewayServicesManagementCheck")), "success", "redirect");
    }

    protected void createTerminateSessionAction(Flow flow) {
        createStateDefaultTransition((TransitionableState) createActionState(flow, "terminateSession", (Action) createEvaluateAction("terminateSessionAction")), "gatewayRequestCheck");
    }

    protected void createDefaultEndStates(Flow flow) {
        createRedirectUnauthorizedServiceUrlEndState(flow);
        createServiceErrorEndState(flow);
        createRedirectEndState(flow);
        createPostEndState(flow);
        createHeaderEndState(flow);
        createGenericLoginSuccessEndState(flow);
        createServiceWarningViewState(flow);
    }

    protected void createRedirectEndState(Flow flow) {
        createEndState(flow, "redirectView", "requestScope.url", true);
    }

    protected void createPostEndState(Flow flow) {
        createEndState(flow, "postView", "casPostResponseView");
    }

    protected void createHeaderEndState(Flow flow) {
        createEndState(flow, "headerView").setFinalResponseAction(createEvaluateAction("injectResponseHeadersAction"));
    }

    protected void createRedirectUnauthorizedServiceUrlEndState(Flow flow) {
        createEndState(flow, "viewRedirectToUnauthorizedUrlView", "flowScope.unauthorizedRedirectUrl", true);
    }

    private void createServiceErrorEndState(Flow flow) {
        createEndState(flow, "viewServiceErrorView", "casServiceErrorView");
    }

    private void createGenericLoginSuccessEndState(Flow flow) {
        createEndState(flow, "viewGenericLoginSuccess", "casGenericSuccessView").getEntryActionList().add(createEvaluateAction("genericSuccessViewAction"));
    }

    protected void createServiceWarningViewState(Flow flow) {
        createTransitionForState(createViewState(flow, "showWarningView", "casConfirmView"), "success", "finalizeWarning");
        createTransitionForState(createActionState(flow, "finalizeWarning", (Action) createEvaluateAction("serviceWarningAction")), "redirect", "redirect");
    }

    protected void createDefaultGlobalExceptionHandlers(Flow flow) {
        TransitionExecutingFlowExecutionExceptionHandler transitionExecutingFlowExecutionExceptionHandler = new TransitionExecutingFlowExecutionExceptionHandler();
        transitionExecutingFlowExecutionExceptionHandler.add(UnauthorizedSsoServiceException.class, "viewLoginForm");
        transitionExecutingFlowExecutionExceptionHandler.add(NoSuchFlowExecutionException.class, "viewServiceErrorView");
        transitionExecutingFlowExecutionExceptionHandler.add(UnauthorizedServiceException.class, "serviceUnauthorizedCheck");
        transitionExecutingFlowExecutionExceptionHandler.add(UnauthorizedServiceForPrincipalException.class, "serviceUnauthorizedCheck");
        flow.getExceptionHandlerSet().add(transitionExecutingFlowExecutionExceptionHandler);
    }

    protected void createDefaultDecisionStates(Flow flow) {
        createServiceUnauthorizedCheckDecisionState(flow);
        createServiceCheckDecisionState(flow);
        createWarnDecisionState(flow);
        createGatewayRequestCheckDecisionState(flow);
        createHasServiceCheckDecisionState(flow);
        createRenewCheckDecisionState(flow);
    }

    protected void createServiceUnauthorizedCheckDecisionState(Flow flow) {
        createDecisionState(flow, "serviceUnauthorizedCheck", "flowScope.unauthorizedRedirectUrl != null", "viewRedirectToUnauthorizedUrlView", "viewServiceErrorView");
    }

    protected void createServiceCheckDecisionState(Flow flow) {
        createDecisionState(flow, "serviceCheck", "flowScope.service != null", "generateServiceTicket", "viewGenericLoginSuccess");
    }

    protected void createWarnDecisionState(Flow flow) {
        createDecisionState(flow, "warn", "flowScope.warnCookieValue", "showWarningView", "redirect");
    }

    protected void createGatewayRequestCheckDecisionState(Flow flow) {
        createDecisionState(flow, "gatewayRequestCheck", "requestParameters.gateway != '' and requestParameters.gateway != null and flowScope.service != null", "gatewayServicesManagementCheck", "serviceAuthorizationCheck");
    }

    protected void createHasServiceCheckDecisionState(Flow flow) {
        createDecisionState(flow, "hasServiceCheck", "flowScope.service != null", "renewRequestCheck", "viewGenericLoginSuccess");
    }

    protected void createRenewCheckDecisionState(Flow flow) {
        createDecisionState(flow, "renewRequestCheck", "requestParameters.renew != '' and requestParameters.renew != null", "serviceAuthorizationCheck", "generateServiceTicket");
    }
}
