package org.apereo.cas.web.flow.login;

import java.util.List;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.principal.NullPrincipal;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategy;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategy;
import org.apereo.cas.web.support.ArgumentExtractor;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;
import org.springframework.webflow.execution.repository.NoSuchFlowExecutionException;

/* loaded from: input_file:org/apereo/cas/web/flow/login/InitialFlowSetupAction.class */
public class InitialFlowSetupAction extends AbstractAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(InitialFlowSetupAction.class);
    private final List<ArgumentExtractor> argumentExtractors;
    private final ServicesManager servicesManager;
    private final AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies;
    private final CasCookieBuilder ticketGrantingTicketCookieGenerator;
    private final CasCookieBuilder warnCookieGenerator;
    private final CasConfigurationProperties casProperties;
    private final AuthenticationEventExecutionPlan authenticationEventExecutionPlan;
    private final SingleSignOnParticipationStrategy renewalStrategy;
    private final TicketRegistrySupport ticketRegistrySupport;

    public Event doExecute(RequestContext requestContext) {
        configureCookieGenerators(requestContext);
        configureWebflowContext(requestContext);
        configureWebflowForPostParameters(requestContext);
        configureWebflowForCustomFields(requestContext);
        configureWebflowForServices(requestContext);
        configureWebflowForSsoParticipation(requestContext, configureWebflowForTicketGrantingTicket(requestContext));
        return success();
    }

    private String configureWebflowForTicketGrantingTicket(RequestContext requestContext) {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        HttpServletResponse httpServletResponseFromExternalWebflowContext = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
        TicketGrantingTicket ticketGrantingTicket = this.ticketRegistrySupport.getTicketGrantingTicket(this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(httpServletRequestFromExternalWebflowContext));
        if (ticketGrantingTicket != null) {
            WebUtils.putTicketGrantingTicketInScopes(requestContext, ticketGrantingTicket.getId());
            return ticketGrantingTicket.getId();
        }
        this.ticketGrantingTicketCookieGenerator.removeCookie(httpServletResponseFromExternalWebflowContext);
        WebUtils.putTicketGrantingTicketInScopes(requestContext, "");
        return null;
    }

    private void configureWebflowForCustomFields(RequestContext requestContext) {
        WebUtils.putCustomLoginFormFields(requestContext, this.casProperties.getView().getCustomLoginFormFields());
    }

    private static void configureWebflowForPostParameters(RequestContext requestContext) {
        if (WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext).getMethod().equalsIgnoreCase(HttpMethod.POST.name())) {
            WebUtils.putInitialHttpRequestPostParameters(requestContext);
        }
    }

    private void configureWebflowForServices(RequestContext requestContext) {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        WebApplicationService service = WebUtils.getService(this.argumentExtractors, requestContext);
        if (service != null) {
            LOGGER.debug("Placing service in context scope: [{}]", service.getId());
            RegisteredService findServiceBy = this.servicesManager.findServiceBy(this.authenticationRequestServiceSelectionStrategies.resolveService(service));
            RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(findServiceBy);
            if (findServiceBy != null && findServiceBy.getAccessStrategy().isServiceAccessAllowed()) {
                LOGGER.debug("Placing registered service [{}] with id [{}] in context scope", findServiceBy.getServiceId(), Long.valueOf(findServiceBy.getId()));
                WebUtils.putRegisteredService(requestContext, findServiceBy);
                RegisteredServiceAccessStrategy accessStrategy = findServiceBy.getAccessStrategy();
                if (accessStrategy.getUnauthorizedRedirectUrl() != null) {
                    LOGGER.debug("Placing registered service's unauthorized redirect url [{}] with id [{}] in context scope", accessStrategy.getUnauthorizedRedirectUrl(), findServiceBy.getServiceId());
                    WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(requestContext, accessStrategy.getUnauthorizedRedirectUrl());
                }
            }
        } else if (!this.casProperties.getSso().isAllowMissingServiceParameter()) {
            LOGGER.warn("No service authentication request is available at [{}]. CAS is configured to disable the flow.", httpServletRequestFromExternalWebflowContext.getRequestURL());
            throw new NoSuchFlowExecutionException(requestContext.getFlowExecutionContext().getKey(), new UnauthorizedServiceException("screen.service.required.message", "Service is required"));
        }
        WebUtils.putServiceIntoFlowScope(requestContext, service);
    }

    private void configureWebflowForSsoParticipation(RequestContext requestContext, String str) {
        if ((this.renewalStrategy.supports(requestContext) && this.renewalStrategy.isParticipating(requestContext)) || !StringUtils.isNotBlank(str)) {
            return;
        }
        Authentication authenticationFrom = this.ticketRegistrySupport.getAuthenticationFrom(str);
        if (authenticationFrom != null) {
            WebUtils.putExistingSingleSignOnSessionAvailable(requestContext, true);
            WebUtils.putExistingSingleSignOnSessionPrincipal(requestContext, authenticationFrom.getPrincipal());
        } else {
            WebUtils.putExistingSingleSignOnSessionAvailable(requestContext, false);
            WebUtils.putExistingSingleSignOnSessionPrincipal(requestContext, NullPrincipal.getInstance());
        }
    }

    private void configureWebflowContext(RequestContext requestContext) {
        WebUtils.putWarningCookie(requestContext, Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext))));
        WebUtils.putGeoLocationTrackingIntoFlowScope(requestContext, Boolean.valueOf(this.casProperties.getEvents().isTrackGeolocation()));
        WebUtils.putPasswordManagementEnabled(requestContext, Boolean.valueOf(this.casProperties.getAuthn().getPm().isEnabled()));
        WebUtils.putRememberMeAuthenticationEnabled(requestContext, Boolean.valueOf(this.casProperties.getTicket().getTgt().getRememberMe().isEnabled()));
        WebUtils.putStaticAuthenticationIntoFlowScope(requestContext, Boolean.valueOf(StringUtils.isNotBlank(this.casProperties.getAuthn().getAccept().getUsers()) || StringUtils.isNotBlank(this.casProperties.getAuthn().getReject().getUsers())));
        if (this.casProperties.getAuthn().getPolicy().isSourceSelectionEnabled()) {
            WebUtils.putAvailableAuthenticationHandleNames(requestContext, (List) this.authenticationEventExecutionPlan.getAuthenticationHandlers().stream().filter(authenticationHandler -> {
                return authenticationHandler.supports(UsernamePasswordCredential.class);
            }).map(authenticationHandler2 -> {
                return StringUtils.capitalize(authenticationHandler2.getName().trim());
            }).distinct().sorted().collect(Collectors.toList()));
        }
    }

    private void configureCookieGenerators(RequestContext requestContext) {
        String contextPath = requestContext.getExternalContext().getContextPath();
        String str = StringUtils.isNotBlank(contextPath) ? contextPath + "/" : "/";
        if (this.casProperties.getWarningCookie().isAutoConfigureCookiePath()) {
            String cookiePath = this.warnCookieGenerator.getCookiePath();
            if (StringUtils.isBlank(cookiePath)) {
                LOGGER.debug("Setting path for cookies for warn cookie generator to: [{}]", str);
                this.warnCookieGenerator.setCookiePath(str);
            } else {
                LOGGER.trace("Warning cookie is set to [{}] with path [{}]", this.warnCookieGenerator.getCookieDomain(), cookiePath);
            }
        }
        if (this.casProperties.getTgc().isAutoConfigureCookiePath()) {
            String cookiePath2 = this.ticketGrantingTicketCookieGenerator.getCookiePath();
            if (!StringUtils.isBlank(cookiePath2)) {
                LOGGER.trace("Ticket-granting cookie domain is [{}] with path [{}]", this.ticketGrantingTicketCookieGenerator.getCookieDomain(), cookiePath2);
            } else {
                LOGGER.debug("Setting path for cookies for TGC cookie generator to: [{}]", str);
                this.ticketGrantingTicketCookieGenerator.setCookiePath(str);
            }
        }
    }

    @Generated
    public InitialFlowSetupAction(List<ArgumentExtractor> list, ServicesManager servicesManager, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, CasCookieBuilder casCookieBuilder, CasCookieBuilder casCookieBuilder2, CasConfigurationProperties casConfigurationProperties, AuthenticationEventExecutionPlan authenticationEventExecutionPlan, SingleSignOnParticipationStrategy singleSignOnParticipationStrategy, TicketRegistrySupport ticketRegistrySupport) {
        this.argumentExtractors = list;
        this.servicesManager = servicesManager;
        this.authenticationRequestServiceSelectionStrategies = authenticationServiceSelectionPlan;
        this.ticketGrantingTicketCookieGenerator = casCookieBuilder;
        this.warnCookieGenerator = casCookieBuilder2;
        this.casProperties = casConfigurationProperties;
        this.authenticationEventExecutionPlan = authenticationEventExecutionPlan;
        this.renewalStrategy = singleSignOnParticipationStrategy;
        this.ticketRegistrySupport = ticketRegistrySupport;
    }

    @Generated
    public List<ArgumentExtractor> getArgumentExtractors() {
        return this.argumentExtractors;
    }

    @Generated
    public ServicesManager getServicesManager() {
        return this.servicesManager;
    }

    @Generated
    public AuthenticationServiceSelectionPlan getAuthenticationRequestServiceSelectionStrategies() {
        return this.authenticationRequestServiceSelectionStrategies;
    }

    @Generated
    public CasCookieBuilder getTicketGrantingTicketCookieGenerator() {
        return this.ticketGrantingTicketCookieGenerator;
    }

    @Generated
    public CasCookieBuilder getWarnCookieGenerator() {
        return this.warnCookieGenerator;
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }

    @Generated
    public AuthenticationEventExecutionPlan getAuthenticationEventExecutionPlan() {
        return this.authenticationEventExecutionPlan;
    }

    @Generated
    public SingleSignOnParticipationStrategy getRenewalStrategy() {
        return this.renewalStrategy;
    }

    @Generated
    public TicketRegistrySupport getTicketRegistrySupport() {
        return this.ticketRegistrySupport;
    }
}
