package org.apereo.cas.support.openid.authentication.principal;

import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.principal.AbstractWebApplicationServiceResponseBuilder;
import org.apereo.cas.authentication.principal.Response;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.support.openid.OpenIdProtocolConstants;
import org.apereo.cas.ticket.AbstractTicketException;
import org.apereo.cas.util.ApplicationContextProvider;
import org.apereo.cas.validation.Assertion;
import org.apereo.inspektr.aspect.TraceLogAspect;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.openid4java.association.Association;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.MessageException;
import org.openid4java.message.ParameterList;
import org.openid4java.server.ServerManager;

/* loaded from: input_file:org/apereo/cas/support/openid/authentication/principal/OpenIdServiceResponseBuilder.class */
public class OpenIdServiceResponseBuilder extends AbstractWebApplicationServiceResponseBuilder {
    private static final long serialVersionUID = -4581238964007702423L;
    private ParameterList parameterList;
    private String openIdPrefixUrl;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;

    /* loaded from: input_file:org/apereo/cas/support/openid/authentication/principal/OpenIdServiceResponseBuilder$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return OpenIdServiceResponseBuilder.build_aroundBody0((OpenIdServiceResponseBuilder) objArr2[0], (WebApplicationService) objArr2[1], (String) objArr2[2], (JoinPoint) objArr2[3]);
        }
    }

    public OpenIdServiceResponseBuilder(ParameterList parameterList, String str) {
        this.parameterList = parameterList;
        this.openIdPrefixUrl = str;
    }

    public Response build(WebApplicationService webApplicationService, String str) {
        return (Response) TraceLogAspect.aspectOf().traceMethod(new AjcClosure1(new Object[]{this, webApplicationService, str, Factory.makeJP(ajc$tjp_0, this, this, webApplicationService, str)}).linkClosureAndJoinPoint(69648));
    }

    protected String determineIdentity(OpenIdService openIdService, Assertion assertion) {
        return (assertion == null || !OpenIdProtocolConstants.OPENID_IDENTIFIERSELECT.equals(openIdService.getIdentity())) ? openIdService.getIdentity() : String.valueOf(this.openIdPrefixUrl) + '/' + assertion.getPrimaryAuthentication().getPrincipal().getId();
    }

    protected Response buildAuthenticationResponse(ServerManager serverManager, OpenIdService openIdService, Map<String, String> map, boolean z, boolean z2, String str) {
        map.putAll(serverManager.authResponse(this.parameterList, str, str, z2, true).getParameterMap());
        this.logger.debug("Parameters passed for the OpenID response are {}", map.keySet());
        return buildRedirect(openIdService, map);
    }

    protected Association getAssociation(ServerManager serverManager) {
        String str;
        try {
            Map parameterMap = AuthRequest.createAuthRequest(this.parameterList, serverManager.getRealmVerifier()).getParameterMap();
            if (parameterMap == null || parameterMap.isEmpty() || (str = (String) parameterMap.get(OpenIdProtocolConstants.OPENID_ASSOCHANDLE)) == null) {
                return null;
            }
            return serverManager.getSharedAssociations().load(str);
        } catch (MessageException e) {
            this.logger.error("Message exception : {}", e.getMessage(), e);
            return null;
        }
    }

    protected boolean isAssociationValid(Association association) {
        return (association == null || association.hasExpired()) ? false : true;
    }

    static {
        ajc$preClinit();
    }

    static final Response build_aroundBody0(OpenIdServiceResponseBuilder openIdServiceResponseBuilder, WebApplicationService webApplicationService, String str, JoinPoint joinPoint) {
        ServerManager serverManager = (ServerManager) ApplicationContextProvider.getApplicationContext().getBean("serverManager", ServerManager.class);
        CentralAuthenticationService centralAuthenticationService = (CentralAuthenticationService) ApplicationContextProvider.getApplicationContext().getBean("centralAuthenticationService", CentralAuthenticationService.class);
        OpenIdService openIdService = (OpenIdService) webApplicationService;
        HashMap hashMap = new HashMap();
        if (StringUtils.isBlank(str)) {
            hashMap.put(OpenIdProtocolConstants.OPENID_MODE, OpenIdProtocolConstants.CANCEL);
            return openIdServiceResponseBuilder.buildRedirect(openIdService, hashMap);
        }
        Association association = openIdServiceResponseBuilder.getAssociation(serverManager);
        boolean z = association != null;
        boolean isAssociationValid = openIdServiceResponseBuilder.isAssociationValid(association);
        boolean z2 = true;
        Assertion assertion = null;
        try {
            if (z && isAssociationValid) {
                assertion = centralAuthenticationService.validateServiceTicket(str, openIdService);
                openIdServiceResponseBuilder.logger.debug("Validated openid ticket {} for {}", str, openIdService);
            } else if (z) {
                openIdServiceResponseBuilder.logger.warn("Association does not exist or is not valid");
                z2 = false;
            } else {
                openIdServiceResponseBuilder.logger.debug("Responding to non-associated mode. Service ticket {} must be validated by the RP", str);
            }
        } catch (AbstractTicketException e) {
            openIdServiceResponseBuilder.logger.error("Could not validate ticket : {}", e.getMessage(), e);
            z2 = false;
        }
        return openIdServiceResponseBuilder.buildAuthenticationResponse(serverManager, openIdService, hashMap, z, z2, openIdServiceResponseBuilder.determineIdentity(openIdService, assertion));
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("OpenIdServiceResponseBuilder.java", OpenIdServiceResponseBuilder.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "build", "org.apereo.cas.support.openid.authentication.principal.OpenIdServiceResponseBuilder", "org.apereo.cas.authentication.principal.WebApplicationService:java.lang.String", "webApplicationService:ticketId", "", "org.apereo.cas.authentication.principal.Response"), 59);
    }
}
