package org.apereo.cas.support.saml.web.flow.mdui;

import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.web.support.WebUtils;
import org.opensaml.saml.ext.saml2mdui.UIInfo;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.Extensions;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/support/saml/web/flow/mdui/SamlMetadataUIParserAction.class */
public class SamlMetadataUIParserAction extends AbstractAction {
    public static final String MDUI_FLOW_PARAMETER_NAME = "mduiContext";
    private transient Logger logger;
    private String entityIdParameterName;
    private MetadataResolverAdapter metadataAdapter;

    @Autowired
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("webApplicationServiceFactory")
    private ServiceFactory<WebApplicationService> serviceFactory;

    public SamlMetadataUIParserAction(MetadataResolverAdapter metadataResolverAdapter) {
        this("entityId", metadataResolverAdapter);
    }

    public SamlMetadataUIParserAction(String str, MetadataResolverAdapter metadataResolverAdapter) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.entityIdParameterName = str;
        this.metadataAdapter = metadataResolverAdapter;
    }

    protected Event doExecute(RequestContext requestContext) throws Exception {
        String parameter = WebUtils.getHttpServletRequest(requestContext).getParameter(this.entityIdParameterName);
        if (StringUtils.isBlank(parameter)) {
            this.logger.debug("No entity id found for parameter [{}]", this.entityIdParameterName);
            return success();
        }
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(this.serviceFactory.createService(parameter));
        if (findServiceBy == null || !findServiceBy.getAccessStrategy().isServiceAccessAllowed()) {
            this.logger.debug("Entity id [{}] is not recognized/allowed by the CAS service registry", parameter);
            if (findServiceBy != null) {
                WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(requestContext, findServiceBy.getAccessStrategy().getUnauthorizedRedirectUrl());
            }
            throw new UnauthorizedServiceException("screen.service.error.message", "Entity " + parameter + " not recognized");
        }
        EntityDescriptor entityDescriptorForEntityId = this.metadataAdapter.getEntityDescriptorForEntityId(parameter);
        if (entityDescriptorForEntityId == null) {
            this.logger.debug("Entity descriptor not found for [{}]", parameter);
            return success();
        }
        SPSSODescriptor sPSsoDescriptor = getSPSsoDescriptor(entityDescriptorForEntityId);
        if (sPSsoDescriptor == null) {
            this.logger.debug("SP SSO descriptor not found for [{}]", parameter);
            return success();
        }
        Extensions extensions = sPSsoDescriptor.getExtensions();
        if (extensions == null) {
            this.logger.debug("No extensions are found for [{}]", UIInfo.DEFAULT_ELEMENT_NAME.getNamespaceURI());
            return success();
        }
        List unknownXMLObjects = extensions.getUnknownXMLObjects(UIInfo.DEFAULT_ELEMENT_NAME);
        if (unknownXMLObjects.isEmpty()) {
            this.logger.debug("No extensions are located for [{}]", UIInfo.DEFAULT_ELEMENT_NAME.getNamespaceURI());
            return success();
        }
        SimpleMetadataUIInfo simpleMetadataUIInfo = new SimpleMetadataUIInfo(findServiceBy);
        unknownXMLObjects.stream().filter(xMLObject -> {
            return xMLObject instanceof UIInfo;
        }).forEach(xMLObject2 -> {
            this.logger.debug("Found UI info for [{}] and added to flow context", parameter);
            simpleMetadataUIInfo.setUIInfo((UIInfo) xMLObject2);
        });
        requestContext.getFlowScope().put(MDUI_FLOW_PARAMETER_NAME, simpleMetadataUIInfo);
        return success();
    }

    private SPSSODescriptor getSPSsoDescriptor(EntityDescriptor entityDescriptor) {
        this.logger.debug("Locating SP SSO descriptor for SAML2 protocol...");
        SPSSODescriptor sPSSODescriptor = entityDescriptor.getSPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
        if (sPSSODescriptor == null) {
            this.logger.debug("Locating SP SSO descriptor for SAML11 protocol...");
            sPSSODescriptor = entityDescriptor.getSPSSODescriptor("urn:oasis:names:tc:SAML:1.1:protocol");
        }
        if (sPSSODescriptor == null) {
            this.logger.debug("Locating SP SSO descriptor for SAML1 protocol...");
            sPSSODescriptor = entityDescriptor.getSPSSODescriptor("urn:oasis:names:tc:SAML:1.0:protocol");
        }
        this.logger.debug("SP SSO descriptor resolved to be [{}]", sPSSODescriptor);
        return sPSSODescriptor;
    }
}
