package org.apereo.cas.support.saml.web;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import jakarta.servlet.http.HttpServletRequest;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationBuilder;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.credential.BasicIdentifiableCredential;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext;
import org.apereo.cas.services.RegisteredServiceUsernameProviderContext;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.authentication.SamlResponseBuilder;
import org.apereo.cas.web.BaseCasActuatorEndpoint;
import org.opensaml.saml.saml1.core.Response;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.actuate.endpoint.web.annotation.RestControllerEndpoint;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;

@RestControllerEndpoint(id = "samlValidate", enableByDefault = false)
/* loaded from: input_file:org/apereo/cas/support/saml/web/SamlValidateEndpoint.class */
public class SamlValidateEndpoint extends BaseCasActuatorEndpoint {
    private final ObjectProvider<ServicesManager> servicesManager;
    private final ObjectProvider<AuthenticationSystemSupport> authenticationSystemSupport;
    private final ObjectProvider<ServiceFactory<WebApplicationService>> serviceFactory;
    private final ObjectProvider<PrincipalFactory> principalFactory;
    private final ObjectProvider<SamlResponseBuilder> samlResponseBuilder;
    private final ObjectProvider<OpenSamlConfigBean> openSamlConfigBean;
    private final ObjectProvider<AuditableExecution> registeredServiceAccessStrategyEnforcer;
    private final ObjectProvider<PrincipalResolver> principalResolver;

    public SamlValidateEndpoint(CasConfigurationProperties casConfigurationProperties, ObjectProvider<ServicesManager> objectProvider, ObjectProvider<AuthenticationSystemSupport> objectProvider2, ObjectProvider<ServiceFactory<WebApplicationService>> objectProvider3, ObjectProvider<PrincipalFactory> objectProvider4, ObjectProvider<SamlResponseBuilder> objectProvider5, ObjectProvider<OpenSamlConfigBean> objectProvider6, ObjectProvider<AuditableExecution> objectProvider7, ObjectProvider<PrincipalResolver> objectProvider8) {
        super(casConfigurationProperties);
        this.servicesManager = objectProvider;
        this.authenticationSystemSupport = objectProvider2;
        this.serviceFactory = objectProvider3;
        this.principalFactory = objectProvider4;
        this.samlResponseBuilder = objectProvider5;
        this.openSamlConfigBean = objectProvider6;
        this.registeredServiceAccessStrategyEnforcer = objectProvider7;
        this.principalResolver = objectProvider8;
    }

    @PostMapping(produces = {"text/xml", "application/xml", "application/json"}, consumes = {"text/xml", "application/xml", "application/json", "application/x-www-form-urlencoded"})
    @Operation(summary = "Handle validation request and produce saml1 payload.", parameters = {@Parameter(name = "username", required = true), @Parameter(name = "password", required = false), @Parameter(name = "service", required = true)})
    public ResponseEntity handle(HttpServletRequest httpServletRequest, String str, @RequestParam(required = false) String str2, String str3) throws Throwable {
        Service service = (WebApplicationService) ((ServiceFactory) this.serviceFactory.getObject()).createService(str3);
        Authentication buildAuthentication = buildAuthentication(str, str2, service);
        RegisteredService findServiceBy = ((ServicesManager) this.servicesManager.getObject()).findServiceBy(service);
        ((AuditableExecution) this.registeredServiceAccessStrategyEnforcer.getObject()).execute(AuditableContext.builder().service(service).authentication(buildAuthentication).registeredService(findServiceBy).build()).throwExceptionIfNeeded();
        Principal principal = buildAuthentication.getPrincipal();
        Map attributes = findServiceBy.getAttributeReleasePolicy().getAttributes(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(findServiceBy).service(service).principal(principal).applicationContext(((OpenSamlConfigBean) this.openSamlConfigBean.getObject()).getApplicationContext()).build());
        Principal createPrincipal = ((PrincipalFactory) this.principalFactory.getObject()).createPrincipal(findServiceBy.getUsernameAttributeProvider().resolveUsername(RegisteredServiceUsernameProviderContext.builder().registeredService(findServiceBy).service(service).principal(principal).applicationContext(((OpenSamlConfigBean) this.openSamlConfigBean.getObject()).getApplicationContext()).build()), attributes);
        AuthenticationBuilder newInstance = DefaultAuthenticationBuilder.newInstance(buildAuthentication);
        newInstance.setPrincipal(createPrincipal);
        Authentication build = newInstance.build();
        Response createResponse = ((SamlResponseBuilder) this.samlResponseBuilder.getObject()).createResponse(service.getId(), service);
        ((SamlResponseBuilder) this.samlResponseBuilder.getObject()).prepareSuccessfulResponse(Map.of(), createResponse, service, build, principal, build.getAttributes(), principal.getAttributes());
        String stringWriter = SamlUtils.transformSamlObject((OpenSamlConfigBean) this.openSamlConfigBean.getObject(), createResponse).toString();
        String str4 = (String) StringUtils.defaultIfBlank(httpServletRequest.getHeader("Content-Type"), "application/json");
        if ("application/xml".equals(str4) || "text/xml".equals(str4)) {
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.put("Content-Type", List.of("text/xml"));
            return new ResponseEntity(stringWriter, httpHeaders, HttpStatus.OK);
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("assertion", stringWriter);
        linkedHashMap.put("service", service);
        linkedHashMap.put("registeredService", findServiceBy);
        HttpHeaders httpHeaders2 = new HttpHeaders();
        httpHeaders2.put("Content-Type", List.of("application/json"));
        return new ResponseEntity(linkedHashMap, httpHeaders2, HttpStatus.OK);
    }

    private Authentication buildAuthentication(String str, String str2, WebApplicationService webApplicationService) throws Throwable {
        if (!StringUtils.isNotBlank(str2)) {
            return DefaultAuthenticationBuilder.newInstance().setPrincipal(((PrincipalResolver) this.principalResolver.getObject()).resolve(new BasicIdentifiableCredential(str), Optional.of(((PrincipalFactory) this.principalFactory.getObject()).createPrincipal(str)), Optional.empty(), Optional.of(webApplicationService))).build();
        }
        return ((AuthenticationSystemSupport) this.authenticationSystemSupport.getObject()).finalizeAuthenticationTransaction(webApplicationService, new Credential[]{new UsernamePasswordCredential(str, str2)}).getAuthentication();
    }
}
