package org.apereo.cas.support.saml.web;

import java.util.LinkedHashMap;
import java.util.Map;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationBuilder;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.authentication.SamlResponseBuilder;
import org.apereo.cas.web.BaseCasActuatorEndpoint;
import org.opensaml.saml.saml1.core.Response;
import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
import org.springframework.boot.actuate.endpoint.annotation.ReadOperation;

@Endpoint(id = "samlValidate", enableByDefault = false)
/* loaded from: input_file:org/apereo/cas/support/saml/web/SamlValidateEndpoint.class */
public class SamlValidateEndpoint extends BaseCasActuatorEndpoint {
    private final ServicesManager servicesManager;
    private final AuthenticationSystemSupport authenticationSystemSupport;
    private final ServiceFactory<WebApplicationService> serviceFactory;
    private final PrincipalFactory principalFactory;
    private final SamlResponseBuilder samlResponseBuilder;
    private final OpenSamlConfigBean openSamlConfigBean;
    private final AuditableExecution registeredServiceAccessStrategyEnforcer;

    public SamlValidateEndpoint(CasConfigurationProperties casConfigurationProperties, ServicesManager servicesManager, AuthenticationSystemSupport authenticationSystemSupport, ServiceFactory<WebApplicationService> serviceFactory, PrincipalFactory principalFactory, SamlResponseBuilder samlResponseBuilder, OpenSamlConfigBean openSamlConfigBean, AuditableExecution auditableExecution) {
        super(casConfigurationProperties);
        this.servicesManager = servicesManager;
        this.authenticationSystemSupport = authenticationSystemSupport;
        this.serviceFactory = serviceFactory;
        this.principalFactory = principalFactory;
        this.samlResponseBuilder = samlResponseBuilder;
        this.openSamlConfigBean = openSamlConfigBean;
        this.registeredServiceAccessStrategyEnforcer = auditableExecution;
    }

    @ReadOperation
    public Map<String, Object> handle(String str, String str2, String str3) {
        Credential usernamePasswordCredential = new UsernamePasswordCredential(str, str2);
        WebApplicationService createService = this.serviceFactory.createService(str3);
        Authentication authentication = this.authenticationSystemSupport.finalizeAuthenticationTransaction(createService, new Credential[]{usernamePasswordCredential}).getAuthentication();
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(createService);
        this.registeredServiceAccessStrategyEnforcer.execute(AuditableContext.builder().service(createService).authentication(authentication).registeredService(findServiceBy).build()).throwExceptionIfNeeded();
        Principal principal = authentication.getPrincipal();
        Principal createPrincipal = this.principalFactory.createPrincipal(findServiceBy.getUsernameAttributeProvider().resolveUsername(principal, createService, findServiceBy), findServiceBy.getAttributeReleasePolicy().getAttributes(principal, createService, findServiceBy));
        AuthenticationBuilder newInstance = DefaultAuthenticationBuilder.newInstance(authentication);
        newInstance.setPrincipal(createPrincipal);
        Authentication build = newInstance.build();
        Response createResponse = this.samlResponseBuilder.createResponse(createService.getId(), createService);
        this.samlResponseBuilder.prepareSuccessfulResponse(createResponse, createService, build, principal, build.getAttributes(), principal.getAttributes());
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("assertion", SamlUtils.transformSamlObject(this.openSamlConfigBean, createResponse).toString());
        linkedHashMap.put("service", createService);
        linkedHashMap.put("registeredService", findServiceBy);
        return linkedHashMap;
    }
}
