package org.apereo.cas.web;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.enums.ParameterIn;
import java.util.Map;
import java.util.Optional;
import org.apache.commons.lang3.math.NumberUtils;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.credential.BasicIdentifiableCredential;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.token.authentication.TokenAuthenticationSecurity;
import org.apereo.cas.util.CollectionUtils;
import org.pac4j.core.profile.UserProfile;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
import org.springframework.boot.actuate.endpoint.annotation.ReadOperation;
import org.springframework.boot.actuate.endpoint.annotation.Selector;
import org.springframework.boot.actuate.endpoint.annotation.WriteOperation;
import org.springframework.util.Assert;

@Endpoint(id = "tokenAuth", enableByDefault = false)
/* loaded from: input_file:org/apereo/cas/web/TokenAuthenticationEndpoint.class */
public class TokenAuthenticationEndpoint extends BaseCasActuatorEndpoint {
    private final ObjectProvider<PrincipalResolver> principalResolver;
    private final ObjectProvider<ServicesManager> servicesManager;
    private final ObjectProvider<AuditableExecution> registeredServiceAccessStrategyEnforcer;
    private final ObjectProvider<ServiceFactory<WebApplicationService>> serviceFactory;
    private final ObjectProvider<PrincipalFactory> principalFactory;

    public TokenAuthenticationEndpoint(ObjectProvider<CasConfigurationProperties> objectProvider, ObjectProvider<PrincipalResolver> objectProvider2, ObjectProvider<ServicesManager> objectProvider3, ObjectProvider<AuditableExecution> objectProvider4, ObjectProvider<ServiceFactory<WebApplicationService>> objectProvider5, ObjectProvider<PrincipalFactory> objectProvider6) {
        super((CasConfigurationProperties) objectProvider.getObject());
        this.principalResolver = objectProvider2;
        this.servicesManager = objectProvider3;
        this.registeredServiceAccessStrategyEnforcer = objectProvider4;
        this.serviceFactory = objectProvider5;
        this.principalFactory = objectProvider6;
    }

    @WriteOperation(produces = {"application/json"})
    @Operation(summary = "Produce an authentication token for the user and the intended application", parameters = {@Parameter(name = "username", required = true, in = ParameterIn.PATH), @Parameter(name = "service", required = true, in = ParameterIn.QUERY, description = "May be the service id or its numeric identifier")})
    public Map<?, ?> produceToken(@Selector String str, String str2) throws Throwable {
        WebApplicationService createService = ((ServiceFactory) this.serviceFactory.getObject()).createService(str2);
        RegisteredService findServiceBy = NumberUtils.isCreatable(str2) ? ((ServicesManager) this.servicesManager.getObject()).findServiceBy(Long.parseLong(str2)) : ((ServicesManager) this.servicesManager.getObject()).findServiceBy(createService);
        Authentication build = DefaultAuthenticationBuilder.newInstance().setPrincipal(((PrincipalResolver) this.principalResolver.getObject()).resolve(new BasicIdentifiableCredential(str), Optional.of(((PrincipalFactory) this.principalFactory.getObject()).createPrincipal(str)), Optional.empty(), Optional.of(createService))).build();
        ((AuditableExecution) this.registeredServiceAccessStrategyEnforcer.getObject()).execute(AuditableContext.builder().service(createService).authentication(build).registeredService(findServiceBy).build()).throwExceptionIfNeeded();
        return Map.of("registeredService", findServiceBy, "token", TokenAuthenticationSecurity.forRegisteredService(findServiceBy).generateTokenFor(build));
    }

    @ReadOperation(produces = {"application/json"})
    @Operation(summary = "Validate an authentication token for the user and the intended application", parameters = {@Parameter(name = "token", required = true, in = ParameterIn.PATH), @Parameter(name = "service", required = true, in = ParameterIn.QUERY, description = "May be the service id or its numeric identifier")})
    public Map<?, ?> validateToken(@Selector String str, String str2) throws Throwable {
        WebApplicationService createService = ((ServiceFactory) this.serviceFactory.getObject()).createService(str2);
        RegisteredService findServiceBy = NumberUtils.isCreatable(str2) ? ((ServicesManager) this.servicesManager.getObject()).findServiceBy(Long.parseLong(str2)) : ((ServicesManager) this.servicesManager.getObject()).findServiceBy(createService);
        UserProfile validateToken = TokenAuthenticationSecurity.forRegisteredService(findServiceBy).validateToken(str);
        Assert.notNull(validateToken, "Authentication attempt failed to produce an authenticated profile");
        Principal createPrincipal = ((PrincipalFactory) this.principalFactory.getObject()).createPrincipal(validateToken.getId(), CollectionUtils.toMultiValuedMap(validateToken.getAttributes()));
        ((AuditableExecution) this.registeredServiceAccessStrategyEnforcer.getObject()).execute(AuditableContext.builder().service(createService).principal(createPrincipal).registeredService(findServiceBy).build()).throwExceptionIfNeeded();
        return Map.of("registeredService", findServiceBy, "principal", createPrincipal);
    }
}
