package org.apereo.cas.ws.idp.web;

import com.google.common.base.Throwables;
import java.util.Collections;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.adaptive.UnauthorizedAuthenticationException;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.SecurityTokenTicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.web.support.CookieRetrievingCookieGenerator;
import org.apereo.cas.ws.idp.services.WSFederationRegisteredService;
import org.jasig.cas.client.authentication.DefaultAuthenticationRedirectStrategy;
import org.jasig.cas.client.util.CommonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.GetMapping;

/* loaded from: input_file:org/apereo/cas/ws/idp/web/WSFederationValidateRequestController.class */
public class WSFederationValidateRequestController extends BaseWSFederationRequestController {
    private static final Logger LOGGER = LoggerFactory.getLogger(WSFederationValidateRequestController.class);

    public WSFederationValidateRequestController(ServicesManager servicesManager, ServiceFactory<WebApplicationService> serviceFactory, CasConfigurationProperties casConfigurationProperties, AuthenticationServiceSelectionStrategy authenticationServiceSelectionStrategy, HttpClient httpClient, SecurityTokenTicketFactory securityTokenTicketFactory, TicketRegistry ticketRegistry, CookieRetrievingCookieGenerator cookieRetrievingCookieGenerator, TicketRegistrySupport ticketRegistrySupport) {
        super(servicesManager, serviceFactory, casConfigurationProperties, authenticationServiceSelectionStrategy, httpClient, securityTokenTicketFactory, ticketRegistry, cookieRetrievingCookieGenerator, ticketRegistrySupport);
    }

    @GetMapping(path = {"/ws/idp/federation"})
    protected void handleFederationRequest(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) throws Exception {
        WSFederationRequest of = WSFederationRequest.of(httpServletRequest);
        String lowerCase = of.getWa().toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -1965370327:
                if (lowerCase.equals("wsignoutcleanup1.0")) {
                    z = true;
                    break;
                }
                break;
            case -829544390:
                if (lowerCase.equals("wsignin1.0")) {
                    z = 2;
                    break;
                }
                break;
            case 234166105:
                if (lowerCase.equals("wsignout1.0")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
                handleLogoutRequest(of, httpServletRequest, httpServletResponse);
                return;
            case true:
                handleInitialAuthenticationRequest(of, httpServletResponse, httpServletRequest);
                return;
            default:
                throw new UnauthorizedAuthenticationException("The authentication request is not recognized", Collections.emptyMap());
        }
    }

    private void handleLogoutRequest(WSFederationRequest wSFederationRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String logoutUrl = this.casProperties.getServer().getLogoutUrl();
        if (StringUtils.isNotBlank(wSFederationRequest.getWreply())) {
            Service createService = this.webApplicationServiceFactory.createService(wSFederationRequest.getWreply());
            LOGGER.debug("Invoking logout operation for request [{}], redirecting next to [{}] matched against [{}]", new Object[]{wSFederationRequest, wSFederationRequest.getWreply(), getWsFederationRegisteredService(createService)});
            logoutUrl = logoutUrl.concat("?").concat(this.casProperties.getLogout().getRedirectParameter()).concat("=").concat(createService.getId());
        }
        new DefaultAuthenticationRedirectStrategy().redirect(httpServletRequest, httpServletResponse, logoutUrl);
    }

    private void handleInitialAuthenticationRequest(WSFederationRequest wSFederationRequest, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        WSFederationRegisteredService findAndValidateFederationRequestForRegisteredService = findAndValidateFederationRequestForRegisteredService(httpServletResponse, httpServletRequest, wSFederationRequest);
        LOGGER.debug("Redirecting to identity provider for initial authentication [{}]", wSFederationRequest);
        redirectToIdentityProvider(wSFederationRequest, httpServletResponse, httpServletRequest, findAndValidateFederationRequestForRegisteredService);
    }

    private void redirectToIdentityProvider(WSFederationRequest wSFederationRequest, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, WSFederationRegisteredService wSFederationRegisteredService) {
        try {
            String constructServiceUrl = constructServiceUrl(httpServletRequest, httpServletResponse, wSFederationRequest);
            LOGGER.debug("Created service url [{}] mapped to [{}]", constructServiceUrl, wSFederationRegisteredService);
            String constructRedirectUrl = CommonUtils.constructRedirectUrl(this.casProperties.getServer().getLoginUrl(), "service", constructServiceUrl, shouldRenewAuthentication(wSFederationRequest, httpServletRequest), false);
            LOGGER.debug("Redirecting authN request to [{}]", constructRedirectUrl);
            new DefaultAuthenticationRedirectStrategy().redirect(httpServletRequest, httpServletResponse, constructRedirectUrl);
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }
}
