package org.apereo.cas.ws.idp.web;

import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.utils.URIBuilder;
import org.apereo.cas.authentication.adaptive.UnauthorizedAuthenticationException;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.ws.idp.services.WSFederationRegisteredService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.GetMapping;

/* loaded from: input_file:org/apereo/cas/ws/idp/web/WSFederationValidateRequestController.class */
public class WSFederationValidateRequestController extends BaseWSFederationRequestController {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(WSFederationValidateRequestController.class);

    public WSFederationValidateRequestController(WSFederationRequestConfigurationContext wSFederationRequestConfigurationContext) {
        super(wSFederationRequestConfigurationContext);
    }

    @GetMapping(path = {"/ws/idp/federation"})
    public void handleFederationRequest(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) throws Exception {
        WSFederationRequest of = WSFederationRequest.of(httpServletRequest);
        String wa = of.wa();
        if (StringUtils.isBlank(wa)) {
            throw new UnauthorizedAuthenticationException("Unable to determine the [WA] parameter", new HashMap(0));
        }
        String lowerCase = wa.toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -1965370327:
                if (lowerCase.equals("wsignoutcleanup1.0")) {
                    z = true;
                    break;
                }
                break;
            case -829544390:
                if (lowerCase.equals("wsignin1.0")) {
                    z = 2;
                    break;
                }
                break;
            case 234166105:
                if (lowerCase.equals("wsignout1.0")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
                handleLogoutRequest(of, httpServletRequest, httpServletResponse);
                return;
            case true:
                handleInitialAuthenticationRequest(of, httpServletResponse, httpServletRequest);
                return;
            default:
                throw new UnauthorizedAuthenticationException("The authentication request is not recognized", new HashMap(0));
        }
    }

    protected void handleLogoutRequest(WSFederationRequest wSFederationRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        httpServletResponse.sendRedirect((String) FunctionUtils.doIf(StringUtils.isNotBlank(wSFederationRequest.wreply()), () -> {
            WebApplicationService createService = createService(wSFederationRequest);
            LOGGER.debug("Invoking logout operation for request [{}], redirecting next to [{}] matched against [{}]", new Object[]{wSFederationRequest, wSFederationRequest.wreply(), getWsFederationRegisteredService(createService)});
            return getConfigContext().getCasProperties().getServer().getLogoutUrl().concat("?").concat(getConfigContext().getCasProperties().getLogout().getRedirectParameter()).concat("=").concat(createService.getId());
        }, () -> {
            return getConfigContext().getCasProperties().getServer().getLogoutUrl();
        }).get());
    }

    private void handleInitialAuthenticationRequest(WSFederationRequest wSFederationRequest, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) throws Exception {
        WebApplicationService createService = createService(wSFederationRequest);
        WSFederationRegisteredService findAndValidateFederationRequestForRegisteredService = findAndValidateFederationRequestForRegisteredService(createService, wSFederationRequest);
        LOGGER.debug("Redirecting to identity provider for initial authentication [{}]", wSFederationRequest);
        redirectToIdentityProvider(wSFederationRequest, httpServletResponse, httpServletRequest, createService, findAndValidateFederationRequestForRegisteredService);
    }

    private WebApplicationService createService(WSFederationRequest wSFederationRequest) {
        WebApplicationService createService = getConfigContext().getWebApplicationServiceFactory().createService(wSFederationRequest.wreply());
        createService.getAttributes().put("wreply", CollectionUtils.wrapList(new Object[]{wSFederationRequest.wreply()}));
        createService.getAttributes().put("wtrealm", CollectionUtils.wrapList(new Object[]{wSFederationRequest.wtrealm()}));
        createService.getAttributes().put("wctx", CollectionUtils.wrapList(new Object[]{wSFederationRequest.wctx()}));
        return createService;
    }

    private void redirectToIdentityProvider(WSFederationRequest wSFederationRequest, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, WebApplicationService webApplicationService, WSFederationRegisteredService wSFederationRegisteredService) throws Exception {
        String constructServiceUrl = constructServiceUrl(httpServletRequest, httpServletResponse, wSFederationRequest);
        LOGGER.debug("Created service url [{}] mapped to [{}]", constructServiceUrl, wSFederationRegisteredService);
        URIBuilder uRIBuilder = new URIBuilder(constructRedirectUrl(getConfigContext().getCasProperties().getServer().getLoginUrl(), constructServiceUrl, shouldRenewAuthentication(wSFederationRequest, httpServletRequest)));
        webApplicationService.getAttributes().forEach((str, list) -> {
            CollectionUtils.firstElement(list).map((v0) -> {
                return v0.toString();
            }).ifPresent(str -> {
                uRIBuilder.addParameter(str, str);
            });
        });
        String uRIBuilder2 = uRIBuilder.toString();
        LOGGER.debug("Redirecting authN request to [{}]", uRIBuilder2);
        httpServletResponse.sendRedirect(uRIBuilder2);
    }

    private static String constructRedirectUrl(String str, String str2, boolean z) {
        return str + "?service=" + EncodingUtils.urlEncode(str2) + (z ? "&renew=true" : "");
    }
}
