package org.apereo.cas.web.flow;

import jakarta.servlet.http.HttpServletRequest;
import java.security.cert.X509Certificate;
import lombok.Generated;
import org.apereo.cas.adaptors.x509.authentication.X509CertificateExtractor;
import org.apereo.cas.adaptors.x509.authentication.principal.X509CertificateCredential;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/X509CertificateCredentialsRequestHeaderAction.class */
public class X509CertificateCredentialsRequestHeaderAction extends X509CertificateCredentialsNonInteractiveAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(X509CertificateCredentialsRequestHeaderAction.class);
    private final X509CertificateExtractor x509CertificateExtractor;

    public X509CertificateCredentialsRequestHeaderAction(CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver, CasWebflowEventResolver casWebflowEventResolver, AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy, X509CertificateExtractor x509CertificateExtractor, CasConfigurationProperties casConfigurationProperties) {
        super(casDelegatingWebflowEventResolver, casWebflowEventResolver, adaptiveAuthenticationPolicy, casConfigurationProperties);
        this.x509CertificateExtractor = x509CertificateExtractor;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.web.flow.X509CertificateCredentialsNonInteractiveAction
    public Credential constructCredentialsFromRequest(RequestContext requestContext) {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        if (requestContext.getRequestScope().contains(X509CertificateCredentialsNonInteractiveAction.REQUEST_ATTRIBUTE_X509_ERROR)) {
            LOGGER.debug("Not getting certificates from header because error found in the request.");
            return null;
        }
        Credential constructCredentialsFromRequest = super.constructCredentialsFromRequest(requestContext);
        if (constructCredentialsFromRequest != null) {
            return constructCredentialsFromRequest;
        }
        if (this.x509CertificateExtractor == null) {
            LOGGER.trace("No certificate extractor was configured");
            return null;
        }
        X509Certificate[] extract = this.x509CertificateExtractor.extract(httpServletRequestFromExternalWebflowContext);
        if (extract != null) {
            LOGGER.debug("Certificate found in HTTP request via [{}]", this.x509CertificateExtractor.getClass().getName());
            return new X509CertificateCredential(extract);
        }
        LOGGER.debug("Certificates not found in request header.");
        return null;
    }

    @Override // org.apereo.cas.web.flow.X509CertificateCredentialsNonInteractiveAction
    protected void onError(RequestContext requestContext) {
        WebUtils.putCasLoginFormViewable(requestContext, WebUtils.isCasLoginFormSetToViewable(requestContext) || this.casProperties.getAuthn().getX509().isMixedMode());
        requestContext.getRequestScope().put(X509CertificateCredentialsNonInteractiveAction.REQUEST_ATTRIBUTE_X509_ERROR, "true");
    }
}
