package org.apereo.cas.web.flow;

import java.util.HashMap;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.web.flow.configurer.AbstractCasWebflowConfigurer;
import org.springframework.binding.convert.service.RuntimeBindingConversionExecutor;
import org.springframework.binding.mapping.impl.DefaultMapping;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.integration.history.MessageHistory;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.ActionState;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.History;
import org.springframework.webflow.engine.SubflowState;
import org.springframework.webflow.engine.TransitionSet;
import org.springframework.webflow.engine.ViewState;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-pac4j-core-6.6.12.jar:org/apereo/cas/web/flow/DelegatedAuthenticationWebflowConfigurer.class */
public class DelegatedAuthenticationWebflowConfigurer extends AbstractCasWebflowConfigurer {
    private final FlowDefinitionRegistry delegatedClientRedirectFlowRegistry;

    public DelegatedAuthenticationWebflowConfigurer(FlowBuilderServices flowBuilderServices, FlowDefinitionRegistry flowDefinitionRegistry, FlowDefinitionRegistry flowDefinitionRegistry2, FlowDefinitionRegistry flowDefinitionRegistry3, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        super(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
        this.delegatedClientRedirectFlowRegistry = flowDefinitionRegistry3;
        setLogoutFlowDefinitionRegistry(flowDefinitionRegistry2);
        setOrder(casConfigurationProperties.getAuthn().getPac4j().getWebflow().getOrder());
    }

    @Override // org.apereo.cas.web.flow.configurer.AbstractCasWebflowConfigurer
    protected void doInitialize() {
        Optional.ofNullable(getLoginFlow()).ifPresent(flow -> {
            createClientActionState(flow);
            createStopWebflowViewState(flow);
            createDelegatedClientLogoutAction();
            createClientRedirectSubflow(flow);
            if (this.casProperties.getAuthn().getPac4j().getCore().getDiscoverySelection().getSelectionType().isDynamic()) {
                createDynamicDiscoveryViewState(flow);
                createDynamicDiscoveryActionState(flow);
                createRedirectToProviderViewState(flow);
            }
        });
    }

    protected void createDelegatedClientLogoutAction() {
        Flow logoutFlow = getLogoutFlow();
        getState(logoutFlow, CasWebflowConstants.STATE_ID_TERMINATE_SESSION).getEntryActionList().add(createEvaluateAction(CasWebflowConstants.ACTION_ID_DELEGATED_AUTHENTICATION_CLIENT_LOGOUT));
        ((ActionState) getState(logoutFlow, CasWebflowConstants.STATE_ID_FINISH_LOGOUT, ActionState.class)).getExitActionList().add(createEvaluateAction(CasWebflowConstants.ACTION_ID_DELEGATED_AUTHENTICATION_CLIENT_FINISH_LOGOUT));
    }

    protected void createDelegatedClientCredentialSelectionState(Flow flow) {
        ViewState createViewState = createViewState(flow, "viewDelegatedAuthnCredentials", "delegated-authn/casDelegatedAuthnSelectionView.html");
        ActionState createActionState = createActionState(flow, CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION_CLIENT_CREDENTIAL_SELECTION, CasWebflowConstants.ACTION_ID_DELEGATED_AUTHENTICATION_CLIENT_CREDENTIAL_SELECTION);
        createTransitionForState(createActionState, CasWebflowConstants.TRANSITION_ID_SELECT, createViewState.getId());
        createTransitionForState(createActionState, CasWebflowConstants.TRANSITION_ID_FINALIZE, CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION_CLIENT_CREDENTIAL_FINALIZE);
        createTransitionForState(createViewState, CasWebflowConstants.TRANSITION_ID_SELECT, CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION_CLIENT_CREDENTIAL_FINALIZE);
        createTransitionForState(createViewState, "cancel", CasWebflowConstants.STATE_ID_STOP_WEBFLOW);
        createTransitionForState(createActionState(flow, CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION_CLIENT_CREDENTIAL_FINALIZE, createEvaluateAction(CasWebflowConstants.ACTION_ID_DELEGATED_AUTHENTICATION_CLIENT_CREDENTIAL_SELECTION_FINALIZE)), "success", CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION);
    }

    protected void createClientActionState(Flow flow) {
        ActionState createActionState = createActionState(flow, CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION, createEvaluateAction(CasWebflowConstants.ACTION_ID_DELEGATED_AUTHENTICATION));
        TransitionSet transitionSet = createActionState.getTransitionSet();
        transitionSet.add(createTransition("success", CasWebflowConstants.STATE_ID_CREATE_TICKET_GRANTING_TICKET));
        transitionSet.add(createTransition(CasWebflowConstants.TRANSITION_ID_SELECT, CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION_CLIENT_CREDENTIAL_SELECTION));
        transitionSet.add(createTransition(CasWebflowConstants.TRANSITION_ID_GENERATE, getStartState(flow).getId()));
        transitionSet.add(createTransition(CasWebflowConstants.TRANSITION_ID_SUCCESS_WITH_WARNINGS, CasWebflowConstants.STATE_ID_SHOW_AUTHN_WARNING_MSGS));
        transitionSet.add(createTransition(CasWebflowConstants.TRANSITION_ID_RESUME, CasWebflowConstants.STATE_ID_CREATE_TICKET_GRANTING_TICKET));
        transitionSet.add(createTransition(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, CasWebflowConstants.DECISION_STATE_CHECK_DELEGATED_AUTHN_FAILURE));
        transitionSet.add(createTransition(CasWebflowConstants.TRANSITION_ID_STOP, CasWebflowConstants.STATE_ID_STOP_WEBFLOW));
        transitionSet.add(createTransition("warn", "warn"));
        transitionSet.add(createTransition("generateServiceTicket", "generateServiceTicket"));
        ViewState viewState = (ViewState) getTransitionableState(flow, CasWebflowConstants.STATE_ID_VIEW_LOGIN_FORM, ViewState.class);
        viewState.getRenderActionList().add(createEvaluateAction(CasWebflowConstants.ACTION_ID_DELEGATED_AUTHENTICATION_CREATE_CLIENTS));
        createDelegatedClientCredentialSelectionState(flow);
        setStartState(flow, createActionState);
    }

    protected void createStopWebflowViewState(Flow flow) {
        createDecisionState(flow, CasWebflowConstants.DECISION_STATE_CHECK_DELEGATED_AUTHN_FAILURE, "flowScope.unauthorizedRedirectUrl != null", CasWebflowConstants.STATE_ID_SERVICE_UNAUTHZ_CHECK, CasWebflowConstants.STATE_ID_STOP_WEBFLOW);
        ViewState createViewState = createViewState(flow, CasWebflowConstants.STATE_ID_STOP_WEBFLOW, CasWebflowConstants.VIEW_ID_DELEGATED_AUTHENTICATION_STOP_WEBFLOW);
        createViewState.getEntryActionList().add(createEvaluateAction(CasWebflowConstants.ACTION_ID_DELEGATED_AUTHENTICATION_FAILURE));
        createTransitionForState(createViewState, CasWebflowConstants.TRANSITION_ID_RETRY, CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION_CLIENT_RETRY);
        createEndState(flow, CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION_CLIENT_RETRY).setFinalResponseAction(createEvaluateAction(CasWebflowConstants.ACTION_ID_DELEGATED_AUTHENTICATION_CLIENT_RETRY));
    }

    private void createDynamicDiscoveryViewState(Flow flow) {
        HashMap hashMap = new HashMap();
        hashMap.put("bind", Boolean.FALSE);
        hashMap.put("validate", Boolean.FALSE);
        hashMap.put(MessageHistory.HEADER_NAME, History.INVALIDATE);
        ViewState createViewState = createViewState(flow, CasWebflowConstants.STATE_ID_DELEGATED_AUTHN_DYNAMIC_DISCOVERY_VIEW, "delegated-authn/casDynamicDiscoveryView");
        createTransitionForState(createViewState, CasWebflowConstants.TRANSITION_ID_EXECUTE, CasWebflowConstants.STATE_ID_DELEGATED_AUTHN_DYNAMIC_DISCOVERY_EXECUTION);
        createTransitionForState(createViewState, CasWebflowConstants.TRANSITION_ID_BACK, CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM);
        createTransitionForState(getState(flow, CasWebflowConstants.STATE_ID_VIEW_LOGIN_FORM), CasWebflowConstants.TRANSITION_ID_DISCOVERY, CasWebflowConstants.STATE_ID_DELEGATED_AUTHN_DYNAMIC_DISCOVERY_VIEW, hashMap);
    }

    private void createDynamicDiscoveryActionState(Flow flow) {
        ActionState createActionState = createActionState(flow, CasWebflowConstants.STATE_ID_DELEGATED_AUTHN_DYNAMIC_DISCOVERY_EXECUTION, CasWebflowConstants.ACTION_ID_DELEGATED_AUTHENTICATION_DYNAMIC_DISCOVERY_EXECUTION);
        createTransitionForState(createActionState, "error", CasWebflowConstants.STATE_ID_DELEGATED_AUTHN_DYNAMIC_DISCOVERY_VIEW);
        createTransitionForState(createActionState, "redirect", CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION_REDIRECT_TO_AUTHN_PROVIDER);
    }

    private void createRedirectToProviderViewState(Flow flow) {
        createViewState(flow, CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION_REDIRECT_TO_AUTHN_PROVIDER, createExternalRedirectViewFactory("requestScope.delegatedAuthProviderRedirectUrl"));
    }

    private void createClientRedirectSubflow(Flow flow) {
        Flow buildFlow = buildFlow("clientredirect");
        createEndState(buildFlow, "success");
        ActionState createActionState = createActionState(buildFlow, CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION_STORE, CasWebflowConstants.ACTION_ID_DELEGATED_AUTHENTICATION_STORE_WEBFLOW_STATE);
        createTransitionForState(createActionState, "redirect", CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION_CLIENT_REDIRECT);
        createTransitionForState(createActionState(buildFlow, CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION_CLIENT_REDIRECT, CasWebflowConstants.ACTION_ID_DELEGATED_AUTHENTICATION_CLIENT_REDIRECT), "success", "success");
        buildFlow.setStartState(createActionState);
        this.delegatedClientRedirectFlowRegistry.registerFlowDefinition(buildFlow);
        this.mainFlowDefinitionRegistry.registerFlowDefinition(buildFlow);
        createTransitionForState(getState(flow, CasWebflowConstants.STATE_ID_VIEW_LOGIN_FORM), CasWebflowConstants.TRANSITION_ID_DELEGATED_AUTHENTICATION_REDIRECT, CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION_CLIENT_SUBFLOW);
        SubflowState createSubflowState = createSubflowState(flow, CasWebflowConstants.STATE_ID_DELEGATED_AUTHENTICATION_CLIENT_SUBFLOW, "clientredirect");
        createTransitionForState(createSubflowState, "success", CasWebflowConstants.STATE_ID_END_WEBFLOW);
        List list = (List) this.applicationContext.getBeansOfType(DelegatedClientWebflowCustomizer.class).values().stream().filter((v0) -> {
            return BeanSupplier.isNotProxy(v0);
        }).sorted(AnnotationAwareOrderComparator.INSTANCE).collect(Collectors.toList());
        List<DefaultMapping> wrapList = CollectionUtils.wrapList(new DefaultMapping(createExpression("flowScope.service"), createExpression("service")));
        list.forEach(delegatedClientWebflowCustomizer -> {
            delegatedClientWebflowCustomizer.getWebflowAttributeMappings().forEach(str -> {
                wrapList.add(new DefaultMapping(createExpression("flowScope." + str), createExpression(str)));
            });
        });
        createSubflowState.setAttributeMapper(createSubflowAttributeMapper(createFlowInputMapper(wrapList), null));
        DefaultMapping defaultMapping = new DefaultMapping(createExpression("service"), createExpression("flowScope.service"));
        defaultMapping.setTypeConverter(new RuntimeBindingConversionExecutor(Service.class, this.flowBuilderServices.getConversionService()));
        List<DefaultMapping> wrapList2 = CollectionUtils.wrapList(defaultMapping);
        list.forEach(delegatedClientWebflowCustomizer2 -> {
            delegatedClientWebflowCustomizer2.getWebflowAttributeMappings().forEach(str -> {
                wrapList2.add(new DefaultMapping(createExpression(str), createExpression("flowScope." + str)));
            });
        });
        createFlowInputMapper(wrapList2, buildFlow);
    }
}
