package org.pac4j.cas.client;

import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.Cas10TicketValidator;
import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.jasig.cas.client.validation.Cas30ProxyTicketValidator;
import org.jasig.cas.client.validation.Cas30ServiceTicketValidator;
import org.jasig.cas.client.validation.ProxyList;
import org.jasig.cas.client.validation.Saml11TicketValidator;
import org.jasig.cas.client.validation.TicketValidationException;
import org.jasig.cas.client.validation.TicketValidator;
import org.pac4j.cas.authorization.DefaultCasAuthorizationGenerator;
import org.pac4j.cas.credentials.CasCredentials;
import org.pac4j.cas.logout.CasSingleSignOutHandler;
import org.pac4j.cas.logout.LogoutHandler;
import org.pac4j.cas.logout.NoLogoutHandler;
import org.pac4j.cas.profile.CasProfile;
import org.pac4j.cas.profile.CasProxyProfile;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.client.RedirectAction;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.CredentialsException;
import org.pac4j.core.exception.HttpAction;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.util.CommonHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pac4j/cas/client/CasClient.class */
public class CasClient extends IndirectClient<CasCredentials, CasProfile> {
    protected static final Logger logger = LoggerFactory.getLogger(CasClient.class);
    protected static final String SERVICE_PARAMETER = "service";
    public static final String SERVICE_TICKET_PARAMETER = "ticket";
    protected LogoutHandler logoutHandler;
    protected TicketValidator ticketValidator;
    protected String encoding;
    protected String casLoginUrl;
    protected String casPrefixUrl;
    protected long timeTolerance;
    protected CasProtocol casProtocol;
    protected boolean renew;
    protected boolean gateway;
    protected boolean acceptAnyProxy;
    protected ProxyList allowedProxyChains;
    protected CasProxyReceptor casProxyReceptor;

    /* loaded from: input_file:org/pac4j/cas/client/CasClient$CasProtocol.class */
    public enum CasProtocol {
        CAS10,
        CAS20,
        CAS20_PROXY,
        CAS30,
        CAS30_PROXY,
        SAML
    }

    public CasClient() {
        this.encoding = "UTF-8";
        this.timeTolerance = 1000L;
        this.casProtocol = CasProtocol.CAS30;
        this.renew = false;
        this.gateway = false;
        this.acceptAnyProxy = false;
        this.allowedProxyChains = new ProxyList();
    }

    public CasClient(String str) {
        this.encoding = "UTF-8";
        this.timeTolerance = 1000L;
        this.casProtocol = CasProtocol.CAS30;
        this.renew = false;
        this.gateway = false;
        this.acceptAnyProxy = false;
        this.allowedProxyChains = new ProxyList();
        this.casLoginUrl = str;
    }

    public CasClient(String str, CasProtocol casProtocol) {
        this.encoding = "UTF-8";
        this.timeTolerance = 1000L;
        this.casProtocol = CasProtocol.CAS30;
        this.renew = false;
        this.gateway = false;
        this.acceptAnyProxy = false;
        this.allowedProxyChains = new ProxyList();
        this.casLoginUrl = str;
        this.casProtocol = casProtocol;
    }

    public CasClient(String str, String str2) {
        this.encoding = "UTF-8";
        this.timeTolerance = 1000L;
        this.casProtocol = CasProtocol.CAS30;
        this.renew = false;
        this.gateway = false;
        this.acceptAnyProxy = false;
        this.allowedProxyChains = new ProxyList();
        this.casLoginUrl = str;
        this.casPrefixUrl = str2;
    }

    protected RedirectAction retrieveRedirectAction(WebContext webContext) {
        String constructRedirectUrl = CommonUtils.constructRedirectUrl(this.casLoginUrl, SERVICE_PARAMETER, computeFinalCallbackUrl(webContext), this.renew, this.gateway);
        logger.debug("redirectionUrl : {}", constructRedirectUrl);
        return RedirectAction.redirect(constructRedirectUrl);
    }

    protected void internalInit(WebContext webContext) {
        CommonHelper.assertNotBlank("callbackUrl", this.callbackUrl);
        if (CommonHelper.isBlank(this.casLoginUrl) && CommonHelper.isBlank(this.casPrefixUrl)) {
            throw new TechnicalException("casLoginUrl and casPrefixUrl cannot be both blank");
        }
        initializeClientConfiguration(webContext);
        initializeLogoutHandler(webContext);
        if (this.casProtocol == CasProtocol.CAS10) {
            initializeCas10Protocol();
        } else if (this.casProtocol == CasProtocol.CAS20) {
            initializeCas20Protocol(webContext);
        } else if (this.casProtocol == CasProtocol.CAS20_PROXY) {
            initializeCas20ProxyProtocol(webContext);
        } else if (this.casProtocol == CasProtocol.CAS30) {
            initializeCas30Protocol(webContext);
        } else if (this.casProtocol == CasProtocol.CAS30_PROXY) {
            initializeCas30ProxyProtocol(webContext);
        } else if (this.casProtocol == CasProtocol.SAML) {
            initializeSAMLProtocol();
        }
        addAuthorizationGenerator(new DefaultCasAuthorizationGenerator());
    }

    protected void initializeClientConfiguration(WebContext webContext) {
        if (this.casPrefixUrl != null && !this.casPrefixUrl.endsWith("/")) {
            this.casPrefixUrl += "/";
        }
        if (CommonHelper.isBlank(this.casPrefixUrl)) {
            this.casPrefixUrl = this.casLoginUrl.replaceFirst("/login$", "/");
        } else if (CommonHelper.isBlank(this.casLoginUrl)) {
            this.casLoginUrl = this.casPrefixUrl + "login";
        }
        this.casPrefixUrl = this.callbackUrlResolver.compute(this.casPrefixUrl, webContext);
        this.casLoginUrl = this.callbackUrlResolver.compute(this.casLoginUrl, webContext);
    }

    private void initializeLogoutHandler(WebContext webContext) {
        if (this.logoutHandler == null) {
            if (webContext instanceof J2EContext) {
                this.logoutHandler = new CasSingleSignOutHandler();
            } else {
                this.logoutHandler = new NoLogoutHandler();
            }
        }
    }

    protected void initializeSAMLProtocol() {
        Saml11TicketValidator saml11TicketValidator = new Saml11TicketValidator(this.casPrefixUrl);
        saml11TicketValidator.setTolerance(getTimeTolerance());
        saml11TicketValidator.setEncoding(this.encoding);
        this.ticketValidator = saml11TicketValidator;
    }

    protected void initializeCas30ProxyProtocol(WebContext webContext) {
        this.ticketValidator = new Cas30ProxyTicketValidator(this.casPrefixUrl);
        Cas30ProxyTicketValidator cas30ProxyTicketValidator = this.ticketValidator;
        cas30ProxyTicketValidator.setEncoding(this.encoding);
        cas30ProxyTicketValidator.setAcceptAnyProxy(this.acceptAnyProxy);
        cas30ProxyTicketValidator.setAllowedProxyChains(this.allowedProxyChains);
        if (this.casProxyReceptor != null) {
            cas30ProxyTicketValidator.setProxyCallbackUrl(this.casProxyReceptor.computeFinalCallbackUrl(webContext));
            cas30ProxyTicketValidator.setProxyGrantingTicketStorage(this.casProxyReceptor.getProxyGrantingTicketStorage());
        }
    }

    protected void initializeCas30Protocol(WebContext webContext) {
        this.ticketValidator = new Cas30ServiceTicketValidator(this.casPrefixUrl);
        Cas30ServiceTicketValidator cas30ServiceTicketValidator = this.ticketValidator;
        cas30ServiceTicketValidator.setEncoding(this.encoding);
        if (this.casProxyReceptor != null) {
            cas30ServiceTicketValidator.setProxyCallbackUrl(this.casProxyReceptor.computeFinalCallbackUrl(webContext));
            cas30ServiceTicketValidator.setProxyGrantingTicketStorage(this.casProxyReceptor.getProxyGrantingTicketStorage());
        }
    }

    protected void initializeCas20ProxyProtocol(WebContext webContext) {
        this.ticketValidator = new Cas20ProxyTicketValidator(this.casPrefixUrl);
        Cas20ProxyTicketValidator cas20ProxyTicketValidator = this.ticketValidator;
        cas20ProxyTicketValidator.setEncoding(this.encoding);
        cas20ProxyTicketValidator.setAcceptAnyProxy(this.acceptAnyProxy);
        cas20ProxyTicketValidator.setAllowedProxyChains(this.allowedProxyChains);
        if (this.casProxyReceptor != null) {
            cas20ProxyTicketValidator.setProxyCallbackUrl(this.casProxyReceptor.computeFinalCallbackUrl(webContext));
            cas20ProxyTicketValidator.setProxyGrantingTicketStorage(this.casProxyReceptor.getProxyGrantingTicketStorage());
        }
    }

    protected void initializeCas20Protocol(WebContext webContext) {
        this.ticketValidator = new Cas20ServiceTicketValidator(this.casPrefixUrl);
        Cas20ServiceTicketValidator cas20ServiceTicketValidator = this.ticketValidator;
        cas20ServiceTicketValidator.setEncoding(this.encoding);
        if (this.casProxyReceptor != null) {
            cas20ServiceTicketValidator.setProxyCallbackUrl(this.casProxyReceptor.computeFinalCallbackUrl(webContext));
            cas20ServiceTicketValidator.setProxyGrantingTicketStorage(this.casProxyReceptor.getProxyGrantingTicketStorage());
        }
    }

    protected void initializeCas10Protocol() {
        this.ticketValidator = new Cas10TicketValidator(this.casPrefixUrl);
        this.ticketValidator.setEncoding(this.encoding);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: retrieveCredentials, reason: merged with bridge method [inline-methods] */
    public CasCredentials m1retrieveCredentials(WebContext webContext) throws HttpAction {
        if (this.logoutHandler.isTokenRequest(webContext)) {
            String requestParameter = webContext.getRequestParameter(SERVICE_TICKET_PARAMETER);
            this.logoutHandler.recordSession(webContext, requestParameter);
            CasCredentials casCredentials = new CasCredentials(requestParameter, getName());
            logger.debug("casCredentials: {}", casCredentials);
            return casCredentials;
        }
        if (this.logoutHandler.isLogoutRequest(webContext)) {
            this.logoutHandler.destroySession(webContext);
            logger.debug("logout request: no credential returned");
            throw HttpAction.ok("logout request: no credential returned", webContext);
        }
        if (!this.gateway) {
            throw new CredentialsException("No ticket or logout request");
        }
        logger.info("No credential found in this gateway round-trip");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CasProfile retrieveUserProfile(CasCredentials casCredentials, WebContext webContext) throws HttpAction {
        String serviceTicket = casCredentials.getServiceTicket();
        try {
            AttributePrincipal principal = this.ticketValidator.validate(serviceTicket, computeFinalCallbackUrl(webContext)).getPrincipal();
            logger.debug("principal: {}", principal);
            CasProfile casProxyProfile = this.casProxyReceptor != null ? new CasProxyProfile() : new CasProfile();
            casProxyProfile.setId(principal.getName());
            casProxyProfile.addAttributes(principal.getAttributes());
            if (this.casProxyReceptor != null) {
                ((CasProxyProfile) casProxyProfile).setPrincipal(principal);
            }
            logger.debug("casProfile: {}", casProxyProfile);
            return casProxyProfile;
        } catch (TicketValidationException e) {
            throw new TechnicalException("cannot validate CAS ticket: " + serviceTicket, e);
        }
    }

    public String getCasLoginUrl() {
        return this.casLoginUrl;
    }

    public void setCasLoginUrl(String str) {
        this.casLoginUrl = str;
    }

    public String getCasPrefixUrl() {
        return this.casPrefixUrl;
    }

    public void setCasPrefixUrl(String str) {
        this.casPrefixUrl = str;
    }

    public CasProtocol getCasProtocol() {
        return this.casProtocol;
    }

    public void setCasProtocol(CasProtocol casProtocol) {
        this.casProtocol = casProtocol;
    }

    public boolean isRenew() {
        return this.renew;
    }

    public void setRenew(boolean z) {
        this.renew = z;
    }

    public boolean isGateway() {
        return this.gateway;
    }

    public void setGateway(boolean z) {
        this.gateway = z;
    }

    public LogoutHandler getLogoutHandler() {
        return this.logoutHandler;
    }

    public void setLogoutHandler(LogoutHandler logoutHandler) {
        this.logoutHandler = logoutHandler;
    }

    public boolean isAcceptAnyProxy() {
        return this.acceptAnyProxy;
    }

    public void setAcceptAnyProxy(boolean z) {
        this.acceptAnyProxy = z;
    }

    public ProxyList getAllowedProxyChains() {
        return this.allowedProxyChains;
    }

    public void setAllowedProxyChains(ProxyList proxyList) {
        this.allowedProxyChains = proxyList;
    }

    public CasProxyReceptor getCasProxyReceptor() {
        return this.casProxyReceptor;
    }

    public void setCasProxyReceptor(CasProxyReceptor casProxyReceptor) {
        this.casProxyReceptor = casProxyReceptor;
    }

    public long getTimeTolerance() {
        return this.timeTolerance;
    }

    public void setTimeTolerance(long j) {
        this.timeTolerance = j;
    }

    public String getEncoding() {
        return this.encoding;
    }

    public void setEncoding(String str) {
        this.encoding = str;
    }

    public String toString() {
        return CommonHelper.toString(getClass(), new Object[]{"callbackUrl", this.callbackUrl, "casLoginUrl", this.casLoginUrl, "casPrefixUrl", this.casPrefixUrl, "casProtocol", this.casProtocol, "renew", Boolean.valueOf(this.renew), "gateway", Boolean.valueOf(this.gateway), "encoding", this.encoding, "logoutHandler", this.logoutHandler, "acceptAnyProxy", Boolean.valueOf(this.acceptAnyProxy), "allowedProxyChains", this.allowedProxyChains, "casProxyReceptor", this.casProxyReceptor});
    }
}
