package org.apereo.cas.web.flow.resolver.impl;

import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationResultBuilder;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.AbstractTicketException;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/resolver/impl/InitialAuthenticationAttemptWebflowEventResolver.class */
public class InitialAuthenticationAttemptWebflowEventResolver extends AbstractCasWebflowEventResolver implements CasDelegatingWebflowEventResolver {
    private static final Logger LOGGER = LoggerFactory.getLogger(InitialAuthenticationAttemptWebflowEventResolver.class);
    private final List<CasWebflowEventResolver> orderedResolvers;
    private CasWebflowEventResolver selectiveResolver;

    public InitialAuthenticationAttemptWebflowEventResolver(AuthenticationSystemSupport authenticationSystemSupport, CentralAuthenticationService centralAuthenticationService, ServicesManager servicesManager, TicketRegistrySupport ticketRegistrySupport, CookieGenerator cookieGenerator, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector) {
        super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, cookieGenerator, authenticationServiceSelectionPlan, multifactorAuthenticationProviderSelector);
        this.orderedResolvers = new ArrayList();
    }

    @Override // org.apereo.cas.web.flow.resolver.CasWebflowEventResolver
    public Set<Event> resolveInternal(RequestContext requestContext) {
        try {
            Credential credentialFromContext = getCredentialFromContext(requestContext);
            WebApplicationService service = WebUtils.getService(requestContext);
            if (credentialFromContext != null) {
                AuthenticationResultBuilder handleInitialAuthenticationTransaction = this.authenticationSystemSupport.handleInitialAuthenticationTransaction(service, new Credential[]{credentialFromContext});
                if (handleInitialAuthenticationTransaction.getInitialAuthentication().isPresent()) {
                    WebUtils.putAuthenticationResultBuilder(handleInitialAuthenticationTransaction, requestContext);
                    WebUtils.putAuthentication((Authentication) handleInitialAuthenticationTransaction.getInitialAuthentication().get(), requestContext);
                }
            }
            if (service != null) {
                LOGGER.debug("Locating service [{}] in service registry to determine authentication policy", service);
                RegisteredService findServiceBy = this.servicesManager.findServiceBy(service);
                LOGGER.debug("Locating authentication event in the request context...");
                Authentication authentication = WebUtils.getAuthentication(requestContext);
                LOGGER.debug("Enforcing access strategy policies for registered service [{}] and principal [{}]", findServiceBy, authentication.getPrincipal());
                RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(service, findServiceBy, authentication);
                LOGGER.debug("Attempting to resolve candidate authentication events for [{}]", service);
                Set<Event> resolveCandidateAuthenticationEvents = resolveCandidateAuthenticationEvents(requestContext, service, findServiceBy);
                if (!resolveCandidateAuthenticationEvents.isEmpty()) {
                    LOGGER.debug("The set of authentication events resolved for [{}] are [{}]. Beginning to select the final event...", service, resolveCandidateAuthenticationEvents);
                    putResolvedEventsAsAttribute(requestContext, resolveCandidateAuthenticationEvents);
                    Event resolveSingle = this.selectiveResolver.resolveSingle(requestContext);
                    LOGGER.debug("The final authentication event resolved for [{}] is [{}]", service, resolveSingle);
                    if (resolveSingle != null) {
                        return CollectionUtils.wrapSet(resolveSingle);
                    }
                }
            } else {
                LOGGER.debug("No target service is specified in the request to determine authentication policy. CAS will proceed to the build the authentication event/transaction as usual.");
            }
            AuthenticationResultBuilder authenticationResultBuilder = WebUtils.getAuthenticationResultBuilder(requestContext);
            if (authenticationResultBuilder == null) {
                throw new IllegalArgumentException("No authentication result builder can be located in the context");
            }
            return CollectionUtils.wrapSet(grantTicketGrantingTicketToAuthenticationResult(requestContext, authenticationResultBuilder, service));
        } catch (Exception e) {
            Event returnAuthenticationExceptionEventIfNeeded = returnAuthenticationExceptionEventIfNeeded(e);
            if (returnAuthenticationExceptionEventIfNeeded == null) {
                LOGGER.warn(e.getMessage(), e);
                returnAuthenticationExceptionEventIfNeeded = newEvent("error", e);
            }
            WebUtils.getHttpServletResponse(requestContext).setStatus(HttpStatus.UNAUTHORIZED.value());
            return CollectionUtils.wrapSet(returnAuthenticationExceptionEventIfNeeded);
        }
    }

    protected Set<Event> resolveCandidateAuthenticationEvents(RequestContext requestContext, Service service, RegisteredService registeredService) {
        return (Set) this.orderedResolvers.stream().map(casWebflowEventResolver -> {
            return casWebflowEventResolver.resolveSingle(requestContext);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
    }

    @Override // org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver
    public void addDelegate(CasWebflowEventResolver casWebflowEventResolver) {
        if (casWebflowEventResolver != null) {
            this.orderedResolvers.add(casWebflowEventResolver);
        }
    }

    @Override // org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver
    public void addDelegate(CasWebflowEventResolver casWebflowEventResolver, int i) {
        if (casWebflowEventResolver != null) {
            this.orderedResolvers.add(i, casWebflowEventResolver);
        }
    }

    public void setSelectiveResolver(CasWebflowEventResolver casWebflowEventResolver) {
        this.selectiveResolver = casWebflowEventResolver;
    }

    private Event returnAuthenticationExceptionEventIfNeeded(Exception exc) {
        Exception exc2;
        if ((exc instanceof AuthenticationException) || (exc instanceof AbstractTicketException)) {
            exc2 = exc;
        } else {
            if (!(exc.getCause() instanceof AuthenticationException) && !(exc.getCause() instanceof AbstractTicketException)) {
                return null;
            }
            exc2 = (Exception) exc.getCause();
        }
        LOGGER.debug(exc2.getMessage(), exc2);
        return newEvent("authenticationFailure", exc2);
    }
}
