package org.pac4j.cas.client;

import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.Cas10TicketValidator;
import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.jasig.cas.client.validation.ProxyList;
import org.jasig.cas.client.validation.Saml11TicketValidator;
import org.jasig.cas.client.validation.TicketValidationException;
import org.jasig.cas.client.validation.TicketValidator;
import org.pac4j.cas.credentials.CasCredentials;
import org.pac4j.cas.logout.LogoutHandler;
import org.pac4j.cas.logout.NoLogoutHandler;
import org.pac4j.cas.profile.CasProfile;
import org.pac4j.cas.profile.CasProxyProfile;
import org.pac4j.core.client.BaseClient;
import org.pac4j.core.client.Protocol;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.CredentialsException;
import org.pac4j.core.exception.RequiresHttpAction;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.util.CommonHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pac4j/cas/client/CasClient.class */
public class CasClient extends BaseClient<CasCredentials, CasProfile> {
    protected static final Logger logger = LoggerFactory.getLogger(CasClient.class);
    protected static final String SERVICE_PARAMETER = "service";
    public static final String SERVICE_TICKET_PARAMETER = "ticket";
    protected TicketValidator ticketValidator;
    protected String casLoginUrl;
    protected String casPrefixUrl;
    protected CasProxyReceptor casProxyReceptor;
    protected LogoutHandler logoutHandler = new NoLogoutHandler();
    protected CasProtocol casProtocol = CasProtocol.CAS20;
    protected boolean renew = false;
    protected boolean gateway = false;
    protected boolean acceptAnyProxy = false;
    protected ProxyList allowedProxyChains = new ProxyList();

    /* loaded from: input_file:org/pac4j/cas/client/CasClient$CasProtocol.class */
    public enum CasProtocol {
        CAS10,
        CAS20,
        CAS20_PROXY,
        SAML
    }

    protected String retrieveRedirectionUrl(WebContext webContext) {
        String constructRedirectUrl = CommonUtils.constructRedirectUrl(this.casLoginUrl, SERVICE_PARAMETER, this.callbackUrl, this.renew, this.gateway);
        logger.debug("redirectionUrl : {}", constructRedirectUrl);
        return constructRedirectUrl;
    }

    protected BaseClient<CasCredentials, CasProfile> newClient() {
        CasClient casClient = new CasClient();
        casClient.setCasLoginUrl(this.casLoginUrl);
        casClient.setCasPrefixUrl(this.casPrefixUrl);
        casClient.setCasProtocol(this.casProtocol);
        casClient.setRenew(this.renew);
        casClient.setGateway(this.gateway);
        casClient.setAcceptAnyProxy(this.acceptAnyProxy);
        casClient.setAllowedProxyChains(this.allowedProxyChains);
        casClient.setCasProxyReceptor(this.casProxyReceptor);
        return casClient;
    }

    protected void internalInit() {
        CommonHelper.assertNotBlank("callbackUrl", this.callbackUrl);
        CommonHelper.assertNotNull("logoutHandler", this.logoutHandler);
        if (CommonHelper.isBlank(this.casLoginUrl) && CommonHelper.isBlank(this.casPrefixUrl)) {
            throw new TechnicalException("casLoginUrl and casPrefixUrl cannot be both blank");
        }
        if (this.casPrefixUrl != null && !this.casPrefixUrl.endsWith("/")) {
            this.casPrefixUrl += "/";
        }
        if (CommonHelper.isBlank(this.casPrefixUrl)) {
            this.casPrefixUrl = this.casLoginUrl.replaceFirst("/login", "/");
        } else if (CommonHelper.isBlank(this.casLoginUrl)) {
            this.casLoginUrl = this.casPrefixUrl + "login";
        }
        if (this.casProtocol == CasProtocol.CAS10) {
            this.ticketValidator = new Cas10TicketValidator(this.casPrefixUrl);
            return;
        }
        if (this.casProtocol == CasProtocol.CAS20) {
            this.ticketValidator = new Cas20ServiceTicketValidator(this.casPrefixUrl);
            if (this.casProxyReceptor != null) {
                Cas20ServiceTicketValidator cas20ServiceTicketValidator = this.ticketValidator;
                cas20ServiceTicketValidator.setProxyCallbackUrl(this.casProxyReceptor.getCallbackUrl());
                cas20ServiceTicketValidator.setProxyGrantingTicketStorage(this.casProxyReceptor.getProxyGrantingTicketStorage());
                return;
            }
            return;
        }
        if (this.casProtocol != CasProtocol.CAS20_PROXY) {
            if (this.casProtocol == CasProtocol.SAML) {
                this.ticketValidator = new Saml11TicketValidator(this.casPrefixUrl);
                return;
            }
            return;
        }
        this.ticketValidator = new Cas20ProxyTicketValidator(this.casPrefixUrl);
        Cas20ProxyTicketValidator cas20ProxyTicketValidator = this.ticketValidator;
        cas20ProxyTicketValidator.setAcceptAnyProxy(this.acceptAnyProxy);
        cas20ProxyTicketValidator.setAllowedProxyChains(this.allowedProxyChains);
        if (this.casProxyReceptor != null) {
            cas20ProxyTicketValidator.setProxyCallbackUrl(this.casProxyReceptor.getCallbackUrl());
            cas20ProxyTicketValidator.setProxyGrantingTicketStorage(this.casProxyReceptor.getProxyGrantingTicketStorage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: retrieveCredentials, reason: merged with bridge method [inline-methods] */
    public CasCredentials m1retrieveCredentials(WebContext webContext) throws RequiresHttpAction {
        if (this.logoutHandler.isTokenRequest(webContext)) {
            String requestParameter = webContext.getRequestParameter(SERVICE_TICKET_PARAMETER);
            this.logoutHandler.recordSession(webContext, requestParameter);
            CasCredentials casCredentials = new CasCredentials(requestParameter, getName());
            logger.debug("casCredentials : {}", casCredentials);
            return casCredentials;
        }
        if (this.logoutHandler.isLogoutRequest(webContext)) {
            this.logoutHandler.destroySession(webContext);
            logger.debug("logout request : no credential returned");
            throw RequiresHttpAction.ok("logout request : no credential returned", webContext);
        }
        if (this.gateway) {
            logger.info("No credential found in this gateway round-trip");
            return null;
        }
        logger.error("No ticket or logout request");
        throw new CredentialsException("No ticket or logout request");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CasProfile retrieveUserProfile(CasCredentials casCredentials) {
        String serviceTicket = casCredentials.getServiceTicket();
        try {
            AttributePrincipal principal = this.ticketValidator.validate(serviceTicket, this.callbackUrl).getPrincipal();
            logger.debug("principal : {}", principal);
            CasProfile casProxyProfile = this.casProxyReceptor != null ? new CasProxyProfile() : new CasProfile();
            casProxyProfile.setId(principal.getName());
            casProxyProfile.addAttributes(principal.getAttributes());
            if (this.casProxyReceptor != null) {
                ((CasProxyProfile) casProxyProfile).setPrincipal(principal);
            }
            logger.debug("casProfile : {}", casProxyProfile);
            return casProxyProfile;
        } catch (TicketValidationException e) {
            logger.error("cannot validate CAS ticket : {} / {}", serviceTicket, e);
            throw new TechnicalException(e);
        }
    }

    public String getCasLoginUrl() {
        return this.casLoginUrl;
    }

    public void setCasLoginUrl(String str) {
        this.casLoginUrl = str;
    }

    public String getCasPrefixUrl() {
        return this.casPrefixUrl;
    }

    public void setCasPrefixUrl(String str) {
        this.casPrefixUrl = str;
    }

    public CasProtocol getCasProtocol() {
        return this.casProtocol;
    }

    public void setCasProtocol(CasProtocol casProtocol) {
        this.casProtocol = casProtocol;
    }

    public boolean isRenew() {
        return this.renew;
    }

    public void setRenew(boolean z) {
        this.renew = z;
    }

    public boolean isGateway() {
        return this.gateway;
    }

    public void setGateway(boolean z) {
        this.gateway = z;
    }

    public LogoutHandler getLogoutHandler() {
        return this.logoutHandler;
    }

    public void setLogoutHandler(LogoutHandler logoutHandler) {
        this.logoutHandler = logoutHandler;
    }

    public boolean isAcceptAnyProxy() {
        return this.acceptAnyProxy;
    }

    public void setAcceptAnyProxy(boolean z) {
        this.acceptAnyProxy = z;
    }

    public ProxyList getAllowedProxyChains() {
        return this.allowedProxyChains;
    }

    public void setAllowedProxyChains(ProxyList proxyList) {
        this.allowedProxyChains = proxyList;
    }

    public CasProxyReceptor getCasProxyReceptor() {
        return this.casProxyReceptor;
    }

    public void setCasProxyReceptor(CasProxyReceptor casProxyReceptor) {
        this.casProxyReceptor = casProxyReceptor;
    }

    public String toString() {
        return CommonHelper.toString(getClass(), new Object[]{"callbackUrl", this.callbackUrl, "casLoginUrl", this.casLoginUrl, "casPrefixUrl", this.casPrefixUrl, "casProtocol", this.casProtocol, "renew", Boolean.valueOf(this.renew), "gateway", Boolean.valueOf(this.gateway), "logoutHandler", this.logoutHandler, "acceptAnyProxy", Boolean.valueOf(this.acceptAnyProxy), "allowedProxyChains", this.allowedProxyChains, "casProxyReceptor", this.casProxyReceptor});
    }

    protected boolean isDirectRedirection() {
        return true;
    }

    public Protocol getProtocol() {
        return Protocol.CAS;
    }
}
