package org.jasig.cas.web;

import java.net.URL;
import java.util.Arrays;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotNull;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.jasig.cas.CentralAuthenticationService;
import org.jasig.cas.aspect.LogAspect;
import org.jasig.cas.authentication.principal.Credentials;
import org.jasig.cas.authentication.principal.HttpBasedServiceCredentials;
import org.jasig.cas.authentication.principal.WebApplicationService;
import org.jasig.cas.services.UnauthorizedServiceException;
import org.jasig.cas.ticket.TicketException;
import org.jasig.cas.ticket.TicketValidationException;
import org.jasig.cas.ticket.proxy.ProxyHandler;
import org.jasig.cas.validation.Assertion;
import org.jasig.cas.validation.Cas20ProtocolValidationSpecification;
import org.jasig.cas.validation.ValidationSpecification;
import org.jasig.cas.web.support.ArgumentExtractor;
import org.slf4j.Logger;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.ServletRequestDataBinder;
import org.springframework.web.servlet.ModelAndView;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-3.5.1.jar:org/jasig/cas/web/ServiceValidateController.class */
public class ServiceValidateController extends DelegateController {
    private static final String DEFAULT_SERVICE_FAILURE_VIEW_NAME = "casServiceFailureView";
    private static final String DEFAULT_SERVICE_SUCCESS_VIEW_NAME = "casServiceSuccessView";
    private static final String MODEL_PROXY_GRANTING_TICKET_IOU = "pgtIou";
    private static final String MODEL_ASSERTION = "assertion";

    @NotNull
    private CentralAuthenticationService centralAuthenticationService;

    @NotNull
    private ProxyHandler proxyHandler;

    @NotNull
    private ArgumentExtractor argumentExtractor;
    private static final /* synthetic */ JoinPoint.StaticPart ajc$tjp_0 = null;

    @NotNull
    private Class<?> validationSpecificationClass = Cas20ProtocolValidationSpecification.class;

    @NotNull
    private String successView = DEFAULT_SERVICE_SUCCESS_VIEW_NAME;

    @NotNull
    private String failureView = DEFAULT_SERVICE_FAILURE_VIEW_NAME;

    protected Credentials getServiceCredentialsFromRequest(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("pgtUrl");
        if (!StringUtils.hasText(parameter)) {
            return null;
        }
        try {
            return new HttpBasedServiceCredentials(new URL(parameter));
        } catch (Exception e) {
            this.logger.error("Error constructing pgtUrl", e);
            return null;
        }
    }

    protected void initBinder(HttpServletRequest httpServletRequest, ServletRequestDataBinder servletRequestDataBinder) {
        servletRequestDataBinder.setRequiredFields("renew");
    }

    @Override // org.springframework.web.servlet.mvc.AbstractController
    protected final ModelAndView handleRequestInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        WebApplicationService extractService = this.argumentExtractor.extractService(httpServletRequest);
        String artifactId = extractService != null ? extractService.getArtifactId() : null;
        if (extractService == null || artifactId == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug(String.format("Could not process request; Service: %s, Service Ticket Id: %s", extractService, artifactId));
            }
            return generateErrorView("INVALID_REQUEST", "INVALID_REQUEST", null);
        }
        try {
            Credentials serviceCredentialsFromRequest = getServiceCredentialsFromRequest(httpServletRequest);
            String str = null;
            if (serviceCredentialsFromRequest != null) {
                try {
                    str = this.centralAuthenticationService.delegateTicketGrantingTicket(artifactId, serviceCredentialsFromRequest);
                } catch (TicketException e) {
                    this.logger.error("TicketException generating ticket for: " + serviceCredentialsFromRequest, e);
                }
            }
            Assertion validateServiceTicket = this.centralAuthenticationService.validateServiceTicket(artifactId, extractService);
            ValidationSpecification commandClass = getCommandClass();
            ServletRequestDataBinder servletRequestDataBinder = new ServletRequestDataBinder(commandClass, "validationSpecification");
            initBinder(httpServletRequest, servletRequestDataBinder);
            servletRequestDataBinder.bind((ServletRequest) httpServletRequest);
            if (!commandClass.isSatisfiedBy(validateServiceTicket)) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("ServiceTicket [" + artifactId + "] does not satisfy validation specification.");
                }
                return generateErrorView("INVALID_TICKET", "INVALID_TICKET_SPEC", null);
            }
            onSuccessfulValidation(artifactId, validateServiceTicket);
            ModelAndView modelAndView = new ModelAndView(this.successView);
            modelAndView.addObject(MODEL_ASSERTION, validateServiceTicket);
            if (serviceCredentialsFromRequest != null && str != null) {
                modelAndView.addObject(MODEL_PROXY_GRANTING_TICKET_IOU, this.proxyHandler.handle(serviceCredentialsFromRequest, str));
            }
            if (this.logger.isDebugEnabled()) {
                this.logger.debug(String.format("Successfully validated service ticket: %s", artifactId));
            }
            return modelAndView;
        } catch (UnauthorizedServiceException e2) {
            return generateErrorView(e2.getMessage(), e2.getMessage(), null);
        } catch (TicketValidationException e3) {
            return generateErrorView(e3.getCode(), e3.getCode(), new Object[]{artifactId, e3.getOriginalService().getId(), extractService.getId()});
        } catch (TicketException e4) {
            return generateErrorView(e4.getCode(), e4.getCode(), new Object[]{artifactId});
        }
    }

    protected void onSuccessfulValidation(String str, Assertion assertion) {
    }

    private ModelAndView generateErrorView(String str, String str2, Object[] objArr) {
        ModelAndView modelAndView = new ModelAndView(this.failureView);
        String message = getMessageSourceAccessor().getMessage(str2, objArr, str2);
        modelAndView.addObject("code", str);
        modelAndView.addObject("description", message);
        return modelAndView;
    }

    private ValidationSpecification getCommandClass() {
        try {
            return (ValidationSpecification) this.validationSpecificationClass.newInstance();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.jasig.cas.web.DelegateController
    public boolean canHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, httpServletRequest, httpServletResponse);
        return Conversions.booleanValue(canHandle_aroundBody1$advice(this, httpServletRequest, httpServletResponse, makeJP, LogAspect.aspectOf(), (ProceedingJoinPoint) makeJP));
    }

    public final void setCentralAuthenticationService(CentralAuthenticationService centralAuthenticationService) {
        this.centralAuthenticationService = centralAuthenticationService;
    }

    public final void setArgumentExtractor(ArgumentExtractor argumentExtractor) {
        this.argumentExtractor = argumentExtractor;
    }

    public final void setValidationSpecificationClass(Class<?> cls) {
        this.validationSpecificationClass = cls;
    }

    public final void setFailureView(String str) {
        this.failureView = str;
    }

    public final void setSuccessView(String str) {
        this.successView = str;
    }

    public final void setProxyHandler(ProxyHandler proxyHandler) {
        this.proxyHandler = proxyHandler;
    }

    static {
        ajc$preClinit();
    }

    private static final /* synthetic */ boolean canHandle_aroundBody0(ServiceValidateController serviceValidateController, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, JoinPoint joinPoint) {
        return true;
    }

    private static final /* synthetic */ Object canHandle_aroundBody1$advice(ServiceValidateController serviceValidateController, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, JoinPoint joinPoint, LogAspect logAspect, ProceedingJoinPoint proceedingJoinPoint) {
        Object obj = null;
        Logger log = logAspect.getLog(proceedingJoinPoint);
        String name = proceedingJoinPoint.getSignature().getName();
        try {
            if (log.isTraceEnabled()) {
                Object[] args = proceedingJoinPoint.getArgs();
                log.trace("Entering method [" + name + " with arguments [" + ((args == null || args.length == 0) ? "" : Arrays.deepToString(args)) + "]");
            }
            obj = Conversions.booleanObject(canHandle_aroundBody0(serviceValidateController, httpServletRequest, httpServletResponse, proceedingJoinPoint));
            if (log.isTraceEnabled()) {
                log.trace("Leaving method [" + name + "] with return value [" + (obj != null ? obj.toString() : "null") + "].");
            }
            return obj;
        } catch (Throwable th) {
            if (log.isTraceEnabled()) {
                log.trace("Leaving method [" + name + "] with return value [" + (obj != null ? obj.toString() : "null") + "].");
            }
            throw th;
        }
    }

    private static /* synthetic */ void ajc$preClinit() {
        Factory factory = new Factory("ServiceValidateController.java", ServiceValidateController.class);
        ajc$tjp_0 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "canHandle", "org.jasig.cas.web.ServiceValidateController", "javax.servlet.http.HttpServletRequest:javax.servlet.http.HttpServletResponse", "request:response", "", "boolean"), 210);
    }
}
