package org.apereo.cas.web.flow.resolver.impl;

import com.google.common.collect.ImmutableSet;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationResultBuilder;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.ticket.AbstractTicketException;
import org.apereo.cas.web.flow.CasWebflowConstants;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.springframework.http.HttpStatus;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-5.0.0.jar:org/apereo/cas/web/flow/resolver/impl/InitialAuthenticationAttemptWebflowEventResolver.class */
public class InitialAuthenticationAttemptWebflowEventResolver extends AbstractCasWebflowEventResolver implements CasDelegatingWebflowEventResolver {
    private final List<CasWebflowEventResolver> orderedResolvers = new ArrayList();
    private CasWebflowEventResolver selectiveResolver;

    @Override // org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver
    public Set<Event> resolveInternal(RequestContext requestContext) {
        try {
            Credential credentialFromContext = getCredentialFromContext(requestContext);
            if (credentialFromContext != null) {
                AuthenticationResultBuilder handleInitialAuthenticationTransaction = this.authenticationSystemSupport.handleInitialAuthenticationTransaction(credentialFromContext);
                if (handleInitialAuthenticationTransaction.getInitialAuthentication().isPresent()) {
                    WebUtils.putAuthenticationResultBuilder(handleInitialAuthenticationTransaction, requestContext);
                    WebUtils.putAuthentication(handleInitialAuthenticationTransaction.getInitialAuthentication().get(), requestContext);
                }
            }
            WebApplicationService service = WebUtils.getService(requestContext);
            if (service != null) {
                this.logger.debug("Locating service {} in service registry to determine authentication policy", service);
                RegisteredService findServiceBy = this.servicesManager.findServiceBy(service);
                RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, findServiceBy);
                Set<Event> resolveCandidateAuthenticationEvents = resolveCandidateAuthenticationEvents(requestContext, service, findServiceBy);
                if (!resolveCandidateAuthenticationEvents.isEmpty()) {
                    putResolvedEventsAsAttribute(requestContext, resolveCandidateAuthenticationEvents);
                    Event resolveSingle = this.selectiveResolver.resolveSingle(requestContext);
                    if (resolveSingle != null) {
                        return ImmutableSet.of(resolveSingle);
                    }
                }
            }
            AuthenticationResultBuilder authenticationResultBuilder = WebUtils.getAuthenticationResultBuilder(requestContext);
            if (authenticationResultBuilder == null) {
                throw new IllegalArgumentException("No authentication result builder can be located in the context");
            }
            return ImmutableSet.of(grantTicketGrantingTicketToAuthenticationResult(requestContext, authenticationResultBuilder, service));
        } catch (Exception e) {
            Event returnAuthenticationExceptionEventIfNeeded = returnAuthenticationExceptionEventIfNeeded(e);
            if (returnAuthenticationExceptionEventIfNeeded == null) {
                this.logger.warn(e.getMessage(), (Throwable) e);
                returnAuthenticationExceptionEventIfNeeded = newEvent("error", e);
            }
            WebUtils.getHttpServletResponse(requestContext).setStatus(HttpStatus.UNAUTHORIZED.value());
            return ImmutableSet.of(returnAuthenticationExceptionEventIfNeeded);
        }
    }

    protected Set<Event> resolveCandidateAuthenticationEvents(RequestContext requestContext, Service service, RegisteredService registeredService) {
        ImmutableSet.Builder builder = ImmutableSet.builder();
        this.orderedResolvers.stream().filter(casWebflowEventResolver -> {
            return casWebflowEventResolver != null;
        }).forEach(casWebflowEventResolver2 -> {
            this.logger.debug("Evaluating authentication policy via {} for registered service {} and service {}", casWebflowEventResolver2.getName(), registeredService.getServiceId(), service);
            Event resolveSingle = casWebflowEventResolver2.resolveSingle(requestContext);
            if (resolveSingle == null) {
                this.logger.debug("Resulting event for {} is blank/ignored", casWebflowEventResolver2.getName());
            } else {
                this.logger.debug("Recorded the resulting event {} for {}", resolveSingle, casWebflowEventResolver2.getName());
                builder.add((ImmutableSet.Builder) resolveSingle);
            }
        });
        return builder.build();
    }

    @Override // org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver
    public void addDelegate(CasWebflowEventResolver casWebflowEventResolver) {
        this.orderedResolvers.add(casWebflowEventResolver);
    }

    public void setSelectiveResolver(CasWebflowEventResolver casWebflowEventResolver) {
        this.selectiveResolver = casWebflowEventResolver;
    }

    private Event returnAuthenticationExceptionEventIfNeeded(Exception exc) {
        Exception exc2;
        if ((exc instanceof AuthenticationException) || (exc instanceof AbstractTicketException)) {
            exc2 = exc;
        } else {
            if (!(exc.getCause() instanceof AuthenticationException) && !(exc.getCause() instanceof AbstractTicketException)) {
                return null;
            }
            exc2 = (Exception) exc.getCause();
        }
        this.logger.debug(exc2.getMessage(), (Throwable) exc2);
        return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, exc2);
    }
}
