package org.apereo.cas.web.flow;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CasProtocolConstants;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.support.CookieRetrievingCookieGenerator;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-actions-5.1.0-RC4.jar:org/apereo/cas/web/flow/SendTicketGrantingTicketAction.class */
public class SendTicketGrantingTicketAction extends AbstractAction {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SendTicketGrantingTicketAction.class);
    private boolean createSsoSessionCookieOnRenewAuthentications;
    private CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator;
    private CentralAuthenticationService centralAuthenticationService;
    private ServicesManager servicesManager;

    public SendTicketGrantingTicketAction(CentralAuthenticationService centralAuthenticationService, ServicesManager servicesManager, CookieRetrievingCookieGenerator cookieRetrievingCookieGenerator, boolean z) {
        this.createSsoSessionCookieOnRenewAuthentications = true;
        this.centralAuthenticationService = centralAuthenticationService;
        this.servicesManager = servicesManager;
        this.ticketGrantingTicketCookieGenerator = cookieRetrievingCookieGenerator;
        this.createSsoSessionCookieOnRenewAuthentications = z;
    }

    @Override // org.springframework.webflow.action.AbstractAction
    protected Event doExecute(RequestContext requestContext) {
        String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
        String str = (String) requestContext.getFlowScope().get("ticketGrantingTicketId");
        HttpServletRequest httpServletRequest = WebUtils.getHttpServletRequest(requestContext);
        HttpServletResponse httpServletResponse = WebUtils.getHttpServletResponse(requestContext);
        if (StringUtils.isBlank(ticketGrantingTicketId)) {
            LOGGER.debug("No ticket-granting ticket is found in the context.");
            return success();
        }
        if (WebUtils.isAuthenticatingAtPublicWorkstation(requestContext)) {
            LOGGER.info("Authentication is at a public workstation. SSO cookie will not be generated. Requests will be challenged for authentication.");
        } else if (this.createSsoSessionCookieOnRenewAuthentications || !isAuthenticationRenewed(requestContext)) {
            LOGGER.debug("Setting TGC for current session linked to [{}].", ticketGrantingTicketId);
            this.ticketGrantingTicketCookieGenerator.addCookie(httpServletRequest, httpServletResponse, ticketGrantingTicketId);
        } else {
            LOGGER.info("Authentication session is renewed but CAS is not configured to create the SSO session. SSO cookie will not be generated. Subsequent requests will be challenged for credentials.");
        }
        if (str != null && !ticketGrantingTicketId.equals(str)) {
            LOGGER.debug("Ticket-granting ticket from TGC does not match the ticket-granting ticket from context");
            this.centralAuthenticationService.destroyTicketGrantingTicket(str);
        }
        return success();
    }

    private boolean isAuthenticationRenewed(RequestContext requestContext) {
        RegisteredService findServiceBy;
        if (requestContext.getRequestParameters().contains(CasProtocolConstants.PARAMETER_RENEW)) {
            LOGGER.debug("[{}] is specified for the request. The authentication session will be considered renewed.", CasProtocolConstants.PARAMETER_RENEW);
            return true;
        }
        WebApplicationService service = WebUtils.getService(requestContext);
        if (service == null || (findServiceBy = this.servicesManager.findServiceBy(service)) == null) {
            return false;
        }
        boolean isServiceAccessAllowedForSso = findServiceBy.getAccessStrategy().isServiceAccessAllowedForSso();
        LOGGER.debug("Located [{}] in registry. Service access to participate in SSO is set to [{}]", findServiceBy.getServiceId(), Boolean.valueOf(isServiceAccessAllowedForSso));
        return !isServiceAccessAllowedForSso;
    }
}
