package org.apereo.cas.web.flow;

import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.AbstractTicketException;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.ServiceTicket;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.core.collection.LocalAttributeMap;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-actions-5.1.0.jar:org/apereo/cas/web/flow/GenerateServiceTicketAction.class */
public class GenerateServiceTicketAction extends AbstractAction {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) GenerateServiceTicketAction.class);
    private final CentralAuthenticationService centralAuthenticationService;
    private final AuthenticationSystemSupport authenticationSystemSupport;
    private final TicketRegistrySupport ticketRegistrySupport;
    private final ServicesManager servicesManager;

    public GenerateServiceTicketAction(AuthenticationSystemSupport authenticationSystemSupport, CentralAuthenticationService centralAuthenticationService, TicketRegistrySupport ticketRegistrySupport, ServicesManager servicesManager) {
        this.authenticationSystemSupport = authenticationSystemSupport;
        this.centralAuthenticationService = centralAuthenticationService;
        this.ticketRegistrySupport = ticketRegistrySupport;
        this.servicesManager = servicesManager;
    }

    @Override // org.springframework.webflow.action.AbstractAction
    protected Event doExecute(RequestContext requestContext) {
        WebApplicationService service = WebUtils.getService(requestContext);
        LOGGER.debug("Service asking for service ticket is [{}]", service);
        String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
        LOGGER.debug("Ticket-granting ticket found in the context is [{}]", ticketGrantingTicketId);
        try {
            Authentication authenticationFrom = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicketId);
            if (authenticationFrom == null) {
                throw new InvalidTicketException(new AuthenticationException("No authentication found for ticket " + ticketGrantingTicketId), ticketGrantingTicketId);
            }
            RegisteredService findServiceBy = this.servicesManager.findServiceBy(service);
            LOGGER.debug("Registered service asking for service ticket is [{}]", findServiceBy);
            WebUtils.putRegisteredService(requestContext, findServiceBy);
            WebUtils.putService(requestContext, service);
            if (findServiceBy != null) {
                if (!StringUtils.isEmpty(findServiceBy.getAccessStrategy().getUnauthorizedRedirectUrl())) {
                    LOGGER.debug("Registered service may redirect to [{}] for unauthorized access requests", findServiceBy.getAccessStrategy().getUnauthorizedRedirectUrl());
                }
                WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(requestContext, findServiceBy.getAccessStrategy().getUnauthorizedRedirectUrl());
            }
            if (WebUtils.getWarningCookie(requestContext)) {
                LOGGER.debug("Warning cookie is present in the request context. Routing result to [{}] state", "warn");
                return result("warn");
            }
            AuthenticationResult build = this.authenticationSystemSupport.establishAuthenticationContextFromInitial(authenticationFrom, WebUtils.getCredential(requestContext)).build(service);
            LOGGER.debug("Built the final authentication result [{}] to grant service ticket to [{}]", build, service);
            ServiceTicket grantServiceTicket = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, build);
            WebUtils.putServiceTicketInRequestScope(requestContext, grantServiceTicket);
            LOGGER.debug("Granted service ticket [{}] and added it to the request scope", grantServiceTicket);
            return success();
        } catch (AbstractTicketException e) {
            if (e instanceof InvalidTicketException) {
                LOGGER.debug("CAS has determined ticket-granting ticket [{}] is invalid and must be destroyed", ticketGrantingTicketId);
                this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicketId);
            }
            if (isGatewayPresent(requestContext)) {
                LOGGER.debug("Request indicates that it is gateway. Routing result to [{}] state", "gateway");
                return result("gateway");
            }
            LOGGER.warn("Could not grant service ticket [{}]. Routing to [{}]", e.getMessage(), CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE);
            return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, e);
        }
    }

    protected boolean isGatewayPresent(RequestContext requestContext) {
        return StringUtils.hasText(requestContext.getExternalContext().getRequestParameterMap().get("gateway"));
    }

    private Event newEvent(String str, Exception exc) {
        return new EventFactorySupport().event(this, str, new LocalAttributeMap("error", exc));
    }
}
