package org.pac4j.cas.credentials.authenticator;

import java.util.HashMap;
import java.util.Map;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.TicketValidationException;
import org.pac4j.cas.config.CasConfiguration;
import org.pac4j.cas.profile.CasProfileDefinition;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.TokenCredentials;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.exception.HttpAction;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.ProfileHelper;
import org.pac4j.core.profile.definition.ProfileDefinitionAware;
import org.pac4j.core.util.CommonHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-cas-2.1.0.jar:org/pac4j/cas/credentials/authenticator/CasAuthenticator.class */
public class CasAuthenticator extends ProfileDefinitionAware<CommonProfile> implements Authenticator<TokenCredentials> {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) CasAuthenticator.class);
    private CasConfiguration configuration;
    private String callbackUrl;

    public CasAuthenticator() {
    }

    public CasAuthenticator(CasConfiguration casConfiguration, String str) {
        this.configuration = casConfiguration;
        this.callbackUrl = str;
    }

    @Override // org.pac4j.core.util.InitializableWebObject
    protected void internalInit(WebContext webContext) {
        CommonHelper.assertNotBlank("callbackUrl", this.callbackUrl);
        CommonHelper.assertNotNull("configuration", this.configuration);
        this.configuration.init(webContext);
        defaultProfileDefinition(new CasProfileDefinition());
    }

    @Override // org.pac4j.core.credentials.authenticator.Authenticator
    public void validate(TokenCredentials tokenCredentials, WebContext webContext) throws HttpAction {
        CommonProfile restoreOrBuildProfile;
        init(webContext);
        String token = tokenCredentials.getToken();
        try {
            AttributePrincipal principal = this.configuration.retrieveTicketValidator(webContext).validate(token, this.configuration.computeFinalUrl(this.callbackUrl, webContext)).getPrincipal();
            logger.debug("principal: {}", principal);
            String name = principal.getName();
            HashMap hashMap = new HashMap();
            Map<String, Object> attributes = principal.getAttributes();
            if (attributes != null) {
                for (Map.Entry<String, Object> entry : attributes.entrySet()) {
                    hashMap.put(entry.getKey(), ProfileHelper.getInternalAttributeHandler().restore(entry.getValue()));
                }
            }
            if (this.configuration.getProxyReceptor() != null) {
                restoreOrBuildProfile = getProfileDefinition().newProfile(principal, this.configuration.getProxyReceptor());
                restoreOrBuildProfile.setId(name);
                getProfileDefinition().convertAndAdd(restoreOrBuildProfile, hashMap);
            } else {
                restoreOrBuildProfile = ProfileHelper.restoreOrBuildProfile(getProfileDefinition(), name, hashMap, principal, this.configuration.getProxyReceptor());
            }
            logger.debug("profile returned by CAS: {}", restoreOrBuildProfile);
            tokenCredentials.setUserProfile(restoreOrBuildProfile);
        } catch (TicketValidationException e) {
            throw new TechnicalException("cannot validate CAS ticket: " + token, e);
        }
    }

    public CasConfiguration getConfiguration() {
        return this.configuration;
    }

    public void setConfiguration(CasConfiguration casConfiguration) {
        this.configuration = casConfiguration;
    }

    public String getCallbackUrl() {
        return this.callbackUrl;
    }

    public void setCallbackUrl(String str) {
        this.callbackUrl = str;
    }
}
