package org.apereo.cas.web.flow.login;

import java.util.Collection;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.AuthenticationResultBuilder;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.MessageDescriptor;
import org.apereo.cas.authentication.PrincipalException;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.web.flow.CasWebflowConstants;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.binding.message.MessageContext;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.core.collection.LocalAttributeMap;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-actions-6.0.1.jar:org/apereo/cas/web/flow/login/CreateTicketGrantingTicketAction.class */
public class CreateTicketGrantingTicketAction extends AbstractAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CreateTicketGrantingTicketAction.class);
    private final CentralAuthenticationService centralAuthenticationService;
    private final AuthenticationSystemSupport authenticationSystemSupport;
    private final TicketRegistrySupport ticketRegistrySupport;

    private static Collection<MessageDescriptor> calculateAuthenticationWarningMessages(TicketGrantingTicket ticketGrantingTicket, MessageContext messageContext) {
        return (Collection) ticketGrantingTicket.getAuthentication().getSuccesses().entrySet().stream().map(entry -> {
            return ((AuthenticationHandlerExecutionResult) entry.getValue()).getWarnings();
        }).flatMap((v0) -> {
            return v0.stream();
        }).peek(messageDescriptor -> {
            addMessageDescriptorToMessageContext(messageContext, messageDescriptor);
        }).collect(Collectors.toSet());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void addMessageDescriptorToMessageContext(MessageContext messageContext, MessageDescriptor messageDescriptor) {
        messageContext.addMessage(new MessageBuilder().warning().code(messageDescriptor.getCode()).defaultText(messageDescriptor.getDefaultMessage()).args(messageDescriptor.getParams()).build());
    }

    @Override // org.springframework.webflow.action.AbstractAction
    public Event doExecute(RequestContext requestContext) {
        WebApplicationService service = WebUtils.getService(requestContext);
        RegisteredService registeredService = WebUtils.getRegisteredService(requestContext);
        AuthenticationResultBuilder authenticationResultBuilder = WebUtils.getAuthenticationResultBuilder(requestContext);
        LOGGER.trace("Finalizing authentication transactions and issuing ticket-granting ticket");
        AuthenticationResult finalizeAllAuthenticationTransactions = this.authenticationSystemSupport.finalizeAllAuthenticationTransactions(authenticationResultBuilder, service);
        LOGGER.trace("Finalizing authentication event...");
        Authentication buildFinalAuthentication = buildFinalAuthentication(finalizeAllAuthenticationTransactions);
        String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
        LOGGER.debug("Creating ticket-granting ticket, potentially based on [{}]", ticketGrantingTicketId);
        TicketGrantingTicket createOrUpdateTicketGrantingTicket = createOrUpdateTicketGrantingTicket(finalizeAllAuthenticationTransactions, buildFinalAuthentication, ticketGrantingTicketId);
        if (registeredService != null && registeredService.getAccessStrategy() != null) {
            WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(requestContext, registeredService.getAccessStrategy().getUnauthorizedRedirectUrl());
        }
        WebUtils.putTicketGrantingTicketInScopes(requestContext, createOrUpdateTicketGrantingTicket);
        WebUtils.putAuthenticationResult(finalizeAllAuthenticationTransactions, requestContext);
        WebUtils.putAuthentication(createOrUpdateTicketGrantingTicket.getAuthentication(), requestContext);
        LOGGER.trace("Calculating authentication warning messages...");
        Collection<MessageDescriptor> calculateAuthenticationWarningMessages = calculateAuthenticationWarningMessages(createOrUpdateTicketGrantingTicket, requestContext.getMessageContext());
        if (calculateAuthenticationWarningMessages.isEmpty()) {
            return success();
        }
        return new EventFactorySupport().event(this, CasWebflowConstants.TRANSITION_ID_SUCCESS_WITH_WARNINGS, new LocalAttributeMap(CasWebflowConstants.ATTRIBUTE_ID_AUTHENTICATION_WARNINGS, calculateAuthenticationWarningMessages));
    }

    protected Authentication buildFinalAuthentication(AuthenticationResult authenticationResult) {
        return authenticationResult.getAuthentication();
    }

    protected TicketGrantingTicket createOrUpdateTicketGrantingTicket(AuthenticationResult authenticationResult, Authentication authentication, String str) {
        try {
            if (shouldIssueTicketGrantingTicket(authentication, str)) {
                LOGGER.debug("Attempting to issue a new ticket-granting ticket...");
                return this.centralAuthenticationService.createTicketGrantingTicket(authenticationResult);
            }
            LOGGER.debug("Updating the existing ticket-granting ticket [{}]...", str);
            TicketGrantingTicket ticketGrantingTicket = (TicketGrantingTicket) this.centralAuthenticationService.getTicket(str, TicketGrantingTicket.class);
            ticketGrantingTicket.getAuthentication().update(authentication);
            this.centralAuthenticationService.updateTicket(ticketGrantingTicket);
            return ticketGrantingTicket;
        } catch (PrincipalException e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            throw e;
        } catch (Exception e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            throw new InvalidTicketException(str);
        }
    }

    private boolean shouldIssueTicketGrantingTicket(Authentication authentication, String str) {
        if (StringUtils.isBlank(str)) {
            return true;
        }
        LOGGER.debug("Located ticket-granting ticket in the context. Retrieving associated authentication");
        Authentication authenticationFrom = this.ticketRegistrySupport.getAuthenticationFrom(str);
        if (authenticationFrom == null) {
            LOGGER.debug("Authentication session associated with [{}] is no longer valid", str);
            this.centralAuthenticationService.destroyTicketGrantingTicket(str);
            return true;
        }
        if (areAuthenticationsEssentiallyEqual(authentication, authenticationFrom)) {
            LOGGER.debug("Resulting authentication matches the authentication from context");
            return false;
        }
        LOGGER.debug("Resulting authentication is different from the context");
        return true;
    }

    private static boolean areAuthenticationsEssentiallyEqual(Authentication authentication, Authentication authentication2) {
        if (authentication == null && authentication2 == null) {
            return false;
        }
        if (authentication == null && authentication2 != null) {
            return false;
        }
        if (authentication != null && authentication2 == null) {
            return false;
        }
        EqualsBuilder equalsBuilder = new EqualsBuilder();
        equalsBuilder.append(authentication.getPrincipal(), authentication2.getPrincipal());
        equalsBuilder.append(authentication.getCredentials(), authentication2.getCredentials());
        equalsBuilder.append(authentication.getSuccesses(), authentication2.getSuccesses());
        equalsBuilder.append(authentication.getAttributes(), authentication2.getAttributes());
        return equalsBuilder.isEquals();
    }

    @Generated
    public CreateTicketGrantingTicketAction(CentralAuthenticationService centralAuthenticationService, AuthenticationSystemSupport authenticationSystemSupport, TicketRegistrySupport ticketRegistrySupport) {
        this.centralAuthenticationService = centralAuthenticationService;
        this.authenticationSystemSupport = authenticationSystemSupport;
        this.ticketRegistrySupport = ticketRegistrySupport;
    }
}
