package org.jasig.cas.web.flow;

import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotNull;
import org.jasig.cas.CentralAuthenticationService;
import org.jasig.cas.Message;
import org.jasig.cas.authentication.AuthenticationException;
import org.jasig.cas.authentication.Credential;
import org.jasig.cas.authentication.HandlerResult;
import org.jasig.cas.authentication.principal.WebApplicationService;
import org.jasig.cas.ticket.TicketCreationException;
import org.jasig.cas.ticket.TicketException;
import org.jasig.cas.ticket.TicketGrantingTicket;
import org.jasig.cas.ticket.registry.TicketRegistry;
import org.jasig.cas.web.bind.CredentialsBinder;
import org.jasig.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.binding.message.MessageContext;
import org.springframework.util.StringUtils;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.core.collection.LocalAttributeMap;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-4.0.1.jar:org/jasig/cas/web/flow/AuthenticationViaFormAction.class */
public class AuthenticationViaFormAction {
    public static final String SUCCESS = "success";
    public static final String SUCCESS_WITH_WARNINGS = "successWithWarnings";
    public static final String WARN = "warn";
    public static final String AUTHENTICATION_FAILURE = "authenticationFailure";
    public static final String ERROR = "error";
    private CredentialsBinder credentialsBinder;

    @NotNull
    private CentralAuthenticationService centralAuthenticationService;

    @NotNull
    private TicketRegistry ticketRegistry;

    @NotNull
    private CookieGenerator warnCookieGenerator;
    private boolean hasWarningMessages;
    protected final Logger logger = LoggerFactory.getLogger(getClass());

    public final void doBind(RequestContext requestContext, Credential credential) throws Exception {
        HttpServletRequest httpServletRequest = WebUtils.getHttpServletRequest(requestContext);
        if (this.credentialsBinder == null || !this.credentialsBinder.supports(credential.getClass())) {
            return;
        }
        this.credentialsBinder.bind(httpServletRequest, credential);
    }

    public final Event submit(RequestContext requestContext, Credential credential, MessageContext messageContext) throws Exception {
        String loginTicketFromFlowScope = WebUtils.getLoginTicketFromFlowScope(requestContext);
        String loginTicketFromRequest = WebUtils.getLoginTicketFromRequest(requestContext);
        if (!loginTicketFromFlowScope.equals(loginTicketFromRequest)) {
            this.logger.warn("Invalid login ticket {}", loginTicketFromRequest);
            messageContext.addMessage(new MessageBuilder().code("error.invalid.loginticket").build());
            return newEvent("error");
        }
        String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
        WebApplicationService service = WebUtils.getService(requestContext);
        if (StringUtils.hasText(requestContext.getRequestParameters().get("renew")) && ticketGrantingTicketId != null && service != null) {
            try {
                WebUtils.putServiceTicketInRequestScope(requestContext, this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, credential));
                putWarnCookieIfRequestParameterPresent(requestContext);
                return newEvent(WARN);
            } catch (AuthenticationException e) {
                return newEvent(AUTHENTICATION_FAILURE, e);
            } catch (TicketCreationException e2) {
                this.logger.warn("Invalid attempt to access service using renew=true with different credential. Ending SSO session.");
                this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicketId);
            } catch (TicketException e3) {
                return newEvent("error", e3);
            }
        }
        try {
            String createTicketGrantingTicket = this.centralAuthenticationService.createTicketGrantingTicket(credential);
            WebUtils.putTicketGrantingTicketInFlowScope(requestContext, createTicketGrantingTicket);
            putWarnCookieIfRequestParameterPresent(requestContext);
            Iterator<Map.Entry<String, HandlerResult>> it = ((TicketGrantingTicket) this.ticketRegistry.getTicket(createTicketGrantingTicket)).getAuthentication().getSuccesses().entrySet().iterator();
            while (it.hasNext()) {
                Iterator<Message> it2 = it.next().getValue().getWarnings().iterator();
                while (it2.hasNext()) {
                    addWarningToContext(messageContext, it2.next());
                }
            }
            return this.hasWarningMessages ? newEvent(SUCCESS_WITH_WARNINGS) : newEvent(SUCCESS);
        } catch (AuthenticationException e4) {
            return newEvent(AUTHENTICATION_FAILURE, e4);
        } catch (Exception e5) {
            return newEvent("error", e5);
        }
    }

    private void putWarnCookieIfRequestParameterPresent(RequestContext requestContext) {
        HttpServletResponse httpServletResponse = WebUtils.getHttpServletResponse(requestContext);
        if (StringUtils.hasText(requestContext.getExternalContext().getRequestParameterMap().get(WARN))) {
            this.warnCookieGenerator.addCookie(httpServletResponse, "true");
        } else {
            this.warnCookieGenerator.removeCookie(httpServletResponse);
        }
    }

    private AuthenticationException getAuthenticationExceptionAsCause(TicketException ticketException) {
        return (AuthenticationException) ticketException.getCause();
    }

    private Event newEvent(String str) {
        return new Event(this, str);
    }

    private Event newEvent(String str, Exception exc) {
        return new Event(this, str, new LocalAttributeMap("error", exc));
    }

    public final void setCentralAuthenticationService(CentralAuthenticationService centralAuthenticationService) {
        this.centralAuthenticationService = centralAuthenticationService;
    }

    public void setTicketRegistry(TicketRegistry ticketRegistry) {
        this.ticketRegistry = ticketRegistry;
    }

    public final void setCredentialsBinder(CredentialsBinder credentialsBinder) {
        this.credentialsBinder = credentialsBinder;
    }

    public final void setWarnCookieGenerator(CookieGenerator cookieGenerator) {
        this.warnCookieGenerator = cookieGenerator;
    }

    private void addWarningToContext(MessageContext messageContext, Message message) {
        messageContext.addMessage(new MessageBuilder().warning().code(message.getCode()).defaultText(message.getDefaultMessage()).args(message.getParams()).build());
        this.hasWarningMessages = true;
    }
}
