package org.jasig.cas.client.tomcat;

import java.io.IOException;
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.TicketValidationException;
import org.jasig.cas.client.validation.TicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jasig/cas/client/tomcat/AuthenticatorDelegate.class */
public final class AuthenticatorDelegate {
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private String serviceUrl;
    private String serverName;
    private String casServerLoginUrl;
    private String artifactParameterName;
    private String serviceParameterName;
    private TicketValidator ticketValidator;
    private CasRealm realm;

    public final Principal authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Assertion assertion = null;
        HttpSession session = httpServletRequest.getSession();
        if (session != null) {
            assertion = (Assertion) session.getAttribute("_const_cas_assertion_");
        }
        if (assertion == null) {
            this.logger.debug("CAS assertion not found in session -- authentication required.");
            String parameter = httpServletRequest.getParameter(this.artifactParameterName);
            String constructServiceUrl = CommonUtils.constructServiceUrl(httpServletRequest, httpServletResponse, this.serviceUrl, this.serverName, this.serviceParameterName, this.artifactParameterName, true);
            if (CommonUtils.isBlank(parameter)) {
                String constructRedirectUrl = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, this.serviceParameterName, constructServiceUrl, false, false);
                this.logger.debug("Redirecting to {}", constructRedirectUrl);
                CommonUtils.sendRedirect(httpServletResponse, constructRedirectUrl);
                return null;
            }
            try {
                this.logger.debug("Attempting to validate {} for {}", parameter, constructServiceUrl);
                assertion = this.ticketValidator.validate(parameter, constructServiceUrl);
                this.logger.debug("CAS authentication succeeded.");
                if (session == null) {
                    session = httpServletRequest.getSession(true);
                }
                session.setAttribute("_const_cas_assertion_", assertion);
            } catch (TicketValidationException e) {
                setUnauthorized(httpServletResponse, e.getMessage());
                return null;
            }
        }
        Principal authenticate = this.realm.authenticate(assertion.getPrincipal());
        if (authenticate == null) {
            this.logger.debug("{} failed to authenticate to {}", assertion.getPrincipal().getName(), this.realm);
            setUnauthorized(httpServletResponse, null);
        }
        return authenticate;
    }

    public String getServiceUrl() {
        return this.serviceUrl;
    }

    public void setServiceUrl(String str) {
        this.serviceUrl = str;
    }

    public String getServerName() {
        return this.serverName;
    }

    public void setServerName(String str) {
        this.serverName = str;
    }

    public String getCasServerLoginUrl() {
        return this.casServerLoginUrl;
    }

    public void setCasServerLoginUrl(String str) {
        this.casServerLoginUrl = str;
    }

    public void setArtifactParameterName(String str) {
        this.artifactParameterName = str;
    }

    public void setServiceParameterName(String str) {
        this.serviceParameterName = str;
    }

    public void setTicketValidator(TicketValidator ticketValidator) {
        this.ticketValidator = ticketValidator;
    }

    public void setRealm(CasRealm casRealm) {
        this.realm = casRealm;
    }

    private void setUnauthorized(HttpServletResponse httpServletResponse, String str) {
        try {
            if (str != null) {
                httpServletResponse.sendError(401, str);
            } else {
                httpServletResponse.sendError(401);
            }
        } catch (IOException e) {
            throw new IllegalStateException("Error setting 403 status.", e);
        }
    }
}
