package org.pac4j.cas.credentials.authenticator;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import lombok.Generated;
import org.apereo.cas.client.authentication.AttributePrincipal;
import org.apereo.cas.client.validation.Assertion;
import org.apereo.cas.client.validation.TicketValidationException;
import org.pac4j.cas.config.CasConfiguration;
import org.pac4j.cas.profile.CasProfileDefinition;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.credentials.TokenCredentials;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.http.callback.CallbackUrlResolver;
import org.pac4j.core.http.url.UrlResolver;
import org.pac4j.core.logout.handler.SessionLogoutHandler;
import org.pac4j.core.profile.ProfileHelper;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.profile.definition.ProfileDefinitionAware;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.core.util.Pac4jConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pac4j/cas/credentials/authenticator/CasAuthenticator.class */
public class CasAuthenticator extends ProfileDefinitionAware implements Authenticator {

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CasAuthenticator.class);
    protected CasConfiguration configuration;
    protected String clientName;
    protected UrlResolver urlResolver;
    protected CallbackUrlResolver callbackUrlResolver;
    protected String callbackUrl;
    protected SessionLogoutHandler sessionLogoutHandler;

    public CasAuthenticator(CasConfiguration casConfiguration, String str, UrlResolver urlResolver, CallbackUrlResolver callbackUrlResolver, String str2, SessionLogoutHandler sessionLogoutHandler) {
        this.configuration = casConfiguration;
        this.clientName = str;
        this.urlResolver = urlResolver;
        this.callbackUrlResolver = callbackUrlResolver;
        this.callbackUrl = str2;
        this.sessionLogoutHandler = sessionLogoutHandler;
    }

    @Override // org.pac4j.core.util.InitializableObject
    protected void internalInit(boolean z) {
        CommonHelper.assertNotNull("urlResolver", this.urlResolver);
        CommonHelper.assertNotNull("callbackUrlResolver", this.callbackUrlResolver);
        CommonHelper.assertNotBlank(Pac4jConstants.CLIENT_NAME, this.clientName);
        CommonHelper.assertNotBlank("callbackUrl", this.callbackUrl);
        CommonHelper.assertNotNull("configuration", this.configuration);
        setProfileDefinitionIfUndefined(new CasProfileDefinition());
    }

    @Override // org.pac4j.core.credentials.authenticator.Authenticator
    public Optional<Credentials> validate(CallContext callContext, Credentials credentials) {
        if (credentials instanceof TokenCredentials) {
            TokenCredentials tokenCredentials = (TokenCredentials) credentials;
            init();
            WebContext webContext = callContext.webContext();
            String token = tokenCredentials.getToken();
            try {
                Assertion validateTicket = validateTicket(webContext, token);
                recordSession(callContext, token);
                AttributePrincipal principal = validateTicket.getPrincipal();
                LOGGER.debug("principal: {}", principal);
                UserProfile createUserProfile = createUserProfile(principal);
                createUserProfileAttributes(validateTicket, principal, createUserProfile);
                LOGGER.debug("profile returned by CAS: {}", createUserProfile);
                tokenCredentials.setUserProfile(createUserProfile);
            } catch (TicketValidationException e) {
                throw new TechnicalException("cannot validate CAS ticket: " + token, e);
            }
        }
        return Optional.ofNullable(credentials);
    }

    protected void recordSession(CallContext callContext, String str) {
        if (this.sessionLogoutHandler != null) {
            this.sessionLogoutHandler.recordSession(callContext, str);
        }
    }

    protected void createUserProfileAttributes(Assertion assertion, AttributePrincipal attributePrincipal, UserProfile userProfile) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        Map<String, Object> attributes = attributePrincipal.getAttributes();
        Map<String, Object> attributes2 = assertion.getAttributes();
        if (attributes != null) {
            hashMap.putAll(attributes);
        }
        if (attributes2 != null) {
            hashMap2.putAll(attributes2);
        }
        getProfileDefinition().convertAndAdd(userProfile, hashMap, hashMap2);
    }

    protected UserProfile createUserProfile(AttributePrincipal attributePrincipal) {
        String name = attributePrincipal.getName();
        UserProfile newProfile = getProfileDefinition().newProfile(name, this.configuration.getProxyReceptor(), attributePrincipal);
        newProfile.setId(ProfileHelper.sanitizeIdentifier(name));
        return newProfile;
    }

    protected Assertion validateTicket(WebContext webContext, String str) throws TicketValidationException {
        return this.configuration.retrieveTicketValidator(webContext).validate(str, this.callbackUrlResolver.compute(this.urlResolver, this.callbackUrl, this.clientName, webContext));
    }
}
