package net.unicon.cas.mfa;

import com.github.inspektr.audit.annotation.Audit;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import javax.validation.constraints.NotNull;
import net.unicon.cas.mfa.authentication.principal.MultiFactorCredentials;
import net.unicon.cas.mfa.util.MultiFactorUtils;
import org.apache.commons.lang.StringUtils;
import org.jasig.cas.CentralAuthenticationService;
import org.jasig.cas.authentication.Authentication;
import org.jasig.cas.authentication.AuthenticationManager;
import org.jasig.cas.authentication.MutableAuthentication;
import org.jasig.cas.authentication.principal.Credentials;
import org.jasig.cas.authentication.principal.PersistentIdGenerator;
import org.jasig.cas.authentication.principal.Principal;
import org.jasig.cas.authentication.principal.Service;
import org.jasig.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator;
import org.jasig.cas.authentication.principal.SimplePrincipal;
import org.jasig.cas.services.RegisteredService;
import org.jasig.cas.services.ServicesManager;
import org.jasig.cas.services.UnauthorizedServiceException;
import org.jasig.cas.ticket.ExpirationPolicy;
import org.jasig.cas.ticket.InvalidTicketException;
import org.jasig.cas.ticket.ServiceTicket;
import org.jasig.cas.ticket.TicketException;
import org.jasig.cas.ticket.TicketGrantingTicket;
import org.jasig.cas.ticket.TicketGrantingTicketImpl;
import org.jasig.cas.ticket.TicketValidationException;
import org.jasig.cas.ticket.registry.TicketRegistry;
import org.jasig.cas.util.UniqueTicketIdGenerator;
import org.jasig.cas.validation.Assertion;
import org.jasig.cas.validation.ImmutableAssertionImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/cas-mfa-java-1.0.0-RC3.jar:net/unicon/cas/mfa/MultiFactorAwareCentralAuthenticationService.class */
public final class MultiFactorAwareCentralAuthenticationService implements CentralAuthenticationService {
    private CentralAuthenticationService delegate;
    private UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator;
    private TicketRegistry ticketRegistry;
    private ExpirationPolicy ticketGrantingTicketExpirationPolicy;
    private AuthenticationManager authenticationManager;

    @NotNull
    private TicketRegistry serviceTicketRegistry;

    @NotNull
    private ServicesManager servicesManager;
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @NotNull
    private PersistentIdGenerator persistentIdGenerator = new ShibbolethCompatiblePersistentIdGenerator();

    @NotNull
    private String authenticationMethodAttributeName = "authn_method";

    @Override // org.jasig.cas.CentralAuthenticationService
    @Audit(action = "TICKET_GRANTING_TICKET", actionResolverName = "CREATE_TICKET_GRANTING_TICKET_RESOLVER", resourceResolverName = "CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
    public String createTicketGrantingTicket(Credentials credentials) throws TicketException {
        TicketGrantingTicketImpl ticketGrantingTicketImpl = new TicketGrantingTicketImpl(this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId(TicketGrantingTicket.PREFIX), ((MultiFactorCredentials) credentials).getAuthentication(), this.ticketGrantingTicketExpirationPolicy);
        this.ticketRegistry.addTicket(ticketGrantingTicketImpl);
        return ticketGrantingTicketImpl.getId();
    }

    @Override // org.jasig.cas.CentralAuthenticationService
    public String grantServiceTicket(String str, Service service) throws TicketException {
        return this.delegate.grantServiceTicket(str, service);
    }

    @Override // org.jasig.cas.CentralAuthenticationService
    public String grantServiceTicket(String str, Service service, Credentials credentials) throws TicketException {
        return this.delegate.grantServiceTicket(str, service, credentials);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable, org.jasig.cas.ticket.ServiceTicket] */
    @Override // org.jasig.cas.CentralAuthenticationService
    public Assertion validateServiceTicket(String str, Service service) throws TicketException {
        MutableAuthentication mutableAuthentication;
        Assert.notNull(str, "serviceTicketId cannot be null");
        Assert.notNull(service, "service cannot be null");
        ?? r0 = (ServiceTicket) this.serviceTicketRegistry.getTicket(str, ServiceTicket.class);
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(service);
        if (findServiceBy == null || !findServiceBy.isEnabled()) {
            this.logger.warn("ServiceManagement: Service {} does not exist or is not enabled in registry.", service);
            throw new UnauthorizedServiceException("Service not allowed to validate tickets.");
        }
        if (r0 == 0) {
            this.logger.info("ServiceTicket [" + str + "] does not exist.");
            throw new InvalidTicketException();
        }
        try {
            synchronized (r0) {
                if (r0.isExpired()) {
                    this.logger.info("ServiceTicket [" + str + "] has expired.");
                    throw new InvalidTicketException();
                }
                if (!r0.isValidFor(service)) {
                    this.logger.error("ServiceTicket {} with service {}  does not match supplied service {}", str, r0.getService().getId(), service);
                    throw new TicketValidationException(r0.getService());
                }
            }
            List<Authentication> chainedAuthentications = r0.getGrantingTicket().getChainedAuthentications();
            Authentication authentication = chainedAuthentications.get(chainedAuthentications.size() - 1);
            Principal principal = authentication.getPrincipal();
            String determinePrincipalIdForRegisteredService = determinePrincipalIdForRegisteredService(principal, findServiceBy, r0);
            if (findServiceBy.isIgnoreAttributes()) {
                HashMap hashMap = new HashMap(principal.getAttributes());
                String fulfilledAuthenticationMethodsAsString = MultiFactorUtils.getFulfilledAuthenticationMethodsAsString(authentication);
                if (StringUtils.isNotBlank(fulfilledAuthenticationMethodsAsString)) {
                    hashMap.put(this.authenticationMethodAttributeName, fulfilledAuthenticationMethodsAsString);
                }
                mutableAuthentication = new MutableAuthentication(new SimplePrincipal(determinePrincipalIdForRegisteredService, hashMap), authentication.getAuthenticatedDate());
            } else {
                HashMap hashMap2 = new HashMap();
                for (String str2 : findServiceBy.getAllowedAttributes()) {
                    Object obj = principal.getAttributes().get(str2);
                    if (obj != null) {
                        hashMap2.put(str2, obj);
                    }
                }
                String fulfilledAuthenticationMethodsAsString2 = MultiFactorUtils.getFulfilledAuthenticationMethodsAsString(authentication);
                if (StringUtils.isNotBlank(fulfilledAuthenticationMethodsAsString2)) {
                    hashMap2.put(this.authenticationMethodAttributeName, fulfilledAuthenticationMethodsAsString2);
                }
                MutableAuthentication mutableAuthentication2 = new MutableAuthentication(new SimplePrincipal(determinePrincipalIdForRegisteredService, hashMap2), authentication.getAuthenticatedDate());
                mutableAuthentication2.getAttributes().putAll(authentication.getAttributes());
                mutableAuthentication2.getAuthenticatedDate().setTime(authentication.getAuthenticatedDate().getTime());
                mutableAuthentication = mutableAuthentication2;
            }
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < chainedAuthentications.size() - 1; i++) {
                arrayList.add(r0.getGrantingTicket().getChainedAuthentications().get(i));
            }
            arrayList.add(mutableAuthentication);
            return new ImmutableAssertionImpl(arrayList, r0.getService(), r0.isFromNewLogin());
        } finally {
            if (r0.isExpired()) {
                this.serviceTicketRegistry.deleteTicket(str);
            }
        }
    }

    @Override // org.jasig.cas.CentralAuthenticationService
    public void destroyTicketGrantingTicket(String str) {
        this.delegate.destroyTicketGrantingTicket(str);
    }

    @Override // org.jasig.cas.CentralAuthenticationService
    @Audit(action = "PROXY_GRANTING_TICKET", actionResolverName = "GRANT_PROXY_GRANTING_TICKET_RESOLVER", resourceResolverName = "GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER")
    public String delegateTicketGrantingTicket(String str, Credentials credentials) throws TicketException {
        return this.delegate.delegateTicketGrantingTicket(str, credentials);
    }

    private String determinePrincipalIdForRegisteredService(Principal principal, RegisteredService registeredService, ServiceTicket serviceTicket) {
        String obj;
        String usernameAttribute = registeredService.getUsernameAttribute();
        if (registeredService.isAnonymousAccess()) {
            obj = this.persistentIdGenerator.generate(principal, serviceTicket.getService());
        } else if (StringUtils.isBlank(usernameAttribute)) {
            obj = principal.getId();
        } else if ((registeredService.isIgnoreAttributes() || registeredService.getAllowedAttributes().contains(usernameAttribute)) && principal.getAttributes().containsKey(usernameAttribute)) {
            obj = principal.getAttributes().get(registeredService.getUsernameAttribute()).toString();
        } else {
            obj = principal.getId();
            this.logger.warn("Principal [{}] did not have attribute [{}] among attributes [{}] so CAS cannot provide on the validation response the user attribute the registered service [{}] expects. CAS will instead return the default username attribute [{}]", obj, registeredService.getUsernameAttribute(), principal.getAttributes(), registeredService.getServiceId(), obj);
        }
        this.logger.debug("Principal id to return for service [{}] is [{}]. The default principal id is [{}].", registeredService.getName(), principal.getId(), obj);
        return obj;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setTicketRegistry(TicketRegistry ticketRegistry) {
        this.ticketRegistry = ticketRegistry;
        if (this.serviceTicketRegistry == null) {
            this.serviceTicketRegistry = ticketRegistry;
        }
    }

    public void setServiceTicketRegistry(TicketRegistry ticketRegistry) {
        this.serviceTicketRegistry = ticketRegistry;
    }

    public void setTicketGrantingTicketExpirationPolicy(ExpirationPolicy expirationPolicy) {
        this.ticketGrantingTicketExpirationPolicy = expirationPolicy;
    }

    public void setServicesManager(ServicesManager servicesManager) {
        this.servicesManager = servicesManager;
    }

    public void setTicketGrantingTicketUniqueTicketIdGenerator(UniqueTicketIdGenerator uniqueTicketIdGenerator) {
        this.ticketGrantingTicketUniqueTicketIdGenerator = uniqueTicketIdGenerator;
    }

    public void setCentralAuthenticationServiceDelegate(CentralAuthenticationService centralAuthenticationService) {
        this.delegate = centralAuthenticationService;
    }

    public void setAuthenticationMethodAttributeName(String str) {
        this.authenticationMethodAttributeName = str;
    }

    public void setPersistentIdGenerator(PersistentIdGenerator persistentIdGenerator) {
        this.persistentIdGenerator = persistentIdGenerator;
    }
}
