package net.unicon.cas.mfa.web;

import java.net.URL;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotNull;
import net.unicon.cas.mfa.AbstractMultiFactorAuthenticationProtocolValidationSpecification;
import net.unicon.cas.mfa.ticket.UnacceptableMultiFactorAuthenticationMethodException;
import net.unicon.cas.mfa.ticket.UnrecognizedMultiFactorAuthenticationMethodException;
import net.unicon.cas.mfa.util.MultiFactorUtils;
import org.apache.commons.lang.StringUtils;
import org.jasig.cas.CentralAuthenticationService;
import org.jasig.cas.authentication.principal.Credentials;
import org.jasig.cas.authentication.principal.HttpBasedServiceCredentials;
import org.jasig.cas.authentication.principal.WebApplicationService;
import org.jasig.cas.services.UnauthorizedServiceException;
import org.jasig.cas.ticket.TicketException;
import org.jasig.cas.ticket.TicketValidationException;
import org.jasig.cas.ticket.proxy.ProxyHandler;
import org.jasig.cas.validation.Assertion;
import org.jasig.cas.web.DelegateController;
import org.jasig.cas.web.support.ArgumentExtractor;
import org.opensaml.util.URLBuilder;
import org.opensaml.xml.util.Pair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.ServletRequestBindingException;
import org.springframework.web.bind.ServletRequestDataBinder;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.servlet.ModelAndView;

/* loaded from: input_file:WEB-INF/lib/cas-mfa-java-1.0.0-RC7.jar:net/unicon/cas/mfa/web/MultiFactorServiceValidateController.class */
public class MultiFactorServiceValidateController extends DelegateController {
    private static final String DEFAULT_SERVICE_FAILURE_VIEW_NAME = "casServiceFailureView";
    private static final String DEFAULT_SERVICE_SUCCESS_VIEW_NAME = "casServiceSuccessView";
    private static final String MODEL_PROXY_GRANTING_TICKET_IOU = "pgtIou";
    private static final String MODEL_ASSERTION = "assertion";
    private static final String MODEL_AUTHN_METHOD = "authn_method";

    @NotNull
    private CentralAuthenticationService centralAuthenticationService;

    @NotNull
    private Class<AbstractMultiFactorAuthenticationProtocolValidationSpecification> validationSpecificationClass;

    @NotNull
    private ProxyHandler proxyHandler;

    @NotNull
    private ArgumentExtractor argumentExtractor;
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @NotNull
    private String successView = DEFAULT_SERVICE_SUCCESS_VIEW_NAME;

    @NotNull
    private String failureView = DEFAULT_SERVICE_FAILURE_VIEW_NAME;

    protected Credentials getServiceCredentialsFromRequest(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("pgtUrl");
        String authenticationMethodFromRequest = getAuthenticationMethodFromRequest(httpServletRequest);
        if (!StringUtils.isNotBlank(parameter)) {
            return null;
        }
        try {
            URLBuilder uRLBuilder = new URLBuilder(parameter);
            if (StringUtils.isNotBlank(authenticationMethodFromRequest)) {
                uRLBuilder.getQueryParams().add(new Pair<>("authn_method", authenticationMethodFromRequest));
            }
            return new HttpBasedServiceCredentials(new URL(uRLBuilder.buildURL()));
        } catch (Exception e) {
            this.logger.error("Error constructing pgtUrl", (Throwable) e);
            return null;
        }
    }

    protected final void initBinder(HttpServletRequest httpServletRequest, ServletRequestDataBinder servletRequestDataBinder) {
        servletRequestDataBinder.setRequiredFields("renew");
    }

    @Override // org.springframework.web.servlet.mvc.AbstractController
    protected final ModelAndView handleRequestInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        WebApplicationService extractService = this.argumentExtractor.extractService(httpServletRequest);
        String artifactId = extractService != null ? extractService.getArtifactId() : null;
        String authenticationMethodFromRequest = getAuthenticationMethodFromRequest(httpServletRequest);
        if (extractService == null || artifactId == null) {
            this.logger.debug(String.format("Could not process request; Service: %s, Service Ticket Id: %s", extractService, artifactId));
            return generateErrorView("INVALID_REQUEST", "INVALID_REQUEST", authenticationMethodFromRequest, null);
        }
        try {
            Credentials serviceCredentialsFromRequest = getServiceCredentialsFromRequest(httpServletRequest);
            String str = null;
            if (serviceCredentialsFromRequest != null) {
                try {
                    str = this.centralAuthenticationService.delegateTicketGrantingTicket(artifactId, serviceCredentialsFromRequest);
                } catch (TicketException e) {
                    this.logger.error("TicketException generating ticket for: " + serviceCredentialsFromRequest, (Throwable) e);
                }
            }
            Assertion validateServiceTicket = this.centralAuthenticationService.validateServiceTicket(artifactId, extractService);
            AbstractMultiFactorAuthenticationProtocolValidationSpecification commandClass = getCommandClass();
            ServletRequestDataBinder servletRequestDataBinder = new ServletRequestDataBinder(commandClass, "validationSpecification");
            initBinder(httpServletRequest, servletRequestDataBinder);
            servletRequestDataBinder.bind((ServletRequest) httpServletRequest);
            commandClass.setAuthenticationMethod(authenticationMethodFromRequest);
            try {
                if (!commandClass.isSatisfiedBy(validateServiceTicket)) {
                    this.logger.debug("ServiceTicket [" + artifactId + "] does not satisfy validation specification.");
                    return generateErrorView("INVALID_TICKET", "INVALID_TICKET_SPEC", authenticationMethodFromRequest, null);
                }
                onSuccessfulValidation(artifactId, validateServiceTicket);
                ModelAndView modelAndView = new ModelAndView(this.successView);
                modelAndView.addObject(MODEL_ASSERTION, validateServiceTicket);
                if (serviceCredentialsFromRequest != null && str != null) {
                    modelAndView.addObject(MODEL_PROXY_GRANTING_TICKET_IOU, this.proxyHandler.handle(serviceCredentialsFromRequest, str));
                }
                String fulfilledAuthenticationMethodsAsString = MultiFactorUtils.getFulfilledAuthenticationMethodsAsString(validateServiceTicket);
                if (StringUtils.isNotBlank(fulfilledAuthenticationMethodsAsString)) {
                    modelAndView.addObject("authn_method", fulfilledAuthenticationMethodsAsString);
                }
                this.logger.debug(String.format("Successfully validated service ticket: %s", artifactId));
                return modelAndView;
            } catch (UnacceptableMultiFactorAuthenticationMethodException e2) {
                this.logger.debug(e2.getMessage(), (Throwable) e2);
                return generateErrorView(e2.getCode(), e2.getMessage(), authenticationMethodFromRequest, new Object[]{artifactId, e2.getAuthenticationMethod()});
            } catch (UnrecognizedMultiFactorAuthenticationMethodException e3) {
                this.logger.debug(e3.getMessage(), (Throwable) e3);
                return generateErrorView(e3.getCode(), e3.getMessage(), authenticationMethodFromRequest, new Object[]{e3.getAuthenticationMethod()});
            }
        } catch (UnauthorizedServiceException e4) {
            return generateErrorView(e4.getMessage(), e4.getMessage(), authenticationMethodFromRequest, null);
        } catch (TicketValidationException e5) {
            return generateErrorView(e5.getCode(), e5.getCode(), authenticationMethodFromRequest, new Object[]{artifactId, e5.getOriginalService().getId(), extractService.getId()});
        } catch (TicketException e6) {
            return generateErrorView(e6.getCode(), e6.getCode(), authenticationMethodFromRequest, new Object[]{artifactId});
        }
    }

    protected void onSuccessfulValidation(String str, Assertion assertion) {
    }

    private ModelAndView generateErrorView(String str, String str2, String str3, Object[] objArr) {
        ModelAndView modelAndView = new ModelAndView(this.failureView);
        StringBuilder sb = new StringBuilder(getMessageSourceAccessor().getMessage(str, objArr, str2));
        if (StringUtils.isNotBlank(str3)) {
            sb.append("authn_method");
            sb.append("=");
            sb.append(str3);
        }
        modelAndView.addObject("code", str);
        modelAndView.addObject("description", sb.toString());
        modelAndView.addObject("authn_method", str3);
        return modelAndView;
    }

    private AbstractMultiFactorAuthenticationProtocolValidationSpecification getCommandClass() {
        try {
            return this.validationSpecificationClass.newInstance();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r6v0, types: [java.lang.Throwable, org.springframework.web.bind.ServletRequestBindingException] */
    private String getAuthenticationMethodFromRequest(HttpServletRequest httpServletRequest) {
        try {
            return ServletRequestUtils.getStringParameter(httpServletRequest, "authn_method");
        } catch (ServletRequestBindingException e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            return null;
        }
    }

    @Override // org.jasig.cas.web.DelegateController
    public final boolean canHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return true;
    }

    public final void setCentralAuthenticationService(CentralAuthenticationService centralAuthenticationService) {
        this.centralAuthenticationService = centralAuthenticationService;
    }

    public final void setArgumentExtractor(ArgumentExtractor argumentExtractor) {
        this.argumentExtractor = argumentExtractor;
    }

    public final void setValidationSpecificationClass(Class<AbstractMultiFactorAuthenticationProtocolValidationSpecification> cls) {
        this.validationSpecificationClass = cls;
    }

    public final void setFailureView(String str) {
        this.failureView = str;
    }

    public final void setSuccessView(String str) {
        this.successView = str;
    }

    public final void setProxyHandler(ProxyHandler proxyHandler) {
        this.proxyHandler = proxyHandler;
    }
}
