package org.jasig.cas.web;

import java.net.URL;
import java.util.Collections;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotNull;
import org.jasig.cas.CasProtocolConstants;
import org.jasig.cas.CentralAuthenticationService;
import org.jasig.cas.authentication.AuthenticationException;
import org.jasig.cas.authentication.Credential;
import org.jasig.cas.authentication.HttpBasedServiceCredential;
import org.jasig.cas.authentication.principal.Service;
import org.jasig.cas.authentication.principal.WebApplicationService;
import org.jasig.cas.services.RegisteredService;
import org.jasig.cas.services.ServicesManager;
import org.jasig.cas.services.UnauthorizedProxyingException;
import org.jasig.cas.services.UnauthorizedServiceException;
import org.jasig.cas.ticket.TicketException;
import org.jasig.cas.ticket.TicketGrantingTicket;
import org.jasig.cas.ticket.TicketValidationException;
import org.jasig.cas.ticket.proxy.ProxyHandler;
import org.jasig.cas.validation.Assertion;
import org.jasig.cas.validation.Cas20ProtocolValidationSpecification;
import org.jasig.cas.validation.ValidationSpecification;
import org.jasig.cas.web.support.ArgumentExtractor;
import org.jasig.cas.web.view.CasViewConstants;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.ServletRequestDataBinder;
import org.springframework.web.servlet.ModelAndView;

/* loaded from: input_file:WEB-INF/lib/cas-server-webapp-support-4.1.10.jar:org/jasig/cas/web/ServiceValidateController.class */
public class ServiceValidateController extends DelegateController {
    public static final String DEFAULT_SERVICE_FAILURE_VIEW_NAME = "cas2ServiceFailureView";
    public static final String DEFAULT_SERVICE_SUCCESS_VIEW_NAME = "cas2ServiceSuccessView";

    @NotNull
    private ServicesManager servicesManager;

    @NotNull
    private CentralAuthenticationService centralAuthenticationService;

    @NotNull
    private ProxyHandler proxyHandler;

    @NotNull
    private ArgumentExtractor argumentExtractor;

    @NotNull
    private Class<?> validationSpecificationClass = Cas20ProtocolValidationSpecification.class;

    @NotNull
    private String successView = DEFAULT_SERVICE_SUCCESS_VIEW_NAME;

    @NotNull
    private String failureView = DEFAULT_SERVICE_FAILURE_VIEW_NAME;

    protected Credential getServiceCredentialsFromRequest(WebApplicationService webApplicationService, HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(CasProtocolConstants.PARAMETER_PROXY_CALLBACK_URL);
        if (!StringUtils.hasText(parameter)) {
            return null;
        }
        try {
            RegisteredService findServiceBy = this.servicesManager.findServiceBy(webApplicationService);
            verifyRegisteredServiceProperties(findServiceBy, webApplicationService);
            return new HttpBasedServiceCredential(new URL(parameter), findServiceBy);
        } catch (Exception e) {
            this.logger.error("Error constructing pgtUrl", (Throwable) e);
            return null;
        }
    }

    protected void initBinder(HttpServletRequest httpServletRequest, ServletRequestDataBinder servletRequestDataBinder) {
        servletRequestDataBinder.setRequiredFields(CasProtocolConstants.PARAMETER_RENEW);
    }

    @Override // org.springframework.web.servlet.mvc.AbstractController
    protected final ModelAndView handleRequestInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        WebApplicationService extractService = this.argumentExtractor.extractService(httpServletRequest);
        String artifactId = extractService != null ? extractService.getArtifactId() : null;
        if (extractService == null || artifactId == null) {
            this.logger.debug("Could not identify service and/or service ticket for service: [{}]", extractService);
            return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_REQUEST, CasProtocolConstants.ERROR_CODE_INVALID_REQUEST, null);
        }
        try {
            Credential serviceCredentialsFromRequest = getServiceCredentialsFromRequest(extractService, httpServletRequest);
            TicketGrantingTicket ticketGrantingTicket = null;
            if (serviceCredentialsFromRequest != null) {
                try {
                    ticketGrantingTicket = this.centralAuthenticationService.delegateTicketGrantingTicket(artifactId, serviceCredentialsFromRequest);
                    this.logger.debug("Generated PGT [{}] off of service ticket [{}] and credential [{}]", ticketGrantingTicket.getId(), artifactId, serviceCredentialsFromRequest);
                } catch (AuthenticationException e) {
                    this.logger.info("Failed to authenticate service credential {}", serviceCredentialsFromRequest);
                } catch (TicketException e2) {
                    this.logger.error("Failed to create proxy granting ticket for {}", serviceCredentialsFromRequest, e2);
                }
                if (ticketGrantingTicket == null) {
                    return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[]{serviceCredentialsFromRequest.getId()});
                }
            }
            Assertion validateServiceTicket = this.centralAuthenticationService.validateServiceTicket(artifactId, extractService);
            ValidationSpecification commandClass = getCommandClass();
            ServletRequestDataBinder servletRequestDataBinder = new ServletRequestDataBinder(commandClass, "validationSpecification");
            initBinder(httpServletRequest, servletRequestDataBinder);
            servletRequestDataBinder.bind(httpServletRequest);
            if (!commandClass.isSatisfiedBy(validateServiceTicket)) {
                this.logger.debug("Service ticket [{}] does not satisfy validation specification.", artifactId);
                return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_TICKET, CasProtocolConstants.ERROR_CODE_INVALID_TICKET, null);
            }
            String str = null;
            if (serviceCredentialsFromRequest != null && this.proxyHandler.canHandle(serviceCredentialsFromRequest)) {
                str = this.proxyHandler.handle(serviceCredentialsFromRequest, ticketGrantingTicket);
                if (StringUtils.isEmpty(str)) {
                    return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[]{serviceCredentialsFromRequest.getId()});
                }
            }
            onSuccessfulValidation(artifactId, validateServiceTicket);
            this.logger.debug("Successfully validated service ticket {} for service [{}]", artifactId, extractService.getId());
            return generateSuccessView(validateServiceTicket, str, extractService, ticketGrantingTicket);
        } catch (UnauthorizedProxyingException e3) {
            return generateErrorView(e3.getMessage(), e3.getMessage(), new Object[]{extractService.getId()});
        } catch (UnauthorizedServiceException e4) {
            return generateErrorView(e4.getMessage(), e4.getMessage(), null);
        } catch (TicketValidationException e5) {
            String code = e5.getCode();
            return generateErrorView(code, code, new Object[]{artifactId, e5.getOriginalService().getId(), extractService.getId()});
        } catch (TicketException e6) {
            return generateErrorView(e6.getCode(), e6.getCode(), new Object[]{artifactId});
        }
    }

    protected void onSuccessfulValidation(String str, Assertion assertion) {
    }

    private ModelAndView generateErrorView(String str, String str2, Object[] objArr) {
        ModelAndView modelAndView = new ModelAndView(this.failureView);
        String message = getMessageSourceAccessor().getMessage(str2, objArr, str2);
        modelAndView.addObject("code", str);
        modelAndView.addObject("description", message);
        return modelAndView;
    }

    private ModelAndView generateSuccessView(Assertion assertion, String str, WebApplicationService webApplicationService, TicketGrantingTicket ticketGrantingTicket) {
        ModelAndView modelAndView = new ModelAndView(this.successView);
        modelAndView.addObject(CasViewConstants.MODEL_ATTRIBUTE_NAME_ASSERTION, assertion);
        modelAndView.addObject(CasViewConstants.MODEL_ATTRIBUTE_NAME_SERVICE, webApplicationService);
        modelAndView.addObject("pgtIou", str);
        if (ticketGrantingTicket != null) {
            modelAndView.addObject("proxyGrantingTicket", ticketGrantingTicket.getId());
        }
        Map<String, ?> augmentSuccessViewModelObjects = augmentSuccessViewModelObjects(assertion);
        if (augmentSuccessViewModelObjects != null) {
            modelAndView.addAllObjects(augmentSuccessViewModelObjects);
        }
        return modelAndView;
    }

    protected Map<String, ?> augmentSuccessViewModelObjects(Assertion assertion) {
        return Collections.emptyMap();
    }

    private ValidationSpecification getCommandClass() {
        try {
            return (ValidationSpecification) this.validationSpecificationClass.newInstance();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.jasig.cas.web.DelegateController
    public boolean canHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return true;
    }

    public final void setCentralAuthenticationService(CentralAuthenticationService centralAuthenticationService) {
        this.centralAuthenticationService = centralAuthenticationService;
    }

    public final void setArgumentExtractor(ArgumentExtractor argumentExtractor) {
        this.argumentExtractor = argumentExtractor;
    }

    public final void setValidationSpecificationClass(Class<?> cls) {
        this.validationSpecificationClass = cls;
    }

    public final void setFailureView(String str) {
        this.failureView = str;
    }

    public final void setSuccessView(String str) {
        this.successView = str;
    }

    public final void setProxyHandler(ProxyHandler proxyHandler) {
        this.proxyHandler = proxyHandler;
    }

    public final void setServicesManager(ServicesManager servicesManager) {
        this.servicesManager = servicesManager;
    }

    private void verifyRegisteredServiceProperties(RegisteredService registeredService, Service service) {
        if (registeredService == null) {
            String format = String.format("ServiceManagement: Unauthorized Service Access. Service [%s] is not found in service registry.", service.getId());
            this.logger.warn(format);
            throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, format);
        }
        if (registeredService.getAccessStrategy().isServiceAccessAllowed()) {
            return;
        }
        String format2 = String.format("ServiceManagement: Unauthorized Service Access. Service [%s] is not enabled in service registry.", service.getId());
        this.logger.warn(format2);
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, format2);
    }
}
