package org.apereo.cas.support.pac4j.authentication.handler.support;

import java.security.GeneralSecurityException;
import java.util.Objects;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.principal.ClientCredential;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.provision.DelegatedClientUserProfileProvisioner;
import org.apereo.cas.integration.pac4j.authentication.handler.support.AbstractPac4jAuthenticationHandler;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.support.WebUtils;
import org.pac4j.core.client.BaseClient;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.UserProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-pac4j-core-clients-6.3.7.4.jar:org/apereo/cas/support/pac4j/authentication/handler/support/DelegatedClientAuthenticationHandler.class */
public class DelegatedClientAuthenticationHandler extends AbstractPac4jAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DelegatedClientAuthenticationHandler.class);
    private final Clients clients;
    private final DelegatedClientUserProfileProvisioner profileProvisioner;
    private final SessionStore<JEEContext> sessionStore;

    public DelegatedClientAuthenticationHandler(String str, Integer num, ServicesManager servicesManager, PrincipalFactory principalFactory, Clients clients, DelegatedClientUserProfileProvisioner delegatedClientUserProfileProvisioner, SessionStore<JEEContext> sessionStore) {
        super(str, servicesManager, principalFactory, num);
        this.clients = clients;
        this.profileProvisioner = delegatedClientUserProfileProvisioner;
        this.sessionStore = sessionStore;
    }

    @Override // org.apereo.cas.authentication.AuthenticationHandler
    public boolean supports(Credential credential) {
        return credential != null && ClientCredential.class.isAssignableFrom(credential.getClass());
    }

    @Override // org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler
    protected AuthenticationHandlerExecutionResult doAuthentication(Credential credential) throws GeneralSecurityException, PreventedException {
        try {
            ClientCredential clientCredential = (ClientCredential) credential;
            LOGGER.debug("Located client credentials as [{}]", clientCredential);
            LOGGER.trace("Client name: [{}]", clientCredential.getClientName());
            Optional<Client> findClient = this.clients.findClient(clientCredential.getClientName());
            if (findClient.isEmpty()) {
                throw new IllegalArgumentException("Unable to determine client based on client name " + clientCredential.getClientName());
            }
            BaseClient baseClient = (BaseClient) BaseClient.class.cast(findClient.get());
            LOGGER.trace("Delegated client is: [{}]", baseClient);
            JEEContext jEEContext = new JEEContext((HttpServletRequest) Objects.requireNonNull(WebUtils.getHttpServletRequestFromExternalWebflowContext()), (HttpServletResponse) Objects.requireNonNull(WebUtils.getHttpServletResponseFromExternalWebflowContext()), this.sessionStore);
            Optional<UserProfile> ofNullable = Optional.ofNullable(clientCredential.getUserProfile());
            if (ofNullable.isEmpty()) {
                ofNullable = baseClient.getUserProfile(clientCredential.getCredentials(), jEEContext);
            }
            if (ofNullable.isEmpty()) {
                throw new PreventedException("Unable to fetch user profile from client " + baseClient.getName());
            }
            CommonProfile commonProfile = (CommonProfile) ofNullable.get();
            LOGGER.debug("Final user profile is: [{}]", commonProfile);
            storeUserProfile(jEEContext, commonProfile);
            return createResult(clientCredential, commonProfile, baseClient);
        } catch (Exception e) {
            throw new PreventedException(e);
        }
    }

    @Override // org.apereo.cas.integration.pac4j.authentication.handler.support.AbstractPac4jAuthenticationHandler
    protected void preFinalizeAuthenticationHandlerResult(ClientCredential clientCredential, Principal principal, CommonProfile commonProfile, BaseClient baseClient) {
        this.profileProvisioner.execute(principal, commonProfile, baseClient);
    }
}
