package net.shibboleth.idp.cas.flow.impl;

import com.google.common.base.Function;
import javax.annotation.Nonnull;
import net.shibboleth.idp.authn.AuthenticationResult;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.cas.config.impl.ConfigLookupFunction;
import net.shibboleth.idp.cas.config.impl.LoginConfiguration;
import net.shibboleth.idp.cas.protocol.ProtocolError;
import net.shibboleth.idp.cas.protocol.ServiceTicketRequest;
import net.shibboleth.idp.cas.protocol.ServiceTicketResponse;
import net.shibboleth.idp.cas.ticket.ServiceTicket;
import net.shibboleth.idp.cas.ticket.TicketServiceEx;
import net.shibboleth.idp.cas.ticket.TicketState;
import net.shibboleth.idp.session.IdPSession;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.joda.time.DateTime;
import org.joda.time.Instant;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:net/shibboleth/idp/cas/flow/impl/GrantServiceTicketAction.class */
public class GrantServiceTicketAction extends AbstractCASProtocolAction<ServiceTicketRequest, ServiceTicketResponse> {
    private final Logger log = LoggerFactory.getLogger(GrantServiceTicketAction.class);
    private final ConfigLookupFunction<LoginConfiguration> configLookupFunction = new ConfigLookupFunction<>(LoginConfiguration.class);

    @Nonnull
    private final Function<ProfileRequestContext, AuthenticationContext> authnCtxLookupFunction = new ChildContextLookup(AuthenticationContext.class);

    @Nonnull
    private final TicketServiceEx ticketServiceEx;

    public GrantServiceTicketAction(@Nonnull TicketServiceEx ticketServiceEx) {
        this.ticketServiceEx = (TicketServiceEx) Constraint.isNotNull(ticketServiceEx, "TicketService cannot be null");
    }

    @Nonnull
    protected Event doExecute(@Nonnull RequestContext requestContext, @Nonnull ProfileRequestContext profileRequestContext) {
        ServiceTicketRequest cASRequest = getCASRequest(profileRequestContext);
        IdPSession idPSession = getIdPSession(profileRequestContext);
        LoginConfiguration apply = this.configLookupFunction.apply(profileRequestContext);
        if (apply == null) {
            throw new IllegalStateException("Service ticket configuration undefined");
        }
        if (apply.getSecurityConfiguration() == null || apply.getSecurityConfiguration().getIdGenerator() == null) {
            throw new IllegalStateException("Invalid service ticket configuration: SecurityConfiguration#idGenerator undefined");
        }
        AuthenticationContext authenticationContext = (AuthenticationContext) this.authnCtxLookupFunction.apply(profileRequestContext);
        AuthenticationResult authenticationResult = authenticationContext != null ? authenticationContext.getAuthenticationResult() : getLatestAuthenticationResult(idPSession);
        try {
            this.log.debug("Granting service ticket for {}", cASRequest.getService());
            ServiceTicket createServiceTicket = this.ticketServiceEx.createServiceTicket(apply.getSecurityConfiguration().getIdGenerator().generateIdentifier(), DateTime.now().plus(apply.getTicketValidityPeriod()).toInstant(), cASRequest.getService(), new TicketState(idPSession.getId(), idPSession.getPrincipalName(), new Instant(authenticationResult.getAuthenticationInstant()), authenticationResult.getAuthenticationFlowId()), cASRequest.isRenew());
            this.log.info("Granted service ticket for {}", cASRequest.getService());
            ServiceTicketResponse serviceTicketResponse = new ServiceTicketResponse(cASRequest.getService(), createServiceTicket.getId());
            if (cASRequest.isSAML()) {
                serviceTicketResponse.setSaml(true);
            }
            setCASResponse(profileRequestContext, serviceTicketResponse);
            return null;
        } catch (RuntimeException e) {
            this.log.error("Failed granting service ticket due to error.", e);
            return ProtocolError.TicketCreationError.event(this);
        }
    }

    private AuthenticationResult getLatestAuthenticationResult(IdPSession idPSession) {
        AuthenticationResult authenticationResult = null;
        for (AuthenticationResult authenticationResult2 : idPSession.getAuthenticationResults()) {
            if (authenticationResult == null || authenticationResult2.getAuthenticationInstant() > authenticationResult.getAuthenticationInstant()) {
                authenticationResult = authenticationResult2;
            }
        }
        if (authenticationResult == null) {
            throw new IllegalStateException("Cannot find authentication results in IdP session");
        }
        return authenticationResult;
    }
}
