package org.apereo.cas.authentication;

import java.util.stream.Stream;
import org.apache.commons.lang3.SerializationUtils;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.authentication.metadata.BaseAuthenticationMetadataPopulator;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedSsoServiceException;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.ws.idp.services.WSFederationRegisteredService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/authentication/SecurityTokenServiceAuthenticationMetaDataPopulator.class */
public class SecurityTokenServiceAuthenticationMetaDataPopulator extends BaseAuthenticationMetadataPopulator {
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityTokenServiceAuthenticationMetaDataPopulator.class);
    private final ServicesManager servicesManager;
    private final AuthenticationServiceSelectionStrategy selectionStrategy;
    private final CipherExecutor<String, String> credentialCipherExecutor;
    private final SecurityTokenServiceClientBuilder clientBuilder;

    public SecurityTokenServiceAuthenticationMetaDataPopulator(ServicesManager servicesManager, AuthenticationServiceSelectionStrategy authenticationServiceSelectionStrategy, CipherExecutor<String, String> cipherExecutor, SecurityTokenServiceClientBuilder securityTokenServiceClientBuilder) {
        this.servicesManager = servicesManager;
        this.selectionStrategy = authenticationServiceSelectionStrategy;
        this.credentialCipherExecutor = cipherExecutor;
        this.clientBuilder = securityTokenServiceClientBuilder;
    }

    private void invokeSecurityTokenServiceForToken(AuthenticationTransaction authenticationTransaction, AuthenticationBuilder authenticationBuilder, WSFederationRegisteredService wSFederationRegisteredService, SecurityTokenServiceClient securityTokenServiceClient) {
        Stream stream = authenticationTransaction.getCredentials().stream();
        Class<UsernamePasswordCredential> cls = UsernamePasswordCredential.class;
        UsernamePasswordCredential.class.getClass();
        Stream filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<UsernamePasswordCredential> cls2 = UsernamePasswordCredential.class;
        UsernamePasswordCredential.class.getClass();
        UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) filter.map((v1) -> {
            return r1.cast(v1);
        }).findFirst().orElse(null);
        if (usernamePasswordCredential != null) {
            try {
                securityTokenServiceClient.getProperties().put("security.username", usernamePasswordCredential.getUsername());
                securityTokenServiceClient.getProperties().put("security.password", (String) this.credentialCipherExecutor.encode(usernamePasswordCredential.getUsername()));
                authenticationBuilder.addAttribute("securityToken", EncodingUtils.encodeBase64(SerializationUtils.serialize(securityTokenServiceClient.requestSecurityToken(wSFederationRegisteredService.getAppliesTo()))));
            } catch (Exception e) {
                throw new AuthenticationException(e.getMessage());
            }
        }
    }

    public int getOrder() {
        return Integer.MIN_VALUE;
    }

    public void populateAttributes(AuthenticationBuilder authenticationBuilder, AuthenticationTransaction authenticationTransaction) {
        Service resolveServiceFrom;
        if (this.selectionStrategy.supports(authenticationTransaction.getService()) && (resolveServiceFrom = this.selectionStrategy.resolveServiceFrom(authenticationTransaction.getService())) != null) {
            WSFederationRegisteredService wSFederationRegisteredService = (WSFederationRegisteredService) this.servicesManager.findServiceBy(resolveServiceFrom, WSFederationRegisteredService.class);
            if (wSFederationRegisteredService == null || !wSFederationRegisteredService.getAccessStrategy().isServiceAccessAllowed()) {
                LOGGER.warn("Service [{}] is not allowed to use SSO.", wSFederationRegisteredService);
                throw new UnauthorizedSsoServiceException();
            }
            invokeSecurityTokenServiceForToken(authenticationTransaction, authenticationBuilder, wSFederationRegisteredService, this.clientBuilder.buildClientForSecurityTokenRequests(wSFederationRegisteredService));
        }
    }

    public boolean supports(Credential credential) {
        return true;
    }

    public String toString() {
        return new ToStringBuilder(this).appendSuper(super.toString()).toString();
    }
}
