package org.pac4j.cas.credentials.authenticator;

import java.util.HashMap;
import java.util.Map;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.TicketValidationException;
import org.pac4j.cas.config.CasConfiguration;
import org.pac4j.cas.profile.CasProfileDefinition;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.credentials.TokenCredentials;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.http.callback.CallbackUrlResolver;
import org.pac4j.core.http.url.UrlResolver;
import org.pac4j.core.profile.ProfileHelper;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.profile.definition.ProfileDefinitionAware;
import org.pac4j.core.util.CommonHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-cas-5.1.0.jar:org/pac4j/cas/credentials/authenticator/CasAuthenticator.class */
public class CasAuthenticator extends ProfileDefinitionAware implements Authenticator {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) CasAuthenticator.class);
    protected CasConfiguration configuration;
    protected String clientName;
    protected UrlResolver urlResolver;
    protected CallbackUrlResolver callbackUrlResolver;
    protected String callbackUrl;

    public CasAuthenticator(CasConfiguration casConfiguration, String str, UrlResolver urlResolver, CallbackUrlResolver callbackUrlResolver, String str2) {
        this.configuration = casConfiguration;
        this.clientName = str;
        this.urlResolver = urlResolver;
        this.callbackUrlResolver = callbackUrlResolver;
        this.callbackUrl = str2;
    }

    @Override // org.pac4j.core.util.InitializableObject
    protected void internalInit() {
        CommonHelper.assertNotNull("urlResolver", this.urlResolver);
        CommonHelper.assertNotNull("callbackUrlResolver", this.callbackUrlResolver);
        CommonHelper.assertNotBlank("clientName", this.clientName);
        CommonHelper.assertNotBlank("callbackUrl", this.callbackUrl);
        CommonHelper.assertNotNull("configuration", this.configuration);
        defaultProfileDefinition(new CasProfileDefinition());
    }

    @Override // org.pac4j.core.credentials.authenticator.Authenticator
    public void validate(Credentials credentials, WebContext webContext, SessionStore sessionStore) {
        init();
        TokenCredentials tokenCredentials = (TokenCredentials) credentials;
        String token = tokenCredentials.getToken();
        try {
            Assertion validate = this.configuration.retrieveTicketValidator(webContext).validate(token, this.callbackUrlResolver.compute(this.urlResolver, this.callbackUrl, this.clientName, webContext));
            AttributePrincipal principal = validate.getPrincipal();
            logger.debug("principal: {}", principal);
            String name = principal.getName();
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            Map<String, Object> attributes = principal.getAttributes();
            Map<String, Object> attributes2 = validate.getAttributes();
            if (attributes != null) {
                attributes.entrySet().stream().forEach(entry -> {
                    hashMap.put((String) entry.getKey(), entry.getValue());
                });
            }
            if (attributes2 != null) {
                attributes2.entrySet().stream().forEach(entry2 -> {
                    hashMap2.put((String) entry2.getKey(), entry2.getValue());
                });
            }
            UserProfile newProfile = getProfileDefinition().newProfile(name, this.configuration.getProxyReceptor(), principal);
            newProfile.setId(ProfileHelper.sanitizeIdentifier(name));
            getProfileDefinition().convertAndAdd(newProfile, hashMap, hashMap2);
            logger.debug("profile returned by CAS: {}", newProfile);
            tokenCredentials.setUserProfile(newProfile);
        } catch (TicketValidationException e) {
            throw new TechnicalException("cannot validate CAS ticket: " + token, e);
        }
    }
}
