package net.shibboleth.idp.cas.flow.impl;

import javax.annotation.Nonnull;
import net.shibboleth.idp.cas.config.impl.ConfigLookupFunction;
import net.shibboleth.idp.cas.config.impl.LoginConfiguration;
import net.shibboleth.idp.cas.config.impl.ProxyConfiguration;
import net.shibboleth.idp.cas.config.impl.ValidateConfiguration;
import net.shibboleth.idp.cas.protocol.ProtocolError;
import net.shibboleth.idp.cas.protocol.TicketValidationRequest;
import net.shibboleth.idp.cas.protocol.TicketValidationResponse;
import net.shibboleth.idp.cas.ticket.ProxyTicket;
import net.shibboleth.idp.cas.ticket.ServiceTicket;
import net.shibboleth.idp.cas.ticket.TicketService;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:net/shibboleth/idp/cas/flow/impl/ValidateTicketAction.class */
public class ValidateTicketAction extends AbstractCASProtocolAction<TicketValidationRequest, TicketValidationResponse> {
    private final Logger log = LoggerFactory.getLogger(ValidateTicketAction.class);
    private final ConfigLookupFunction<ValidateConfiguration> configLookupFunction = new ConfigLookupFunction<>(ValidateConfiguration.class);

    @Nonnull
    private final TicketService ticketService;

    public ValidateTicketAction(@Nonnull TicketService ticketService) {
        this.ticketService = (TicketService) Constraint.isNotNull(ticketService, "TicketService cannot be null");
    }

    @Nonnull
    protected Event doExecute(@Nonnull RequestContext requestContext, @Nonnull ProfileRequestContext profileRequestContext) {
        ServiceTicket removeProxyTicket;
        ValidateConfiguration apply = this.configLookupFunction.apply(profileRequestContext);
        if (apply == null) {
            this.log.info("Ticket validation configuration undefined");
            return ProtocolError.IllegalState.event(this);
        }
        TicketValidationRequest cASRequest = getCASRequest(profileRequestContext);
        try {
            String ticket = cASRequest.getTicket();
            this.log.debug("Attempting to validate {}", ticket);
            if (ticket.startsWith(LoginConfiguration.DEFAULT_TICKET_PREFIX)) {
                removeProxyTicket = this.ticketService.removeServiceTicket(cASRequest.getTicket());
            } else {
                if (!ticket.startsWith(ProxyConfiguration.DEFAULT_TICKET_PREFIX)) {
                    return ProtocolError.InvalidTicketFormat.event(this);
                }
                removeProxyTicket = this.ticketService.removeProxyTicket(ticket);
            }
            if (removeProxyTicket != null) {
                this.log.debug("Found and removed {}/{} from ticket store", removeProxyTicket, removeProxyTicket.getSessionId());
            }
            if (removeProxyTicket == null || removeProxyTicket.getExpirationInstant().isBeforeNow()) {
                return ProtocolError.TicketExpired.event(this);
            }
            if (apply.getServiceComparator().compare(removeProxyTicket.getService(), cASRequest.getService()) != 0) {
                this.log.debug("Service issued for {} does not match {}", removeProxyTicket.getService(), cASRequest.getService());
                return ProtocolError.ServiceMismatch.event(this);
            }
            this.log.info("Successfully validated {} for {}", cASRequest.getTicket(), cASRequest.getService());
            setCASResponse(profileRequestContext, new TicketValidationResponse());
            setCASTicket(profileRequestContext, removeProxyTicket);
            return removeProxyTicket instanceof ProxyTicket ? Events.ProxyTicketValidated.event(this) : Events.ServiceTicketValidated.event(this);
        } catch (RuntimeException e) {
            this.log.debug("CAS ticket retrieval failed with error: {}", e);
            return ProtocolError.TicketRetrievalError.event(this);
        }
    }
}
