package org.apereo.cas.web.flow.action;

import java.util.HashMap;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationResultBuilder;
import org.apereo.cas.authentication.MutableCredential;
import org.apereo.cas.authentication.SurrogateAuthenticationPrincipalBuilder;
import org.apereo.cas.authentication.surrogate.SurrogateCredentialTrait;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.web.flow.actions.BaseCasWebflowAction;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.audit.annotation.Audit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/action/SurrogateSelectionAction.class */
public class SurrogateSelectionAction extends BaseCasWebflowAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SurrogateSelectionAction.class);
    public static final String PARAMETER_NAME_SURROGATE_TARGET = "surrogateTarget";
    private final SurrogateAuthenticationPrincipalBuilder surrogatePrincipalBuilder;

    @Audit(action = "SURROGATE_AUTHENTICATION_ELIGIBILITY_SELECTION", actionResolverName = "SURROGATE_AUTHENTICATION_ELIGIBILITY_SELECTION_ACTION_RESOLVER", resourceResolverName = "SURROGATE_AUTHENTICATION_ELIGIBILITY_SELECTION_RESOURCE_RESOLVER")
    protected Event doExecuteInternal(RequestContext requestContext) {
        HashMap hashMap = new HashMap();
        try {
            MutableCredential credential = WebUtils.getCredential(requestContext);
            if (credential instanceof MutableCredential) {
                MutableCredential mutableCredential = credential;
                String str = (String) WebUtils.getRequestParameterOrAttribute(requestContext, PARAMETER_NAME_SURROGATE_TARGET).orElse("");
                LOGGER.debug("Located surrogate target as [{}]", str);
                if (StringUtils.isNotBlank(str)) {
                    hashMap.put(PARAMETER_NAME_SURROGATE_TARGET, str);
                    RegisteredService registeredService = WebUtils.getRegisteredService(requestContext);
                    AuthenticationResultBuilder authenticationResultBuilder = WebUtils.getAuthenticationResultBuilder(requestContext);
                    mutableCredential.getCredentialMetadata().addTrait(new SurrogateCredentialTrait(str));
                    this.surrogatePrincipalBuilder.buildSurrogateAuthenticationResult(authenticationResultBuilder, mutableCredential, registeredService).ifPresent(authenticationResultBuilder2 -> {
                        WebUtils.putAuthenticationResultBuilder(authenticationResultBuilder2, requestContext);
                    });
                } else {
                    LOGGER.warn("No surrogate identifier was selected or provided");
                }
                hashMap.put("primary", credential.getId());
            } else {
                LOGGER.debug("Credential is not supported [{}]", credential);
            }
            return success(hashMap);
        } catch (Throwable th) {
            WebUtils.addErrorMessageToContext(requestContext, "screen.surrogates.account.selection.error", "Unable to accept or authorize selection");
            LoggingUtils.error(LOGGER, th);
            return error(new RuntimeException(th));
        }
    }

    @Generated
    public SurrogateSelectionAction(SurrogateAuthenticationPrincipalBuilder surrogateAuthenticationPrincipalBuilder) {
        this.surrogatePrincipalBuilder = surrogateAuthenticationPrincipalBuilder;
    }
}
