package org.apereo.cas.web.flow.login;

import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.RegexUtils;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.support.WebUtils;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;
import org.springframework.webflow.execution.repository.NoSuchFlowExecutionException;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-actions-6.2.8.jar:org/apereo/cas/web/flow/login/VerifyRequiredServiceAction.class */
public class VerifyRequiredServiceAction extends AbstractAction {
    private final ServicesManager servicesManager;
    private final CasCookieBuilder ticketGrantingTicketCookieGenerator;
    private final CasConfigurationProperties casProperties;
    private final TicketRegistrySupport ticketRegistrySupport;

    @Override // org.springframework.webflow.action.AbstractAction
    public Event doExecute(RequestContext requestContext) {
        String retrieveCookieValue = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext));
        String requiredServicePattern = this.casProperties.getSso().getRequiredServicePattern();
        if (StringUtils.isNotBlank(requiredServicePattern)) {
            enforceInitialMandatoryService(requestContext, retrieveCookieValue, RegexUtils.createPattern(requiredServicePattern));
        }
        return success();
    }

    protected void enforceInitialMandatoryService(RequestContext requestContext, String str, Pattern pattern) {
        if (shouldSkipRequiredServiceCheck(requestContext, pattern)) {
            return;
        }
        List<Service> collectServicesToMatch = collectServicesToMatch(requestContext, str);
        if (!collectServicesToMatch.isEmpty() && !collectServicesToMatch.stream().anyMatch(service -> {
            return RegexUtils.find(pattern, service.getId());
        })) {
            throw new NoSuchFlowExecutionException(requestContext.getFlowExecutionContext().getKey(), new UnauthorizedServiceException("screen.service.initial.message", "Service is required"));
        }
    }

    protected boolean shouldSkipRequiredServiceCheck(RequestContext requestContext, Pattern pattern) {
        WebApplicationService service = WebUtils.getService(requestContext);
        if (service == null) {
            return false;
        }
        if (RegexUtils.find(pattern, service.getId())) {
            return true;
        }
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(service);
        return findServiceBy != null && RegisteredServiceProperty.RegisteredServiceProperties.SKIP_REQUIRED_SERVICE_CHECK.isAssignedTo(findServiceBy);
    }

    protected List<Service> collectServicesToMatch(RequestContext requestContext, String str) {
        ArrayList arrayList = new ArrayList();
        TicketGrantingTicket ticketGrantingTicket = StringUtils.isNotBlank(str) ? this.ticketRegistrySupport.getTicketGrantingTicket(str) : null;
        if (ticketGrantingTicket != null) {
            arrayList.addAll(ticketGrantingTicket.getServices().values());
        }
        return arrayList;
    }

    @Generated
    public VerifyRequiredServiceAction(ServicesManager servicesManager, CasCookieBuilder casCookieBuilder, CasConfigurationProperties casConfigurationProperties, TicketRegistrySupport ticketRegistrySupport) {
        this.servicesManager = servicesManager;
        this.ticketGrantingTicketCookieGenerator = casCookieBuilder;
        this.casProperties = casConfigurationProperties;
        this.ticketRegistrySupport = ticketRegistrySupport;
    }

    @Generated
    public ServicesManager getServicesManager() {
        return this.servicesManager;
    }

    @Generated
    public CasCookieBuilder getTicketGrantingTicketCookieGenerator() {
        return this.ticketGrantingTicketCookieGenerator;
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }

    @Generated
    public TicketRegistrySupport getTicketRegistrySupport() {
        return this.ticketRegistrySupport;
    }
}
