package org.apereo.cas.web.flow.action;

import java.util.ArrayList;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.SurrogatePrincipalBuilder;
import org.apereo.cas.authentication.SurrogateUsernamePasswordCredential;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.web.flow.actions.BaseCasWebflowAction;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/action/LoadSurrogatesListAction.class */
public class LoadSurrogatesListAction extends BaseCasWebflowAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(LoadSurrogatesListAction.class);
    private final SurrogateAuthenticationService surrogateService;
    private final SurrogatePrincipalBuilder surrogatePrincipalBuilder;

    private boolean loadSurrogates(RequestContext requestContext) {
        Credential credential = WebUtils.getCredential(requestContext);
        if (!(credential instanceof UsernamePasswordCredential)) {
            LOGGER.debug("Current credential in the webflow is not one of [{}]", UsernamePasswordCredential.class.getName());
            return false;
        }
        String id = credential.getId();
        LOGGER.debug("Loading eligible accounts for [{}] to proxy", id);
        ArrayList arrayList = (ArrayList) this.surrogateService.getImpersonationAccounts(id).stream().sorted().distinct().collect(Collectors.toCollection(ArrayList::new));
        LOGGER.debug("Surrogate accounts found are [{}]", arrayList);
        if (arrayList.isEmpty()) {
            LOGGER.debug("No surrogate accounts could be located for [{}]", id);
            return false;
        }
        if (!arrayList.contains(id) && !this.surrogateService.isWildcardedAccount(arrayList)) {
            arrayList.add(0, id);
        }
        WebUtils.putSurrogateAuthenticationAccounts(requestContext, arrayList);
        return true;
    }

    protected Event doExecute(RequestContext requestContext) {
        try {
            if (WebUtils.hasSurrogateAuthenticationRequest(requestContext)) {
                WebUtils.removeSurrogateAuthenticationRequest(requestContext);
                LOGGER.trace("Attempting to load surrogates...");
                if (loadSurrogates(requestContext)) {
                    return this.surrogateService.isWildcardedAccount(WebUtils.getSurrogateAuthenticationAccounts(requestContext)) ? new Event(this, "surrogateWildcardView") : new Event(this, "surrogateListView");
                }
                return new EventFactorySupport().event(this, "skipSurrogateView");
            }
            SurrogateUsernamePasswordCredential credential = WebUtils.getCredential(requestContext);
            if (credential instanceof SurrogateUsernamePasswordCredential) {
                this.surrogatePrincipalBuilder.buildSurrogateAuthenticationResult(WebUtils.getAuthenticationResultBuilder(requestContext), credential, credential.getSurrogateUsername(), WebUtils.getRegisteredService(requestContext)).ifPresent(authenticationResultBuilder -> {
                    WebUtils.putAuthenticationResultBuilder(authenticationResultBuilder, requestContext);
                });
            }
            return success();
        } catch (Exception e) {
            requestContext.getMessageContext().addMessage(new MessageBuilder().error().source("surrogate").code("screen.surrogates.account.selection.error").defaultText("Unable to accept or authorize selection").build());
            LoggingUtils.error(LOGGER, e);
            return error(e);
        }
    }

    @Generated
    public LoadSurrogatesListAction(SurrogateAuthenticationService surrogateAuthenticationService, SurrogatePrincipalBuilder surrogatePrincipalBuilder) {
        this.surrogateService = surrogateAuthenticationService;
        this.surrogatePrincipalBuilder = surrogatePrincipalBuilder;
    }
}
