package org.jasig.cas.support.openid.web.flow;

import javax.validation.constraints.NotNull;
import org.jasig.cas.authentication.Credential;
import org.jasig.cas.support.openid.OpenIdConstants;
import org.jasig.cas.support.openid.authentication.principal.OpenIdCredential;
import org.jasig.cas.support.openid.authentication.principal.OpenIdService;
import org.jasig.cas.support.openid.web.support.DefaultOpenIdUserNameExtractor;
import org.jasig.cas.support.openid.web.support.OpenIdUserNameExtractor;
import org.jasig.cas.ticket.InvalidTicketException;
import org.jasig.cas.ticket.TicketGrantingTicket;
import org.jasig.cas.web.flow.AbstractNonInteractiveCredentialsAction;
import org.jasig.cas.web.support.WebUtils;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/jasig/cas/support/openid/web/flow/OpenIdSingleSignOnAction.class */
public final class OpenIdSingleSignOnAction extends AbstractNonInteractiveCredentialsAction {

    @NotNull
    private OpenIdUserNameExtractor extractor = new DefaultOpenIdUserNameExtractor();

    public void setExtractor(OpenIdUserNameExtractor openIdUserNameExtractor) {
        this.extractor = openIdUserNameExtractor;
    }

    protected Credential constructCredentialsFromRequest(RequestContext requestContext) {
        String extractLocalUsernameFromUri;
        String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
        String str = requestContext.getRequestParameters().get(OpenIdConstants.OPENID_IDENTITY);
        if (OpenIdConstants.OPENID_IDENTIFIERSELECT.equals(str)) {
            extractLocalUsernameFromUri = OpenIdConstants.OPENID_IDENTIFIERSELECT;
            requestContext.getExternalContext().getSessionMap().remove(OpenIdConstants.OPENID_LOCALID);
            if (ticketGrantingTicketId != null) {
                try {
                    extractLocalUsernameFromUri = getCentralAuthenticationService().getTicket(ticketGrantingTicketId, TicketGrantingTicket.class).getAuthentication().getPrincipal().getId();
                } catch (InvalidTicketException e) {
                    this.logger.error("Cannot get TGT", e);
                }
            }
        } else {
            extractLocalUsernameFromUri = this.extractor.extractLocalUsernameFromUri(str);
            requestContext.getExternalContext().getSessionMap().put(OpenIdConstants.OPENID_LOCALID, extractLocalUsernameFromUri);
        }
        if ((WebUtils.getService(requestContext) instanceof OpenIdService) && extractLocalUsernameFromUri == null) {
            requestContext.getFlowScope().remove("service");
        }
        if (ticketGrantingTicketId == null || extractLocalUsernameFromUri == null) {
            return null;
        }
        return new OpenIdCredential(ticketGrantingTicketId, extractLocalUsernameFromUri);
    }
}
