package org.apereo.cas.web.flow.account;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.Serializable;
import java.time.Clock;
import java.time.LocalDate;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.apereo.cas.audit.AuditTrailExecutionPlan;
import org.apereo.cas.authentication.CredentialMetaData;
import org.apereo.cas.authentication.DetailedCredentialMetaData;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationService;
import org.apereo.cas.authentication.metadata.ClientInfoAuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.cas.util.ISOStandardDateFormat;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.web.flow.actions.BaseCasWebflowAction;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.audit.AuditActionContext;
import org.apereo.inspektr.audit.AuditTrailManager;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-actions-core-6.6.15.jar:org/apereo/cas/web/flow/account/PrepareAccountProfileViewAction.class */
public class PrepareAccountProfileViewAction extends BaseCasWebflowAction {
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(false).build().toObjectMapper();
    private final TicketRegistry ticketRegistry;
    private final ServicesManager servicesManager;
    private final CasConfigurationProperties casProperties;
    private final AuditTrailExecutionPlan auditTrailManager;
    private final GeoLocationService geoLocationService;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/cas-server-support-actions-core-6.6.15.jar:org/apereo/cas/web/flow/account/PrepareAccountProfileViewAction$AccountAuditActionContext.class */
    public static class AccountAuditActionContext extends AuditActionContext {
        private static final long serialVersionUID = 8935451143814878214L;
        private final String json;

        AccountAuditActionContext(AuditActionContext auditActionContext) {
            super(auditActionContext.getPrincipal(), auditActionContext.getResourceOperatedUpon(), auditActionContext.getActionPerformed(), auditActionContext.getApplicationCode(), auditActionContext.getWhenActionWasPerformed(), auditActionContext.getClientIpAddress(), auditActionContext.getServerIpAddress(), auditActionContext.getUserAgent());
            this.json = (String) FunctionUtils.doUnchecked(() -> {
                return PrepareAccountProfileViewAction.MAPPER.writerWithDefaultPrettyPrinter().writeValueAsString(this);
            });
        }

        @Generated
        public String getJson() {
            return this.json;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/cas-server-support-actions-core-6.6.15.jar:org/apereo/cas/web/flow/account/PrepareAccountProfileViewAction$SingleSignOnSession.class */
    public class SingleSignOnSession implements Serializable {
        private static final long serialVersionUID = 8935451143814878214L;
        private final String payload;
        private final String principal;
        private final String authenticationDate;
        private final String userAgent;
        private final String clientIpAddress;
        private final String geoLocation;

        SingleSignOnSession(TicketGrantingTicket ticketGrantingTicket) {
            this.principal = ticketGrantingTicket.getAuthentication().getPrincipal().getId();
            Stream<CredentialMetaData> filter = ticketGrantingTicket.getAuthentication().getCredentials().stream().filter(credentialMetaData -> {
                return credentialMetaData instanceof DetailedCredentialMetaData;
            });
            Class<DetailedCredentialMetaData> cls = DetailedCredentialMetaData.class;
            Objects.requireNonNull(DetailedCredentialMetaData.class);
            this.userAgent = (String) filter.map((v1) -> {
                return r2.cast(v1);
            }).filter(detailedCredentialMetaData -> {
                return detailedCredentialMetaData.getProperties().containsKey(DetailedCredentialMetaData.PROPERTY_USER_AGENT);
            }).map(detailedCredentialMetaData2 -> {
                return detailedCredentialMetaData2.getProperties().get(DetailedCredentialMetaData.PROPERTY_USER_AGENT).toString();
            }).findFirst().orElse("");
            this.clientIpAddress = (String) CollectionUtils.firstElement(ticketGrantingTicket.getAuthentication().getAttributes().get(ClientInfoAuthenticationMetaDataPopulator.ATTRIBUTE_CLIENT_IP_ADDRESS)).map((v0) -> {
                return v0.toString();
            }).orElse("");
            this.authenticationDate = new ISOStandardDateFormat().format(DateTimeUtils.dateOf(ticketGrantingTicket.getAuthentication().getAuthenticationDate()));
            this.geoLocation = (String) FunctionUtils.doIf(BeanSupplier.isNotProxy(PrepareAccountProfileViewAction.this.geoLocationService), () -> {
                return PrepareAccountProfileViewAction.this.geoLocationService.locate(this.clientIpAddress).build();
            }, () -> {
                return "N/A";
            }).get();
            this.payload = (String) FunctionUtils.doUnchecked(() -> {
                return PrepareAccountProfileViewAction.MAPPER.writerWithDefaultPrettyPrinter().writeValueAsString(this);
            });
        }

        @Generated
        public String getPayload() {
            return this.payload;
        }

        @Generated
        public String getPrincipal() {
            return this.principal;
        }

        @Generated
        public String getAuthenticationDate() {
            return this.authenticationDate;
        }

        @Generated
        public String getUserAgent() {
            return this.userAgent;
        }

        @Generated
        public String getClientIpAddress() {
            return this.clientIpAddress;
        }

        @Generated
        public String getGeoLocation() {
            return this.geoLocation;
        }
    }

    @Override // org.springframework.webflow.action.AbstractAction
    protected Event doExecute(RequestContext requestContext) throws Exception {
        String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
        ((Optional) FunctionUtils.doAndHandle(() -> {
            return Optional.of((TicketGrantingTicket) this.ticketRegistry.getTicket(ticketGrantingTicketId, TicketGrantingTicket.class));
        }, th -> {
            return Optional.empty();
        }).get()).ifPresent(ticketGrantingTicket -> {
            WebUtils.putAuthentication(ticketGrantingTicket.getAuthentication(), requestContext);
            WebApplicationService service = WebUtils.getService(requestContext);
            if (this.casProperties.getView().isAuthorizedServicesOnSuccessfulLogin()) {
                buildAuthorizedServices(requestContext, ticketGrantingTicket, service);
            }
            buildAuditLogRecords(requestContext, ticketGrantingTicket);
            buildActiveSingleSignOnSessions(requestContext, ticketGrantingTicket);
        });
        return success();
    }

    protected void buildActiveSingleSignOnSessions(RequestContext requestContext, TicketGrantingTicket ticketGrantingTicket) {
        Stream<? extends Ticket> sessionsFor = this.ticketRegistry.getSessionsFor(ticketGrantingTicket.getAuthentication().getPrincipal().getId());
        Class<TicketGrantingTicket> cls = TicketGrantingTicket.class;
        Objects.requireNonNull(TicketGrantingTicket.class);
        WebUtils.putSingleSignOnSessions(requestContext, (List) sessionsFor.map((v1) -> {
            return r1.cast(v1);
        }).map(ticketGrantingTicket2 -> {
            return new SingleSignOnSession(ticketGrantingTicket2);
        }).collect(Collectors.toList()));
    }

    protected void buildAuthorizedServices(RequestContext requestContext, TicketGrantingTicket ticketGrantingTicket, WebApplicationService webApplicationService) {
        Map<String, Object> merge = CollectionUtils.merge(ticketGrantingTicket.getAuthentication().getAttributes(), ticketGrantingTicket.getAuthentication().getPrincipal().getAttributes());
        WebUtils.putAuthorizedServices(requestContext, (List) this.servicesManager.getAllServices().stream().filter(registeredService -> {
            return ((Boolean) FunctionUtils.doAndHandle(() -> {
                return Boolean.valueOf(RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(webApplicationService, registeredService, ticketGrantingTicket.getAuthentication().getPrincipal().getId(), merge));
            }, th -> {
                return false;
            }).get()).booleanValue();
        }).collect(Collectors.toList()));
    }

    protected void buildAuditLogRecords(RequestContext requestContext, TicketGrantingTicket ticketGrantingTicket) {
        List list = (List) this.auditTrailManager.getAuditRecords(Map.of(AuditTrailManager.WhereClauseFields.DATE, LocalDate.now(Clock.systemUTC()).minusMonths(2L), AuditTrailManager.WhereClauseFields.PRINCIPAL, ticketGrantingTicket.getAuthentication().getPrincipal().getId())).stream().sorted(Comparator.comparing((v0) -> {
            return v0.getWhenActionWasPerformed();
        }).reversed()).map(AccountAuditActionContext::new).collect(Collectors.toList());
        FunctionUtils.doIf(!list.isEmpty(), obj -> {
            requestContext.getFlowScope().put("auditLog", list);
        }).accept(list);
    }

    @Generated
    public PrepareAccountProfileViewAction(TicketRegistry ticketRegistry, ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties, AuditTrailExecutionPlan auditTrailExecutionPlan, GeoLocationService geoLocationService) {
        this.ticketRegistry = ticketRegistry;
        this.servicesManager = servicesManager;
        this.casProperties = casConfigurationProperties;
        this.auditTrailManager = auditTrailExecutionPlan;
        this.geoLocationService = geoLocationService;
    }
}
