package org.apereo.cas.web.flow;

import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.principal.NullPrincipal;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-actions-5.1.5.jar:org/apereo/cas/web/flow/GenericSuccessViewAction.class */
public class GenericSuccessViewAction extends AbstractAction {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) GenericSuccessViewAction.class);
    private final CentralAuthenticationService centralAuthenticationService;
    private final ServicesManager servicesManager;
    private final ServiceFactory serviceFactory;
    private final String redirectUrl;

    public GenericSuccessViewAction(CentralAuthenticationService centralAuthenticationService, ServicesManager servicesManager, ServiceFactory serviceFactory, String str) {
        this.centralAuthenticationService = centralAuthenticationService;
        this.servicesManager = servicesManager;
        this.serviceFactory = serviceFactory;
        this.redirectUrl = str;
    }

    @Override // org.springframework.webflow.action.AbstractAction
    protected Event doExecute(RequestContext requestContext) throws Exception {
        if (StringUtils.isNotBlank(this.redirectUrl)) {
            Service createService = this.serviceFactory.createService(this.redirectUrl);
            RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(createService, this.servicesManager.findServiceBy(createService));
            requestContext.getExternalContext().requestExternalRedirect(createService.getId());
        } else {
            WebUtils.putPrincipal(requestContext, getAuthenticationPrincipal(WebUtils.getTicketGrantingTicketId(requestContext)));
        }
        return success();
    }

    public Principal getAuthenticationPrincipal(String str) {
        try {
            return ((TicketGrantingTicket) this.centralAuthenticationService.getTicket(str, TicketGrantingTicket.class)).getAuthentication().getPrincipal();
        } catch (InvalidTicketException e) {
            LOGGER.warn("Ticket-granting ticket [{}] cannot be found in the ticket registry.", e.getMessage());
            LOGGER.debug(e.getMessage(), (Throwable) e);
            LOGGER.warn("In the absence of valid TGT, the authentication principal cannot be determined. Returning [{}]", NullPrincipal.class.getSimpleName());
            return NullPrincipal.getInstance();
        }
    }
}
