package org.apereo.cas.authentication;

import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.annotation.Resource;
import org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ReloadableServicesManager;
import org.apereo.cas.services.UnauthorizedSsoServiceException;
import org.apereo.inspektr.aspect.TraceLogAspect;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.stereotype.Component;

@RefreshScope
@Component("registeredServiceAuthenticationHandlerResolver")
/* loaded from: input_file:org/apereo/cas/authentication/RegisteredServiceAuthenticationHandlerResolver.class */
public class RegisteredServiceAuthenticationHandlerResolver implements AuthenticationHandlerResolver {
    protected transient Logger logger = LoggerFactory.getLogger(getClass());
    protected ReloadableServicesManager servicesManager;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;

    /* loaded from: input_file:org/apereo/cas/authentication/RegisteredServiceAuthenticationHandlerResolver$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return RegisteredServiceAuthenticationHandlerResolver.resolve_aroundBody0((RegisteredServiceAuthenticationHandlerResolver) objArr2[0], (Set) objArr2[1], (AuthenticationTransaction) objArr2[2], (JoinPoint) objArr2[3]);
        }
    }

    public Set<AuthenticationHandler> resolve(Set<AuthenticationHandler> set, AuthenticationTransaction authenticationTransaction) {
        return (Set) TraceLogAspect.aspectOf().traceMethod(new AjcClosure1(new Object[]{this, set, authenticationTransaction, Factory.makeJP(ajc$tjp_0, this, this, set, authenticationTransaction)}).linkClosureAndJoinPoint(69648));
    }

    @Resource(name = "servicesManager")
    public void setServicesManager(ReloadableServicesManager reloadableServicesManager) {
        this.servicesManager = reloadableServicesManager;
    }

    static {
        ajc$preClinit();
    }

    static final Set resolve_aroundBody0(RegisteredServiceAuthenticationHandlerResolver registeredServiceAuthenticationHandlerResolver, Set set, AuthenticationTransaction authenticationTransaction, JoinPoint joinPoint) {
        Service service = authenticationTransaction.getService();
        if (service != null && registeredServiceAuthenticationHandlerResolver.servicesManager != null) {
            RegisteredService findServiceBy = registeredServiceAuthenticationHandlerResolver.servicesManager.findServiceBy(service);
            if (findServiceBy == null || !findServiceBy.getAccessStrategy().isServiceAccessAllowed()) {
                registeredServiceAuthenticationHandlerResolver.logger.warn("Service [{}] is not allowed to use SSO.", findServiceBy);
                throw new UnauthorizedSsoServiceException();
            }
            if (!findServiceBy.getRequiredHandlers().isEmpty()) {
                registeredServiceAuthenticationHandlerResolver.logger.debug("Authentication transaction requires {} for service {}", findServiceBy.getRequiredHandlers(), service);
                LinkedHashSet linkedHashSet = new LinkedHashSet(set);
                registeredServiceAuthenticationHandlerResolver.logger.info("Candidate authentication handlers examined this transaction are {}", linkedHashSet);
                Iterator it = linkedHashSet.iterator();
                while (it.hasNext()) {
                    AuthenticationHandler authenticationHandler = (AuthenticationHandler) it.next();
                    if (!(authenticationHandler instanceof HttpBasedServiceCredentialsAuthenticationHandler) && !findServiceBy.getRequiredHandlers().contains(authenticationHandler.getName())) {
                        registeredServiceAuthenticationHandlerResolver.logger.debug("Authentication handler {} is not required for this transaction and is removed", authenticationHandler.getName());
                        it.remove();
                    }
                }
                registeredServiceAuthenticationHandlerResolver.logger.debug("Authentication handlers for this transaction are {}", linkedHashSet);
                return linkedHashSet;
            }
            registeredServiceAuthenticationHandlerResolver.logger.debug("No specific authentication handlers are required for this transaction");
        }
        registeredServiceAuthenticationHandlerResolver.logger.debug("Authentication handlers used for this transaction are {}", set);
        return set;
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("RegisteredServiceAuthenticationHandlerResolver.java", RegisteredServiceAuthenticationHandlerResolver.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "resolve", "org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver", "java.util.Set:org.apereo.cas.authentication.AuthenticationTransaction", "candidateHandlers:transaction", "", "java.util.Set"), 37);
    }
}
