package org.apereo.cas.web.flow.authentication;

import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationCredentialsThreadLocalBinder;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAuthenticationPolicy;
import org.apereo.cas.services.RegisteredServiceAuthenticationPolicyCriteria;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategy;
import org.apereo.cas.web.support.WebUtils;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-api-6.3.0-RC4.jar:org/apereo/cas/web/flow/authentication/RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy.class */
public class RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy implements SingleSignOnParticipationStrategy {
    private final ServicesManager servicesManager;
    private final AuthenticationServiceSelectionPlan serviceSelectionStrategy;
    private final TicketRegistrySupport ticketRegistrySupport;
    private final AuthenticationEventExecutionPlan authenticationEventExecutionPlan;
    private final ConfigurableApplicationContext applicationContext;

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy
    public boolean isParticipating(RequestContext requestContext) {
        RegisteredServiceAuthenticationPolicy authenticationPolicy;
        RegisteredService determineRegisteredService = determineRegisteredService(requestContext);
        if (determineRegisteredService == null || (authenticationPolicy = determineRegisteredService.getAuthenticationPolicy()) == null) {
            return true;
        }
        String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
        if (StringUtils.isBlank(ticketGrantingTicketId)) {
            return true;
        }
        Authentication authenticationFrom = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicketId);
        Authentication currentAuthentication = AuthenticationCredentialsThreadLocalBinder.getCurrentAuthentication();
        try {
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(authenticationFrom);
            if (authenticationFrom != null) {
                Set<Object> collection = CollectionUtils.toCollection(authenticationFrom.getAttributes().get(AuthenticationHandler.SUCCESSFUL_AUTHENTICATION_HANDLERS));
                Set<AuthenticationHandler> set = (Set) this.authenticationEventExecutionPlan.getAuthenticationHandlers().stream().filter(authenticationHandler -> {
                    return collection.contains(authenticationHandler.getName());
                }).collect(Collectors.toSet());
                RegisteredServiceAuthenticationPolicyCriteria criteria = authenticationPolicy.getCriteria();
                if (criteria != null) {
                    boolean isSatisfiedBy = criteria.toAuthenticationPolicy(determineRegisteredService).isSatisfiedBy(authenticationFrom, set, this.applicationContext, Optional.empty());
                    AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
                    return isSatisfiedBy;
                }
            }
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
            return true;
        } catch (Throwable th) {
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
            throw th;
        }
    }

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy
    public boolean supports(RequestContext requestContext) {
        RegisteredServiceAuthenticationPolicy authenticationPolicy;
        RegisteredService determineRegisteredService = determineRegisteredService(requestContext);
        return (determineRegisteredService == null || (authenticationPolicy = determineRegisteredService.getAuthenticationPolicy()) == null || authenticationPolicy.getCriteria() == null) ? false : true;
    }

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy, org.springframework.core.Ordered
    public int getOrder() {
        return 0;
    }

    private RegisteredService determineRegisteredService(RequestContext requestContext) {
        RegisteredService registeredService = WebUtils.getRegisteredService(requestContext);
        if (registeredService != null) {
            return registeredService;
        }
        Service resolveService = this.serviceSelectionStrategy.resolveService(WebUtils.getService(requestContext));
        if (resolveService != null) {
            return this.servicesManager.findServiceBy(resolveService);
        }
        return null;
    }

    @Generated
    public RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy(ServicesManager servicesManager, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, TicketRegistrySupport ticketRegistrySupport, AuthenticationEventExecutionPlan authenticationEventExecutionPlan, ConfigurableApplicationContext configurableApplicationContext) {
        this.servicesManager = servicesManager;
        this.serviceSelectionStrategy = authenticationServiceSelectionPlan;
        this.ticketRegistrySupport = ticketRegistrySupport;
        this.authenticationEventExecutionPlan = authenticationEventExecutionPlan;
        this.applicationContext = configurableApplicationContext;
    }
}
