package org.apereo.cas.validation;

import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.pac4j.core.client.Client;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-pac4j-core-6.5.5.jar:org/apereo/cas/validation/DelegatedAuthenticationServiceTicketValidationAuthorizer.class */
public class DelegatedAuthenticationServiceTicketValidationAuthorizer implements ServiceTicketValidationAuthorizer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DelegatedAuthenticationServiceTicketValidationAuthorizer.class);
    private final ServicesManager servicesManager;
    private final AuditableExecution delegatedAuthenticationPolicyEnforcer;

    /* JADX WARN: Type inference failed for: r0v26, types: [org.apereo.cas.audit.AuditableContext$AuditableContextBuilder] */
    @Override // org.apereo.cas.validation.ServiceTicketValidationAuthorizer
    public void authorize(HttpServletRequest httpServletRequest, Service service, Assertion assertion) {
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(service);
        RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, findServiceBy);
        LOGGER.debug("Evaluating service [{}] for delegated authentication policy", service);
        RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthenticationPolicy = findServiceBy.getAccessStrategy().getDelegatedAuthenticationPolicy();
        if (delegatedAuthenticationPolicy != null) {
            Map<String, List<Object>> attributes = assertion.getPrimaryAuthentication().getAttributes();
            if (attributes.containsKey("clientName")) {
                Optional<Object> firstElement = CollectionUtils.firstElement(attributes.get("clientName"));
                if (firstElement.isPresent()) {
                    String obj = firstElement.get().toString();
                    LOGGER.debug("Evaluating delegated authentication policy [{}] for client [{}] and service [{}]", delegatedAuthenticationPolicy, obj, findServiceBy);
                    this.delegatedAuthenticationPolicyEnforcer.execute(AuditableContext.builder().registeredService(findServiceBy).properties(CollectionUtils.wrap(Client.class.getSimpleName(), obj)).build()).throwExceptionIfNeeded();
                }
            }
        }
    }

    @Generated
    public DelegatedAuthenticationServiceTicketValidationAuthorizer(ServicesManager servicesManager, AuditableExecution auditableExecution) {
        this.servicesManager = servicesManager;
        this.delegatedAuthenticationPolicyEnforcer = auditableExecution;
    }
}
