package org.apereo.cas.web.flow.authentication;

import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationCredentialsThreadLocalBinder;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAuthenticationPolicy;
import org.apereo.cas.services.RegisteredServiceAuthenticationPolicyCriteria;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.BaseSingleSignOnParticipationStrategy;
import org.apereo.cas.web.flow.SingleSignOnParticipationRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ConfigurableApplicationContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-api-6.5.5.jar:org/apereo/cas/web/flow/authentication/RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy.class */
public class RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy extends BaseSingleSignOnParticipationStrategy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy.class);
    private final AuthenticationEventExecutionPlan authenticationEventExecutionPlan;
    private final ConfigurableApplicationContext applicationContext;

    public RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy(ServicesManager servicesManager, TicketRegistrySupport ticketRegistrySupport, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, AuthenticationEventExecutionPlan authenticationEventExecutionPlan, ConfigurableApplicationContext configurableApplicationContext) {
        super(servicesManager, ticketRegistrySupport, authenticationServiceSelectionPlan);
        this.authenticationEventExecutionPlan = authenticationEventExecutionPlan;
        this.applicationContext = configurableApplicationContext;
    }

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy
    public boolean isParticipating(SingleSignOnParticipationRequest singleSignOnParticipationRequest) {
        RegisteredServiceAuthenticationPolicy authenticationPolicy;
        RegisteredService registeredService = getRegisteredService(singleSignOnParticipationRequest);
        if (registeredService == null || (authenticationPolicy = registeredService.getAuthenticationPolicy()) == null || getTicketGrantingTicketId(singleSignOnParticipationRequest).isEmpty()) {
            return true;
        }
        Authentication currentAuthentication = AuthenticationCredentialsThreadLocalBinder.getCurrentAuthentication();
        try {
            Authentication authentication = (Authentication) getTicketState(singleSignOnParticipationRequest).map((v0) -> {
                return v0.getAuthentication();
            }).orElseThrow();
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication);
            if (authentication != null) {
                Set<Object> collection = CollectionUtils.toCollection(authentication.getAttributes().get("successfulAuthenticationHandlers"));
                Set<AuthenticationHandler> set = (Set) this.authenticationEventExecutionPlan.getAuthenticationHandlers().stream().filter(authenticationHandler -> {
                    return collection.contains(authenticationHandler.getName());
                }).collect(Collectors.toSet());
                LOGGER.debug("Asserted authentication handlers are [{}]", set);
                RegisteredServiceAuthenticationPolicyCriteria criteria = authenticationPolicy.getCriteria();
                if (criteria != null) {
                    boolean isSuccess = criteria.toAuthenticationPolicy(registeredService).isSatisfiedBy(authentication, set, this.applicationContext, Optional.empty()).isSuccess();
                    AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
                    return isSuccess;
                }
            }
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
            return true;
        } catch (Throwable th) {
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
            throw th;
        }
    }

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy
    public boolean supports(SingleSignOnParticipationRequest singleSignOnParticipationRequest) {
        RegisteredService registeredService = getRegisteredService(singleSignOnParticipationRequest);
        if (registeredService == null) {
            return false;
        }
        RegisteredServiceAuthenticationPolicy authenticationPolicy = registeredService.getAuthenticationPolicy();
        LOGGER.debug("Evaluating authentication policy [{}] for [{}]", authenticationPolicy, registeredService.getName());
        return (authenticationPolicy == null || authenticationPolicy.getCriteria() == null) ? false : true;
    }

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy, org.springframework.core.Ordered
    public int getOrder() {
        return 0;
    }
}
