package org.apereo.cas;

import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.apereo.cas.audit.AuditActionResolvers;
import org.apereo.cas.audit.AuditResourceResolvers;
import org.apereo.cas.audit.AuditableActions;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationBuilder;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.credential.BasicIdentifiableCredential;
import org.apereo.cas.authentication.exceptions.MixedPrincipalException;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.merger.AttributeMerger;
import org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties;
import org.apereo.cas.services.CasModelRegisteredService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy;
import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext;
import org.apereo.cas.services.UnauthorizedProxyingException;
import org.apereo.cas.services.UnauthorizedSsoServiceException;
import org.apereo.cas.support.events.ticket.CasProxyGrantingTicketCreatedEvent;
import org.apereo.cas.support.events.ticket.CasProxyTicketGrantedEvent;
import org.apereo.cas.support.events.ticket.CasServiceTicketGrantedEvent;
import org.apereo.cas.support.events.ticket.CasServiceTicketValidatedEvent;
import org.apereo.cas.support.events.ticket.CasTicketGrantingTicketCreatedEvent;
import org.apereo.cas.ticket.AbstractTicketException;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.RenewableServiceTicket;
import org.apereo.cas.ticket.ServiceTicket;
import org.apereo.cas.ticket.ServiceTicketFactory;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.TicketGrantingTicketFactory;
import org.apereo.cas.ticket.UnrecognizableServiceForServiceTicketValidationException;
import org.apereo.cas.ticket.proxy.ProxyGrantingTicket;
import org.apereo.cas.ticket.proxy.ProxyGrantingTicketFactory;
import org.apereo.cas.ticket.proxy.ProxyTicket;
import org.apereo.cas.ticket.proxy.ProxyTicketFactory;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.DigestUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.validation.Assertion;
import org.apereo.cas.validation.DefaultAssertionBuilder;
import org.apereo.inspektr.audit.annotation.Audit;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.jooq.lambda.Unchecked;
import org.jooq.lambda.fi.util.function.CheckedSupplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-7.2.0-RC4.jar:org/apereo/cas/DefaultCentralAuthenticationService.class */
public class DefaultCentralAuthenticationService extends AbstractCentralAuthenticationService {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultCentralAuthenticationService.class);
    private static final long serialVersionUID = -8943828074939533986L;

    public DefaultCentralAuthenticationService(CentralAuthenticationServiceContext centralAuthenticationServiceContext) {
        super(centralAuthenticationServiceContext);
    }

    @Override // org.apereo.cas.CentralAuthenticationService
    @Audit(action = AuditableActions.TICKET_GRANTING_TICKET, actionResolverName = AuditActionResolvers.CREATE_TICKET_GRANTING_TICKET_RESOLVER, resourceResolverName = AuditResourceResolvers.CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER)
    public Ticket createTicketGrantingTicket(AuthenticationResult authenticationResult) throws Throwable {
        Authentication authentication = authenticationResult.getAuthentication();
        Service service = authenticationResult.getService();
        ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
        if (service != null) {
            service = resolveServiceFromAuthenticationRequest(service);
            LOGGER.debug("Resolved service [{}] from the authentication request", service);
            enforceRegisteredServiceAccess(authentication, service, this.configurationContext.getServicesManager().findServiceBy(service));
        }
        TicketGrantingTicket create = ((TicketGrantingTicketFactory) this.configurationContext.getTicketFactory().get(TicketGrantingTicket.class)).create(authentication, service);
        Ticket addTicket = this.configurationContext.getTicketRegistry().addTicket(create);
        doPublishEvent(new CasTicketGrantingTicketCreatedEvent(this, create, clientInfo));
        return addTicket;
    }

    @Override // org.apereo.cas.CentralAuthenticationService
    @Audit(action = AuditableActions.SERVICE_TICKET, actionResolverName = AuditActionResolvers.GRANT_SERVICE_TICKET_RESOLVER, resourceResolverName = AuditResourceResolvers.GRANT_SERVICE_TICKET_RESOURCE_RESOLVER)
    public Ticket grantServiceTicket(final String str, final Service service, final AuthenticationResult authenticationResult) throws Throwable {
        final boolean z = authenticationResult != null && authenticationResult.isCredentialProvided();
        final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
        return (Ticket) this.configurationContext.getLockRepository().execute(str, Unchecked.supplier(new CheckedSupplier<Ticket>() { // from class: org.apereo.cas.DefaultCentralAuthenticationService.1
            /* JADX WARN: Can't rename method to resolve collision */
            /* JADX WARN: Type inference failed for: r0v29, types: [org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext$RegisteredServiceAttributeReleasePolicyContextBuilder] */
            @Override // org.jooq.lambda.fi.util.function.CheckedSupplier
            public Ticket get() throws Throwable {
                TicketGrantingTicket ticketGrantingTicket = (TicketGrantingTicket) DefaultCentralAuthenticationService.this.configurationContext.getTicketRegistry().getTicket(str, TicketGrantingTicket.class);
                Service resolveServiceFromAuthenticationRequest = DefaultCentralAuthenticationService.this.resolveServiceFromAuthenticationRequest(service);
                RegisteredService findServiceBy = DefaultCentralAuthenticationService.this.configurationContext.getServicesManager().findServiceBy(resolveServiceFromAuthenticationRequest);
                Authentication evaluatePossibilityOfMixedPrincipals = DefaultCentralAuthenticationService.evaluatePossibilityOfMixedPrincipals(authenticationResult, ticketGrantingTicket);
                RegisteredServiceAccessStrategyUtils.ensureServiceSsoAccessIsAllowed(findServiceBy, resolveServiceFromAuthenticationRequest, ticketGrantingTicket, z);
                DefaultCentralAuthenticationService.this.evaluateProxiedServiceIfNeeded(resolveServiceFromAuthenticationRequest, ticketGrantingTicket, findServiceBy);
                DefaultCentralAuthenticationService.this.getAuthenticationSatisfiedByPolicy(evaluatePossibilityOfMixedPrincipals, resolveServiceFromAuthenticationRequest, findServiceBy);
                Authentication authentication = ticketGrantingTicket.getRoot().getAuthentication();
                Principal principal = authentication.getPrincipal();
                RegisteredServiceAttributeReleasePolicyContext build = RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(findServiceBy).service(service).principal(principal).applicationContext(DefaultCentralAuthenticationService.this.configurationContext.getApplicationContext()).build();
                AttributeMerger attributeMerger = CoreAuthenticationUtils.getAttributeMerger(PrincipalAttributesCoreProperties.MergingStrategyTypes.MULTIVALUED);
                DefaultCentralAuthenticationService.this.enforceRegisteredServiceAccess(resolveServiceFromAuthenticationRequest, findServiceBy, DefaultCentralAuthenticationService.this.configurationContext.getPrincipalFactory().createPrincipal(principal.getId(), CoreAuthenticationUtils.mergeAttributes(CoreAuthenticationUtils.mergeAttributes(principal.getAttributes(), authentication.getAttributes(), attributeMerger), findServiceBy.getAttributeReleasePolicy().getAttributes(build), attributeMerger)));
                ServiceTicket serviceTicket = (ServiceTicket) ((ServiceTicketFactory) DefaultCentralAuthenticationService.this.configurationContext.getTicketFactory().get(ServiceTicket.class)).create(ticketGrantingTicket, resolveServiceFromAuthenticationRequest, z, ServiceTicket.class);
                if (!ticketGrantingTicket.isStateless()) {
                    DefaultCentralAuthenticationService.this.configurationContext.getTicketRegistry().updateTicket(ticketGrantingTicket);
                }
                Ticket addTicket = DefaultCentralAuthenticationService.this.configurationContext.getTicketRegistry().addTicket(serviceTicket);
                DefaultCentralAuthenticationService.LOGGER.info("Granted service ticket [{}] for service [{}] and principal [{}]", serviceTicket.getId(), DigestUtils.abbreviate(resolveServiceFromAuthenticationRequest.getId()), principal.getId());
                DefaultCentralAuthenticationService.this.doPublishEvent(new CasServiceTicketGrantedEvent(this, ticketGrantingTicket, serviceTicket, clientInfo));
                return addTicket;
            }
        })).orElseThrow(() -> {
            return new InvalidTicketException(str);
        });
    }

    @Override // org.apereo.cas.CentralAuthenticationService
    @Audit(action = AuditableActions.PROXY_TICKET, actionResolverName = AuditActionResolvers.GRANT_PROXY_TICKET_RESOLVER, resourceResolverName = AuditResourceResolvers.GRANT_PROXY_TICKET_RESOURCE_RESOLVER)
    public Ticket grantProxyTicket(String str, Service service) throws AbstractTicketException {
        return (Ticket) this.configurationContext.getLockRepository().execute(str, () -> {
            return (Ticket) FunctionUtils.doUnchecked(() -> {
                ProxyGrantingTicket proxyGrantingTicket = (ProxyGrantingTicket) this.configurationContext.getTicketRegistry().getTicket(str, ProxyGrantingTicket.class);
                RegisteredService findServiceBy = this.configurationContext.getServicesManager().findServiceBy(service);
                try {
                    enforceRegisteredServiceAccess(service, proxyGrantingTicket, findServiceBy);
                    RegisteredServiceAccessStrategyUtils.ensureServiceSsoAccessIsAllowed(findServiceBy, service, proxyGrantingTicket);
                    evaluateProxiedServiceIfNeeded(service, proxyGrantingTicket, findServiceBy);
                    getAuthenticationSatisfiedByPolicy(proxyGrantingTicket.getRoot().getAuthentication(), service, findServiceBy);
                    Principal principal = proxyGrantingTicket.getRoot().getAuthentication().getPrincipal();
                    ProxyTicket create = ((ProxyTicketFactory) this.configurationContext.getTicketFactory().get(ProxyTicket.class)).create(proxyGrantingTicket, service);
                    ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
                    if (!proxyGrantingTicket.isStateless()) {
                        this.configurationContext.getTicketRegistry().updateTicket(proxyGrantingTicket);
                    }
                    Ticket addTicket = this.configurationContext.getTicketRegistry().addTicket(create);
                    LOGGER.info("Granted proxy ticket [{}] for service [{}] for user [{}]", addTicket.getId(), service.getId(), principal.getId());
                    doPublishEvent(new CasProxyTicketGrantedEvent(this, proxyGrantingTicket, addTicket, clientInfo));
                    return addTicket;
                } catch (Throwable th) {
                    LoggingUtils.warn(LOGGER, th);
                    throw new UnauthorizedSsoServiceException();
                }
            });
        }).orElseThrow(UnauthorizedProxyingException::new);
    }

    /* JADX WARN: Type inference failed for: r0v112, types: [org.apereo.cas.validation.DefaultAssertionBuilder$DefaultAssertionBuilderBuilder] */
    /* JADX WARN: Type inference failed for: r0v61, types: [org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext$RegisteredServiceAttributeReleasePolicyContextBuilder] */
    /* JADX WARN: Type inference failed for: r0v81, types: [org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext$RegisteredServiceAttributeReleasePolicyContextBuilder] */
    @Override // org.apereo.cas.CentralAuthenticationService
    @Audit(action = AuditableActions.SERVICE_TICKET_VALIDATE, actionResolverName = AuditActionResolvers.VALIDATE_SERVICE_TICKET_RESOLVER, resourceResolverName = AuditResourceResolvers.VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER)
    public Assertion validateServiceTicket(String str, Service service) throws Throwable {
        if (!isTicketAuthenticityVerified(str)) {
            LOGGER.info("Service ticket [{}] is not a valid ticket issued by CAS.", str);
            throw new InvalidTicketException(str);
        }
        ServiceTicket serviceTicket = (ServiceTicket) this.configurationContext.getTicketRegistry().getTicket(str, ServiceTicket.class);
        if (serviceTicket == null) {
            LOGGER.warn("Service ticket [{}] does not exist.", str);
            throw new InvalidTicketException(str);
        }
        if (!(serviceTicket.getTicketGrantingTicket() instanceof TicketGrantingTicket) && !serviceTicket.isStateless()) {
            LOGGER.warn("Service ticket [{}] is not assigned a valid ticket granting ticket", str);
            throw new InvalidTicketException(str);
        }
        try {
            Service resolveServiceFromAuthenticationRequest = resolveServiceFromAuthenticationRequest(serviceTicket.getService());
            Service resolveServiceFromAuthenticationRequest2 = resolveServiceFromAuthenticationRequest(service);
            LOGGER.debug("Resolved service [{}] from the authentication request with service [{}] linked to service ticket [{}]", resolveServiceFromAuthenticationRequest2, resolveServiceFromAuthenticationRequest, serviceTicket.getId());
            this.configurationContext.getLockRepository().execute(serviceTicket.getId(), Unchecked.supplier(() -> {
                if (serviceTicket.isExpired()) {
                    LOGGER.info("Service ticket [{}] has expired.", str);
                    throw new InvalidTicketException(str);
                }
                if (!this.configurationContext.getServiceMatchingStrategy().matches(resolveServiceFromAuthenticationRequest, resolveServiceFromAuthenticationRequest2)) {
                    LOGGER.error("Service ticket [{}] with service [{}] does not match supplied service [{}]", str, serviceTicket.getService().getId(), resolveServiceFromAuthenticationRequest2.getId());
                    throw new UnrecognizableServiceForServiceTicketValidationException(resolveServiceFromAuthenticationRequest);
                }
                serviceTicket.update();
                if (!serviceTicket.isStateless()) {
                    this.configurationContext.getTicketRegistry().updateTicket(serviceTicket);
                }
                return serviceTicket;
            }));
            RegisteredService findServiceBy = this.configurationContext.getServicesManager().findServiceBy(resolveServiceFromAuthenticationRequest);
            LOGGER.trace("Located registered service definition [{}] from [{}] to handle validation request", findServiceBy, resolveServiceFromAuthenticationRequest);
            RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(resolveServiceFromAuthenticationRequest, findServiceBy);
            TicketGrantingTicket ticketGrantingTicket = (TicketGrantingTicket) serviceTicket.getTicketGrantingTicket();
            Authentication authenticationSatisfiedByPolicy = getAuthenticationSatisfiedByPolicy(serviceTicket.isStateless() ? serviceTicket.getAuthentication() : ticketGrantingTicket.getRoot().getAuthentication(), resolveServiceFromAuthenticationRequest, findServiceBy);
            Principal rebuildStatelessTicketPrincipal = serviceTicket.isStateless() ? rebuildStatelessTicketPrincipal(serviceTicket) : authenticationSatisfiedByPolicy.getPrincipal();
            RegisteredServiceAttributeReleasePolicy registeredServiceAttributeReleasePolicy = (RegisteredServiceAttributeReleasePolicy) Objects.requireNonNull(findServiceBy.getAttributeReleasePolicy());
            LOGGER.debug("Attribute policy [{}] is associated with service [{}]", registeredServiceAttributeReleasePolicy, findServiceBy);
            Map<String, List<Object>> attributes = registeredServiceAttributeReleasePolicy.getAttributes(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(findServiceBy).service(resolveServiceFromAuthenticationRequest).principal(rebuildStatelessTicketPrincipal).applicationContext(this.configurationContext.getApplicationContext()).build());
            LOGGER.debug("Calculated attributes for release per the release policy are [{}]", attributes.keySet());
            AuthenticationBuilder of = DefaultAuthenticationBuilder.of(this.configurationContext.getApplicationContext(), rebuildStatelessTicketPrincipal, this.configurationContext.getPrincipalFactory(), attributes, resolveServiceFromAuthenticationRequest, findServiceBy, authenticationSatisfiedByPolicy);
            LOGGER.debug("Principal determined for release to [{}] is [{}]", findServiceBy.getServiceId(), of.getPrincipal().getId());
            of.addAttribute(CasProtocolConstants.VALIDATION_CAS_MODEL_ATTRIBUTE_NAME_FROM_NEW_LOGIN, CollectionUtils.wrap(Boolean.valueOf(((RenewableServiceTicket) serviceTicket).isFromNewLogin())));
            of.addAttribute(CasProtocolConstants.VALIDATION_REMEMBER_ME_ATTRIBUTE_NAME, CollectionUtils.wrap(CoreAuthenticationUtils.isRememberMeAuthentication(authenticationSatisfiedByPolicy)));
            Authentication build = of.build();
            Map<String, List<Object>> attributes2 = findServiceBy.getAttributeReleasePolicy().getAttributes(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(findServiceBy).service(service).applicationContext(this.configurationContext.getApplicationContext()).principal(rebuildStatelessTicketPrincipal).build());
            AttributeMerger attributeMerger = CoreAuthenticationUtils.getAttributeMerger(PrincipalAttributesCoreProperties.MergingStrategyTypes.MULTIVALUED);
            enforceRegisteredServiceAccess(resolveServiceFromAuthenticationRequest, findServiceBy, this.configurationContext.getPrincipalFactory().createPrincipal(rebuildStatelessTicketPrincipal.getId(), CoreAuthenticationUtils.mergeAttributes(CoreAuthenticationUtils.mergeAttributes(CoreAuthenticationUtils.mergeAttributes(CoreAuthenticationUtils.mergeAttributes(rebuildStatelessTicketPrincipal.getAttributes(), authenticationSatisfiedByPolicy.getAttributes(), attributeMerger), build.getPrincipal().getAttributes(), attributeMerger), build.getAttributes(), attributeMerger), attributes2, attributeMerger)));
            Assertion assemble = DefaultAssertionBuilder.builder().primaryAuthentication(build).originalAuthentication(authenticationSatisfiedByPolicy).service(resolveServiceFromAuthenticationRequest).registeredService(findServiceBy).authentications(serviceTicket.isStateless() ? List.of(serviceTicket.getAuthentication()) : ticketGrantingTicket.getChainedAuthentications()).newLogin(((RenewableServiceTicket) serviceTicket).isFromNewLogin()).stateless(serviceTicket.isStateless()).context(serviceTicket.isStateless() ? CollectionUtils.wrap(Principal.class.getName(), authenticationSatisfiedByPolicy.getPrincipal().getId()) : CollectionUtils.wrap(TicketGrantingTicket.class.getName(), ticketGrantingTicket.getRoot().getId())).build().assemble();
            doPublishEvent(new CasServiceTicketValidatedEvent(this, serviceTicket, assemble, ClientInfoHolder.getClientInfo()));
            if (!serviceTicket.isStateless()) {
                if (serviceTicket.isExpired()) {
                    this.configurationContext.getTicketRegistry().deleteTicket(str);
                } else {
                    this.configurationContext.getTicketRegistry().updateTicket(serviceTicket);
                }
            }
            return assemble;
        } catch (Throwable th) {
            if (!serviceTicket.isStateless()) {
                if (serviceTicket.isExpired()) {
                    this.configurationContext.getTicketRegistry().deleteTicket(str);
                } else {
                    this.configurationContext.getTicketRegistry().updateTicket(serviceTicket);
                }
            }
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r0v16, types: [org.apereo.cas.audit.AuditableContext$AuditableContextBuilder] */
    @Override // org.apereo.cas.CentralAuthenticationService
    @Audit(action = AuditableActions.PROXY_GRANTING_TICKET, actionResolverName = AuditActionResolvers.CREATE_PROXY_GRANTING_TICKET_RESOLVER, resourceResolverName = AuditResourceResolvers.CREATE_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER)
    public Ticket createProxyGrantingTicket(String str, AuthenticationResult authenticationResult) throws Throwable {
        ServiceTicket serviceTicket = (ServiceTicket) this.configurationContext.getTicketRegistry().getTicket(str, ServiceTicket.class);
        if (serviceTicket == null || serviceTicket.isExpired()) {
            LOGGER.debug("ServiceTicket [{}] has expired or cannot be found in the ticket registry", str);
            throw new InvalidTicketException(str);
        }
        CasModelRegisteredService casModelRegisteredService = (CasModelRegisteredService) this.configurationContext.getServicesManager().findServiceBy(serviceTicket.getService());
        enforceRegisteredServiceAccess(AuditableContext.builder().serviceTicket(serviceTicket).authenticationResult(authenticationResult).registeredService(casModelRegisteredService).build());
        if (casModelRegisteredService.getProxyPolicy().isAllowedToProxy()) {
            return (Ticket) this.configurationContext.getLockRepository().execute(serviceTicket.getId(), Unchecked.supplier(() -> {
                ProxyGrantingTicket create = ((ProxyGrantingTicketFactory) this.configurationContext.getTicketFactory().get(ProxyGrantingTicket.class)).create(serviceTicket, authenticationResult.getAuthentication());
                Ticket addTicket = this.configurationContext.getTicketRegistry().addTicket(create);
                LOGGER.debug("Generated proxy granting ticket [{}] based off of [{}]", create, str);
                if (!serviceTicket.isStateless()) {
                    this.configurationContext.getTicketRegistry().updateTicket(serviceTicket.getTicketGrantingTicket());
                }
                doPublishEvent(new CasProxyGrantingTicketCreatedEvent(this, addTicket, ClientInfoHolder.getClientInfo()));
                return addTicket;
            })).orElseThrow(UnauthorizedProxyingException::new);
        }
        LOGGER.warn("Service [{}] attempted to proxy, but is not allowed.", serviceTicket.getService().getId());
        throw new UnauthorizedProxyingException();
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext$RegisteredServiceAttributeReleasePolicyContextBuilder] */
    /* JADX WARN: Type inference failed for: r0v19, types: [org.apereo.cas.audit.AuditableContext$AuditableContextBuilder] */
    private void enforceRegisteredServiceAccess(Authentication authentication, Service service, RegisteredService registeredService) throws Throwable {
        Map<String, List<Object>> attributes = registeredService.getAttributeReleasePolicy().getAttributes(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(registeredService).service(service).principal(authentication.getPrincipal()).applicationContext(this.configurationContext.getApplicationContext()).build());
        attributes.putAll(authentication.getAttributes());
        enforceRegisteredServiceAccess(AuditableContext.builder().service(service).principal(this.configurationContext.getPrincipalFactory().createPrincipal(authentication.getPrincipal().getId(), CoreAuthenticationUtils.mergeAttributes(authentication.getPrincipal().getAttributes(), attributes))).registeredService(registeredService).build());
    }

    protected void enforceRegisteredServiceAccess(AuditableContext auditableContext) throws Throwable {
        this.configurationContext.getRegisteredServiceAccessStrategyEnforcer().execute(auditableContext).throwExceptionIfNeeded();
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.apereo.cas.audit.AuditableContext$AuditableContextBuilder] */
    private void enforceRegisteredServiceAccess(Service service, RegisteredService registeredService, Principal principal) throws Throwable {
        enforceRegisteredServiceAccess(AuditableContext.builder().service(service).principal(principal).registeredService(registeredService).build());
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.apereo.cas.audit.AuditableContext$AuditableContextBuilder] */
    private void enforceRegisteredServiceAccess(Service service, TicketGrantingTicket ticketGrantingTicket, RegisteredService registeredService) throws Throwable {
        enforceRegisteredServiceAccess(AuditableContext.builder().service(service).ticketGrantingTicket(ticketGrantingTicket).registeredService(registeredService).build());
    }

    protected Principal rebuildStatelessTicketPrincipal(ServiceTicket serviceTicket) throws Throwable {
        Authentication authentication = serviceTicket.getAuthentication();
        return this.configurationContext.getPrincipalResolver().resolve(new BasicIdentifiableCredential(authentication.getPrincipal().getId()), Optional.of(authentication.getPrincipal()), Optional.empty(), Optional.of(serviceTicket.getService()));
    }

    private static Authentication evaluatePossibilityOfMixedPrincipals(AuthenticationResult authenticationResult, TicketGrantingTicket ticketGrantingTicket) {
        if (authenticationResult == null) {
            LOGGER.warn("Provided authentication result is undefined to evaluate for mixed principals");
            return null;
        }
        Authentication authentication = authenticationResult.getAuthentication();
        if (authentication != null) {
            Authentication authentication2 = ticketGrantingTicket.getAuthentication();
            if (!authentication.getPrincipal().equals(authentication2.getPrincipal())) {
                throw new MixedPrincipalException(authentication, authentication.getPrincipal(), authentication2.getPrincipal());
            }
        }
        return authentication;
    }
}
