package org.apereo.cas.services;

import java.util.HashMap;
import lombok.Generated;
import org.apereo.cas.authentication.PrincipalException;
import org.apereo.cas.services.RegisteredServicePrincipalAccessStrategyEnforcer;
import org.jooq.lambda.Unchecked;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-services-api-7.3.0-RC2.jar:org/apereo/cas/services/DefaultRegisteredServicePrincipalAccessStrategyEnforcer.class */
public class DefaultRegisteredServicePrincipalAccessStrategyEnforcer implements RegisteredServicePrincipalAccessStrategyEnforcer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultRegisteredServicePrincipalAccessStrategyEnforcer.class);
    private final ApplicationContext applicationContext;

    /* JADX WARN: Type inference failed for: r0v8, types: [org.apereo.cas.services.RegisteredServiceAccessStrategyRequest$RegisteredServiceAccessStrategyRequestBuilder] */
    @Override // org.apereo.cas.services.RegisteredServicePrincipalAccessStrategyEnforcer
    public Boolean authorize(RegisteredServicePrincipalAccessStrategyEnforcer.PrincipalAccessStrategyContext principalAccessStrategyContext) {
        RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(principalAccessStrategyContext.getService(), principalAccessStrategyContext.getRegisteredService());
        String id = principalAccessStrategyContext.getService() != null ? principalAccessStrategyContext.getService().getId() : "unknown";
        LOGGER.trace("Checking access strategy for service [{}], requested by [{}] with attributes [{}].", id, principalAccessStrategyContext.getPrincipalId(), principalAccessStrategyContext.getPrincipalAttributes());
        RegisteredServiceAccessStrategyRequest build = RegisteredServiceAccessStrategyRequest.builder().service(principalAccessStrategyContext.getService()).principalId(principalAccessStrategyContext.getPrincipalId()).attributes(principalAccessStrategyContext.getPrincipalAttributes()).registeredService(principalAccessStrategyContext.getRegisteredService()).applicationContext(this.applicationContext).build();
        if (!((Boolean) Unchecked.supplier(() -> {
            return Boolean.valueOf(!principalAccessStrategyContext.getRegisteredService().getAccessStrategy().authorizeRequest(build));
        }).get()).booleanValue()) {
            return true;
        }
        LOGGER.warn("Cannot grant access to service [{}]; it is not authorized for use by [{}].", id, principalAccessStrategyContext.getPrincipalId());
        HashMap hashMap = new HashMap();
        String format = String.format("Cannot authorize principal %s to access service %s, likely due to insufficient permissions", principalAccessStrategyContext.getPrincipalId(), id);
        hashMap.put(UnauthorizedServiceForPrincipalException.class.getSimpleName(), new UnauthorizedServiceForPrincipalException(format, principalAccessStrategyContext.getRegisteredService(), principalAccessStrategyContext.getPrincipalId(), principalAccessStrategyContext.getPrincipalAttributes()));
        throw new PrincipalException(format, hashMap, new HashMap());
    }

    @Generated
    public DefaultRegisteredServicePrincipalAccessStrategyEnforcer(ApplicationContext applicationContext) {
        this.applicationContext = applicationContext;
    }
}
