package org.apereo.cas.authentication.policy;

import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import lombok.Generated;
import org.apache.commons.jexl3.scripting.JexlScriptEngine;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationPolicyExecutionResult;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.scripting.ExecutableCompiledScript;
import org.apereo.cas.util.scripting.ExecutableCompiledScriptFactory;
import org.apereo.cas.web.flow.CasWebflowConstants;
import org.jooq.lambda.Unchecked;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.data.annotation.Transient;
import org.springframework.util.Assert;

@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-api-7.3.0-RC2.jar:org/apereo/cas/authentication/policy/GroovyScriptAuthenticationPolicy.class */
public class GroovyScriptAuthenticationPolicy extends BaseAuthenticationPolicy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) GroovyScriptAuthenticationPolicy.class);
    private static final long serialVersionUID = 6948477763790549040L;
    private final String script;

    @Transient
    @JsonIgnore
    @jakarta.persistence.Transient
    private transient ExecutableCompiledScript executableScript;

    @Override // org.apereo.cas.authentication.AuthenticationPolicy
    public AuthenticationPolicyExecutionResult isSatisfiedBy(Authentication authentication, Set<AuthenticationHandler> set, ConfigurableApplicationContext configurableApplicationContext, Map<String, ? extends Serializable> map) throws Throwable {
        initializeWatchableScriptIfNeeded();
        Map<String, Object> wrap = CollectionUtils.wrap(CasWebflowConstants.ATTRIBUTE_AUTHENTICATION, authentication, JexlScriptEngine.CONTEXT_KEY, map, "applicationContext", configurableApplicationContext, "logger", LOGGER);
        this.executableScript.setBinding(wrap);
        Optional optional = (Optional) this.executableScript.execute(wrap.values().toArray(), Optional.class);
        if (optional == null || !optional.isPresent()) {
            return AuthenticationPolicyExecutionResult.success();
        }
        throw new GeneralSecurityException((Exception) optional.get());
    }

    @Override // org.apereo.cas.authentication.AuthenticationPolicy
    public boolean shouldResumeOnFailure(Throwable th) {
        Boolean bool = (Boolean) Unchecked.supplier(() -> {
            initializeWatchableScriptIfNeeded();
            Map<String, Object> wrap = CollectionUtils.wrap(CasWebflowConstants.TRANSITION_ID_FAILURE, th, "logger", LOGGER);
            this.executableScript.setBinding(wrap);
            return (Boolean) this.executableScript.execute("shouldResumeOnFailure", Boolean.class, wrap.values().toArray());
        }).get();
        Assert.notNull(bool, "Authentication policy result cannot be null");
        return bool.booleanValue();
    }

    private void initializeWatchableScriptIfNeeded() throws Exception {
        if (this.executableScript == null) {
            this.executableScript = ExecutableCompiledScriptFactory.getExecutableCompiledScriptFactory().fromResource(ResourceUtils.getRawResourceFrom(this.script));
        }
    }

    @Generated
    public GroovyScriptAuthenticationPolicy() {
        this.script = null;
    }

    @Override // org.apereo.cas.authentication.policy.BaseAuthenticationPolicy
    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof GroovyScriptAuthenticationPolicy)) {
            return false;
        }
        GroovyScriptAuthenticationPolicy groovyScriptAuthenticationPolicy = (GroovyScriptAuthenticationPolicy) obj;
        if (!groovyScriptAuthenticationPolicy.canEqual(this) || !super.equals(obj)) {
            return false;
        }
        String str = this.script;
        String str2 = groovyScriptAuthenticationPolicy.script;
        return str == null ? str2 == null : str.equals(str2);
    }

    @Override // org.apereo.cas.authentication.policy.BaseAuthenticationPolicy
    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof GroovyScriptAuthenticationPolicy;
    }

    @Override // org.apereo.cas.authentication.policy.BaseAuthenticationPolicy
    @Generated
    public int hashCode() {
        int hashCode = super.hashCode();
        String str = this.script;
        return (hashCode * 59) + (str == null ? 43 : str.hashCode());
    }

    @JsonIgnore
    @Generated
    public GroovyScriptAuthenticationPolicy setExecutableScript(ExecutableCompiledScript executableCompiledScript) {
        this.executableScript = executableCompiledScript;
        return this;
    }

    @Generated
    public String getScript() {
        return this.script;
    }

    @Generated
    public ExecutableCompiledScript getExecutableScript() {
        return this.executableScript;
    }

    @Generated
    public GroovyScriptAuthenticationPolicy(String str) {
        this.script = str;
    }
}
