package org.apereo.cas.authentication.policy;

import com.fasterxml.jackson.annotation.JsonIgnore;
import java.security.GeneralSecurityException;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Matcher;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationPolicy;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.scripting.ExecutableCompiledGroovyScript;
import org.apereo.cas.util.scripting.GroovyShellScript;
import org.apereo.cas.util.scripting.ScriptingUtils;
import org.apereo.cas.util.scripting.WatchableGroovyScriptResource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.data.annotation.Transient;

/* loaded from: input_file:org/apereo/cas/authentication/policy/GroovyScriptAuthenticationPolicy.class */
public class GroovyScriptAuthenticationPolicy implements AuthenticationPolicy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(GroovyScriptAuthenticationPolicy.class);
    private final String script;

    @Transient
    @JsonIgnore
    @javax.persistence.Transient
    private transient ExecutableCompiledGroovyScript executableScript;

    public GroovyScriptAuthenticationPolicy(String str) {
        this.script = str;
        initializeWatchableScriptIfNeeded();
    }

    public boolean isSatisfiedBy(Authentication authentication, Set<AuthenticationHandler> set) throws Exception {
        initializeWatchableScriptIfNeeded();
        Optional<Exception> scriptExecutionResult = getScriptExecutionResult(authentication, ScriptingUtils.getMatcherForInlineGroovyScript(this.script));
        if (scriptExecutionResult == null || !scriptExecutionResult.isPresent()) {
            return true;
        }
        throw new GeneralSecurityException(scriptExecutionResult.get());
    }

    private void initializeWatchableScriptIfNeeded() {
        if (this.executableScript == null) {
            Matcher matcherForInlineGroovyScript = ScriptingUtils.getMatcherForInlineGroovyScript(this.script);
            Matcher matcherForExternalGroovyScript = ScriptingUtils.getMatcherForExternalGroovyScript(this.script);
            if (matcherForExternalGroovyScript.find()) {
                this.executableScript = new WatchableGroovyScriptResource(ResourceUtils.getRawResourceFrom(matcherForExternalGroovyScript.group(2)));
            } else if (matcherForInlineGroovyScript.find()) {
                this.executableScript = new GroovyShellScript(matcherForInlineGroovyScript.group(1));
            }
        }
    }

    private Optional<Exception> getScriptExecutionResult(Authentication authentication, Matcher matcher) {
        Map wrap = CollectionUtils.wrap("principal", authentication.getPrincipal(), "logger", LOGGER);
        this.executableScript.setBinding(wrap);
        return (Optional) this.executableScript.execute(wrap.values().toArray(), Optional.class);
    }
}
