package org.apereo.cas.authentication.policy;

import java.util.LinkedHashSet;
import java.util.Set;
import lombok.Generated;
import org.apereo.cas.authentication.AuthenticationPolicy;
import org.apereo.cas.authentication.AuthenticationPolicyResolver;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationTransaction;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAuthenticationPolicy;
import org.apereo.cas.services.RegisteredServiceAuthenticationPolicyCriteria;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedSsoServiceException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/authentication/policy/RegisteredServiceAuthenticationPolicyResolver.class */
public class RegisteredServiceAuthenticationPolicyResolver implements AuthenticationPolicyResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(RegisteredServiceAuthenticationPolicyResolver.class);
    protected final ServicesManager servicesManager;
    protected final AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan;
    private int order;

    public Set<AuthenticationPolicy> resolve(AuthenticationTransaction authenticationTransaction) {
        RegisteredServiceAuthenticationPolicyCriteria criteria = this.servicesManager.findServiceBy(this.authenticationServiceSelectionPlan.resolveService(authenticationTransaction.getService())).getAuthenticationPolicy().getCriteria();
        LinkedHashSet linkedHashSet = new LinkedHashSet(1);
        if (criteria != null) {
            linkedHashSet.add(criteria.toAuthenticationPolicy());
        }
        LOGGER.debug("Authentication policies for this transaction are [{}]", linkedHashSet);
        return linkedHashSet;
    }

    public boolean supports(AuthenticationTransaction authenticationTransaction) {
        Service resolveService = this.authenticationServiceSelectionPlan.resolveService(authenticationTransaction.getService());
        if (resolveService == null) {
            return false;
        }
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(resolveService);
        LOGGER.trace("Located registered service definition [{}] for this authentication transaction", findServiceBy);
        if (findServiceBy == null || !findServiceBy.getAccessStrategy().isServiceAccessAllowed()) {
            LOGGER.warn("Service [{}] is not allowed to use SSO.", resolveService);
            throw new UnauthorizedSsoServiceException();
        }
        RegisteredServiceAuthenticationPolicy authenticationPolicy = findServiceBy.getAuthenticationPolicy();
        return (authenticationPolicy == null || authenticationPolicy.getCriteria() == null) ? false : true;
    }

    @Generated
    public RegisteredServiceAuthenticationPolicyResolver(ServicesManager servicesManager, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan) {
        this.servicesManager = servicesManager;
        this.authenticationServiceSelectionPlan = authenticationServiceSelectionPlan;
    }

    @Generated
    public ServicesManager getServicesManager() {
        return this.servicesManager;
    }

    @Generated
    public AuthenticationServiceSelectionPlan getAuthenticationServiceSelectionPlan() {
        return this.authenticationServiceSelectionPlan;
    }

    @Generated
    public int getOrder() {
        return this.order;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }
}
