package org.apereo.cas.web.flow;

import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationCredentialsThreadLocalBinder;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceSingleSignOnParticipationPolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.TicketState;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/DefaultSingleSignOnParticipationStrategy.class */
public class DefaultSingleSignOnParticipationStrategy implements SingleSignOnParticipationStrategy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultSingleSignOnParticipationStrategy.class);
    private final ServicesManager servicesManager;
    private final boolean createCookieOnRenewedAuthentication;
    private final boolean renewEnabled;
    private final TicketRegistrySupport ticketRegistrySupport;
    private int order = Integer.MAX_VALUE;

    public boolean isParticipating(RequestContext requestContext) {
        RegisteredService findServiceBy;
        if (this.renewEnabled && requestContext.getRequestParameters().contains("renew")) {
            LOGGER.debug("[{}] is specified for the request. The authentication session will be considered renewed.", "renew");
            return false;
        }
        WebApplicationService service = WebUtils.getService(requestContext);
        if (service == null || (findServiceBy = this.servicesManager.findServiceBy(service)) == null) {
            return true;
        }
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        Authentication currentAuthentication = AuthenticationCredentialsThreadLocalBinder.getCurrentAuthentication();
        try {
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication);
            boolean isServiceAccessAllowedForSso = findServiceBy.getAccessStrategy().isServiceAccessAllowedForSso();
            LOGGER.trace("Located [{}] in registry. Service access to participate in SSO is set to [{}]", findServiceBy.getServiceId(), Boolean.valueOf(isServiceAccessAllowedForSso));
            if (!isServiceAccessAllowedForSso) {
                LOGGER.debug("Service [{}] is not authorized to participate in SSO", findServiceBy.getServiceId());
                AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
                return false;
            }
            RegisteredServiceSingleSignOnParticipationPolicy singleSignOnParticipationPolicy = findServiceBy.getSingleSignOnParticipationPolicy();
            if (singleSignOnParticipationPolicy != null) {
                TicketState ticketState = this.ticketRegistrySupport.getTicketState(WebUtils.getTicketGrantingTicketId(requestContext));
                if (ticketState != null) {
                    boolean shouldParticipateInSso = singleSignOnParticipationPolicy.shouldParticipateInSso(ticketState);
                    AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
                    return shouldParticipateInSso;
                }
            }
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
            return true;
        } catch (Throwable th) {
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
            throw th;
        }
    }

    public boolean isCreateCookieOnRenewedAuthentication(RequestContext requestContext) {
        return this.createCookieOnRenewedAuthentication;
    }

    @Generated
    public DefaultSingleSignOnParticipationStrategy(ServicesManager servicesManager, boolean z, boolean z2, TicketRegistrySupport ticketRegistrySupport) {
        this.servicesManager = servicesManager;
        this.createCookieOnRenewedAuthentication = z;
        this.renewEnabled = z2;
        this.ticketRegistrySupport = ticketRegistrySupport;
    }

    @Generated
    public ServicesManager getServicesManager() {
        return this.servicesManager;
    }

    @Generated
    public boolean isRenewEnabled() {
        return this.renewEnabled;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }

    @Generated
    public int getOrder() {
        return this.order;
    }
}
