package org.apereo.cas.web.flow;

import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.PrincipalException;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.LoggingUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/web/flow/DefaultSingleSignOnBuildingStrategy.class */
public class DefaultSingleSignOnBuildingStrategy implements SingleSignOnBuildingStrategy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultSingleSignOnBuildingStrategy.class);
    private final TicketRegistrySupport ticketRegistrySupport;
    private final CentralAuthenticationService centralAuthenticationService;

    public Ticket buildTicketGrantingTicket(AuthenticationResult authenticationResult, Authentication authentication, String str) {
        try {
            return shouldIssueTicketGrantingTicket(authentication, str) ? createTicketGrantingTicket(authenticationResult, str) : updateTicketGrantingTicket(authentication, str);
        } catch (Throwable th) {
            LoggingUtils.error(LOGGER, th);
            if (th instanceof PrincipalException) {
                throw th;
            }
            throw new InvalidTicketException(str);
        }
    }

    protected Ticket createTicketGrantingTicket(AuthenticationResult authenticationResult, String str) throws Throwable {
        if (StringUtils.isNotBlank(str)) {
            LOGGER.trace("Removing existing ticket-granting ticket [{}]", str);
            this.ticketRegistrySupport.getTicketRegistry().deleteTicket(str);
        }
        LOGGER.trace("Attempting to issue a new ticket-granting ticket...");
        return this.centralAuthenticationService.createTicketGrantingTicket(authenticationResult);
    }

    protected Ticket updateTicketGrantingTicket(Authentication authentication, String str) throws Exception {
        LOGGER.debug("Updating existing ticket-granting ticket [{}]...", str);
        TicketGrantingTicket ticket = this.ticketRegistrySupport.getTicketRegistry().getTicket(str, TicketGrantingTicket.class);
        ticket.getAuthentication().updateAttributes(authentication);
        return this.ticketRegistrySupport.getTicketRegistry().updateTicket(ticket);
    }

    protected boolean shouldIssueTicketGrantingTicket(Authentication authentication, String str) throws Exception {
        LOGGER.trace("Located ticket-granting ticket in the context. Retrieving associated authentication");
        Authentication authenticationFrom = this.ticketRegistrySupport.getAuthenticationFrom(str);
        if (authenticationFrom == null) {
            LOGGER.debug("Authentication session associated with [{}] is no longer valid", str);
            if (!StringUtils.isNotBlank(str)) {
                return true;
            }
            this.ticketRegistrySupport.getTicketRegistry().deleteTicket(str);
            return true;
        }
        if (authentication.isEqualTo(authenticationFrom)) {
            LOGGER.debug("Resulting authentication matches the authentication from context");
            return false;
        }
        LOGGER.debug("Resulting authentication is different from the context");
        return true;
    }

    @Generated
    public DefaultSingleSignOnBuildingStrategy(TicketRegistrySupport ticketRegistrySupport, CentralAuthenticationService centralAuthenticationService) {
        this.ticketRegistrySupport = ticketRegistrySupport;
        this.centralAuthenticationService = centralAuthenticationService;
    }
}
