package org.apereo.cas;

import java.io.Serializable;
import java.util.Collection;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import lombok.Generated;
import lombok.NonNull;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.ContextualAuthenticationPolicy;
import org.apereo.cas.authentication.ContextualAuthenticationPolicyFactory;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.logout.LogoutManager;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServiceContext;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedProxyingException;
import org.apereo.cas.ticket.AbstractTicketException;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.UnsatisfiedAuthenticationPolicyException;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/apereo/cas/AbstractCentralAuthenticationService.class */
public abstract class AbstractCentralAuthenticationService implements CentralAuthenticationService, Serializable, ApplicationEventPublisherAware {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractCentralAuthenticationService.class);

    @Generated
    private final Object $lock = new Object[0];
    private static final long serialVersionUID = -7572316677901391166L;
    protected ApplicationEventPublisher applicationEventPublisher;
    protected final TicketRegistry ticketRegistry;
    protected final ServicesManager servicesManager;
    protected final LogoutManager logoutManager;
    protected final TicketFactory ticketFactory;
    protected final AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies;
    protected final ContextualAuthenticationPolicyFactory<ServiceContext> serviceContextAuthenticationPolicyFactory;
    protected final PrincipalFactory principalFactory;
    protected final CipherExecutor<String, String> cipherExecutor;
    protected final AuditableExecution registeredServiceAccessStrategyEnforcer;

    /* JADX INFO: Access modifiers changed from: protected */
    public void doPublishEvent(ApplicationEvent applicationEvent) {
        if (this.applicationEventPublisher != null) {
            LOGGER.trace("Publishing [{}]", applicationEvent);
            this.applicationEventPublisher.publishEvent(applicationEvent);
        }
    }

    @Transactional(transactionManager = "ticketTransactionManager", noRollbackFor = {InvalidTicketException.class})
    public Ticket getTicket(@NonNull String str) throws InvalidTicketException {
        if (str == null) {
            throw new NullPointerException("ticketId is marked @NonNull but is null");
        }
        Ticket ticket = this.ticketRegistry.getTicket(str);
        verifyTicketState(ticket, str, null);
        return ticket;
    }

    @Transactional(transactionManager = "ticketTransactionManager", noRollbackFor = {InvalidTicketException.class})
    public <T extends Ticket> T getTicket(@NonNull String str, Class<T> cls) throws InvalidTicketException {
        if (str == null) {
            throw new NullPointerException("ticketId is marked @NonNull but is null");
        }
        T t = (T) this.ticketRegistry.getTicket(str, cls);
        verifyTicketState(t, str, cls);
        return t;
    }

    @Transactional(transactionManager = "ticketTransactionManager")
    public Collection<Ticket> getTickets(Predicate<Ticket> predicate) {
        return (Collection) this.ticketRegistry.getTickets().stream().filter(predicate).collect(Collectors.toSet());
    }

    @Transactional(transactionManager = "ticketTransactionManager")
    public void deleteTicket(String str) {
        this.ticketRegistry.deleteTicket(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Authentication getAuthenticationSatisfiedByPolicy(Authentication authentication, ServiceContext serviceContext) throws AbstractTicketException {
        ContextualAuthenticationPolicy createPolicy = this.serviceContextAuthenticationPolicyFactory.createPolicy(serviceContext);
        try {
            if (createPolicy.isSatisfiedBy(authentication)) {
                return authentication;
            }
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
        }
        throw new UnsatisfiedAuthenticationPolicyException(createPolicy);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void evaluateProxiedServiceIfNeeded(Service service, TicketGrantingTicket ticketGrantingTicket, RegisteredService registeredService) {
        Service proxiedBy = ticketGrantingTicket.getProxiedBy();
        if (proxiedBy == null) {
            LOGGER.trace("TGT is not proxied by another service");
            return;
        }
        LOGGER.debug("TGT is proxied by [{}]. Locating proxy service in registry...", proxiedBy.getId());
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(proxiedBy);
        if (findServiceBy == null) {
            LOGGER.warn("No proxying service found. Proxy attempt by service [{}] (registered service [{}]) is not allowed.", service.getId(), Long.valueOf(registeredService.getId()));
            throw new UnauthorizedProxyingException("Proxying is not allowed for registered service " + registeredService.getId());
        }
        LOGGER.debug("Located proxying service [{}] in the service registry", findServiceBy);
        if (findServiceBy.getProxyPolicy().isAllowedToProxy()) {
            return;
        }
        LOGGER.warn("Found proxying service [{}], but it is not authorized to fulfill the proxy attempt made by [{}]", Long.valueOf(findServiceBy.getId()), service.getId());
        throw new UnauthorizedProxyingException("Proxying is not allowed for registered service " + registeredService.getId());
    }

    protected void verifyTicketState(Ticket ticket, String str, Class cls) {
        synchronized (this.$lock) {
            if (ticket == null) {
                LOGGER.debug("Ticket [{}] by type [{}] cannot be found in the ticket registry.", str, cls != null ? cls.getSimpleName() : "unspecified");
                throw new InvalidTicketException(str);
            }
            if (ticket.isExpired()) {
                deleteTicket(str);
                LOGGER.debug("Ticket [{}] has expired and is now deleted from the ticket registry.", ticket);
                throw new InvalidTicketException(str);
            }
        }
    }

    public Ticket updateTicket(Ticket ticket) {
        this.ticketRegistry.updateTicket(ticket);
        return ticket;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Service resolveServiceFromAuthenticationRequest(Service service) {
        return this.authenticationRequestServiceSelectionStrategies.resolveService(service);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isTicketAuthenticityVerified(String str) {
        if (this.cipherExecutor == null) {
            return !StringUtils.isEmpty(str);
        }
        LOGGER.debug("Attempting to decode service ticket [{}] to verify authenticity", str);
        return !StringUtils.isEmpty(this.cipherExecutor.decode(str));
    }

    @Generated
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.applicationEventPublisher = applicationEventPublisher;
    }

    @Generated
    public AbstractCentralAuthenticationService(ApplicationEventPublisher applicationEventPublisher, TicketRegistry ticketRegistry, ServicesManager servicesManager, LogoutManager logoutManager, TicketFactory ticketFactory, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, ContextualAuthenticationPolicyFactory<ServiceContext> contextualAuthenticationPolicyFactory, PrincipalFactory principalFactory, CipherExecutor<String, String> cipherExecutor, AuditableExecution auditableExecution) {
        this.applicationEventPublisher = applicationEventPublisher;
        this.ticketRegistry = ticketRegistry;
        this.servicesManager = servicesManager;
        this.logoutManager = logoutManager;
        this.ticketFactory = ticketFactory;
        this.authenticationRequestServiceSelectionStrategies = authenticationServiceSelectionPlan;
        this.serviceContextAuthenticationPolicyFactory = contextualAuthenticationPolicyFactory;
        this.principalFactory = principalFactory;
        this.cipherExecutor = cipherExecutor;
        this.registeredServiceAccessStrategyEnforcer = auditableExecution;
    }
}
