package org.apereo.cas.services;

import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/services/SurrogateRegisteredServiceAccessStrategy.class */
public class SurrogateRegisteredServiceAccessStrategy extends DefaultRegisteredServiceAccessStrategy {
    private static final long serialVersionUID = -1688944419711632962L;
    private static final Logger LOGGER = LoggerFactory.getLogger(SurrogateRegisteredServiceAccessStrategy.class);
    private boolean surrogateEnabled;
    private Map<String, Set<String>> surrogateRequiredAttributes = new HashMap();

    public boolean isSurrogateEnabled() {
        return this.surrogateEnabled;
    }

    public void setSurrogateEnabled(boolean z) {
        this.surrogateEnabled = z;
    }

    public Map<String, Set<String>> getSurrogateRequiredAttributes() {
        return this.surrogateRequiredAttributes;
    }

    public void setSurrogateRequiredAttributes(Map<String, Set<String>> map) {
        this.surrogateRequiredAttributes = map;
    }

    public boolean doPrincipalAttributesAllowServiceAccess(String str, Map<String, Object> map) {
        if (!isSurrogateAuthenticationSession(map)) {
            return super.doPrincipalAttributesAllowServiceAccess(str, map);
        }
        if (isSurrogateEnabled()) {
            return doPrincipalAttributesAllowSurrogateServiceAccess(map);
        }
        return false;
    }

    protected boolean doPrincipalAttributesAllowSurrogateServiceAccess(Map<String, Object> map) {
        if (!enoughRequiredAttributesAvailableToProcess(map, this.surrogateRequiredAttributes)) {
            LOGGER.debug("Surrogate access is denied. There are not enough attributes available to satisfy requirements");
            return false;
        }
        if (doRequiredAttributesAllowPrincipalAccess(map, this.surrogateRequiredAttributes)) {
            return true;
        }
        LOGGER.debug("Surrogate access is denied. The principal does not have the required attributes specified by this strategy");
        return false;
    }

    protected boolean isSurrogateAuthenticationSession(Map<String, Object> map) {
        return map.containsKey(SurrogateAuthenticationService.AUTHENTICATION_ATTR_SURROGATE_ENABLED);
    }
}
