package org.apereo.cas.web.flow;

import java.util.Optional;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationCredentialsThreadLocalBinder;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.configuration.model.core.sso.SingleSignOnProperties;
import org.apereo.cas.services.RegisteredServiceSingleSignOnParticipationPolicy;
import org.apereo.cas.services.RegisteredServiceTicketGrantingTicketExpirationPolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.WebBasedRegisteredService;
import org.apereo.cas.ticket.AuthenticationAwareTicket;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.TicketGrantingTicketAwareTicket;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.model.TriStateBoolean;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-api-6.6.12.jar:org/apereo/cas/web/flow/DefaultSingleSignOnParticipationStrategy.class */
public class DefaultSingleSignOnParticipationStrategy extends BaseSingleSignOnParticipationStrategy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultSingleSignOnParticipationStrategy.class);
    private final SingleSignOnProperties properties;
    private int order;

    public DefaultSingleSignOnParticipationStrategy(ServicesManager servicesManager, SingleSignOnProperties singleSignOnProperties, TicketRegistrySupport ticketRegistrySupport, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan) {
        super(servicesManager, ticketRegistrySupport, authenticationServiceSelectionPlan);
        this.order = Integer.MAX_VALUE;
        this.properties = singleSignOnProperties;
    }

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy
    public boolean isParticipating(SingleSignOnParticipationRequest singleSignOnParticipationRequest) {
        if (this.properties.isRenewAuthnEnabled() && singleSignOnParticipationRequest.isRequestingRenewAuthentication()) {
            LOGGER.debug("The authentication session is considered renewed.");
            return false;
        }
        WebBasedRegisteredService webBasedRegisteredService = (WebBasedRegisteredService) getRegisteredService(singleSignOnParticipationRequest);
        if (webBasedRegisteredService == null) {
            return this.properties.isSsoEnabled();
        }
        Authentication authenticationFrom = getAuthenticationFrom(singleSignOnParticipationRequest);
        Authentication currentAuthentication = AuthenticationCredentialsThreadLocalBinder.getCurrentAuthentication();
        try {
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(authenticationFrom);
            boolean isServiceAccessAllowedForSso = webBasedRegisteredService.getAccessStrategy().isServiceAccessAllowedForSso();
            LOGGER.trace("Located [{}] in registry. Service access to participate in SSO is set to [{}]", webBasedRegisteredService.getServiceId(), Boolean.valueOf(isServiceAccessAllowedForSso));
            if (!isServiceAccessAllowedForSso) {
                LOGGER.debug("Service [{}] is not authorized to participate in SSO", webBasedRegisteredService.getServiceId());
                AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
                return false;
            }
            RegisteredServiceSingleSignOnParticipationPolicy singleSignOnParticipationPolicy = webBasedRegisteredService.getSingleSignOnParticipationPolicy();
            if (singleSignOnParticipationPolicy != null) {
                Optional<Ticket> ticketState = getTicketState(singleSignOnParticipationRequest);
                if (ticketState.isPresent()) {
                    boolean shouldParticipateInSso = singleSignOnParticipationPolicy.shouldParticipateInSso(webBasedRegisteredService, (AuthenticationAwareTicket) ticketState.get());
                    AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
                    return shouldParticipateInSso;
                }
            }
            RegisteredServiceTicketGrantingTicketExpirationPolicy ticketGrantingTicketExpirationPolicy = webBasedRegisteredService.getTicketGrantingTicketExpirationPolicy();
            if (ticketGrantingTicketExpirationPolicy == null) {
                AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
                return this.properties.isSsoEnabled();
            }
            Optional<Ticket> ticketState2 = getTicketState(singleSignOnParticipationRequest);
            boolean booleanValue = ((Boolean) ticketGrantingTicketExpirationPolicy.toExpirationPolicy().filter(expirationPolicy -> {
                return ticketState2.isPresent();
            }).map(expirationPolicy2 -> {
                return Boolean.valueOf(!expirationPolicy2.isExpired((TicketGrantingTicketAwareTicket) ticketState2.get()));
            }).orElse(Boolean.TRUE)).booleanValue();
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
            return booleanValue;
        } catch (Throwable th) {
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
            throw th;
        }
    }

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy
    public TriStateBoolean isCreateCookieOnRenewedAuthentication(SingleSignOnParticipationRequest singleSignOnParticipationRequest) {
        RegisteredServiceSingleSignOnParticipationPolicy singleSignOnParticipationPolicy;
        WebBasedRegisteredService webBasedRegisteredService = (WebBasedRegisteredService) getRegisteredService(singleSignOnParticipationRequest);
        return (webBasedRegisteredService == null || (singleSignOnParticipationPolicy = webBasedRegisteredService.getSingleSignOnParticipationPolicy()) == null) ? TriStateBoolean.fromBoolean(this.properties.isCreateSsoCookieOnRenewAuthn()) : singleSignOnParticipationPolicy.getCreateCookieOnRenewedAuthentication();
    }

    @Generated
    public SingleSignOnProperties getProperties() {
        return this.properties;
    }

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy, org.springframework.core.Ordered
    @Generated
    public int getOrder() {
        return this.order;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }
}
