package org.apereo.cas.web.flow;

import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationResultBuilder;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.ticket.AbstractTicketException;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-pac4j-core-6.6.0.jar:org/apereo/cas/web/flow/DelegatedAuthenticationSingleSignOnEvaluator.class */
public class DelegatedAuthenticationSingleSignOnEvaluator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DelegatedAuthenticationSingleSignOnEvaluator.class);
    private final DelegatedClientAuthenticationConfigurationContext configurationContext;

    /* JADX WARN: Type inference failed for: r0v12, types: [org.apereo.cas.web.flow.SingleSignOnParticipationRequest$SingleSignOnParticipationRequestBuilder] */
    public boolean singleSignOnSessionAuthorizedForService(RequestContext requestContext) {
        Service resolveServiceFromRequestContext = resolveServiceFromRequestContext(requestContext);
        Boolean bool = (Boolean) getSingleSignOnAuthenticationFrom(requestContext).map(authentication -> {
            return Boolean.valueOf(this.configurationContext.getDelegatedClientIdentityProviderAuthorizers().stream().allMatch(delegatedClientIdentityProviderAuthorizer -> {
                return delegatedClientIdentityProviderAuthorizer.isDelegatedClientAuthorizedForAuthentication(authentication, resolveServiceFromRequestContext, requestContext);
            }));
        }).orElse(Boolean.FALSE);
        SingleSignOnParticipationStrategy singleSignOnParticipationStrategy = this.configurationContext.getSingleSignOnParticipationStrategy();
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().requestContext(requestContext).build();
        return bool.booleanValue() && singleSignOnParticipationStrategy.supports(build) && singleSignOnParticipationStrategy.isParticipating(build);
    }

    public Service resolveServiceFromRequestContext(RequestContext requestContext) {
        return this.configurationContext.getAuthenticationRequestServiceSelectionStrategies().resolveService(WebUtils.getService(requestContext));
    }

    private Optional<Authentication> getSingleSignOnAuthenticationFrom(RequestContext requestContext) {
        String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
        if (StringUtils.isBlank(ticketGrantingTicketId)) {
            LOGGER.trace("No ticket-granting ticket could be located in the webflow context");
            return Optional.empty();
        }
        TicketGrantingTicket ticketGrantingTicket = (TicketGrantingTicket) this.configurationContext.getTicketRegistry().getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
        LOGGER.trace("Located a valid ticket-granting ticket");
        return Optional.of(ticketGrantingTicket.getAuthentication());
    }

    /* JADX WARN: Type inference failed for: r0v22, types: [org.apereo.cas.web.flow.SingleSignOnParticipationRequest$SingleSignOnParticipationRequestBuilder] */
    public boolean singleSignOnSessionExists(RequestContext requestContext) {
        try {
            Optional<Authentication> singleSignOnAuthenticationFrom = getSingleSignOnAuthenticationFrom(requestContext);
            if (singleSignOnAuthenticationFrom.isPresent()) {
                LOGGER.trace("Located a valid ticket-granting ticket. Examining existing single sign-on session strategies...");
                Authentication authentication = singleSignOnAuthenticationFrom.get();
                AuthenticationResultBuilder establishAuthenticationContextFromInitial = this.configurationContext.getAuthenticationSystemSupport().establishAuthenticationContextFromInitial(authentication);
                LOGGER.trace("Recording and tracking initial authentication results in the request context");
                WebUtils.putAuthenticationResultBuilder(establishAuthenticationContextFromInitial, requestContext);
                WebUtils.putAuthentication(authentication, requestContext);
                SingleSignOnParticipationStrategy singleSignOnParticipationStrategy = this.configurationContext.getSingleSignOnParticipationStrategy();
                SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().requestContext(requestContext).build();
                if (singleSignOnParticipationStrategy.supports(build)) {
                    if (singleSignOnParticipationStrategy.isParticipating(build)) {
                        return true;
                    }
                }
                return false;
            }
        } catch (AbstractTicketException e) {
            LOGGER.trace("Could not retrieve ticket id [{}] from registry.", e.getMessage());
        }
        LOGGER.trace("Ticket-granting ticket found in the webflow context is invalid or has expired");
        return false;
    }

    @Generated
    public DelegatedAuthenticationSingleSignOnEvaluator(DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext) {
        this.configurationContext = delegatedClientAuthenticationConfigurationContext;
    }

    @Generated
    public DelegatedClientAuthenticationConfigurationContext getConfigurationContext() {
        return this.configurationContext;
    }
}
