package org.apereo.cas.authentication.policy;

import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import lombok.Generated;
import org.apereo.cas.CasViewConstants;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationPolicyExecutionResult;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.scripting.ScriptingUtils;
import org.apereo.cas.util.scripting.WatchableGroovyScriptResource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.data.annotation.Transient;

@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-api-6.5.4.jar:org/apereo/cas/authentication/policy/GroovyScriptAuthenticationPolicy.class */
public class GroovyScriptAuthenticationPolicy extends BaseAuthenticationPolicy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) GroovyScriptAuthenticationPolicy.class);
    private static final long serialVersionUID = 6948477763790549040L;
    private String script;

    @Transient
    @JsonIgnore
    @javax.persistence.Transient
    private transient WatchableGroovyScriptResource executableScript;

    public GroovyScriptAuthenticationPolicy(String str) {
        this.script = str;
    }

    @Override // org.apereo.cas.authentication.AuthenticationPolicy
    public AuthenticationPolicyExecutionResult isSatisfiedBy(Authentication authentication, Set<AuthenticationHandler> set, ConfigurableApplicationContext configurableApplicationContext, Optional<Serializable> optional) throws Exception {
        initializeWatchableScriptIfNeeded();
        Optional<Exception> scriptExecutionResult = getScriptExecutionResult(authentication);
        if (scriptExecutionResult == null || !scriptExecutionResult.isPresent()) {
            return AuthenticationPolicyExecutionResult.success();
        }
        throw new GeneralSecurityException(scriptExecutionResult.get());
    }

    @Override // org.apereo.cas.authentication.AuthenticationPolicy
    public boolean shouldResumeOnFailure(Throwable th) {
        initializeWatchableScriptIfNeeded();
        Map<String, Object> wrap = CollectionUtils.wrap("failure", th, "logger", LOGGER);
        this.executableScript.setBinding(wrap);
        return ((Boolean) this.executableScript.execute("shouldResumeOnFailure", Boolean.class, wrap.values().toArray())).booleanValue();
    }

    private void initializeWatchableScriptIfNeeded() {
        if (this.executableScript == null) {
            if (!ScriptingUtils.getMatcherForExternalGroovyScript(this.script).find()) {
                throw new IllegalArgumentException("Unable to locate groovy script file at " + this.script);
            }
            this.executableScript = new WatchableGroovyScriptResource(ResourceUtils.getRawResourceFrom(this.script));
        }
    }

    private Optional<Exception> getScriptExecutionResult(Authentication authentication) {
        Map<String, Object> wrap = CollectionUtils.wrap(CasViewConstants.MODEL_ATTRIBUTE_NAME_PRINCIPAL, authentication.getPrincipal(), "logger", LOGGER);
        this.executableScript.setBinding(wrap);
        return (Optional) this.executableScript.execute(wrap.values().toArray(), Optional.class);
    }

    @Generated
    public GroovyScriptAuthenticationPolicy() {
    }

    @Override // org.apereo.cas.authentication.policy.BaseAuthenticationPolicy
    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof GroovyScriptAuthenticationPolicy)) {
            return false;
        }
        GroovyScriptAuthenticationPolicy groovyScriptAuthenticationPolicy = (GroovyScriptAuthenticationPolicy) obj;
        if (!groovyScriptAuthenticationPolicy.canEqual(this) || !super.equals(obj)) {
            return false;
        }
        String str = this.script;
        String str2 = groovyScriptAuthenticationPolicy.script;
        return str == null ? str2 == null : str.equals(str2);
    }

    @Override // org.apereo.cas.authentication.policy.BaseAuthenticationPolicy
    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof GroovyScriptAuthenticationPolicy;
    }

    @Override // org.apereo.cas.authentication.policy.BaseAuthenticationPolicy
    @Generated
    public int hashCode() {
        int hashCode = super.hashCode();
        String str = this.script;
        return (hashCode * 59) + (str == null ? 43 : str.hashCode());
    }

    @Generated
    public void setScript(String str) {
        this.script = str;
    }

    @JsonIgnore
    @Generated
    public void setExecutableScript(WatchableGroovyScriptResource watchableGroovyScriptResource) {
        this.executableScript = watchableGroovyScriptResource;
    }

    @Generated
    public String getScript() {
        return this.script;
    }

    @Generated
    public WatchableGroovyScriptResource getExecutableScript() {
        return this.executableScript;
    }

    @Generated
    public GroovyScriptAuthenticationPolicy(String str, WatchableGroovyScriptResource watchableGroovyScriptResource) {
        this.script = str;
        this.executableScript = watchableGroovyScriptResource;
    }
}
