package org.apereo.cas.web.flow;

import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationCredentialsThreadLocalBinder;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategy;
import org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.AuthenticationAwareTicket;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-pac4j-core-6.6.10.jar:org/apereo/cas/web/flow/DelegatedAuthenticationSingleSignOnParticipationStrategy.class */
public class DelegatedAuthenticationSingleSignOnParticipationStrategy extends BaseSingleSignOnParticipationStrategy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DelegatedAuthenticationSingleSignOnParticipationStrategy.class);

    public DelegatedAuthenticationSingleSignOnParticipationStrategy(ServicesManager servicesManager, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, TicketRegistrySupport ticketRegistrySupport) {
        super(servicesManager, ticketRegistrySupport, authenticationServiceSelectionPlan);
    }

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy
    public boolean isParticipating(SingleSignOnParticipationRequest singleSignOnParticipationRequest) {
        RegisteredServiceAccessStrategy accessStrategy;
        RegisteredService registeredService = getRegisteredService(singleSignOnParticipationRequest);
        if (registeredService == null || (accessStrategy = registeredService.getAccessStrategy()) == null || accessStrategy.getDelegatedAuthenticationPolicy() == null || getTicketGrantingTicketId(singleSignOnParticipationRequest).isEmpty()) {
            return true;
        }
        Authentication currentAuthentication = AuthenticationCredentialsThreadLocalBinder.getCurrentAuthentication();
        try {
            Optional<Ticket> ticketState = getTicketState(singleSignOnParticipationRequest);
            Class<AuthenticationAwareTicket> cls = AuthenticationAwareTicket.class;
            Objects.requireNonNull(AuthenticationAwareTicket.class);
            Authentication authentication = (Authentication) ticketState.map((v1) -> {
                return r1.cast(v1);
            }).map((v0) -> {
                return v0.getAuthentication();
            }).orElseThrow();
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication);
            RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthenticationPolicy = accessStrategy.getDelegatedAuthenticationPolicy();
            Map<String, List<Object>> attributes = authentication.getAttributes();
            if (!attributes.containsKey("clientName")) {
                boolean z = !delegatedAuthenticationPolicy.isProviderRequired();
                AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
                return z;
            }
            Optional<Object> firstElement = CollectionUtils.firstElement(attributes.get("clientName"));
            if (!firstElement.isPresent()) {
                return false;
            }
            String obj = firstElement.get().toString();
            LOGGER.debug("Evaluating delegated access strategy for client [{}] and service [{}]", obj, registeredService);
            boolean isProviderAllowed = delegatedAuthenticationPolicy.isProviderAllowed(obj, registeredService);
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
            return isProviderAllowed;
        } finally {
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
        }
    }

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy
    public boolean supports(SingleSignOnParticipationRequest singleSignOnParticipationRequest) {
        RegisteredServiceAccessStrategy accessStrategy;
        RegisteredService registeredService = getRegisteredService(singleSignOnParticipationRequest);
        return (registeredService == null || (accessStrategy = registeredService.getAccessStrategy()) == null || accessStrategy.getDelegatedAuthenticationPolicy() == null) ? false : true;
    }

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy, org.springframework.core.Ordered
    public int getOrder() {
        return 0;
    }
}
