package com.supwisdom.institute.cas.site.services;

import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Optional;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecutionResult;
import org.apereo.cas.audit.BaseAuditableExecution;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.PrincipalException;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.services.UnauthorizedServiceForPrincipalException;
import org.apereo.cas.ticket.ServiceTicket;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.inspektr.audit.annotation.Audit;

/* loaded from: input_file:com/supwisdom/institute/cas/site/services/CasServerRegisteredServiceAccessStrategyAuditableEnforcer.class */
public class CasServerRegisteredServiceAccessStrategyAuditableEnforcer extends BaseAuditableExecution {
    static void ensurePrincipalAccessIsAllowedForService(ServiceTicket serviceTicket, AuthenticationResult authenticationResult, RegisteredService registeredService) throws UnauthorizedServiceException, PrincipalException {
        ensurePrincipalAccessIsAllowedForService(serviceTicket.getService(), registeredService, authenticationResult.getAuthentication());
    }

    static void ensurePrincipalAccessIsAllowedForService(Service service, RegisteredService registeredService, Authentication authentication) {
        ensurePrincipalAccessIsAllowedForService(service, registeredService, authentication, true);
    }

    static void ensurePrincipalAccessIsAllowedForService(Service service, RegisteredService registeredService, Authentication authentication, boolean z) throws UnauthorizedServiceException, PrincipalException {
        ensureServiceAccessIsAllowed(service, registeredService);
        Principal principal = authentication.getPrincipal();
        LinkedHashMap linkedHashMap = new LinkedHashMap((!z || registeredService == null || registeredService.getAttributeReleasePolicy() == null) ? authentication.getPrincipal().getAttributes() : registeredService.getAttributeReleasePolicy().getAttributes(principal, service, registeredService));
        linkedHashMap.putAll(authentication.getAttributes());
        ensurePrincipalAccessIsAllowedForService(service, registeredService, principal.getId(), linkedHashMap);
    }

    public static void ensureServiceAccessIsAllowed(Service service, RegisteredService registeredService) {
        ensureServiceAccessIsAllowed(service.getId(), registeredService);
    }

    public static void ensureServiceAccessIsAllowed(String str, RegisteredService registeredService) {
        if (registeredService == null) {
            throw new UnauthorizedServiceException("screen.service.error.message", String.format("Unauthorized Service Access. Service [%s] is not found in service registry.", str));
        }
        if (!registeredService.getAccessStrategy().isServiceAccessAllowed()) {
            throw new UnauthorizedServiceException("screen.service.error.message", String.format("Unauthorized Service Access. Service [%s] is not enabled in service registry.", str));
        }
    }

    static void ensurePrincipalAccessIsAllowedForService(Service service, RegisteredService registeredService, String str, Map<String, Object> map) {
        ensureServiceAccessIsAllowed(service, registeredService);
        if (registeredService.getAccessStrategy().doPrincipalAttributesAllowServiceAccess(str, map)) {
            return;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(UnauthorizedServiceForPrincipalException.class.getSimpleName(), new UnauthorizedServiceForPrincipalException(String.format("Cannot grant service access to %s", str), registeredService, str, map));
        throw new PrincipalException("screen.service.error.message", hashMap, new HashMap());
    }

    public static void ensureServiceAccessIsAllowed(RegisteredService registeredService) {
        ensureServiceAccessIsAllowed(registeredService != null ? registeredService.getName() : "", registeredService);
    }

    static void ensurePrincipalAccessIsAllowedForService(Service service, RegisteredService registeredService, TicketGrantingTicket ticketGrantingTicket, boolean z) throws UnauthorizedServiceException, PrincipalException {
        ensurePrincipalAccessIsAllowedForService(service, registeredService, ticketGrantingTicket.getRoot().getAuthentication(), z);
    }

    @Audit(action = "SERVICE_ACCESS_ENFORCEMENT", actionResolverName = "SERVICE_ACCESS_ENFORCEMENT_ACTION_RESOLVER", resourceResolverName = "SERVICE_ACCESS_ENFORCEMENT_RESOURCE_RESOLVER")
    public AuditableExecutionResult execute(AuditableContext auditableContext) {
        Optional registeredService = auditableContext.getRegisteredService();
        if (auditableContext.getServiceTicket().isPresent() && auditableContext.getAuthenticationResult().isPresent() && registeredService.isPresent()) {
            AuditableExecutionResult of = AuditableExecutionResult.of(auditableContext);
            try {
                ensurePrincipalAccessIsAllowedForService((ServiceTicket) auditableContext.getServiceTicket().get(), (AuthenticationResult) auditableContext.getAuthenticationResult().get(), (RegisteredService) registeredService.get());
            } catch (PrincipalException e) {
                of.setException(e);
            }
            return of;
        }
        Optional service = auditableContext.getService();
        Optional ticketGrantingTicket = auditableContext.getTicketGrantingTicket();
        if (service.isPresent() && registeredService.isPresent() && ticketGrantingTicket.isPresent()) {
            AuditableExecutionResult of2 = AuditableExecutionResult.of((Service) service.get(), (RegisteredService) registeredService.get(), (TicketGrantingTicket) ticketGrantingTicket.get());
            try {
                ensurePrincipalAccessIsAllowedForService((Service) service.get(), (RegisteredService) registeredService.get(), (TicketGrantingTicket) ticketGrantingTicket.get(), ((Boolean) auditableContext.getRetrievePrincipalAttributesFromReleasePolicy().orElse(Boolean.TRUE)).booleanValue());
            } catch (PrincipalException e2) {
                of2.setException(e2);
            }
            return of2;
        }
        if (service.isPresent() && registeredService.isPresent()) {
            AuditableExecutionResult of3 = AuditableExecutionResult.of((Service) service.get(), (RegisteredService) registeredService.get());
            try {
                ensureServiceAccessIsAllowed((Service) service.get(), (RegisteredService) registeredService.get());
            } catch (PrincipalException e3) {
                of3.setException(e3);
            }
            return of3;
        }
        if (!registeredService.isPresent()) {
            throw new UnauthorizedServiceException("screen.service.error.message", "Service unauthorized");
        }
        AuditableExecutionResult of4 = AuditableExecutionResult.of((RegisteredService) registeredService.get());
        try {
            ensureServiceAccessIsAllowed((RegisteredService) registeredService.get());
        } catch (PrincipalException e4) {
            of4.setException(e4);
        }
        return of4;
    }
}
