package com.supwisdom.institute.cas.site.services;

import com.alibaba.fastjson.JSONObject;
import com.supwisdom.institute.cas.site.config.ConfigManager;
import com.supwisdom.institute.cas.site.qr.code.QrCode;
import com.supwisdom.institute.cas.site.service.AccessPolicy;
import com.supwisdom.institute.cas.site.service.AccessPolicyManager;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import nl.bitwalker.useragentutils.DeviceType;
import nl.bitwalker.useragentutils.UserAgent;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecutionResult;
import org.apereo.cas.audit.BaseAuditableExecution;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.PrincipalException;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.services.UnauthorizedServiceForPrincipalException;
import org.apereo.cas.ticket.ServiceTicket;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.audit.annotation.Audit;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/supwisdom/institute/cas/site/services/CasServerRegisteredServiceAccessStrategyAuditableEnforcer.class */
public class CasServerRegisteredServiceAccessStrategyAuditableEnforcer extends BaseAuditableExecution {
    private static final Logger log = LoggerFactory.getLogger(CasServerRegisteredServiceAccessStrategyAuditableEnforcer.class);

    @Autowired
    private ConfigManager configManager;

    @Autowired
    private AccessPolicyManager casServerSaApiAccessPolicyManager;

    /* loaded from: input_file:com/supwisdom/institute/cas/site/services/CasServerRegisteredServiceAccessStrategyAuditableEnforcer$AccessGroup.class */
    public static class AccessGroup {
        private String id;
        private String name;

        public String getId() {
            return this.id;
        }

        public void setId(String str) {
            this.id = str;
        }

        public String getName() {
            return this.name;
        }

        public void setName(String str) {
            this.name = str;
        }

        public String toString() {
            return "CasServerRegisteredServiceAccessStrategyAuditableEnforcer.AccessGroup(id=" + getId() + ", name=" + getName() + ")";
        }
    }

    /* loaded from: input_file:com/supwisdom/institute/cas/site/services/CasServerRegisteredServiceAccessStrategyAuditableEnforcer$TimeRange.class */
    public static class TimeRange {
        private String beginDate;
        private String endDate;
        private boolean allDay;
        private String beginTime;
        private String endTime;
        private String days;

        public String getBeginDate() {
            return this.beginDate;
        }

        public void setBeginDate(String str) {
            this.beginDate = str;
        }

        public String getEndDate() {
            return this.endDate;
        }

        public void setEndDate(String str) {
            this.endDate = str;
        }

        public boolean isAllDay() {
            return this.allDay;
        }

        public void setAllDay(boolean z) {
            this.allDay = z;
        }

        public String getBeginTime() {
            return this.beginTime;
        }

        public void setBeginTime(String str) {
            this.beginTime = str;
        }

        public String getEndTime() {
            return this.endTime;
        }

        public void setEndTime(String str) {
            this.endTime = str;
        }

        public String getDays() {
            return this.days;
        }

        public void setDays(String str) {
            this.days = str;
        }

        public boolean isInRange(ZonedDateTime zonedDateTime) {
            return isAfterBeginTime() && isBeforeEndTime() && isOnDays();
        }

        private boolean isAfterBeginTime() {
            try {
                if (StringUtils.isBlank(this.beginDate)) {
                    return true;
                }
                ZonedDateTime now = ZonedDateTime.now();
                String substring = this.beginDate.substring(0, 10);
                String format = now.format(DateTimeFormatter.ISO_LOCAL_DATE);
                if (CasServerRegisteredServiceAccessStrategyAuditableEnforcer.log.isDebugEnabled()) {
                    CasServerRegisteredServiceAccessStrategyAuditableEnforcer.log.debug("nowDate [{}] compareTo beginDate [{}] is {}", new Object[]{format, substring, Integer.valueOf(format.compareTo(substring))});
                }
                if (format.compareTo(substring) < 0) {
                    return false;
                }
                if (this.allDay) {
                    return true;
                }
                String str = this.beginTime;
                if ("24:00".equals(this.beginTime)) {
                    str = "23:59";
                }
                String substring2 = now.format(DateTimeFormatter.ISO_LOCAL_TIME).substring(0, 5);
                if (CasServerRegisteredServiceAccessStrategyAuditableEnforcer.log.isDebugEnabled()) {
                    CasServerRegisteredServiceAccessStrategyAuditableEnforcer.log.debug("nowTime [{}] compareTo beginTime [{}] is {}", new Object[]{substring2, str, Integer.valueOf(substring2.compareTo(str))});
                }
                return substring2.compareTo(str) >= 0;
            } catch (Exception e) {
                e.printStackTrace();
                return false;
            }
        }

        private boolean isBeforeEndTime() {
            try {
                if (StringUtils.isBlank(this.endDate)) {
                    return true;
                }
                ZonedDateTime now = ZonedDateTime.now();
                String substring = this.endDate.substring(0, 10);
                String format = now.format(DateTimeFormatter.ISO_LOCAL_DATE);
                if (CasServerRegisteredServiceAccessStrategyAuditableEnforcer.log.isDebugEnabled()) {
                    CasServerRegisteredServiceAccessStrategyAuditableEnforcer.log.debug("nowDate [{}] compareTo endDate [{}] is {}", new Object[]{format, substring, Integer.valueOf(format.compareTo(substring))});
                }
                if (format.compareTo(substring) > 0) {
                    return false;
                }
                if (this.allDay) {
                    return true;
                }
                String str = this.endTime;
                if ("24:00".equals(this.endTime)) {
                    this.beginTime = "23:59";
                }
                String substring2 = now.format(DateTimeFormatter.ISO_LOCAL_TIME).substring(0, 5);
                if (CasServerRegisteredServiceAccessStrategyAuditableEnforcer.log.isDebugEnabled()) {
                    CasServerRegisteredServiceAccessStrategyAuditableEnforcer.log.debug("nowTime [{}] compareTo endTime [{}] is {}", new Object[]{substring2, str, Integer.valueOf(substring2.compareTo(str))});
                }
                return substring2.compareTo(str) <= 0;
            } catch (Exception e) {
                e.printStackTrace();
                return false;
            }
        }

        private boolean isOnDays() {
            String[] split;
            if (StringUtils.isBlank(this.days) || (split = this.days.split(",")) == null || split.length <= 0) {
                return true;
            }
            int value = ZonedDateTime.now().getDayOfWeek().getValue();
            if (value == 7) {
                value = 0;
            }
            for (String str : split) {
                if (String.valueOf(value).equals(str)) {
                    return true;
                }
            }
            return false;
        }

        public String toString() {
            return "CasServerRegisteredServiceAccessStrategyAuditableEnforcer.TimeRange(beginDate=" + getBeginDate() + ", endDate=" + getEndDate() + ", allDay=" + isAllDay() + ", beginTime=" + getBeginTime() + ", endTime=" + getEndTime() + ", days=" + getDays() + ")";
        }
    }

    void ensurePrincipalAccessIsAllowedForService(ServiceTicket serviceTicket, AuthenticationResult authenticationResult, RegisteredService registeredService, List<AccessPolicy> list, List<AccessPolicy> list2) throws UnauthorizedServiceException, PrincipalException {
        ensurePrincipalAccessIsAllowedForService(serviceTicket.getService(), registeredService, authenticationResult.getAuthentication(), list, list2);
    }

    void ensurePrincipalAccessIsAllowedForService(Service service, RegisteredService registeredService, Authentication authentication, List<AccessPolicy> list, List<AccessPolicy> list2) {
        ensurePrincipalAccessIsAllowedForService(service, registeredService, authentication, true, list, list2);
    }

    void ensurePrincipalAccessIsAllowedForService(Service service, RegisteredService registeredService, Authentication authentication, boolean z, List<AccessPolicy> list, List<AccessPolicy> list2) throws UnauthorizedServiceException, PrincipalException {
        ensureServiceAccessIsAllowed(service, registeredService);
        Principal principal = authentication.getPrincipal();
        LinkedHashMap linkedHashMap = new LinkedHashMap((!z || registeredService == null || registeredService.getAttributeReleasePolicy() == null) ? authentication.getPrincipal().getAttributes() : registeredService.getAttributeReleasePolicy().getAttributes(principal, service, registeredService));
        linkedHashMap.putAll(authentication.getAttributes());
        ensurePrincipalAccessIsAllowedForService(service, registeredService, principal.getId(), linkedHashMap, list, list2);
    }

    void ensurePrincipalAccessIsAllowedForService(Service service, RegisteredService registeredService, String str, Map<String, Object> map, List<AccessPolicy> list, List<AccessPolicy> list2) {
        ensureServiceAccessIsAllowed(service, registeredService);
        if (!registeredService.getAccessStrategy().doPrincipalAttributesAllowServiceAccess(str, map)) {
            HashMap hashMap = new HashMap();
            String format = String.format("Cannot grant service access to %s", str);
            hashMap.put(UnauthorizedServiceForPrincipalException.class.getSimpleName(), new UnauthorizedServiceForPrincipalException(format, registeredService, str, map));
            throw new PrincipalException(format, hashMap, new HashMap());
        }
        ZonedDateTime now = ZonedDateTime.now();
        ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
        Set<Object> collection = CollectionUtils.toCollection(map.get("groups"));
        String httpServletRequestUserAgentFromRequestContext = WebUtils.getHttpServletRequestUserAgentFromRequestContext();
        log.debug("ua is {}", httpServletRequestUserAgentFromRequestContext);
        UserAgent parseUserAgentString = StringUtils.isNotBlank(httpServletRequestUserAgentFromRequestContext) ? UserAgent.parseUserAgentString(httpServletRequestUserAgentFromRequestContext) : null;
        if (list != null && !list.isEmpty() && doRejectedAccessPoliciesRefusePrincipalAccess(str, collection, now, clientInfo, parseUserAgentString, list)) {
            HashMap hashMap2 = new HashMap();
            String format2 = String.format("Cannot grant service access to %s, Rejected Access Policy matched.", str);
            hashMap2.put(UnauthorizedServiceForPrincipalException.class.getSimpleName(), new UnauthorizedServiceForPrincipalException(format2, registeredService, str, map));
            throw new PrincipalException(format2, hashMap2, new HashMap());
        }
        if (list2 == null || list2.isEmpty() || doRequiredAccessPoliciesAllowPrincipalAccess(str, collection, now, clientInfo, parseUserAgentString, list2)) {
            return;
        }
        HashMap hashMap3 = new HashMap();
        String format3 = String.format("Cannot grant service access to %s, Required Access Policy not matched.", str);
        hashMap3.put(UnauthorizedServiceForPrincipalException.class.getSimpleName(), new UnauthorizedServiceForPrincipalException(format3, registeredService, str, map));
        throw new PrincipalException(format3, hashMap3, new HashMap());
    }

    boolean doRejectedAccessPoliciesRefusePrincipalAccess(String str, Set<Object> set, ZonedDateTime zonedDateTime, ClientInfo clientInfo, UserAgent userAgent, List<AccessPolicy> list) {
        if (list.isEmpty()) {
            return false;
        }
        for (AccessPolicy accessPolicy : list) {
            if (doMatchesUser(set, accessPolicy.getAccessUser()) && doMatchesTime(zonedDateTime, accessPolicy.getAccessTime()) && doMatchesIp(clientInfo.getClientIpAddress(), accessPolicy.getAccessIp()) && doMatchesAgent(userAgent, accessPolicy.getAccessAgent())) {
                return true;
            }
        }
        return false;
    }

    boolean doRequiredAccessPoliciesAllowPrincipalAccess(String str, Set<Object> set, ZonedDateTime zonedDateTime, ClientInfo clientInfo, UserAgent userAgent, List<AccessPolicy> list) {
        if (list.isEmpty()) {
            return true;
        }
        for (AccessPolicy accessPolicy : list) {
            if (doMatchesUser(set, accessPolicy.getAccessUser()) && doMatchesTime(zonedDateTime, accessPolicy.getAccessTime()) && doMatchesIp(clientInfo.getClientIpAddress(), accessPolicy.getAccessIp()) && doMatchesAgent(userAgent, accessPolicy.getAccessAgent())) {
                return true;
            }
        }
        return false;
    }

    private boolean doMatchesUser(Set<Object> set, JSONObject jSONObject) {
        if (jSONObject == null || jSONObject.isEmpty() || !jSONObject.containsKey("type")) {
            log.warn("accessUser not set, skip.");
            return true;
        }
        log.debug("accessUser is [{}]", jSONObject.toJSONString());
        int intValue = jSONObject.getIntValue("type");
        if (intValue == 0 || intValue == 1) {
            return true;
        }
        if (intValue != 2) {
            log.warn("accessUser type error. type is [{}]", Integer.valueOf(intValue));
            return false;
        }
        List javaList = jSONObject.containsKey("groups") ? jSONObject.getJSONArray("groups").toJavaList(AccessGroup.class) : null;
        if (javaList == null || javaList.isEmpty()) {
            log.warn("custom accessGroups not matched. accessGroups is empty.");
            return false;
        }
        HashSet hashSet = new HashSet();
        Iterator it = javaList.iterator();
        while (it.hasNext()) {
            hashSet.add("GROUP__" + ((AccessGroup) it.next()).getId() + "__");
        }
        Stream<R> map = set.stream().map((v0) -> {
            return v0.toString();
        });
        hashSet.getClass();
        if (map.anyMatch((v1) -> {
            return r1.contains(v1);
        })) {
            log.debug("custom accessGroups matched. principalGroups is [{}], accessGroupIds is [{}].", set, hashSet);
            return true;
        }
        log.warn("custom accessGroups not matched. principalGroups is [{}], accessGroups is [{}]", set, jSONObject.getJSONArray("groups").toJSONString());
        return false;
    }

    private boolean doMatchesTime(ZonedDateTime zonedDateTime, JSONObject jSONObject) {
        if (jSONObject == null || jSONObject.isEmpty() || !jSONObject.containsKey("type")) {
            log.warn("accessTime not set, skip.");
            return true;
        }
        log.debug("accessTime is [{}]", jSONObject.toJSONString());
        int intValue = jSONObject.getIntValue("type");
        if (intValue == 0 || intValue == 1) {
            return true;
        }
        if (intValue != 2) {
            log.warn("accessTime type error. type is [{}]", Integer.valueOf(intValue));
            return false;
        }
        List<TimeRange> javaList = jSONObject.containsKey("timeRanges") ? jSONObject.getJSONArray("timeRanges").toJavaList(TimeRange.class) : null;
        if (javaList == null || javaList.isEmpty()) {
            log.warn("custom timeRanges not matched. timeRanges is empty.");
            return false;
        }
        for (TimeRange timeRange : javaList) {
            if (timeRange.isInRange(zonedDateTime)) {
                log.debug("custom timeRanges matched. loginTime is [{}], timeRange is [{}].", zonedDateTime.toString(), timeRange.toString());
                return true;
            }
        }
        log.warn("custom timeRanges not matched. loginTime is [{}], timeRanges is [{}]", zonedDateTime.toString(), jSONObject.getJSONArray("timeRanges").toJSONString());
        return false;
    }

    private boolean doMatchesIp(String str, JSONObject jSONObject) {
        if (jSONObject == null || jSONObject.isEmpty() || !jSONObject.containsKey("type")) {
            log.warn("accessIp not set, skip.");
            return true;
        }
        log.debug("accessIp is [{}]", jSONObject.toJSONString());
        int intValue = jSONObject.getIntValue("type");
        if (intValue == 0 || intValue == 1) {
            return true;
        }
        if (intValue == 2) {
            String[] configValue = this.configManager.getConfigValue("global.config.internalNetworkSegment", new String[0]);
            if (configValue == null || configValue.length <= 0) {
                log.warn("internal ipRanges not matched. ipRanges is empty.");
                return false;
            }
            for (String str2 : configValue) {
                if (isInRange(str, str2)) {
                    log.debug("internal ipRanges matched. clientIpAddress is [{}], ipRange is [{}].", str, str2);
                    return true;
                }
            }
            log.warn("internal ipRanges not matched. clientIpAddress is [{}], ipRanges is [{}]", str, StringUtils.join(configValue, ","));
            return false;
        }
        if (intValue != 3) {
            log.warn("accessIp type error. type is [{}]", Integer.valueOf(intValue));
            return false;
        }
        List<String> javaList = jSONObject.containsKey("ipRanges") ? jSONObject.getJSONArray("ipRanges").toJavaList(String.class) : null;
        if (javaList == null || javaList.isEmpty()) {
            log.warn("custom ipRanges not matched. ipRanges is empty.");
            return false;
        }
        for (String str3 : javaList) {
            if (isInRange(str, str3)) {
                log.debug("custom ipRanges matched. clientIpAddress is [{}], ipRange is [{}].", str, str3);
                return true;
            }
        }
        log.warn("custom ipRanges not matched. clientIpAddress is [{}], ipRanges is [{}]", str, jSONObject.getJSONArray("ipRanges").toJSONString());
        return false;
    }

    private boolean doMatchesAgent(UserAgent userAgent, JSONObject jSONObject) {
        if (jSONObject == null || jSONObject.isEmpty() || !jSONObject.containsKey("type")) {
            log.warn("accessAgent not set, skip.");
            return true;
        }
        log.debug("accessAgent is [{}]", jSONObject.toJSONString());
        int intValue = jSONObject.getIntValue("type");
        if (intValue == 0 || intValue == 1) {
            return true;
        }
        if (intValue != 2) {
            log.warn("accessAgent type error. type is [{}]", Integer.valueOf(intValue));
            return true;
        }
        List javaList = jSONObject.containsKey("agentTypes") ? jSONObject.getJSONArray("agentTypes").toJavaList(String.class) : null;
        if (javaList == null || javaList.isEmpty()) {
            log.warn("custom agentTypes not matched. agentTypes is empty.");
            return false;
        }
        String str = (userAgent == null || userAgent.getOperatingSystem() == null) ? "UNKNOWN" : DeviceType.COMPUTER.equals(userAgent.getOperatingSystem().getDeviceType()) ? "PC" : DeviceType.TABLET.equals(userAgent.getOperatingSystem().getDeviceType()) ? "PAD" : DeviceType.MOBILE.equals(userAgent.getOperatingSystem().getDeviceType()) ? "MOBILE" : "UNKNOWN";
        if (javaList.contains(str)) {
            log.debug("custom agentTypes matched. agentType is [{}], agentTypes is [{}].", str, javaList);
            return true;
        }
        log.warn("custom agentTypes not matched. agentType is [{}], agentTypes is [{}]", str, jSONObject.getJSONArray("agentTypes").toJSONString());
        return false;
    }

    boolean isInRange(String str, String str2) {
        String[] split = str.split("\\.");
        int parseInt = (Integer.parseInt(split[0]) << 24) | (Integer.parseInt(split[1]) << 16) | (Integer.parseInt(split[2]) << 8) | Integer.parseInt(split[3]);
        int i = 32;
        if (str2.indexOf("/") > 0) {
            i = Integer.parseInt(str2.replaceAll(".*/", ""));
        }
        int i2 = (-1) << (32 - i);
        String[] split2 = str2.replaceAll("/.*", "").split("\\.");
        return (parseInt & i2) == (((((Integer.parseInt(split2[0]) << 24) | (Integer.parseInt(split2[1]) << 16)) | (Integer.parseInt(split2[2]) << 8)) | Integer.parseInt(split2[3])) & i2);
    }

    void ensurePrincipalAccessIsAllowedForService(Service service, RegisteredService registeredService, TicketGrantingTicket ticketGrantingTicket, boolean z, List<AccessPolicy> list, List<AccessPolicy> list2) throws UnauthorizedServiceException, PrincipalException {
        ensurePrincipalAccessIsAllowedForService(service, registeredService, ticketGrantingTicket.getRoot().getAuthentication(), z, list, list2);
    }

    public void ensureServiceAccessIsAllowed(RegisteredService registeredService) {
        ensureServiceAccessIsAllowed(registeredService != null ? registeredService.getName() : "", registeredService);
    }

    public void ensureServiceAccessIsAllowed(Service service, RegisteredService registeredService) {
        ensureServiceAccessIsAllowed(service.getId(), registeredService);
    }

    public void ensureServiceAccessIsAllowed(String str, RegisteredService registeredService) {
        if (registeredService == null) {
            throw new UnauthorizedServiceException("screen.service.error.message", String.format("Unauthorized Service Access. Service [%s] is not found in service registry.", str));
        }
        if (!registeredService.getAccessStrategy().isServiceAccessAllowed()) {
            throw new UnauthorizedServiceException("screen.service.error.message", String.format("Unauthorized Service Access. Service [%s] is not enabled in service registry.", str));
        }
    }

    @Audit(action = "SERVICE_ACCESS_ENFORCEMENT", actionResolverName = "SERVICE_ACCESS_ENFORCEMENT_ACTION_RESOLVER", resourceResolverName = "SERVICE_ACCESS_ENFORCEMENT_RESOURCE_RESOLVER")
    public AuditableExecutionResult execute(AuditableContext auditableContext) {
        Optional registeredService = auditableContext.getRegisteredService();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (registeredService.isPresent()) {
            Map properties = ((RegisteredService) registeredService.get()).getProperties();
            String str = null;
            if (properties != null && properties.containsKey("accessPolicyIds")) {
                str = ((RegisteredServiceProperty) properties.get("accessPolicyIds")).getValue();
            }
            if (str != null && !str.isEmpty()) {
                if (log.isDebugEnabled()) {
                    log.debug("registeredService [{}}, accessPolicyIds is [{}]", ((RegisteredService) registeredService.get()).getName(), str);
                }
                HashMap hashMap = new HashMap(this.casServerSaApiAccessPolicyManager.getAccessPolicies());
                for (String str2 : Arrays.asList(StringUtils.split(str, ","))) {
                    if (hashMap.containsKey(str2)) {
                        AccessPolicy accessPolicy = (AccessPolicy) hashMap.get(str2);
                        if (QrCode.QR_CODE_STATUS_INIT.equals(accessPolicy.getType())) {
                            arrayList.add(accessPolicy);
                        } else if (QrCode.QR_CODE_STATUS_CREATED.equals(accessPolicy.getType())) {
                            arrayList2.add(accessPolicy);
                        }
                    }
                }
            }
        }
        if (auditableContext.getServiceTicket().isPresent() && auditableContext.getAuthenticationResult().isPresent() && registeredService.isPresent()) {
            AuditableExecutionResult of = AuditableExecutionResult.of(auditableContext);
            try {
                ensurePrincipalAccessIsAllowedForService((ServiceTicket) auditableContext.getServiceTicket().get(), (AuthenticationResult) auditableContext.getAuthenticationResult().get(), (RegisteredService) registeredService.get(), arrayList, arrayList2);
            } catch (PrincipalException e) {
                of.setException(e);
            }
            return of;
        }
        Optional service = auditableContext.getService();
        Optional ticketGrantingTicket = auditableContext.getTicketGrantingTicket();
        if (service.isPresent() && registeredService.isPresent() && ticketGrantingTicket.isPresent()) {
            AuditableExecutionResult of2 = AuditableExecutionResult.of((Service) service.get(), (RegisteredService) registeredService.get(), (TicketGrantingTicket) ticketGrantingTicket.get());
            try {
                ensurePrincipalAccessIsAllowedForService((Service) service.get(), (RegisteredService) registeredService.get(), (TicketGrantingTicket) ticketGrantingTicket.get(), ((Boolean) auditableContext.getRetrievePrincipalAttributesFromReleasePolicy().orElse(Boolean.TRUE)).booleanValue(), arrayList, arrayList2);
            } catch (PrincipalException e2) {
                of2.setException(e2);
            }
            return of2;
        }
        if (service.isPresent() && registeredService.isPresent()) {
            AuditableExecutionResult of3 = AuditableExecutionResult.of((Service) service.get(), (RegisteredService) registeredService.get());
            try {
                ensureServiceAccessIsAllowed((Service) service.get(), (RegisteredService) registeredService.get());
            } catch (PrincipalException e3) {
                of3.setException(e3);
            }
            return of3;
        }
        if (!registeredService.isPresent()) {
            throw new UnauthorizedServiceException("screen.service.error.message", "Service unauthorized");
        }
        AuditableExecutionResult of4 = AuditableExecutionResult.of((RegisteredService) registeredService.get());
        try {
            ensureServiceAccessIsAllowed((RegisteredService) registeredService.get());
        } catch (PrincipalException e4) {
            of4.setException(e4);
        }
        return of4;
    }
}
