package org.apereo.cas.services;

import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecutionResult;
import org.apereo.cas.audit.BaseAuditableExecution;
import org.apereo.cas.authentication.PrincipalException;
import org.apereo.inspektr.audit.annotation.Audit;

/* loaded from: input_file:BOOT-INF/lib/cas-server-core-services-api-5.3.0-RC3.jar:org/apereo/cas/services/RegisteredServiceAccessStrategyAuditableEnforcer.class */
public class RegisteredServiceAccessStrategyAuditableEnforcer extends BaseAuditableExecution {
    @Override // org.apereo.cas.audit.BaseAuditableExecution, org.apereo.cas.audit.AuditableExecution
    @Audit(action = "SERVICE_ACCESS_ENFORCEMENT", actionResolverName = "SERVICE_ACCESS_ENFORCEMENT_ACTION_RESOLVER", resourceResolverName = "SERVICE_ACCESS_ENFORCEMENT_RESOURCE_RESOLVER")
    public AuditableExecutionResult execute(AuditableContext auditableContext) {
        if (auditableContext.getServiceTicket().isPresent() && auditableContext.getAuthenticationResult().isPresent() && auditableContext.getRegisteredService().isPresent()) {
            AuditableExecutionResult of = AuditableExecutionResult.of(auditableContext);
            try {
                RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(auditableContext.getServiceTicket().get(), auditableContext.getAuthenticationResult().get(), auditableContext.getRegisteredService().get());
            } catch (PrincipalException e) {
                of.setException(e);
            }
            return of;
        }
        if (auditableContext.getService().isPresent() && auditableContext.getRegisteredService().isPresent() && auditableContext.getTicketGrantingTicket().isPresent()) {
            AuditableExecutionResult of2 = AuditableExecutionResult.of(auditableContext.getService().get(), auditableContext.getRegisteredService().get(), auditableContext.getTicketGrantingTicket().get());
            try {
                RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(auditableContext.getService().get(), auditableContext.getRegisteredService().get(), auditableContext.getTicketGrantingTicket().get(), auditableContext.getRetrievePrincipalAttributesFromReleasePolicy().orElse(Boolean.TRUE).booleanValue());
            } catch (PrincipalException e2) {
                of2.setException(e2);
            }
            return of2;
        }
        if (!auditableContext.getService().isPresent() || !auditableContext.getRegisteredService().isPresent() || !auditableContext.getAuthentication().isPresent()) {
            throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Service unauthorized");
        }
        AuditableExecutionResult of3 = AuditableExecutionResult.of(auditableContext.getAuthentication().get(), auditableContext.getService().get(), auditableContext.getRegisteredService().get());
        try {
            RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(auditableContext.getService().get(), auditableContext.getRegisteredService().get(), auditableContext.getAuthentication().get(), auditableContext.getRetrievePrincipalAttributesFromReleasePolicy().orElse(Boolean.TRUE).booleanValue());
        } catch (PrincipalException e3) {
            of3.setException(e3);
        }
        return of3;
    }
}
