package org.jasig.cas.services;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.net.URI;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-4.1.3.jar:org/jasig/cas/services/DefaultRegisteredServiceAccessStrategy.class */
public class DefaultRegisteredServiceAccessStrategy implements RegisteredServiceAccessStrategy {
    private static final long serialVersionUID = 1245279151345635245L;
    private final Logger logger;
    private boolean enabled;
    private boolean ssoEnabled;
    private String startingDateTime;
    private String endingDateTime;
    private URI unauthorizedRedirectUrl;
    private boolean requireAllAttributes;
    private Map<String, Set<String>> requiredAttributes;

    public DefaultRegisteredServiceAccessStrategy() {
        this(true, true);
    }

    public DefaultRegisteredServiceAccessStrategy(boolean z, boolean z2) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.enabled = true;
        this.ssoEnabled = true;
        this.requireAllAttributes = true;
        this.requiredAttributes = new HashMap();
        this.enabled = z;
        this.ssoEnabled = z2;
    }

    public final void setEnabled(boolean z) {
        this.enabled = z;
    }

    public final void setSsoEnabled(boolean z) {
        this.ssoEnabled = z;
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public boolean isSsoEnabled() {
        return this.ssoEnabled;
    }

    public final void setRequireAllAttributes(boolean z) {
        this.requireAllAttributes = z;
    }

    public final boolean isRequireAllAttributes() {
        return this.requireAllAttributes;
    }

    public Map<String, Set<String>> getRequiredAttributes() {
        return new HashMap(this.requiredAttributes);
    }

    public String getStartingDateTime() {
        return this.startingDateTime;
    }

    public String getEndingDateTime() {
        return this.endingDateTime;
    }

    public void setStartingDateTime(String str) {
        this.startingDateTime = str;
    }

    public void setEndingDateTime(String str) {
        this.endingDateTime = str;
    }

    public void setUnauthorizedRedirectUrl(URI uri) {
        this.unauthorizedRedirectUrl = uri;
    }

    @Override // org.jasig.cas.services.RegisteredServiceAccessStrategy
    public URI getUnauthorizedRedirectUrl() {
        return this.unauthorizedRedirectUrl;
    }

    public final void setRequiredAttributes(Map<String, Set<String>> map) {
        this.requiredAttributes = map;
    }

    @Override // org.jasig.cas.services.RegisteredServiceAccessStrategy
    public boolean doPrincipalAttributesAllowServiceAccess(Map<String, Object> map) {
        if (this.requiredAttributes.isEmpty()) {
            this.logger.debug("No required attributes are specified");
            return true;
        }
        if (map.isEmpty()) {
            this.logger.debug("No principal attributes are found to satisfy attribute requirements");
            return false;
        }
        if (map.size() < this.requiredAttributes.size()) {
            this.logger.debug("The size of the principal attributes that are [{}] does not match requirements, which means the principal is not carrying enough data to grant authorization", map);
            return false;
        }
        Map<String, Set<String>> requiredAttributes = getRequiredAttributes();
        this.logger.debug("These required attributes [{}] are examined against [{}] before service can proceed.", requiredAttributes, map);
        ImmutableSet<String> immutableCopy = Sets.intersection(requiredAttributes.keySet(), map.keySet()).immutableCopy();
        if (this.requireAllAttributes && immutableCopy.size() < this.requiredAttributes.size()) {
            this.logger.debug("Not all required attributes are available to the principal");
            return false;
        }
        for (String str : immutableCopy) {
            Set<String> set = this.requiredAttributes.get(str);
            Object obj = map.get(str);
            if (!Sets.intersection(obj instanceof Collection ? Sets.newHashSet(((Collection) obj).toArray()) : Collections.singleton(obj), set).isEmpty()) {
                this.logger.info("Principal is authorized to access the service");
                return true;
            }
        }
        this.logger.info("Principal is denied access as the required attributes for the registered service are missing");
        return false;
    }

    @Override // org.jasig.cas.services.RegisteredServiceAccessStrategy
    public boolean isServiceAccessAllowedForSso() {
        if (!this.ssoEnabled) {
            this.logger.trace("Service is not authorized to participate in SSO.");
        }
        return this.ssoEnabled;
    }

    @Override // org.jasig.cas.services.RegisteredServiceAccessStrategy
    public boolean isServiceAccessAllowed() {
        if (!this.enabled) {
            this.logger.trace("Service is not enabled in service registry.");
        }
        DateTime now = DateTime.now();
        if (this.startingDateTime != null && now.isBefore(DateTime.parse(this.startingDateTime))) {
            this.logger.warn("Service access not allowed because it starts at {}. Now is {}", this.startingDateTime, now);
            return false;
        }
        if (this.endingDateTime == null || !now.isAfter(DateTime.parse(this.endingDateTime))) {
            return this.enabled;
        }
        this.logger.warn("Service access not allowed because it ended at {}. Now is {}", this.endingDateTime, now);
        return false;
    }

    public boolean equals(Object obj) {
        if (obj == null) {
            return false;
        }
        if (obj == this) {
            return true;
        }
        if (obj.getClass() != getClass()) {
            return false;
        }
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = (DefaultRegisteredServiceAccessStrategy) obj;
        return new EqualsBuilder().append(this.enabled, defaultRegisteredServiceAccessStrategy.enabled).append(this.ssoEnabled, defaultRegisteredServiceAccessStrategy.ssoEnabled).append(this.requireAllAttributes, defaultRegisteredServiceAccessStrategy.requireAllAttributes).append(this.requiredAttributes, defaultRegisteredServiceAccessStrategy.requiredAttributes).append(this.startingDateTime, defaultRegisteredServiceAccessStrategy.startingDateTime).append(this.endingDateTime, defaultRegisteredServiceAccessStrategy.endingDateTime).append(this.unauthorizedRedirectUrl, defaultRegisteredServiceAccessStrategy.unauthorizedRedirectUrl).isEquals();
    }

    public int hashCode() {
        return new HashCodeBuilder().append(this.enabled).append(this.ssoEnabled).append(this.requireAllAttributes).append(this.requiredAttributes).append(this.startingDateTime).append(this.endingDateTime).append(this.unauthorizedRedirectUrl).toHashCode();
    }

    public String toString() {
        return new ToStringBuilder(this).append("enabled", this.enabled).append("ssoEnabled", this.ssoEnabled).append("requireAllAttributes", this.requireAllAttributes).append("requiredAttributes", this.requiredAttributes).append("startingDateTime", this.startingDateTime).append("endingDateTime", this.endingDateTime).append("unauthorizedRedirectUrl", this.unauthorizedRedirectUrl).toString();
    }
}
