package org.apereo.cas.authentication.policy;

import java.security.GeneralSecurityException;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationPolicy;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/cas-server-core-authentication-api-5.3.0-RC4.jar:org/apereo/cas/authentication/policy/UniquePrincipalAuthenticationPolicy.class */
public class UniquePrincipalAuthenticationPolicy implements AuthenticationPolicy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) UniquePrincipalAuthenticationPolicy.class);
    private final TicketRegistry ticketRegistry;

    @Override // org.apereo.cas.authentication.AuthenticationPolicy
    public boolean isSatisfiedBy(Authentication authentication) throws Exception {
        try {
            Principal principal = authentication.getPrincipal();
            long count = this.ticketRegistry.getTickets(ticket -> {
                boolean z = TicketGrantingTicket.class.isInstance(ticket) && !ticket.isExpired();
                if (z) {
                    z = ((TicketGrantingTicket) TicketGrantingTicket.class.cast(ticket)).getAuthentication().getPrincipal().getId().equalsIgnoreCase(principal.getId());
                }
                return z;
            }).count();
            if (count == 0) {
                LOGGER.debug("Authentication policy is satisfied with [{}]", principal.getId());
                return true;
            }
            LOGGER.warn("Authentication policy cannot be satisfied for principal [{}] because [{}] sessions currently exist", principal.getId(), Long.valueOf(count));
            return false;
        } catch (Exception e) {
            throw new GeneralSecurityException(e);
        }
    }

    @Generated
    public UniquePrincipalAuthenticationPolicy(TicketRegistry ticketRegistry) {
        this.ticketRegistry = ticketRegistry;
    }
}
