package org.apereo.cas.ticket.factory;

import java.util.Map;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceProxyTicketExpirationPolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.UniqueTicketIdGenerator;
import org.apereo.cas.ticket.expiration.MultiTimeUseOrTimeoutExpirationPolicy;
import org.apereo.cas.ticket.proxy.ProxyGrantingTicket;
import org.apereo.cas.ticket.proxy.ProxyTicket;
import org.apereo.cas.ticket.proxy.ProxyTicketFactory;
import org.apereo.cas.util.DefaultUniqueTicketIdGenerator;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-tickets-api-6.1.1.jar:org/apereo/cas/ticket/factory/DefaultProxyTicketFactory.class */
public class DefaultProxyTicketFactory implements ProxyTicketFactory {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultProxyTicketFactory.class);
    private final UniqueTicketIdGenerator defaultTicketIdGenerator = new DefaultUniqueTicketIdGenerator();
    private final ExpirationPolicyBuilder<ProxyTicket> proxyTicketExpirationPolicy;
    private final Map<String, UniqueTicketIdGenerator> uniqueTicketIdGeneratorsForService;
    private final CipherExecutor<String, String> cipherExecutor;
    private final boolean onlyTrackMostRecentSession;
    private final ServicesManager servicesManager;

    @Override // org.apereo.cas.ticket.proxy.ProxyTicketFactory
    public <T extends Ticket> T create(ProxyGrantingTicket proxyGrantingTicket, Service service, Class<T> cls) {
        return (T) produceTicket(proxyGrantingTicket, service, produceTicketIdentifier(service), cls);
    }

    protected <T extends Ticket> T produceTicket(ProxyGrantingTicket proxyGrantingTicket, Service service, String str, Class<T> cls) {
        ProxyTicket grantProxyTicket = proxyGrantingTicket.grantProxyTicket(str, service, determineExpirationPolicyForService(service), this.onlyTrackMostRecentSession);
        if (cls.isAssignableFrom(grantProxyTicket.getClass())) {
            return grantProxyTicket;
        }
        throw new ClassCastException("Result [" + grantProxyTicket + " is of type " + grantProxyTicket.getClass() + " when we were expecting " + cls);
    }

    private ExpirationPolicy determineExpirationPolicyForService(Service service) {
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(service);
        if (findServiceBy != null && findServiceBy.getProxyTicketExpirationPolicy() != null) {
            RegisteredServiceProxyTicketExpirationPolicy proxyTicketExpirationPolicy = findServiceBy.getProxyTicketExpirationPolicy();
            long numberOfUses = proxyTicketExpirationPolicy.getNumberOfUses();
            String timeToLive = proxyTicketExpirationPolicy.getTimeToLive();
            if (numberOfUses > 0 && StringUtils.isNotBlank(timeToLive)) {
                return new MultiTimeUseOrTimeoutExpirationPolicy.ProxyTicketExpirationPolicy(numberOfUses, Beans.newDuration(timeToLive).getSeconds());
            }
        }
        return this.proxyTicketExpirationPolicy.buildTicketExpirationPolicy();
    }

    protected String produceTicketIdentifier(Service service) {
        String name = service.getClass().getName();
        LOGGER.debug("Looking up ticket id generator for [{}]", name);
        UniqueTicketIdGenerator uniqueTicketIdGenerator = this.uniqueTicketIdGeneratorsForService.get(name);
        if (uniqueTicketIdGenerator == null) {
            uniqueTicketIdGenerator = this.defaultTicketIdGenerator;
            LOGGER.debug("Ticket id generator not found for [{}]. Using the default generator...", name);
        }
        String newTicketId = uniqueTicketIdGenerator.getNewTicketId(ProxyTicket.PROXY_TICKET_PREFIX);
        if (this.cipherExecutor == null) {
            return newTicketId;
        }
        LOGGER.trace("Attempting to encode proxy ticket [{}]", newTicketId);
        String encode = this.cipherExecutor.encode(newTicketId);
        LOGGER.debug("Encoded proxy ticket id [{}]", encode);
        return encode;
    }

    @Override // org.apereo.cas.ticket.TicketFactory
    public TicketFactory get(Class<? extends Ticket> cls) {
        return this;
    }

    @Generated
    public DefaultProxyTicketFactory(ExpirationPolicyBuilder<ProxyTicket> expirationPolicyBuilder, Map<String, UniqueTicketIdGenerator> map, CipherExecutor<String, String> cipherExecutor, boolean z, ServicesManager servicesManager) {
        this.proxyTicketExpirationPolicy = expirationPolicyBuilder;
        this.uniqueTicketIdGeneratorsForService = map;
        this.cipherExecutor = cipherExecutor;
        this.onlyTrackMostRecentSession = z;
        this.servicesManager = servicesManager;
    }
}
