package org.apereo.cas.web.flow;

import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationCredentialsThreadLocalBinder;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceSingleSignOnParticipationPolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.TicketState;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-api-6.1.1.jar:org/apereo/cas/web/flow/DefaultSingleSignOnParticipationStrategy.class */
public class DefaultSingleSignOnParticipationStrategy implements SingleSignOnParticipationStrategy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultSingleSignOnParticipationStrategy.class);
    private final ServicesManager servicesManager;
    private final boolean createCookieOnRenewedAuthentication;
    private final boolean renewEnabled;
    private final TicketRegistrySupport ticketRegistrySupport;
    private final AuthenticationServiceSelectionPlan serviceSelectionStrategy;
    private int order = Integer.MAX_VALUE;

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy
    public boolean isParticipating(RequestContext requestContext) {
        if (this.renewEnabled && requestContext.getRequestParameters().contains("renew")) {
            LOGGER.debug("[{}] is specified for the request. The authentication session will be considered renewed.", "renew");
            return false;
        }
        RegisteredService determineRegisteredService = determineRegisteredService(requestContext);
        if (determineRegisteredService == null) {
            return true;
        }
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        Authentication currentAuthentication = AuthenticationCredentialsThreadLocalBinder.getCurrentAuthentication();
        try {
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication);
            boolean isServiceAccessAllowedForSso = determineRegisteredService.getAccessStrategy().isServiceAccessAllowedForSso();
            LOGGER.trace("Located [{}] in registry. Service access to participate in SSO is set to [{}]", determineRegisteredService.getServiceId(), Boolean.valueOf(isServiceAccessAllowedForSso));
            if (!isServiceAccessAllowedForSso) {
                LOGGER.debug("Service [{}] is not authorized to participate in SSO", determineRegisteredService.getServiceId());
                AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
                return false;
            }
            RegisteredServiceSingleSignOnParticipationPolicy singleSignOnParticipationPolicy = determineRegisteredService.getSingleSignOnParticipationPolicy();
            if (singleSignOnParticipationPolicy != null) {
                TicketState ticketState = this.ticketRegistrySupport.getTicketState(WebUtils.getTicketGrantingTicketId(requestContext));
                if (ticketState != null) {
                    boolean shouldParticipateInSso = singleSignOnParticipationPolicy.shouldParticipateInSso(ticketState);
                    AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
                    return shouldParticipateInSso;
                }
            }
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
            return true;
        } catch (Throwable th) {
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
            throw th;
        }
    }

    private RegisteredService determineRegisteredService(RequestContext requestContext) {
        RegisteredService registeredService = WebUtils.getRegisteredService(requestContext);
        if (registeredService != null) {
            return registeredService;
        }
        Service resolveService = this.serviceSelectionStrategy.resolveService(WebUtils.getService(requestContext));
        if (resolveService != null) {
            return this.servicesManager.findServiceBy(resolveService);
        }
        return null;
    }

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy
    public boolean isCreateCookieOnRenewedAuthentication(RequestContext requestContext) {
        return this.createCookieOnRenewedAuthentication;
    }

    @Generated
    public ServicesManager getServicesManager() {
        return this.servicesManager;
    }

    @Generated
    public boolean isCreateCookieOnRenewedAuthentication() {
        return this.createCookieOnRenewedAuthentication;
    }

    @Generated
    public boolean isRenewEnabled() {
        return this.renewEnabled;
    }

    @Generated
    public TicketRegistrySupport getTicketRegistrySupport() {
        return this.ticketRegistrySupport;
    }

    @Generated
    public AuthenticationServiceSelectionPlan getServiceSelectionStrategy() {
        return this.serviceSelectionStrategy;
    }

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy, org.springframework.core.Ordered
    @Generated
    public int getOrder() {
        return this.order;
    }

    @Generated
    public DefaultSingleSignOnParticipationStrategy(ServicesManager servicesManager, boolean z, boolean z2, TicketRegistrySupport ticketRegistrySupport, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan) {
        this.servicesManager = servicesManager;
        this.createCookieOnRenewedAuthentication = z;
        this.renewEnabled = z2;
        this.ticketRegistrySupport = ticketRegistrySupport;
        this.serviceSelectionStrategy = authenticationServiceSelectionPlan;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }
}
