package org.jasig.cas;

import com.codahale.metrics.annotation.Counted;
import com.codahale.metrics.annotation.Metered;
import com.codahale.metrics.annotation.Timed;
import com.google.common.base.Predicate;
import java.io.Serializable;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import javax.annotation.Resource;
import org.jasig.cas.authentication.AcceptAnyAuthenticationPolicyFactory;
import org.jasig.cas.authentication.Authentication;
import org.jasig.cas.authentication.ContextualAuthenticationPolicy;
import org.jasig.cas.authentication.ContextualAuthenticationPolicyFactory;
import org.jasig.cas.authentication.principal.DefaultPrincipalFactory;
import org.jasig.cas.authentication.principal.PrincipalFactory;
import org.jasig.cas.authentication.principal.Service;
import org.jasig.cas.logout.LogoutManager;
import org.jasig.cas.services.RegisteredService;
import org.jasig.cas.services.ServiceContext;
import org.jasig.cas.services.ServicesManager;
import org.jasig.cas.services.UnauthorizedProxyingException;
import org.jasig.cas.services.UnauthorizedServiceException;
import org.jasig.cas.ticket.AbstractTicketException;
import org.jasig.cas.ticket.InvalidTicketException;
import org.jasig.cas.ticket.Ticket;
import org.jasig.cas.ticket.TicketFactory;
import org.jasig.cas.ticket.TicketGrantingTicket;
import org.jasig.cas.ticket.UnsatisfiedAuthenticationPolicyException;
import org.jasig.cas.ticket.registry.TicketRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-4.2.7.jar:org/jasig/cas/AbstractCentralAuthenticationService.class */
public abstract class AbstractCentralAuthenticationService implements CentralAuthenticationService, Serializable, ApplicationEventPublisherAware {
    private static final long serialVersionUID = -7572316677901391166L;

    @Autowired
    protected ApplicationEventPublisher eventPublisher;

    @Resource(name = "ticketRegistry")
    protected TicketRegistry ticketRegistry;

    @Resource(name = "servicesManager")
    protected ServicesManager servicesManager;

    @Resource(name = "logoutManager")
    protected LogoutManager logoutManager;

    @Resource(name = "defaultTicketFactory")
    protected TicketFactory ticketFactory;
    protected final transient Logger logger = LoggerFactory.getLogger(getClass());

    @Resource(name = "authenticationPolicyFactory")
    protected ContextualAuthenticationPolicyFactory<ServiceContext> serviceContextAuthenticationPolicyFactory = new AcceptAnyAuthenticationPolicyFactory();
    protected PrincipalFactory principalFactory = new DefaultPrincipalFactory();

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractCentralAuthenticationService() {
    }

    public AbstractCentralAuthenticationService(TicketRegistry ticketRegistry, TicketFactory ticketFactory, ServicesManager servicesManager, LogoutManager logoutManager) {
        this.ticketRegistry = ticketRegistry;
        this.servicesManager = servicesManager;
        this.logoutManager = logoutManager;
        this.ticketFactory = ticketFactory;
    }

    public final void setServiceContextAuthenticationPolicyFactory(ContextualAuthenticationPolicyFactory<ServiceContext> contextualAuthenticationPolicyFactory) {
        this.serviceContextAuthenticationPolicyFactory = contextualAuthenticationPolicyFactory;
    }

    public void setTicketFactory(TicketFactory ticketFactory) {
        this.ticketFactory = ticketFactory;
    }

    @Autowired
    public final void setPrincipalFactory(@Qualifier("principalFactory") PrincipalFactory principalFactory) {
        this.principalFactory = principalFactory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void doPublishEvent(ApplicationEvent applicationEvent) {
        this.logger.debug("Publishing {}", applicationEvent);
        this.eventPublisher.publishEvent(applicationEvent);
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Throwable, T extends org.jasig.cas.ticket.Ticket, org.jasig.cas.ticket.Ticket] */
    @Override // org.jasig.cas.CentralAuthenticationService
    @Timed(name = "GET_TICKET_TIMER")
    @Counted(name = "GET_TICKET_COUNTER", monotonic = true)
    @Metered(name = "GET_TICKET_METER")
    @Transactional(readOnly = true, transactionManager = "ticketTransactionManager")
    public <T extends Ticket> T getTicket(String str, Class<? extends Ticket> cls) throws InvalidTicketException {
        Assert.notNull(str, "ticketId cannot be null");
        ?? r0 = (T) this.ticketRegistry.getTicket(str, cls);
        if (r0 == 0) {
            this.logger.debug("Ticket [{}] by type [{}] cannot be found in the ticket registry.", str, cls.getSimpleName());
            throw new InvalidTicketException(str);
        }
        if (r0 instanceof TicketGrantingTicket) {
            synchronized (r0) {
                if (r0.isExpired()) {
                    this.ticketRegistry.deleteTicket(str);
                    this.logger.debug("Ticket [{}] has expired and is now deleted from the ticket registry.", str);
                    throw new InvalidTicketException(str);
                }
            }
        }
        return r0;
    }

    @Override // org.jasig.cas.CentralAuthenticationService
    @Timed(name = "GET_TICKETS_TIMER")
    @Counted(name = "GET_TICKETS_COUNTER", monotonic = true)
    @Metered(name = "GET_TICKETS_METER")
    @Transactional(readOnly = true, transactionManager = "ticketTransactionManager")
    public Collection<Ticket> getTickets(Predicate<Ticket> predicate) {
        HashSet hashSet = new HashSet(this.ticketRegistry.getTickets());
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            if (!predicate.apply((Ticket) it.next())) {
                it.remove();
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Authentication getAuthenticationSatisfiedByPolicy(TicketGrantingTicket ticketGrantingTicket, ServiceContext serviceContext) throws AbstractTicketException {
        ContextualAuthenticationPolicy<ServiceContext> createPolicy = this.serviceContextAuthenticationPolicyFactory.createPolicy(serviceContext);
        if (createPolicy.isSatisfiedBy(ticketGrantingTicket.getAuthentication())) {
            this.logger.debug("Authentication policy {} is satisfied by the authentication associated with {}", createPolicy, ticketGrantingTicket.getId());
            return ticketGrantingTicket.getAuthentication();
        }
        for (Authentication authentication : ticketGrantingTicket.getSupplementalAuthentications()) {
            if (createPolicy.isSatisfiedBy(authentication)) {
                this.logger.debug("Authentication policy {} is satisfied by supplemental authentication associated with {}", createPolicy, ticketGrantingTicket.getId());
                return authentication;
            }
        }
        throw new UnsatisfiedAuthenticationPolicyException(createPolicy);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void verifyRegisteredServiceProperties(RegisteredService registeredService, Service service) throws UnauthorizedServiceException {
        if (registeredService == null) {
            String format = String.format("ServiceManagement: Unauthorized Service Access. Service [%s] is not found in service registry.", service.getId());
            this.logger.warn(format);
            throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, format);
        }
        if (registeredService.getAccessStrategy().isServiceAccessAllowed()) {
            return;
        }
        String format2 = String.format("ServiceManagement: Unauthorized Service Access. Service [%s] is not enabled in service registry.", service.getId());
        this.logger.warn(format2);
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, format2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void evaluateProxiedServiceIfNeeded(Service service, TicketGrantingTicket ticketGrantingTicket, RegisteredService registeredService) {
        Service proxiedBy = ticketGrantingTicket.getProxiedBy();
        if (proxiedBy == null) {
            this.logger.debug("TGT {} is not proxied by another service", ticketGrantingTicket.getId());
            return;
        }
        this.logger.debug("TGT is proxied by [{}]. Locating proxy service in registry...", proxiedBy.getId());
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(proxiedBy);
        if (findServiceBy == null) {
            this.logger.warn("No proxying service found. Proxy attempt by service [{}] (registered service [{}]) is not allowed.", service.getId(), Long.valueOf(registeredService.getId()));
            throw new UnauthorizedProxyingException("Proxying is not allowed for registered service " + registeredService.getId());
        }
        this.logger.debug("Located proxying service [{}] in the service registry", findServiceBy);
        if (findServiceBy.getProxyPolicy().isAllowedToProxy()) {
            return;
        }
        this.logger.warn("Found proxying service {}, but it is not authorized to fulfill the proxy attempt made by {}", Long.valueOf(findServiceBy.getId()), service.getId());
        throw new UnauthorizedProxyingException("Proxying is not allowed for registered service " + registeredService.getId());
    }

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.eventPublisher = applicationEventPublisher;
    }

    public void setTicketRegistry(TicketRegistry ticketRegistry) {
        this.ticketRegistry = ticketRegistry;
    }

    public void setServicesManager(ServicesManager servicesManager) {
        this.servicesManager = servicesManager;
    }

    public void setLogoutManager(LogoutManager logoutManager) {
        this.logoutManager = logoutManager;
    }
}
