package org.apereo.cas.authentication.policy;

import java.security.GeneralSecurityException;
import java.util.Set;
import java.util.stream.Stream;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationPolicy;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.function.FunctionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-api-6.1.0.jar:org/apereo/cas/authentication/policy/UniquePrincipalAuthenticationPolicy.class */
public class UniquePrincipalAuthenticationPolicy implements AuthenticationPolicy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) UniquePrincipalAuthenticationPolicy.class);
    private final TicketRegistry ticketRegistry;

    @Override // org.apereo.cas.authentication.AuthenticationPolicy
    public boolean isSatisfiedBy(Authentication authentication, Set<AuthenticationHandler> set) throws Exception {
        try {
            Principal principal = authentication.getPrincipal();
            Stream<? extends Ticket> tickets = this.ticketRegistry.getTickets(ticket -> {
                return isSamePrincipalId(ticket, principal);
            });
            try {
                long count = tickets.count();
                if (count == 0) {
                    LOGGER.debug("Authentication policy is satisfied with [{}]", principal.getId());
                    if (tickets != null) {
                        tickets.close();
                    }
                    return true;
                }
                LOGGER.warn("Authentication policy cannot be satisfied for principal [{}] because [{}] sessions currently exist", principal.getId(), Long.valueOf(count));
                if (tickets != null) {
                    tickets.close();
                }
                return false;
            } finally {
            }
        } catch (Exception e) {
            throw new GeneralSecurityException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isSamePrincipalId(Ticket ticket, Principal principal) {
        return ((Boolean) FunctionUtils.doIf(TicketGrantingTicket.class.isInstance(ticket) && !ticket.isExpired(), () -> {
            return Boolean.valueOf(((TicketGrantingTicket) TicketGrantingTicket.class.cast(ticket)).getAuthentication().getPrincipal().getId().equalsIgnoreCase(principal.getId()));
        }, () -> {
            return Boolean.TRUE;
        }).get()).booleanValue();
    }

    @Generated
    public UniquePrincipalAuthenticationPolicy(TicketRegistry ticketRegistry) {
        this.ticketRegistry = ticketRegistry;
    }
}
