package org.apereo.cas.services;

import java.util.Optional;
import org.apereo.cas.audit.AuditActionResolvers;
import org.apereo.cas.audit.AuditResourceResolvers;
import org.apereo.cas.audit.AuditableActions;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecutionResult;
import org.apereo.cas.audit.BaseAuditableExecution;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.PrincipalException;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.ticket.ServiceTicket;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.inspektr.audit.annotation.Audit;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-services-api-6.4.6.2.jar:org/apereo/cas/services/RegisteredServiceAccessStrategyAuditableEnforcer.class */
public class RegisteredServiceAccessStrategyAuditableEnforcer extends BaseAuditableExecution {
    @Override // org.apereo.cas.audit.BaseAuditableExecution, org.apereo.cas.audit.AuditableExecution
    @Audit(action = AuditableActions.SERVICE_ACCESS_ENFORCEMENT, actionResolverName = AuditActionResolvers.SERVICE_ACCESS_ENFORCEMENT_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.SERVICE_ACCESS_ENFORCEMENT_RESOURCE_RESOLVER)
    public AuditableExecutionResult execute(AuditableContext auditableContext) {
        Optional<RegisteredService> registeredService = auditableContext.getRegisteredService();
        if (auditableContext.getServiceTicket().isPresent() && auditableContext.getAuthenticationResult().isPresent() && registeredService.isPresent()) {
            AuditableExecutionResult of = AuditableExecutionResult.of(auditableContext);
            try {
                ServiceTicket orElseThrow = auditableContext.getServiceTicket().orElseThrow();
                Authentication authentication = auditableContext.getAuthenticationResult().orElseThrow().getAuthentication();
                RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(orElseThrow.getService(), registeredService.get(), authentication.getPrincipal().getId(), CollectionUtils.merge(authentication.getAttributes(), authentication.getPrincipal().getAttributes()));
            } catch (PrincipalException | UnauthorizedServiceException e) {
                of.setException(e);
            }
            return of;
        }
        Optional<Service> service = auditableContext.getService();
        Optional<TicketGrantingTicket> ticketGrantingTicket = auditableContext.getTicketGrantingTicket();
        if (service.isPresent() && registeredService.isPresent() && ticketGrantingTicket.isPresent()) {
            RegisteredService registeredService2 = registeredService.get();
            Service service2 = service.get();
            AuditableExecutionResult build = AuditableExecutionResult.builder().registeredService(registeredService2).service(service2).ticketGrantingTicket(ticketGrantingTicket.get()).build();
            try {
                Authentication authentication2 = ticketGrantingTicket.get().getRoot().getAuthentication();
                RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(service2, registeredService2, authentication2.getPrincipal().getId(), CollectionUtils.merge(authentication2.getAttributes(), authentication2.getPrincipal().getAttributes()));
            } catch (PrincipalException | UnauthorizedServiceException e2) {
                build.setException(e2);
            }
            return build;
        }
        Optional<Principal> principal = auditableContext.getPrincipal();
        if (service.isPresent() && registeredService.isPresent() && principal.isPresent()) {
            RegisteredService registeredService3 = registeredService.get();
            Service service3 = service.get();
            Principal principal2 = principal.get();
            AuditableExecutionResult build2 = AuditableExecutionResult.builder().registeredService(registeredService3).service(service3).build();
            try {
                RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(service3, registeredService3, principal2.getId(), principal2.getAttributes());
            } catch (PrincipalException | UnauthorizedServiceException e3) {
                build2.setException(e3);
            }
            return build2;
        }
        Optional<Authentication> authentication3 = auditableContext.getAuthentication();
        if (service.isPresent() && registeredService.isPresent() && authentication3.isPresent()) {
            RegisteredService registeredService4 = registeredService.get();
            Service service4 = service.get();
            Authentication authentication4 = authentication3.get();
            AuditableExecutionResult build3 = AuditableExecutionResult.builder().registeredService(registeredService4).service(service4).authentication(authentication4).build();
            try {
                RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(service4, registeredService4, authentication4.getPrincipal().getId(), CollectionUtils.merge(authentication4.getAttributes(), authentication4.getPrincipal().getAttributes()));
            } catch (PrincipalException | UnauthorizedServiceException e4) {
                build3.setException(e4);
            }
            return build3;
        }
        if (service.isPresent() && registeredService.isPresent()) {
            RegisteredService registeredService5 = registeredService.get();
            Service service5 = service.get();
            AuditableExecutionResult build4 = AuditableExecutionResult.builder().registeredService(registeredService5).service(service5).build();
            try {
                RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service5, registeredService5);
            } catch (PrincipalException | UnauthorizedServiceException e5) {
                build4.setException(e5);
            }
            return build4;
        }
        if (!registeredService.isPresent()) {
            AuditableExecutionResult build5 = AuditableExecutionResult.builder().build();
            build5.setException(new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Service unauthorized"));
            return build5;
        }
        RegisteredService registeredService6 = registeredService.get();
        AuditableExecutionResult build6 = AuditableExecutionResult.builder().registeredService(registeredService6).build();
        try {
            RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(registeredService6);
        } catch (PrincipalException | UnauthorizedServiceException e6) {
            build6.setException(e6);
        }
        return build6;
    }
}
