package org.jasig.cas.services;

import com.google.common.base.Predicates;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.net.URI;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.jasig.cas.util.RegexUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jasig/cas/services/DefaultRegisteredServiceAccessStrategy.class */
public class DefaultRegisteredServiceAccessStrategy implements RegisteredServiceAccessStrategy {
    private static final long serialVersionUID = 1245279151345635245L;
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultRegisteredServiceAccessStrategy.class);
    private boolean enabled;
    private boolean ssoEnabled;
    private URI unauthorizedRedirectUrl;
    private boolean requireAllAttributes;
    private Map<String, Set<String>> requiredAttributes;
    private boolean caseInsensitive;

    public DefaultRegisteredServiceAccessStrategy() {
        this(true, true);
    }

    public DefaultRegisteredServiceAccessStrategy(boolean z, boolean z2) {
        this.enabled = true;
        this.ssoEnabled = true;
        this.requireAllAttributes = true;
        this.requiredAttributes = new HashMap();
        this.enabled = z;
        this.ssoEnabled = z2;
    }

    public final void setEnabled(boolean z) {
        this.enabled = z;
    }

    public final void setSsoEnabled(boolean z) {
        this.ssoEnabled = z;
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public boolean isSsoEnabled() {
        return this.ssoEnabled;
    }

    public final void setRequireAllAttributes(boolean z) {
        this.requireAllAttributes = z;
    }

    public final boolean isRequireAllAttributes() {
        return this.requireAllAttributes;
    }

    public Map<String, Set<String>> getRequiredAttributes() {
        return new HashMap(this.requiredAttributes);
    }

    public void setUnauthorizedRedirectUrl(URI uri) {
        this.unauthorizedRedirectUrl = uri;
    }

    public URI getUnauthorizedRedirectUrl() {
        return this.unauthorizedRedirectUrl;
    }

    public boolean isCaseInsensitive() {
        return this.caseInsensitive;
    }

    public void setCaseInsensitive(boolean z) {
        this.caseInsensitive = z;
    }

    public final void setRequiredAttributes(Map<String, Set<String>> map) {
        this.requiredAttributes = map;
    }

    public boolean doPrincipalAttributesAllowServiceAccess(String str, Map<String, Object> map) {
        if (this.requiredAttributes.isEmpty()) {
            LOGGER.debug("No required attributes are specified");
            return true;
        }
        if (map.isEmpty()) {
            LOGGER.debug("No principal attributes are found to satisfy attribute requirements");
            return false;
        }
        if (map.size() < this.requiredAttributes.size()) {
            LOGGER.debug("The size of the principal attributes that are [{}] does not match requirements, which means the principal is not carrying enough data to grant authorization", map);
            return false;
        }
        Map<String, Set<String>> requiredAttributes = getRequiredAttributes();
        LOGGER.debug("These required attributes [{}] are examined against [{}] before service can proceed.", requiredAttributes, map);
        ImmutableSet<String> immutableCopy = Sets.intersection(requiredAttributes.keySet(), map.keySet()).immutableCopy();
        if (this.requireAllAttributes && immutableCopy.size() < this.requiredAttributes.size()) {
            LOGGER.debug("Not all required attributes are available to the principal");
            return false;
        }
        for (String str2 : immutableCopy) {
            Set<String> set = this.requiredAttributes.get(str2);
            Object obj = map.get(str2);
            HashSet newHashSet = obj instanceof Collection ? Sets.newHashSet(((Collection) obj).iterator()) : Sets.newHashSet(new String[]{obj.toString()});
            Pattern concatenate = RegexUtils.concatenate(set, this.caseInsensitive);
            if (!(concatenate != null ? Sets.filter(newHashSet, Predicates.contains(concatenate)) : Sets.intersection(newHashSet, set)).isEmpty()) {
                LOGGER.info("Principal is authorized to access the service");
                return true;
            }
        }
        LOGGER.info("Principal is denied access as the required attributes for the registered service are missing");
        return false;
    }

    public boolean isServiceAccessAllowedForSso() {
        if (!this.ssoEnabled) {
            LOGGER.trace("Service is not authorized to participate in SSO.");
        }
        return this.ssoEnabled;
    }

    public boolean isServiceAccessAllowed() {
        if (!this.enabled) {
            LOGGER.trace("Service is not enabled in service registry.");
        }
        return this.enabled;
    }

    public boolean equals(Object obj) {
        if (obj == null) {
            return false;
        }
        if (obj == this) {
            return true;
        }
        if (obj.getClass() != getClass()) {
            return false;
        }
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = (DefaultRegisteredServiceAccessStrategy) obj;
        return new EqualsBuilder().append(this.enabled, defaultRegisteredServiceAccessStrategy.enabled).append(this.ssoEnabled, defaultRegisteredServiceAccessStrategy.ssoEnabled).append(this.requireAllAttributes, defaultRegisteredServiceAccessStrategy.requireAllAttributes).append(this.requiredAttributes, defaultRegisteredServiceAccessStrategy.requiredAttributes).append(this.unauthorizedRedirectUrl, defaultRegisteredServiceAccessStrategy.unauthorizedRedirectUrl).append(this.caseInsensitive, defaultRegisteredServiceAccessStrategy.caseInsensitive).isEquals();
    }

    public int hashCode() {
        return new HashCodeBuilder().append(this.enabled).append(this.ssoEnabled).append(this.requireAllAttributes).append(this.requiredAttributes).append(this.unauthorizedRedirectUrl).append(this.caseInsensitive).toHashCode();
    }

    public String toString() {
        return new ToStringBuilder(this).append("enabled", this.enabled).append("ssoEnabled", this.ssoEnabled).append("requireAllAttributes", this.requireAllAttributes).append("requiredAttributes", this.requiredAttributes).append("unauthorizedRedirectUrl", this.unauthorizedRedirectUrl).append("caseInsensitive", this.caseInsensitive).toString();
    }
}
