package org.apereo.cas.services;

import java.util.Optional;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecutionResult;
import org.apereo.cas.audit.BaseAuditableExecution;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.PrincipalException;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.ticket.ServiceTicket;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.inspektr.audit.annotation.Audit;

/* loaded from: input_file:org/apereo/cas/services/RegisteredServiceAccessStrategyAuditableEnforcer.class */
public class RegisteredServiceAccessStrategyAuditableEnforcer extends BaseAuditableExecution {
    @Audit(action = "SERVICE_ACCESS_ENFORCEMENT", actionResolverName = "SERVICE_ACCESS_ENFORCEMENT_ACTION_RESOLVER", resourceResolverName = "SERVICE_ACCESS_ENFORCEMENT_RESOURCE_RESOLVER")
    public AuditableExecutionResult execute(AuditableContext auditableContext) {
        Optional registeredService = auditableContext.getRegisteredService();
        if (auditableContext.getServiceTicket().isPresent() && auditableContext.getAuthenticationResult().isPresent() && registeredService.isPresent()) {
            AuditableExecutionResult of = AuditableExecutionResult.of(auditableContext);
            try {
                RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService((ServiceTicket) auditableContext.getServiceTicket().get(), (AuthenticationResult) auditableContext.getAuthenticationResult().get(), (RegisteredService) registeredService.get());
            } catch (PrincipalException e) {
                of.setException(e);
            }
            return of;
        }
        Optional service = auditableContext.getService();
        Optional ticketGrantingTicket = auditableContext.getTicketGrantingTicket();
        if (service.isPresent() && registeredService.isPresent() && ticketGrantingTicket.isPresent()) {
            RegisteredService registeredService2 = (RegisteredService) registeredService.get();
            Service service2 = (Service) service.get();
            AuditableExecutionResult build = AuditableExecutionResult.builder().registeredService(registeredService2).service(service2).ticketGrantingTicket((TicketGrantingTicket) ticketGrantingTicket.get()).build();
            try {
                RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(service2, registeredService2, (TicketGrantingTicket) ticketGrantingTicket.get(), ((Boolean) auditableContext.getRetrievePrincipalAttributesFromReleasePolicy().orElse(Boolean.TRUE)).booleanValue());
            } catch (PrincipalException e2) {
                build.setException(e2);
            }
            return build;
        }
        Optional authentication = auditableContext.getAuthentication();
        if (service.isPresent() && registeredService.isPresent() && authentication.isPresent()) {
            RegisteredService registeredService3 = (RegisteredService) registeredService.get();
            Service service3 = (Service) service.get();
            Authentication authentication2 = (Authentication) authentication.get();
            AuditableExecutionResult build2 = AuditableExecutionResult.builder().registeredService(registeredService3).service(service3).authentication(authentication2).build();
            try {
                RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(service3, registeredService3, authentication2, ((Boolean) auditableContext.getRetrievePrincipalAttributesFromReleasePolicy().orElse(Boolean.TRUE)).booleanValue());
            } catch (PrincipalException e3) {
                build2.setException(e3);
            }
            return build2;
        }
        if (service.isPresent() && registeredService.isPresent()) {
            RegisteredService registeredService4 = (RegisteredService) registeredService.get();
            Service service4 = (Service) service.get();
            AuditableExecutionResult build3 = AuditableExecutionResult.builder().registeredService(registeredService4).service(service4).build();
            try {
                RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service4, registeredService4);
            } catch (PrincipalException e4) {
                build3.setException(e4);
            }
            return build3;
        }
        if (!registeredService.isPresent()) {
            throw new UnauthorizedServiceException("screen.service.error.message", "Service unauthorized");
        }
        RegisteredService registeredService5 = (RegisteredService) registeredService.get();
        AuditableExecutionResult build4 = AuditableExecutionResult.builder().registeredService(registeredService5).build();
        try {
            RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(registeredService5);
        } catch (PrincipalException e5) {
            build4.setException(e5);
        }
        return build4;
    }
}
