package org.apereo.cas.ticket.factory;

import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.services.CasModelRegisteredService;
import org.apereo.cas.services.RegisteredServiceProxyGrantingTicketExpirationPolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.AbstractTicketException;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.ProxyGrantingTicketIssuerTicket;
import org.apereo.cas.ticket.ServiceTicket;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.UniqueTicketIdGenerator;
import org.apereo.cas.ticket.expiration.HardTimeoutExpirationPolicy;
import org.apereo.cas.ticket.proxy.ProxyGrantingTicket;
import org.apereo.cas.ticket.proxy.ProxyGrantingTicketFactory;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-tickets-api-6.6.15.jar:org/apereo/cas/ticket/factory/DefaultProxyGrantingTicketFactory.class */
public class DefaultProxyGrantingTicketFactory implements ProxyGrantingTicketFactory {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultProxyGrantingTicketFactory.class);
    protected final UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator;
    protected final ExpirationPolicyBuilder<ProxyGrantingTicket> ticketGrantingTicketExpirationPolicy;
    protected final CipherExecutor<String, String> cipherExecutor;
    protected final ServicesManager servicesManager;

    @Override // org.apereo.cas.ticket.proxy.ProxyGrantingTicketFactory
    public <T extends ProxyGrantingTicket> T create(ServiceTicket serviceTicket, Authentication authentication, Class<T> cls) throws AbstractTicketException {
        return (T) produceTicket(serviceTicket, authentication, produceTicketIdentifier(), cls);
    }

    @Override // org.apereo.cas.ticket.TicketFactory
    public Class<? extends Ticket> getTicketType() {
        return ProxyGrantingTicket.class;
    }

    protected <T extends ProxyGrantingTicket> T produceTicket(ServiceTicket serviceTicket, Authentication authentication, String str, Class<T> cls) {
        T t = (T) produceTicketWithAdequateExpirationPolicy(getProxyGrantingTicketExpirationPolicy(serviceTicket), (ProxyGrantingTicketIssuerTicket) serviceTicket, authentication, str);
        if (cls.isAssignableFrom(t.getClass())) {
            return t;
        }
        throw new ClassCastException("Result [" + t + " is of type " + t.getClass() + " when we were expecting " + cls);
    }

    protected RegisteredServiceProxyGrantingTicketExpirationPolicy getProxyGrantingTicketExpirationPolicy(ServiceTicket serviceTicket) {
        CasModelRegisteredService casModelRegisteredService = (CasModelRegisteredService) this.servicesManager.findServiceBy(serviceTicket.getService(), CasModelRegisteredService.class);
        if (casModelRegisteredService != null) {
            return casModelRegisteredService.getProxyGrantingTicketExpirationPolicy();
        }
        return null;
    }

    protected ProxyGrantingTicket produceTicketWithAdequateExpirationPolicy(RegisteredServiceProxyGrantingTicketExpirationPolicy registeredServiceProxyGrantingTicketExpirationPolicy, ProxyGrantingTicketIssuerTicket proxyGrantingTicketIssuerTicket, Authentication authentication, String str) {
        if (registeredServiceProxyGrantingTicketExpirationPolicy != null) {
            LOGGER.trace("Overriding proxy-granting ticket policy with the specific policy: [{}]", registeredServiceProxyGrantingTicketExpirationPolicy);
            return proxyGrantingTicketIssuerTicket.grantProxyGrantingTicket(str, authentication, new HardTimeoutExpirationPolicy(registeredServiceProxyGrantingTicketExpirationPolicy.getMaxTimeToLiveInSeconds()));
        }
        LOGGER.trace("Using default ticket-granting ticket policy for proxy-granting ticket");
        return proxyGrantingTicketIssuerTicket.grantProxyGrantingTicket(str, authentication, this.ticketGrantingTicketExpirationPolicy.buildTicketExpirationPolicy());
    }

    protected String produceTicketIdentifier() {
        String newTicketId = this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId(ProxyGrantingTicket.PROXY_GRANTING_TICKET_PREFIX);
        if (this.cipherExecutor == null || !this.cipherExecutor.isEnabled()) {
            return newTicketId;
        }
        LOGGER.debug("Attempting to encode proxy-granting ticket [{}]", newTicketId);
        String encode = this.cipherExecutor.encode(newTicketId);
        LOGGER.debug("Encoded proxy-granting ticket id [{}]", encode);
        return encode;
    }

    @Generated
    public DefaultProxyGrantingTicketFactory(UniqueTicketIdGenerator uniqueTicketIdGenerator, ExpirationPolicyBuilder<ProxyGrantingTicket> expirationPolicyBuilder, CipherExecutor<String, String> cipherExecutor, ServicesManager servicesManager) {
        this.ticketGrantingTicketUniqueTicketIdGenerator = uniqueTicketIdGenerator;
        this.ticketGrantingTicketExpirationPolicy = expirationPolicyBuilder;
        this.cipherExecutor = cipherExecutor;
        this.servicesManager = servicesManager;
    }
}
