package org.apereo.cas.validation;

import lombok.Generated;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecutionResult;
import org.apereo.cas.audit.BaseAuditableExecution;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.inspektr.audit.annotation.Audit;
import org.pac4j.core.client.Client;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-pac4j-core-5.3.11.jar:org/apereo/cas/validation/RegisteredServiceDelegatedAuthenticationPolicyAuditableEnforcer.class */
public class RegisteredServiceDelegatedAuthenticationPolicyAuditableEnforcer extends BaseAuditableExecution {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RegisteredServiceDelegatedAuthenticationPolicyAuditableEnforcer.class);

    @Override // org.apereo.cas.audit.BaseAuditableExecution, org.apereo.cas.audit.AuditableExecution
    @Audit(action = "DELEGATED_CLIENT", actionResolverName = "DELEGATED_CLIENT_ACTION_RESOLVER", resourceResolverName = "DELEGATED_CLIENT_RESOURCE_RESOLVER")
    public AuditableExecutionResult execute(AuditableContext auditableContext) {
        AuditableExecutionResult of = AuditableExecutionResult.of(auditableContext);
        if (auditableContext.getRegisteredService().isPresent() && auditableContext.getProperties().containsKey(Client.class.getSimpleName())) {
            RegisteredService registeredService = auditableContext.getRegisteredService().get();
            String obj = auditableContext.getProperties().get(Client.class.getSimpleName()).toString();
            RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthenticationPolicy = registeredService.getAccessStrategy().getDelegatedAuthenticationPolicy();
            if (delegatedAuthenticationPolicy != null && !delegatedAuthenticationPolicy.isProviderAllowed(obj, registeredService)) {
                LOGGER.debug("Delegated authentication policy for [{}] does not allow for using client [{}]", registeredService, obj);
                of.setException(new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, ""));
            }
        }
        return of;
    }
}
