package org.apereo.cas.support.oauth.services;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.configuration.support.RegularExpressionCapable;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.util.RegexUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
@JsonInclude(JsonInclude.Include.NON_DEFAULT)
/* loaded from: input_file:org/apereo/cas/support/oauth/services/DefaultRegisteredServiceOAuthTokenExchangePolicy.class */
public class DefaultRegisteredServiceOAuthTokenExchangePolicy implements RegisteredServiceOAuthTokenExchangePolicy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultRegisteredServiceOAuthTokenExchangePolicy.class);
    private static final long serialVersionUID = 1415436756392637729L;

    @RegularExpressionCapable
    private Set<String> allowedResources;

    @RegularExpressionCapable
    private Set<String> allowedAudience;

    @RegularExpressionCapable
    private Set<String> allowedTokenTypes;

    @RegularExpressionCapable
    private Set<String> allowedActorTokenTypes;

    @RegularExpressionCapable
    private Map<String, List<String>> requiredActorTokenAttributes;

    @Override // org.apereo.cas.support.oauth.services.RegisteredServiceOAuthTokenExchangePolicy
    public boolean isTokenExchangeAllowed(RegisteredService registeredService, Set<String> set, Set<String> set2, String str) {
        boolean z = (this.allowedResources == null || this.allowedResources.stream().anyMatch(str2 -> {
            return RegexUtils.findFirst(str2, set).isPresent();
        })) && (this.allowedAudience == null || this.allowedAudience.stream().anyMatch(str3 -> {
            return RegexUtils.findFirst(str3, set2).isPresent();
        })) && (this.allowedTokenTypes == null || this.allowedTokenTypes.stream().anyMatch(str4 -> {
            return RegexUtils.find(str4, str);
        }));
        if (!z) {
            LOGGER.warn("Token exchange is not allowed for service [{}] for resource [{}], audience [{}] or requested token type[{}]", new Object[]{registeredService.getName(), set, set2, str});
        }
        return z;
    }

    @Override // org.apereo.cas.support.oauth.services.RegisteredServiceOAuthTokenExchangePolicy
    public boolean canSubjectTokenActAs(Authentication authentication, Authentication authentication2, String str) {
        boolean z = this.allowedActorTokenTypes == null || this.allowedActorTokenTypes.stream().anyMatch(str2 -> {
            return RegexUtils.find(str2, str);
        });
        HashMap hashMap = new HashMap(authentication2.getAttributes());
        hashMap.putAll(authentication2.getPrincipal().getAttributes());
        return z && (this.requiredActorTokenAttributes == null || this.requiredActorTokenAttributes.entrySet().stream().allMatch(entry -> {
            List list = (List) entry.getValue();
            List list2 = (List) hashMap.get(entry.getKey());
            return list2 != null && list.stream().allMatch(str3 -> {
                return RegexUtils.findFirst(str3, list2).isPresent();
            });
        }));
    }

    @Generated
    public Set<String> getAllowedResources() {
        return this.allowedResources;
    }

    @Generated
    public Set<String> getAllowedAudience() {
        return this.allowedAudience;
    }

    @Generated
    public Set<String> getAllowedTokenTypes() {
        return this.allowedTokenTypes;
    }

    @Generated
    public Set<String> getAllowedActorTokenTypes() {
        return this.allowedActorTokenTypes;
    }

    @Generated
    public Map<String, List<String>> getRequiredActorTokenAttributes() {
        return this.requiredActorTokenAttributes;
    }

    @Generated
    public DefaultRegisteredServiceOAuthTokenExchangePolicy setAllowedResources(Set<String> set) {
        this.allowedResources = set;
        return this;
    }

    @Generated
    public DefaultRegisteredServiceOAuthTokenExchangePolicy setAllowedAudience(Set<String> set) {
        this.allowedAudience = set;
        return this;
    }

    @Generated
    public DefaultRegisteredServiceOAuthTokenExchangePolicy setAllowedTokenTypes(Set<String> set) {
        this.allowedTokenTypes = set;
        return this;
    }

    @Generated
    public DefaultRegisteredServiceOAuthTokenExchangePolicy setAllowedActorTokenTypes(Set<String> set) {
        this.allowedActorTokenTypes = set;
        return this;
    }

    @Generated
    public DefaultRegisteredServiceOAuthTokenExchangePolicy setRequiredActorTokenAttributes(Map<String, List<String>> map) {
        this.requiredActorTokenAttributes = map;
        return this;
    }

    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof DefaultRegisteredServiceOAuthTokenExchangePolicy)) {
            return false;
        }
        DefaultRegisteredServiceOAuthTokenExchangePolicy defaultRegisteredServiceOAuthTokenExchangePolicy = (DefaultRegisteredServiceOAuthTokenExchangePolicy) obj;
        if (!defaultRegisteredServiceOAuthTokenExchangePolicy.canEqual(this)) {
            return false;
        }
        Set<String> set = this.allowedResources;
        Set<String> set2 = defaultRegisteredServiceOAuthTokenExchangePolicy.allowedResources;
        if (set == null) {
            if (set2 != null) {
                return false;
            }
        } else if (!set.equals(set2)) {
            return false;
        }
        Set<String> set3 = this.allowedAudience;
        Set<String> set4 = defaultRegisteredServiceOAuthTokenExchangePolicy.allowedAudience;
        if (set3 == null) {
            if (set4 != null) {
                return false;
            }
        } else if (!set3.equals(set4)) {
            return false;
        }
        Set<String> set5 = this.allowedTokenTypes;
        Set<String> set6 = defaultRegisteredServiceOAuthTokenExchangePolicy.allowedTokenTypes;
        if (set5 == null) {
            if (set6 != null) {
                return false;
            }
        } else if (!set5.equals(set6)) {
            return false;
        }
        Set<String> set7 = this.allowedActorTokenTypes;
        Set<String> set8 = defaultRegisteredServiceOAuthTokenExchangePolicy.allowedActorTokenTypes;
        if (set7 == null) {
            if (set8 != null) {
                return false;
            }
        } else if (!set7.equals(set8)) {
            return false;
        }
        Map<String, List<String>> map = this.requiredActorTokenAttributes;
        Map<String, List<String>> map2 = defaultRegisteredServiceOAuthTokenExchangePolicy.requiredActorTokenAttributes;
        return map == null ? map2 == null : map.equals(map2);
    }

    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof DefaultRegisteredServiceOAuthTokenExchangePolicy;
    }

    @Generated
    public int hashCode() {
        Set<String> set = this.allowedResources;
        int hashCode = (1 * 59) + (set == null ? 43 : set.hashCode());
        Set<String> set2 = this.allowedAudience;
        int hashCode2 = (hashCode * 59) + (set2 == null ? 43 : set2.hashCode());
        Set<String> set3 = this.allowedTokenTypes;
        int hashCode3 = (hashCode2 * 59) + (set3 == null ? 43 : set3.hashCode());
        Set<String> set4 = this.allowedActorTokenTypes;
        int hashCode4 = (hashCode3 * 59) + (set4 == null ? 43 : set4.hashCode());
        Map<String, List<String>> map = this.requiredActorTokenAttributes;
        return (hashCode4 * 59) + (map == null ? 43 : map.hashCode());
    }

    @Generated
    public DefaultRegisteredServiceOAuthTokenExchangePolicy(Set<String> set, Set<String> set2, Set<String> set3, Set<String> set4, Map<String, List<String>> map) {
        this.allowedResources = set;
        this.allowedAudience = set2;
        this.allowedTokenTypes = set3;
        this.allowedActorTokenTypes = set4;
        this.requiredActorTokenAttributes = map;
    }

    @Generated
    public DefaultRegisteredServiceOAuthTokenExchangePolicy() {
    }

    @Generated
    public String toString() {
        return "DefaultRegisteredServiceOAuthTokenExchangePolicy(allowedResources=" + String.valueOf(this.allowedResources) + ", allowedAudience=" + String.valueOf(this.allowedAudience) + ", allowedTokenTypes=" + String.valueOf(this.allowedTokenTypes) + ", allowedActorTokenTypes=" + String.valueOf(this.allowedActorTokenTypes) + ", requiredActorTokenAttributes=" + String.valueOf(this.requiredActorTokenAttributes) + ")";
    }
}
