package org.apereo.cas.web.flow;

import lombok.Generated;
import org.apereo.cas.CasProtocolConstants;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationCredentialsThreadLocalBinder;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-api-6.0.2.jar:org/apereo/cas/web/flow/DefaultSingleSignOnParticipationStrategy.class */
public class DefaultSingleSignOnParticipationStrategy implements SingleSignOnParticipationStrategy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultSingleSignOnParticipationStrategy.class);
    private final ServicesManager servicesManager;
    private final boolean createSsoSessionCookieOnRenewAuthentications;
    private final boolean renewEnabled;

    @Override // org.apereo.cas.web.flow.SingleSignOnParticipationStrategy
    public boolean isParticipating(RequestContext requestContext) {
        RegisteredService findServiceBy;
        if (this.renewEnabled && requestContext.getRequestParameters().contains(CasProtocolConstants.PARAMETER_RENEW)) {
            LOGGER.debug("[{}] is specified for the request. The authentication session will be considered renewed.", CasProtocolConstants.PARAMETER_RENEW);
            return this.createSsoSessionCookieOnRenewAuthentications;
        }
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        WebApplicationService service = WebUtils.getService(requestContext);
        if (service == null || (findServiceBy = this.servicesManager.findServiceBy(service)) == null) {
            return true;
        }
        Authentication currentAuthentication = AuthenticationCredentialsThreadLocalBinder.getCurrentAuthentication();
        try {
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication);
            boolean isServiceAccessAllowedForSso = findServiceBy.getAccessStrategy().isServiceAccessAllowedForSso();
            LOGGER.debug("Located [{}] in registry. Service access to participate in SSO is set to [{}]", findServiceBy.getServiceId(), Boolean.valueOf(isServiceAccessAllowedForSso));
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
            return isServiceAccessAllowedForSso;
        } catch (Throwable th) {
            AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuthentication);
            throw th;
        }
    }

    @Generated
    public DefaultSingleSignOnParticipationStrategy(ServicesManager servicesManager, boolean z, boolean z2) {
        this.servicesManager = servicesManager;
        this.createSsoSessionCookieOnRenewAuthentications = z;
        this.renewEnabled = z2;
    }
}
