package org.apereo.cas.authentication.surrogate;

import java.util.Collection;
import java.util.Optional;
import org.apereo.cas.authentication.AuthenticationBuilder;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@FunctionalInterface
/* loaded from: input_file:org/apereo/cas/authentication/surrogate/SurrogateAuthenticationService.class */
public interface SurrogateAuthenticationService {
    public static final Logger LOGGER = LoggerFactory.getLogger(SurrogateAuthenticationService.class);
    public static final String WILDCARD_ACCOUNT = "*";
    public static final String BEAN_NAME = "surrogateAuthenticationService";
    public static final String AUTHENTICATION_ATTR_SURROGATE_USER = "surrogateUser";
    public static final String AUTHENTICATION_ATTR_SURROGATE_PRINCIPAL = "surrogatePrincipal";
    public static final String AUTHENTICATION_ATTR_SURROGATE_ENABLED = "surrogateEnabled";

    default boolean canImpersonate(String str, Principal principal, Optional<? extends Service> optional) throws Throwable {
        return false;
    }

    Collection<String> getImpersonationAccounts(String str, Optional<? extends Service> optional) throws Throwable;

    default boolean isWildcardedAccount(String str, Principal principal, Optional<? extends Service> optional) throws Throwable {
        return isWildcardedAccount(getImpersonationAccounts(principal.getId(), optional), optional);
    }

    default boolean isWildcardedAccount(Collection<String> collection, Optional<? extends Service> optional) {
        return collection.size() == 1 && collection.contains(WILDCARD_ACCOUNT);
    }

    default void collectSurrogateAttributes(AuthenticationBuilder authenticationBuilder, String str, String str2) {
        LOGGER.debug("Recording surrogate username [{}] as an authentication attribute", str);
        authenticationBuilder.addAttribute(AUTHENTICATION_ATTR_SURROGATE_USER, str);
        authenticationBuilder.addAttribute(AUTHENTICATION_ATTR_SURROGATE_PRINCIPAL, str2);
        authenticationBuilder.addAttribute(AUTHENTICATION_ATTR_SURROGATE_ENABLED, Boolean.TRUE);
    }
}
