package org.apereo.cas.pac4j.client;

import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.delegation.DelegationAutoRedirectTypes;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.DelegatedClientIdentityProviderConfiguration;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-pac4j-core-6.5.6.jar:org/apereo/cas/pac4j/client/DefaultDelegatedClientIdentityProviderRedirectionStrategy.class */
public class DefaultDelegatedClientIdentityProviderRedirectionStrategy implements DelegatedClientIdentityProviderRedirectionStrategy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultDelegatedClientIdentityProviderRedirectionStrategy.class);
    protected final ServicesManager servicesManager;
    protected final CasCookieBuilder delegatedAuthenticationCookieBuilder;
    protected final CasConfigurationProperties casProperties;

    @Override // org.apereo.cas.pac4j.client.DelegatedClientIdentityProviderRedirectionStrategy
    public Optional<DelegatedClientIdentityProviderConfiguration> getPrimaryDelegatedAuthenticationProvider(RequestContext requestContext, WebApplicationService webApplicationService, DelegatedClientIdentityProviderConfiguration delegatedClientIdentityProviderConfiguration) {
        if (webApplicationService != null) {
            RegisteredService findServiceBy = this.servicesManager.findServiceBy(webApplicationService);
            RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthenticationPolicy = findServiceBy.getAccessStrategy().getDelegatedAuthenticationPolicy();
            if (delegatedAuthenticationPolicy.isExclusive() && delegatedAuthenticationPolicy.getAllowedProviders().size() == 1 && delegatedClientIdentityProviderConfiguration.getName().equalsIgnoreCase(delegatedAuthenticationPolicy.getAllowedProviders().iterator().next())) {
                LOGGER.trace("Registered service [{}] is exclusively allowed to use provider [{}]", findServiceBy, delegatedClientIdentityProviderConfiguration);
                delegatedClientIdentityProviderConfiguration.setAutoRedirectType(DelegationAutoRedirectTypes.SERVER);
                return Optional.of(delegatedClientIdentityProviderConfiguration);
            }
        }
        if (WebUtils.getDelegatedAuthenticationProviderPrimary(requestContext) == null && delegatedClientIdentityProviderConfiguration.getAutoRedirectType() != DelegationAutoRedirectTypes.NONE) {
            LOGGER.trace("Provider [{}] is configured to auto-redirect", delegatedClientIdentityProviderConfiguration);
            return Optional.of(delegatedClientIdentityProviderConfiguration);
        }
        if (this.casProperties.getAuthn().getPac4j().getCookie().isEnabled()) {
            if (StringUtils.equalsIgnoreCase(this.delegatedAuthenticationCookieBuilder.retrieveCookieValue(WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext)), delegatedClientIdentityProviderConfiguration.getName())) {
                LOGGER.trace("Provider [{}] is chosen via cookie value preference as primary", delegatedClientIdentityProviderConfiguration);
                delegatedClientIdentityProviderConfiguration.setAutoRedirectType(DelegationAutoRedirectTypes.SERVER);
                return Optional.of(delegatedClientIdentityProviderConfiguration);
            }
        }
        return Optional.empty();
    }

    @Generated
    public DefaultDelegatedClientIdentityProviderRedirectionStrategy(ServicesManager servicesManager, CasCookieBuilder casCookieBuilder, CasConfigurationProperties casConfigurationProperties) {
        this.servicesManager = servicesManager;
        this.delegatedAuthenticationCookieBuilder = casCookieBuilder;
        this.casProperties = casConfigurationProperties;
    }
}
