package org.apereo.cas.authentication.mfa.trigger;

import java.util.Collection;
import java.util.Optional;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderResolver;
import org.apereo.cas.authentication.MultifactorAuthenticationRequiredException;
import org.apereo.cas.authentication.MultifactorAuthenticationTrigger;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-mfa-api-6.5.6.jar:org/apereo/cas/authentication/mfa/trigger/PrincipalAttributeMultifactorAuthenticationTrigger.class */
public class PrincipalAttributeMultifactorAuthenticationTrigger implements MultifactorAuthenticationTrigger {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) PrincipalAttributeMultifactorAuthenticationTrigger.class);
    private final CasConfigurationProperties casProperties;
    private final MultifactorAuthenticationProviderResolver multifactorAuthenticationProviderResolver;
    private final ApplicationContext applicationContext;
    private int order = Integer.MAX_VALUE;

    @Override // org.apereo.cas.authentication.MultifactorAuthenticationTrigger
    public Optional<MultifactorAuthenticationProvider> isActivated(Authentication authentication, RegisteredService registeredService, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Service service) {
        if (authentication == null) {
            LOGGER.debug("No authentication is available to determine event for principal");
            return Optional.empty();
        }
        Set<Event> resolveMultifactorAuthenticationProvider = resolveMultifactorAuthenticationProvider(Optional.empty(), registeredService, getPrincipalForMultifactorAuthentication(authentication));
        if (resolveMultifactorAuthenticationProvider == null || resolveMultifactorAuthenticationProvider.isEmpty()) {
            return Optional.empty();
        }
        Optional<Object> firstElement = CollectionUtils.firstElement(resolveMultifactorAuthenticationProvider);
        return firstElement.isEmpty() ? Optional.empty() : MultifactorAuthenticationUtils.getMultifactorAuthenticationProviderById(firstElement.get().toString(), this.applicationContext);
    }

    protected Principal getPrincipalForMultifactorAuthentication(Authentication authentication) {
        return authentication.getPrincipal();
    }

    protected Set<Event> resolveMultifactorAuthenticationProvider(Optional<RequestContext> optional, RegisteredService registeredService, Principal principal) {
        Set<Event> determineMultifactorAuthenticationEvent = determineMultifactorAuthenticationEvent(optional, registeredService, principal);
        if (this.casProperties.getAuthn().getMfa().getTriggers().getPrincipal().isDenyIfUnmatched() && (determineMultifactorAuthenticationEvent == null || determineMultifactorAuthenticationEvent.isEmpty())) {
            throw new AuthenticationException(new MultifactorAuthenticationRequiredException(registeredService, principal));
        }
        return determineMultifactorAuthenticationEvent;
    }

    protected Set<Event> determineMultifactorAuthenticationEvent(Optional<RequestContext> optional, RegisteredService registeredService, Principal principal) {
        String globalPrincipalAttributeValueRegex = this.casProperties.getAuthn().getMfa().getTriggers().getPrincipal().getGlobalPrincipalAttributeValueRegex();
        Collection<MultifactorAuthenticationProvider> values = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext).values();
        return (values.size() == 1 && StringUtils.isNotBlank(globalPrincipalAttributeValueRegex)) ? resolveSingleMultifactorProvider(optional, registeredService, principal, values) : resolveMultifactorProviderViaPredicate(optional, registeredService, principal, values);
    }

    protected Set<Event> resolveMultifactorProviderViaPredicate(Optional<RequestContext> optional, RegisteredService registeredService, Principal principal, Collection<MultifactorAuthenticationProvider> collection) {
        return this.multifactorAuthenticationProviderResolver.resolveEventViaPrincipalAttribute(principal, org.springframework.util.StringUtils.commaDelimitedListToSet(this.casProperties.getAuthn().getMfa().getTriggers().getPrincipal().getGlobalPrincipalAttributeNameTriggers()), registeredService, optional, collection, (str, multifactorAuthenticationProvider) -> {
            return str != null && multifactorAuthenticationProvider.matches(str);
        });
    }

    protected Set<Event> resolveSingleMultifactorProvider(Optional<RequestContext> optional, RegisteredService registeredService, Principal principal, Collection<MultifactorAuthenticationProvider> collection) {
        String globalPrincipalAttributeValueRegex = this.casProperties.getAuthn().getMfa().getTriggers().getPrincipal().getGlobalPrincipalAttributeValueRegex();
        LOGGER.trace("Found a single multifactor provider [{}] in the application context", collection.iterator().next());
        return this.multifactorAuthenticationProviderResolver.resolveEventViaPrincipalAttribute(principal, org.springframework.util.StringUtils.commaDelimitedListToSet(this.casProperties.getAuthn().getMfa().getTriggers().getPrincipal().getGlobalPrincipalAttributeNameTriggers()), registeredService, optional, collection, (str, multifactorAuthenticationProvider) -> {
            return str != null && str.matches(globalPrincipalAttributeValueRegex);
        });
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }

    @Generated
    public MultifactorAuthenticationProviderResolver getMultifactorAuthenticationProviderResolver() {
        return this.multifactorAuthenticationProviderResolver;
    }

    @Generated
    public ApplicationContext getApplicationContext() {
        return this.applicationContext;
    }

    @Override // org.apereo.cas.authentication.MultifactorAuthenticationTrigger, org.springframework.core.Ordered
    @Generated
    public int getOrder() {
        return this.order;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }

    @Generated
    public PrincipalAttributeMultifactorAuthenticationTrigger(CasConfigurationProperties casConfigurationProperties, MultifactorAuthenticationProviderResolver multifactorAuthenticationProviderResolver, ApplicationContext applicationContext) {
        this.casProperties = casConfigurationProperties;
        this.multifactorAuthenticationProviderResolver = multifactorAuthenticationProviderResolver;
        this.applicationContext = applicationContext;
    }
}
