package org.apereo.cas.authentication.mfa.trigger;

import java.util.Collection;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.ChainingMultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderResolver;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.authentication.MultifactorAuthenticationRequiredException;
import org.apereo.cas.authentication.MultifactorAuthenticationTrigger;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.RegexUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.webflow.execution.Event;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-mfa-api-6.5.8.jar:org/apereo/cas/authentication/mfa/trigger/RegisteredServicePrincipalAttributeMultifactorAuthenticationTrigger.class */
public class RegisteredServicePrincipalAttributeMultifactorAuthenticationTrigger implements MultifactorAuthenticationTrigger {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RegisteredServicePrincipalAttributeMultifactorAuthenticationTrigger.class);
    private final CasConfigurationProperties casProperties;
    private final MultifactorAuthenticationProviderResolver multifactorAuthenticationProviderResolver;
    private final ApplicationContext applicationContext;
    private final MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector;
    private int order = Integer.MAX_VALUE;

    @Override // org.apereo.cas.authentication.MultifactorAuthenticationTrigger
    public Optional<MultifactorAuthenticationProvider> isActivated(Authentication authentication, RegisteredService registeredService, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Service service) {
        if (authentication == null || registeredService == null) {
            LOGGER.debug("No authentication or service is available to determine event for principal");
            return Optional.empty();
        }
        RegisteredServiceMultifactorPolicy multifactorPolicy = registeredService.getMultifactorPolicy();
        if (multifactorPolicy == null || registeredService.getMultifactorPolicy().getMultifactorAuthenticationProviders().isEmpty()) {
            LOGGER.trace("Authentication policy is absent or does not contain any multifactor authentication providers");
            return Optional.empty();
        }
        if (StringUtils.isBlank(multifactorPolicy.getPrincipalAttributeNameTrigger()) || StringUtils.isBlank(multifactorPolicy.getPrincipalAttributeValueToMatch())) {
            LOGGER.debug("Authentication policy does not define a principal attribute and/or value to trigger multifactor authentication");
            return Optional.empty();
        }
        Principal resolvePrincipal = this.multifactorAuthenticationProviderResolver.resolvePrincipal(authentication.getPrincipal());
        Collection<MultifactorAuthenticationProvider> multifactorAuthenticationProviderForService = MultifactorAuthenticationUtils.getMultifactorAuthenticationProviderForService(registeredService, this.applicationContext);
        if (multifactorAuthenticationProviderForService.size() > 1) {
            MultifactorAuthenticationProvider resolve = this.multifactorAuthenticationProviderSelector.resolve(multifactorAuthenticationProviderForService, registeredService, resolvePrincipal);
            multifactorAuthenticationProviderForService.clear();
            multifactorAuthenticationProviderForService.add(resolve);
        }
        LOGGER.debug("Resolved multifactor providers are [{}]", multifactorAuthenticationProviderForService);
        Set<Event> resolveEventViaPrincipalAttribute = this.multifactorAuthenticationProviderResolver.resolveEventViaPrincipalAttribute(resolvePrincipal, org.springframework.util.StringUtils.commaDelimitedListToSet(multifactorPolicy.getPrincipalAttributeNameTrigger()), registeredService, Optional.empty(), multifactorAuthenticationProviderForService, (str, multifactorAuthenticationProvider) -> {
            return str != null && RegexUtils.matches(Pattern.compile(multifactorPolicy.getPrincipalAttributeValueToMatch()), str);
        });
        if (resolveEventViaPrincipalAttribute == null || resolveEventViaPrincipalAttribute.isEmpty()) {
            return unmatchedMultifactorAuthenticationTrigger(resolvePrincipal, registeredService);
        }
        Optional<Object> firstElement = CollectionUtils.firstElement(resolveEventViaPrincipalAttribute);
        Class<Event> cls = Event.class;
        Objects.requireNonNull(Event.class);
        return (Optional) firstElement.map(cls::cast).map(event -> {
            Optional<Object> firstElement2 = CollectionUtils.firstElement(multifactorAuthenticationProviderForService);
            Class<MultifactorAuthenticationProvider> cls2 = MultifactorAuthenticationProvider.class;
            Objects.requireNonNull(MultifactorAuthenticationProvider.class);
            MultifactorAuthenticationProvider multifactorAuthenticationProvider2 = (MultifactorAuthenticationProvider) firstElement2.map(cls2::cast).orElseThrow();
            return ((multifactorAuthenticationProvider2 instanceof ChainingMultifactorAuthenticationProvider) && multifactorAuthenticationProvider2.getId().equals(event.getId())) ? ((ChainingMultifactorAuthenticationProvider) multifactorAuthenticationProvider2).getMultifactorAuthenticationProviders().stream().map(multifactorAuthenticationProvider3 -> {
                return MultifactorAuthenticationUtils.getMultifactorAuthenticationProviderById(multifactorAuthenticationProvider3.getId(), this.applicationContext);
            }).allMatch((v0) -> {
                return v0.isPresent();
            }) ? Optional.of(multifactorAuthenticationProvider2) : unmatchedMultifactorAuthenticationTrigger(resolvePrincipal, registeredService) : MultifactorAuthenticationUtils.getMultifactorAuthenticationProviderById(event.getId(), this.applicationContext);
        }).orElseGet(() -> {
            return unmatchedMultifactorAuthenticationTrigger(resolvePrincipal, registeredService);
        });
    }

    private Optional<MultifactorAuthenticationProvider> unmatchedMultifactorAuthenticationTrigger(Principal principal, RegisteredService registeredService) {
        if (this.casProperties.getAuthn().getMfa().getTriggers().getPrincipal().isDenyIfUnmatched()) {
            throw new AuthenticationException(new MultifactorAuthenticationRequiredException(registeredService, principal));
        }
        return Optional.empty();
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }

    @Generated
    public MultifactorAuthenticationProviderResolver getMultifactorAuthenticationProviderResolver() {
        return this.multifactorAuthenticationProviderResolver;
    }

    @Generated
    public ApplicationContext getApplicationContext() {
        return this.applicationContext;
    }

    @Generated
    public MultifactorAuthenticationProviderSelector getMultifactorAuthenticationProviderSelector() {
        return this.multifactorAuthenticationProviderSelector;
    }

    @Override // org.apereo.cas.authentication.MultifactorAuthenticationTrigger, org.springframework.core.Ordered
    @Generated
    public int getOrder() {
        return this.order;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }

    @Generated
    public RegisteredServicePrincipalAttributeMultifactorAuthenticationTrigger(CasConfigurationProperties casConfigurationProperties, MultifactorAuthenticationProviderResolver multifactorAuthenticationProviderResolver, ApplicationContext applicationContext, MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector) {
        this.casProperties = casConfigurationProperties;
        this.multifactorAuthenticationProviderResolver = multifactorAuthenticationProviderResolver;
        this.applicationContext = applicationContext;
        this.multifactorAuthenticationProviderSelector = multifactorAuthenticationProviderSelector;
    }
}
