package net.unicon.cas.mfa.authentication;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.validation.constraints.NotNull;
import net.unicon.cas.addons.serviceregistry.RegisteredServiceWithAttributes;
import net.unicon.cas.mfa.web.support.MultiFactorAuthenticationSupportingWebApplicationService;
import net.unicon.cas.mfa.web.support.MultiFactorWebApplicationServiceFactory;
import org.apache.commons.lang.builder.ToStringBuilder;
import org.jasig.cas.authentication.Authentication;
import org.jasig.cas.authentication.principal.WebApplicationService;
import org.jasig.cas.services.RegisteredService;
import org.jasig.cas.services.ServicesManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-mfa-java-1.0.0-RC2.jar:net/unicon/cas/mfa/authentication/DefaultRegisteredServiceMfaRoleProcessorImpl.class */
public class DefaultRegisteredServiceMfaRoleProcessorImpl implements RegisteredServiceMfaRoleProcessor {
    public static final String MFA_ROLE = "mfa_role";
    public static final String MFA_ATTRIBUTE_NAME = "mfa_attribute_name";
    public static final String MFA_ATTRIBUTE_PATTERN = "mfa_attribute_pattern";
    public static final String AUTHN_METHOD = "authn_method";
    private final MultiFactorWebApplicationServiceFactory mfaServiceFactory;
    private final AuthenticationMethodConfigurationProvider authenticationMethodConfiguration;
    private final ServicesManager servicesManager;
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private final Map<String, Pattern> patternCache = new LinkedHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/cas-mfa-java-1.0.0-RC2.jar:net/unicon/cas/mfa/authentication/DefaultRegisteredServiceMfaRoleProcessorImpl$ServiceMfaData.class */
    public class ServiceMfaData {
        private String authenticationMethod;
        private String attributeName;
        private String attributePattern;

        private ServiceMfaData() {
        }

        public String getAuthenticationMethod() {
            return this.authenticationMethod;
        }

        public void setAuthenticationMethod(String str) {
            this.authenticationMethod = str;
        }

        public String getAttributeName() {
            return this.attributeName;
        }

        public void setAttributeName(String str) {
            this.attributeName = str;
        }

        public String getAttributePattern() {
            return this.attributePattern;
        }

        public void setAttributePattern(String str) {
            this.attributePattern = str;
        }

        public boolean isValid() {
            if (this.authenticationMethod != null && this.attributeName != null && this.attributePattern != null) {
                return true;
            }
            if (this.attributeName == null) {
                DefaultRegisteredServiceMfaRoleProcessorImpl.this.logger.warn("'mfa_attribute_name' cannot be null when using '{}'", DefaultRegisteredServiceMfaRoleProcessorImpl.MFA_ROLE);
                return false;
            }
            if (this.attributePattern == null) {
                DefaultRegisteredServiceMfaRoleProcessorImpl.this.logger.warn("'mfa_attribute_pattern' cannot be null when using '{}'", DefaultRegisteredServiceMfaRoleProcessorImpl.MFA_ROLE);
                return false;
            }
            DefaultRegisteredServiceMfaRoleProcessorImpl.this.logger.warn("'authn_method` cannot be null when using '{}'", DefaultRegisteredServiceMfaRoleProcessorImpl.MFA_ROLE);
            return false;
        }

        public String toString() {
            return ToStringBuilder.reflectionToString(this);
        }

        /* synthetic */ ServiceMfaData(DefaultRegisteredServiceMfaRoleProcessorImpl defaultRegisteredServiceMfaRoleProcessorImpl, ServiceMfaData serviceMfaData) {
            this();
        }
    }

    public DefaultRegisteredServiceMfaRoleProcessorImpl(MultiFactorWebApplicationServiceFactory multiFactorWebApplicationServiceFactory, AuthenticationMethodConfigurationProvider authenticationMethodConfigurationProvider, ServicesManager servicesManager) {
        this.mfaServiceFactory = multiFactorWebApplicationServiceFactory;
        this.authenticationMethodConfiguration = authenticationMethodConfigurationProvider;
        this.servicesManager = servicesManager;
    }

    @Override // net.unicon.cas.mfa.authentication.RegisteredServiceMfaRoleProcessor
    public List<MultiFactorAuthenticationRequestContext> resolve(@NotNull Authentication authentication, @NotNull WebApplicationService webApplicationService) {
        String str = null;
        ArrayList arrayList = new ArrayList();
        if (authentication != null && webApplicationService != null) {
            ServiceMfaData servicesAuthenticationData = getServicesAuthenticationData(webApplicationService);
            if (servicesAuthenticationData == null) {
                this.logger.debug("No specific mfa_role service attributes found");
                return null;
            }
            this.logger.debug("Found mfa_role: {}", servicesAuthenticationData);
            str = servicesAuthenticationData.attributeName;
            Object obj = authentication.getPrincipal().getAttributes().get(servicesAuthenticationData.attributeName);
            if (obj != null) {
                if (obj instanceof String) {
                    MultiFactorAuthenticationRequestContext mfaRequestContext = getMfaRequestContext(servicesAuthenticationData, obj.toString(), webApplicationService);
                    if (mfaRequestContext != null) {
                        arrayList.add(mfaRequestContext);
                    }
                } else if (obj instanceof List) {
                    Iterator it = ((List) obj).iterator();
                    while (it.hasNext()) {
                        MultiFactorAuthenticationRequestContext mfaRequestContext2 = getMfaRequestContext(servicesAuthenticationData, (String) it.next(), webApplicationService);
                        if (mfaRequestContext2 != null) {
                            arrayList.add(mfaRequestContext2);
                        }
                    }
                } else {
                    this.logger.debug("Not MFA Attribute found.");
                }
            }
        }
        if (arrayList.size() != 0) {
            return arrayList;
        }
        this.logger.debug("No multifactor authentication requests could be resolved based on [{}].", str);
        return null;
    }

    private MultiFactorAuthenticationRequestContext getMfaRequestContext(ServiceMfaData serviceMfaData, String str, WebApplicationService webApplicationService) {
        if (!match(serviceMfaData.getAttributePattern(), str)) {
            this.logger.trace("{} did not match {}", str, serviceMfaData.getAttributePattern());
            return null;
        }
        if (this.authenticationMethodConfiguration.containsAuthenticationMethod(serviceMfaData.getAuthenticationMethod())) {
            return new MultiFactorAuthenticationRequestContext(this.mfaServiceFactory.create(webApplicationService.getId(), webApplicationService.getId(), webApplicationService.getArtifactId(), serviceMfaData.getAuthenticationMethod(), MultiFactorAuthenticationSupportingWebApplicationService.AuthenticationMethodSource.PRINCIPAL_ATTRIBUTE), this.authenticationMethodConfiguration.getAuthenticationMethod(serviceMfaData.getAuthenticationMethod()).getRank().intValue());
        }
        this.logger.info("MFA attribute [{}] with value [{}] is not supported by the authentication method configuration.", serviceMfaData.getAttributeName(), serviceMfaData.getAuthenticationMethod());
        return null;
    }

    private boolean match(String str, String str2) {
        Pattern pattern = this.patternCache.get(str);
        if (pattern == null) {
            pattern = Pattern.compile(str);
        }
        return pattern.matcher(str2).matches();
    }

    private ServiceMfaData getServicesAuthenticationData(WebApplicationService webApplicationService) {
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(webApplicationService);
        if (findServiceBy == null) {
            this.logger.debug("No registered service is found. Delegating to the next argument extractor in the chain...");
            return null;
        }
        if (!(findServiceBy instanceof RegisteredServiceWithAttributes)) {
            this.logger.debug("Registered service is not capable of defining an mfa attribute.");
            return null;
        }
        ServiceMfaData serviceMfaData = new ServiceMfaData(this, null);
        RegisteredServiceWithAttributes registeredServiceWithAttributes = (RegisteredServiceWithAttributes) RegisteredServiceWithAttributes.class.cast(findServiceBy);
        Map map = (Map) Map.class.cast(registeredServiceWithAttributes.getExtraAttributes().get(MFA_ROLE));
        if (map == null) {
            return null;
        }
        serviceMfaData.setAttributeName((String) String.class.cast(map.get(MFA_ATTRIBUTE_NAME)));
        serviceMfaData.setAttributePattern((String) String.class.cast(map.get(MFA_ATTRIBUTE_PATTERN)));
        serviceMfaData.setAuthenticationMethod((String) String.class.cast(registeredServiceWithAttributes.getExtraAttributes().get("authn_method")));
        if (serviceMfaData.isValid()) {
            return serviceMfaData;
        }
        return null;
    }
}
