package net.unicon.cas.mfa;

import java.util.Set;
import net.unicon.cas.mfa.ticket.UnacceptableMultiFactorAuthenticationMethodException;
import net.unicon.cas.mfa.ticket.UnrecognizedMultiFactorAuthenticationMethodException;
import net.unicon.cas.mfa.util.MultiFactorUtils;
import org.apache.commons.lang3.StringUtils;
import org.jasig.cas.authentication.Authentication;
import org.jasig.cas.validation.Assertion;
import org.jasig.cas.validation.Cas20ProtocolValidationSpecification;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-mfa-java-2.0.0-RC1.jar:net/unicon/cas/mfa/AbstractMultiFactorAuthenticationProtocolValidationSpecification.class */
public abstract class AbstractMultiFactorAuthenticationProtocolValidationSpecification extends Cas20ProtocolValidationSpecification {
    private final Logger logger;
    private String authenticationMethod;
    private boolean validateProxyAuthenticationRequests;

    /* loaded from: input_file:WEB-INF/lib/cas-mfa-java-2.0.0-RC1.jar:net/unicon/cas/mfa/AbstractMultiFactorAuthenticationProtocolValidationSpecification$WithProxy.class */
    public static final class WithProxy extends AbstractMultiFactorAuthenticationProtocolValidationSpecification {
        public WithProxy() {
            super(true);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/cas-mfa-java-2.0.0-RC1.jar:net/unicon/cas/mfa/AbstractMultiFactorAuthenticationProtocolValidationSpecification$WithoutProxy.class */
    public static final class WithoutProxy extends AbstractMultiFactorAuthenticationProtocolValidationSpecification {
        public WithoutProxy() {
            super(false);
        }
    }

    public AbstractMultiFactorAuthenticationProtocolValidationSpecification(boolean z) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.authenticationMethod = null;
        this.validateProxyAuthenticationRequests = false;
        this.validateProxyAuthenticationRequests = z;
    }

    public AbstractMultiFactorAuthenticationProtocolValidationSpecification(String str) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.authenticationMethod = null;
        this.validateProxyAuthenticationRequests = false;
        this.authenticationMethod = str;
    }

    public final void setAuthenticationMethod(String str) {
        this.authenticationMethod = str;
    }

    public final String getAuthenticationMethod() {
        return this.authenticationMethod;
    }

    @Override // org.jasig.cas.validation.Cas20ProtocolValidationSpecification, org.jasig.cas.validation.AbstractCasProtocolValidationSpecification
    protected final boolean isSatisfiedByInternal(Assertion assertion) {
        Authentication authenticationFromAssertion = MultiFactorUtils.getAuthenticationFromAssertion(assertion);
        if (authenticationFromAssertion == null) {
            this.logger.debug("No authentication context is available");
            return false;
        }
        Set<String> satisfiedAuthenticationMethods = MultiFactorUtils.getSatisfiedAuthenticationMethods(authenticationFromAssertion);
        if (!StringUtils.isBlank(getAuthenticationMethod())) {
            if (satisfiedAuthenticationMethods.isEmpty()) {
                String format = String.format("Requested authentication method [%s] is not available", getAuthenticationMethod());
                this.logger.debug(format);
                throw new UnacceptableMultiFactorAuthenticationMethodException("UNACCEPTABLE_AUTHENTICATION_METHOD", format, getAuthenticationMethod());
            }
            if (!satisfiedAuthenticationMethods.contains(getAuthenticationMethod())) {
                String format2 = String.format("Requested authentication method [%s] does not match the authentication method used [%s]", getAuthenticationMethod(), satisfiedAuthenticationMethods);
                this.logger.debug(format2);
                throw new UnrecognizedMultiFactorAuthenticationMethodException("UNRECOGNIZED_AUTHENTICATION_METHOD", format2, getAuthenticationMethod());
            }
        }
        return this.validateProxyAuthenticationRequests || assertion.getChainedAuthentications().size() == 1;
    }
}
