package org.apereo.cas.web.flow.resolver.impl;

import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/resolver/impl/AbstractCasMultifactorAuthenticationWebflowEventResolver.class */
public abstract class AbstractCasMultifactorAuthenticationWebflowEventResolver extends AbstractCasWebflowEventResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractCasMultifactorAuthenticationWebflowEventResolver.class);
    protected final MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector;

    public AbstractCasMultifactorAuthenticationWebflowEventResolver(AuthenticationSystemSupport authenticationSystemSupport, CentralAuthenticationService centralAuthenticationService, ServicesManager servicesManager, TicketRegistrySupport ticketRegistrySupport, CookieGenerator cookieGenerator, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector) {
        super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, cookieGenerator, authenticationServiceSelectionPlan);
        this.multifactorAuthenticationProviderSelector = multifactorAuthenticationProviderSelector;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Map<String, Object> buildEventAttributeMap(Principal principal, Optional<RegisteredService> optional, MultifactorAuthenticationProvider multifactorAuthenticationProvider) {
        HashMap hashMap = new HashMap();
        hashMap.put(Principal.class.getName(), principal);
        optional.ifPresent(registeredService -> {
            hashMap.put(RegisteredService.class.getName(), registeredService);
        });
        hashMap.put(MultifactorAuthenticationProvider.class.getName(), multifactorAuthenticationProvider);
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<MultifactorAuthenticationProvider> getAuthenticationProviderForService(RegisteredService registeredService) {
        RegisteredServiceMultifactorPolicy multifactorPolicy = registeredService.getMultifactorPolicy();
        if (multifactorPolicy != null) {
            return (Collection) multifactorPolicy.getMultifactorAuthenticationProviders().stream().map(this::getMultifactorAuthenticationProviderFromApplicationContext).filter((v0) -> {
                return v0.isPresent();
            }).map((v0) -> {
                return v0.get();
            }).collect(Collectors.toSet());
        }
        return null;
    }

    private Set<Event> resolveEventViaMultivaluedAttribute(Principal principal, Object obj, RegisteredService registeredService, RequestContext requestContext, MultifactorAuthenticationProvider multifactorAuthenticationProvider, Predicate<String> predicate) {
        HashSet hashSet = new HashSet();
        if (!(obj instanceof Collection)) {
            LOGGER.debug("Attribute value [{}] of type [{}] is not a multi-valued attribute", obj, obj.getClass());
            return null;
        }
        LOGGER.debug("Attribute value [{}] is a multi-valued attribute", obj);
        ((Collection) obj).forEach(str -> {
            try {
                if (predicate.test(str)) {
                    LOGGER.debug("Attribute value predicate [{}] has successfully matched the [{}]. Attempting to verify multifactor authentication for [{}]", new Object[]{predicate, str, registeredService});
                    LOGGER.debug("Provider [{}] is successfully verified", multifactorAuthenticationProvider);
                    hashSet.add(validateEventIdForMatchingTransitionInContext(multifactorAuthenticationProvider.getId(), requestContext, buildEventAttributeMap(principal, Optional.of(registeredService), multifactorAuthenticationProvider)));
                } else {
                    LOGGER.debug("Attribute value predicate [{}] could not match the [{}]", predicate, str);
                }
            } catch (Exception e) {
                LOGGER.debug("Ignoring [{}] since no matching transition could be found", str);
            }
        });
        return hashSet;
    }

    private Set<Event> resolveEventViaSingleAttribute(Principal principal, Object obj, RegisteredService registeredService, RequestContext requestContext, MultifactorAuthenticationProvider multifactorAuthenticationProvider, Predicate<String> predicate) {
        if (obj instanceof String) {
            LOGGER.debug("Attribute value [{}] is a single-valued attribute", obj);
            if (predicate.test((String) obj)) {
                LOGGER.debug("Attribute value predicate [{}] has matched the [{}]", predicate, obj);
                return evaluateEventForProviderInContext(principal, registeredService, requestContext, multifactorAuthenticationProvider);
            }
            LOGGER.debug("Attribute value predicate [{}] could not match the [{}]", predicate, obj);
        }
        LOGGER.debug("Attribute value [{}] is not a single-valued attribute", obj);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<Event> evaluateEventForProviderInContext(Principal principal, RegisteredService registeredService, RequestContext requestContext, MultifactorAuthenticationProvider multifactorAuthenticationProvider) {
        LOGGER.debug("Attempting check for availability of multifactor authentication provider [{}] for [{}]", multifactorAuthenticationProvider, registeredService);
        if (multifactorAuthenticationProvider != null) {
            LOGGER.debug("Provider [{}] is successfully verified", multifactorAuthenticationProvider);
            return CollectionUtils.wrapSet(validateEventIdForMatchingTransitionInContext(multifactorAuthenticationProvider.getId(), requestContext, buildEventAttributeMap(principal, Optional.of(registeredService), multifactorAuthenticationProvider)));
        }
        LOGGER.debug("Provider [{}] could not be verified", multifactorAuthenticationProvider);
        return new HashSet(0);
    }

    private Set<Event> resolveEventViaAttribute(Principal principal, Map<String, Object> map, Collection<String> collection, RegisteredService registeredService, RequestContext requestContext, Collection<MultifactorAuthenticationProvider> collection2, Predicate<String> predicate) {
        if (collection2 == null || collection2.isEmpty()) {
            LOGGER.debug("No authentication provider is associated with this service");
            return null;
        }
        LOGGER.debug("Locating attribute value for attribute(s): [{}]", collection);
        for (String str : collection) {
            Object obj = map.get(str);
            if (obj == null) {
                LOGGER.debug("Attribute value for [{}] to determine event is not configured for [{}]", str, principal.getId());
            } else {
                LOGGER.debug("Selecting a multifactor authentication provider out of [{}] for [{}] and service [{}]", new Object[]{collection2, principal.getId(), registeredService});
                MultifactorAuthenticationProvider resolve = this.multifactorAuthenticationProviderSelector.resolve(collection2, registeredService, principal);
                LOGGER.debug("Located attribute value [{}] for [{}]", obj, collection);
                Set<Event> resolveEventViaSingleAttribute = resolveEventViaSingleAttribute(principal, obj, registeredService, requestContext, resolve, predicate);
                if (resolveEventViaSingleAttribute == null || resolveEventViaSingleAttribute.isEmpty()) {
                    resolveEventViaSingleAttribute = resolveEventViaMultivaluedAttribute(principal, obj, registeredService, requestContext, resolve, predicate);
                }
                if (resolveEventViaSingleAttribute != null && !resolveEventViaSingleAttribute.isEmpty()) {
                    LOGGER.debug("Resolved set of events based on the attribute [{}] are [{}]", str, resolveEventViaSingleAttribute);
                    return resolveEventViaSingleAttribute;
                }
            }
        }
        LOGGER.debug("No set of events based on the attribute(s) [{}] could be matched", collection);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<Event> resolveEventViaAuthenticationAttribute(Authentication authentication, Collection<String> collection, RegisteredService registeredService, RequestContext requestContext, Collection<MultifactorAuthenticationProvider> collection2, Predicate<String> predicate) {
        return resolveEventViaAttribute(authentication.getPrincipal(), authentication.getAttributes(), collection, registeredService, requestContext, collection2, predicate);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<Event> resolveEventViaPrincipalAttribute(Principal principal, Collection<String> collection, RegisteredService registeredService, RequestContext requestContext, Collection<MultifactorAuthenticationProvider> collection2, Predicate<String> predicate) {
        if (collection.isEmpty()) {
            LOGGER.debug("No attribute names are provided to trigger a multifactor authentication provider via [{}]", getName());
            return null;
        }
        if (collection2 != null && !collection2.isEmpty()) {
            return resolveEventViaAttribute(principal, getPrincipalAttributesForMultifactorAuthentication(principal), collection, registeredService, requestContext, collection2, predicate);
        }
        LOGGER.error("No multifactor authentication providers are available in the application context");
        return null;
    }

    protected Optional<MultifactorAuthenticationProvider> getMultifactorAuthenticationProviderFromApplicationContext(String str) {
        try {
            LOGGER.debug("Locating bean definition for [{}]", str);
            return MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext).values().stream().filter(multifactorAuthenticationProvider -> {
                return multifactorAuthenticationProvider.matches(str);
            }).findFirst();
        } catch (Exception e) {
            LOGGER.debug("Could not locate [{}] bean id in the application context as an authentication provider.", str);
            return Optional.empty();
        }
    }

    protected Map<String, Object> getPrincipalAttributesForMultifactorAuthentication(Principal principal) {
        return principal.getAttributes();
    }
}
