package org.apereo.cas.web.flow.resolver.impl.mfa;

import java.util.Collection;
import java.util.Set;
import lombok.Generated;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.audit.annotation.Audit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/resolver/impl/mfa/PrincipalAttributeMultifactorAuthenticationPolicyEventResolver.class */
public class PrincipalAttributeMultifactorAuthenticationPolicyEventResolver extends BaseMultifactorAuthenticationProviderEventResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(PrincipalAttributeMultifactorAuthenticationPolicyEventResolver.class);
    protected final String globalPrincipalAttributeValueRegex;
    protected final Set<String> attributeNames;

    public PrincipalAttributeMultifactorAuthenticationPolicyEventResolver(AuthenticationSystemSupport authenticationSystemSupport, CentralAuthenticationService centralAuthenticationService, ServicesManager servicesManager, TicketRegistrySupport ticketRegistrySupport, CookieGenerator cookieGenerator, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector, CasConfigurationProperties casConfigurationProperties) {
        super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, cookieGenerator, authenticationServiceSelectionPlan, multifactorAuthenticationProviderSelector);
        this.globalPrincipalAttributeValueRegex = casConfigurationProperties.getAuthn().getMfa().getGlobalPrincipalAttributeValueRegex();
        this.attributeNames = StringUtils.commaDelimitedListToSet(casConfigurationProperties.getAuthn().getMfa().getGlobalPrincipalAttributeNameTriggers());
    }

    public Set<Event> resolveInternal(RequestContext requestContext) {
        RegisteredService resolveRegisteredServiceInRequestContext = resolveRegisteredServiceInRequestContext(requestContext);
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        if (authentication != null) {
            return resolveMultifactorAuthenticationProvider(requestContext, resolveRegisteredServiceInRequestContext, authentication.getPrincipal());
        }
        LOGGER.debug("No authentication is available to determine event for principal");
        return null;
    }

    protected Set<Event> resolveMultifactorAuthenticationProvider(RequestContext requestContext, RegisteredService registeredService, Principal principal) {
        Collection<MultifactorAuthenticationProvider> values = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext).values();
        return (values.size() == 1 && org.apache.commons.lang3.StringUtils.isNotBlank(this.globalPrincipalAttributeValueRegex)) ? resolveSingleMultifactorProvider(requestContext, registeredService, principal, values) : resolveMultifactorProviderViaPredicate(requestContext, registeredService, principal, values);
    }

    protected Set<Event> resolveMultifactorProviderViaPredicate(RequestContext requestContext, RegisteredService registeredService, Principal principal, Collection<MultifactorAuthenticationProvider> collection) {
        return resolveEventViaPrincipalAttribute(principal, this.attributeNames, registeredService, requestContext, collection, str -> {
            return collection.stream().anyMatch(multifactorAuthenticationProvider -> {
                return str != null && multifactorAuthenticationProvider.matches(str);
            });
        });
    }

    protected Set<Event> resolveSingleMultifactorProvider(RequestContext requestContext, RegisteredService registeredService, Principal principal, Collection<MultifactorAuthenticationProvider> collection) {
        LOGGER.debug("Found a single multifactor provider [{}] in the application context", collection.iterator().next());
        return resolveEventViaPrincipalAttribute(principal, this.attributeNames, registeredService, requestContext, collection, str -> {
            return str != null && str.matches(this.globalPrincipalAttributeValueRegex);
        });
    }

    @Audit(action = "AUTHENTICATION_EVENT", actionResolverName = "AUTHENTICATION_EVENT_ACTION_RESOLVER", resourceResolverName = "AUTHENTICATION_EVENT_RESOURCE_RESOLVER")
    public Event resolveSingle(RequestContext requestContext) {
        return super.resolveSingle(requestContext);
    }
}
