package org.apereo.cas.web.flow.configurer;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Optional;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.util.StringUtils;
import org.springframework.webflow.definition.FlowDefinition;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.ActionState;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.SubflowState;
import org.springframework.webflow.engine.Transition;
import org.springframework.webflow.engine.TransitionSet;
import org.springframework.webflow.engine.TransitionableState;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.engine.support.DefaultTargetStateResolver;

/* loaded from: input_file:org/apereo/cas/web/flow/configurer/AbstractCasMultifactorWebflowConfigurer.class */
public abstract class AbstractCasMultifactorWebflowConfigurer extends AbstractCasWebflowConfigurer implements CasMultifactorWebflowConfigurer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractCasMultifactorWebflowConfigurer.class);
    private static final String MFA_CHECK_AVAILABLE_BEAN_ID = "mfaAvailableAction";
    private static final String MFA_CHECK_BYPASS_BEAN_ID = "mfaBypassAction";
    private static final String MFA_CHECK_FAILURE_BEAN_ID = "mfaFailureAction";
    private static final String LOG_MESSAGE_TRANSITION_ID = "Locating transition id [{}] to process multifactor authentication for state [{}]...";
    protected final List<FlowDefinitionRegistry> multifactorAuthenticationFlowDefinitionRegistries;
    private final List<CasMultifactorWebflowCustomizer> multifactorAuthenticationFlowCustomizers;

    protected AbstractCasMultifactorWebflowConfigurer(FlowBuilderServices flowBuilderServices, FlowDefinitionRegistry flowDefinitionRegistry, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, Optional<FlowDefinitionRegistry> optional, List<CasMultifactorWebflowCustomizer> list) {
        this(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties, (List<FlowDefinitionRegistry>) optional.map((v0) -> {
            return List.of(v0);
        }).orElseGet(List::of), list);
    }

    private AbstractCasMultifactorWebflowConfigurer(FlowBuilderServices flowBuilderServices, FlowDefinitionRegistry flowDefinitionRegistry, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, List<FlowDefinitionRegistry> list, List<CasMultifactorWebflowCustomizer> list2) {
        super(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
        this.multifactorAuthenticationFlowDefinitionRegistries = new ArrayList();
        this.multifactorAuthenticationFlowCustomizers = new ArrayList();
        setOrder(Integer.MAX_VALUE);
        this.multifactorAuthenticationFlowDefinitionRegistries.addAll(list);
        this.multifactorAuthenticationFlowCustomizers.addAll(list2);
    }

    private Collection<String> getCandidateStatesForMultifactorAuthentication() {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add("realSubmit");
        this.multifactorAuthenticationFlowCustomizers.forEach(casMultifactorWebflowCustomizer -> {
            linkedHashSet.addAll(casMultifactorWebflowCustomizer.getCandidateStatesForMultifactorAuthentication());
        });
        return linkedHashSet;
    }

    private void registerMultifactorFlowDefinitionIntoLoginFlowRegistry() {
        this.multifactorAuthenticationFlowDefinitionRegistries.forEach(flowDefinitionRegistry -> {
            for (String str : flowDefinitionRegistry.getFlowDefinitionIds()) {
                FlowDefinition flowDefinition = flowDefinitionRegistry.getFlowDefinition(str);
                if (flowDefinition != null) {
                    LOGGER.trace("Registering flow definition [{}]", str);
                    this.mainFlowDefinitionRegistry.registerFlowDefinition(flowDefinition);
                }
            }
        });
    }

    private void ensureEndStateTransitionExists(TransitionableState transitionableState, Flow flow, String str, String str2) {
        if (containsTransition(transitionableState, str)) {
            return;
        }
        createTransitionForState(transitionableState, str, str2);
        if (containsFlowState(flow, str2)) {
            return;
        }
        createEndState(flow, str2);
    }

    private void augmentMultifactorProviderFlowRegistry() {
        this.multifactorAuthenticationFlowDefinitionRegistries.forEach(flowDefinitionRegistry -> {
            Arrays.stream(flowDefinitionRegistry.getFlowDefinitionIds()).forEach(str -> {
                Flow flow = (Flow) flowDefinitionRegistry.getFlowDefinition(str);
                if (flow == null || !containsFlowState(flow, "realSubmit")) {
                    return;
                }
                getCandidateStatesForMultifactorAuthentication().forEach(str -> {
                    TransitionableState state = getState(flow, str);
                    if (state == null) {
                        LOGGER.debug("Unable to locate state definition [{}] in flow [{}]", str, flow.getId());
                        return;
                    }
                    ensureEndStateTransitionExists(state, flow, "success", "success");
                    ensureEndStateTransitionExists(state, flow, "successWithWarnings", "successWithWarnings");
                    ensureEndStateTransitionExists(state, flow, "unavailable", "mfaUnavailable");
                    ensureEndStateTransitionExists(state, flow, "deny", "mfaDenied");
                });
            });
        });
    }

    @Override // org.apereo.cas.web.flow.configurer.CasMultifactorWebflowConfigurer
    public void registerMultifactorProviderAuthenticationWebflow(Flow flow, String str, String str2) {
        this.multifactorAuthenticationFlowDefinitionRegistries.forEach(flowDefinitionRegistry -> {
            if (!flowDefinitionRegistry.containsFlowDefinition(str)) {
                LOGGER.error("Could not locate flow id [{}]", str);
                return;
            }
            if (flow == null) {
                LOGGER.error("Unable to locate parent flow definition to register provider [{}]", str2);
                return;
            }
            Flow flow2 = (Flow) flowDefinitionRegistry.getFlowDefinition(str);
            flow2.getStartActionList().add(requestContext -> {
                WebUtils.createCredential(requestContext);
                return null;
            });
            flow2.getStartActionList().add(createSetAction("flowScope.".concat("mfaProviderId"), StringUtils.quote(str2)));
            Transition transition = flow2.getStartState().getTransition("success");
            String targetStateId = transition.getTargetStateId();
            transition.setTargetStateResolver(new DefaultTargetStateResolver("mfaCheckBypass"));
            registerMultifactorProviderBypassAction(flow2);
            registerMultifactorProviderAvailableAction(flow2, targetStateId);
            registerMultifactorProviderFailureAction(flow, flow2);
            SubflowState createSubflowState = createSubflowState(flow, str, str);
            createSubflowState.setAttributeMapper(createSubflowAttributeMapper(createMapperToSubflowState(new ArrayList(0)), null));
            registerMultifactorAuthenticationSubflowWithStates(flow, createSubflowState, getCandidateStatesForMultifactorAuthentication());
            registerMultifactorFlowDefinitionIntoLoginFlowRegistry();
            augmentMultifactorProviderFlowRegistry();
            LOGGER.trace("Registering the [{}] flow into the flow [{}]", str, flow.getId());
            createTransitionForState(flow.getTransitionableState(flow.getStartState().getId()), str, str, true);
            createTransitionForState(getState(flow, "initialAuthenticationRequestValidationCheck"), str, str, true);
        });
    }

    private void registerMultifactorAuthenticationSubflowWithStates(Flow flow, SubflowState subflowState, Collection<String> collection) {
        String id = subflowState.getId();
        LOGGER.trace("Candidate states for multifactor authentication are [{}]", collection);
        collection.forEach(str -> {
            LOGGER.trace("Locating state [{}] to process for multifactor authentication", str);
            TransitionableState state = getState(flow, str);
            if (state == null) {
                LOGGER.error("Unable to locate state definition [{}] in flow [{}]", str, flow.getId());
                return;
            }
            LOGGER.trace("Adding transition [{}] to [{}] for [{}]", new Object[]{"deny", "mfaDenied", str});
            createTransitionForState(state, "deny", "mfaDenied");
            LOGGER.trace("Adding transition [{}] to [{}] for [{}]", new Object[]{"unavailable", "mfaUnavailable", str});
            createTransitionForState(state, "unavailable", "mfaUnavailable");
            LOGGER.trace(LOG_MESSAGE_TRANSITION_ID, "success", str);
            String targetStateId = state.getTransition("success").getTargetStateId();
            LOGGER.trace(LOG_MESSAGE_TRANSITION_ID, "successWithWarnings", str);
            String targetStateId2 = state.getTransition("successWithWarnings").getTargetStateId();
            LOGGER.trace(LOG_MESSAGE_TRANSITION_ID, "deny", str);
            String targetStateId3 = state.getTransition("deny").getTargetStateId();
            LOGGER.trace("Location transition id [{}] to process multifactor authentication for state [{}]", "unavailable", str);
            String targetStateId4 = state.getTransition("unavailable").getTargetStateId();
            LOGGER.trace("Creating transitions to subflow state [{}]", subflowState.getId());
            TransitionSet transitionSet = subflowState.getTransitionSet();
            transitionSet.add(createTransition("success", targetStateId));
            transitionSet.add(createTransition("successWithWarnings", targetStateId2));
            transitionSet.add(createTransition("deny", targetStateId3));
            transitionSet.add(createTransition("mfaDenied", targetStateId3));
            transitionSet.add(createTransition("unavailable", targetStateId4));
            transitionSet.add(createTransition("mfaUnavailable", targetStateId4));
            transitionSet.add(createTransition("cancel", "initializeLoginForm"));
            LOGGER.trace("Creating transition [{}] for state [{}]", id, state.getId());
            createTransitionForState(state, id, id);
        });
    }

    private void registerMultifactorProviderFailureAction(Flow flow, Flow flow2) {
        if (flow != null) {
            ActionState createActionState = createActionState(flow2, "mfaFailure", MFA_CHECK_FAILURE_BEAN_ID);
            createTransitionForState(createActionState, "unavailable", "mfaUnavailable");
            createTransitionForState(createActionState, "bypass", "success");
            LOGGER.trace("Adding end state [{}] with transition to [{}] to flow [{}] for MFA", new Object[]{"mfaUnavailable", "casMfaUnavailableView", flow.getId()});
            createEndState(flow, "mfaUnavailable", "casMfaUnavailableView");
            LOGGER.trace("Adding end state [{}] with transition to [{}] to flow [{}] for MFA", new Object[]{"mfaDenied", "casMfaDeniedView", flow.getId()});
            createEndState(flow, "mfaDenied", "casMfaDeniedView");
        }
    }

    private void registerMultifactorProviderAvailableAction(Flow flow, String str) {
        ActionState createActionState = createActionState(flow, "mfaCheckAvailable", MFA_CHECK_AVAILABLE_BEAN_ID);
        if (flow.containsState("mfaPreAuth")) {
            createTransitionForState(createActionState, "yes", "mfaPreAuth");
        } else {
            createTransitionForState(createActionState, "yes", str);
        }
        createTransitionForState(createActionState, "no", "mfaFailure");
    }

    private void registerMultifactorProviderBypassAction(Flow flow) {
        ActionState createActionState = createActionState(flow, "mfaCheckBypass", createEvaluateAction(MFA_CHECK_BYPASS_BEAN_ID));
        createTransitionForState(createActionState, "no", "mfaCheckAvailable");
        createTransitionForState(createActionState, "yes", "success");
    }

    @Override // org.apereo.cas.web.flow.configurer.CasMultifactorWebflowConfigurer
    @Generated
    public List<FlowDefinitionRegistry> getMultifactorAuthenticationFlowDefinitionRegistries() {
        return this.multifactorAuthenticationFlowDefinitionRegistries;
    }

    @Generated
    public List<CasMultifactorWebflowCustomizer> getMultifactorAuthenticationFlowCustomizers() {
        return this.multifactorAuthenticationFlowCustomizers;
    }
}
