package org.apereo.cas.web.flow.resolver;

import com.google.common.collect.ImmutableSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.web.support.WebUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.stereotype.Component;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

@RefreshScope
@Component("requestParameterAuthenticationPolicyWebflowEventResolver")
/* loaded from: input_file:org/apereo/cas/web/flow/resolver/RequestParameterAuthenticationPolicyWebflowEventResolver.class */
public class RequestParameterAuthenticationPolicyWebflowEventResolver extends AbstractCasWebflowEventResolver {

    @Value("${cas.mfa.request.parameter:authn_method}")
    private String parameterName;

    @Override // org.apereo.cas.web.flow.resolver.AbstractCasWebflowEventResolver
    protected Set<Event> resolveInternal(RequestContext requestContext) {
        RegisteredService registeredService = WebUtils.getRegisteredService(requestContext);
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        if (registeredService == null || authentication == null) {
            this.logger.debug("No service or authentication is available to determine event for principal");
            return null;
        }
        String[] parameterValues = WebUtils.getHttpServletRequest(requestContext).getParameterValues(this.parameterName);
        if (parameterValues == null || parameterValues.length <= 0) {
            this.logger.debug("No value could be found for request parameter {}", this.parameterName);
            return null;
        }
        this.logger.debug("Received request parameter {} as {}", this.parameterName, parameterValues);
        Map<String, MultifactorAuthenticationProvider> allMultifactorAuthenticationProvidersFromApplicationContext = getAllMultifactorAuthenticationProvidersFromApplicationContext();
        if (allMultifactorAuthenticationProvidersFromApplicationContext == null || allMultifactorAuthenticationProvidersFromApplicationContext.isEmpty()) {
            this.logger.warn("No multifactor authentication providers are available in the application context");
            throw new AuthenticationException();
        }
        Optional<MultifactorAuthenticationProvider> findFirst = allMultifactorAuthenticationProvidersFromApplicationContext.values().stream().filter(multifactorAuthenticationProvider -> {
            return multifactorAuthenticationProvider.getId().equals(parameterValues[0]);
        }).findFirst();
        if (!findFirst.isPresent()) {
            this.logger.warn("No multifactor provider could be found for request parameter {}", parameterValues);
            throw new AuthenticationException();
        }
        if (findFirst.get().verify(registeredService)) {
            this.logger.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", findFirst.get(), registeredService.getName());
            return ImmutableSet.of(validateEventIdForMatchingTransitionInContext(findFirst.get().getId(), requestContext, buildEventAttributeMap(authentication.getPrincipal(), registeredService, findFirst.get())));
        }
        this.logger.warn("Located multifactor provider {}, yet the provider cannot be reached or verified", findFirst.get());
        return null;
    }
}
