package org.apereo.cas.web.flow;

import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apereo.cas.api.AuthenticationRiskContingencyResponse;
import org.apereo.cas.api.AuthenticationRiskEvaluator;
import org.apereo.cas.api.AuthenticationRiskMitigator;
import org.apereo.cas.api.AuthenticationRiskScore;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.support.events.authentication.adaptive.CasRiskBasedAuthenticationEvaluationStartedEvent;
import org.apereo.cas.support.events.authentication.adaptive.CasRiskBasedAuthenticationMitigationStartedEvent;
import org.apereo.cas.support.events.authentication.adaptive.CasRiskyAuthenticationDetectedEvent;
import org.apereo.cas.support.events.authentication.adaptive.CasRiskyAuthenticationMitigatedEvent;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.impl.CasWebflowEventResolutionConfigurationContext;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/RiskAwareAuthenticationWebflowEventResolver.class */
public class RiskAwareAuthenticationWebflowEventResolver extends AbstractCasWebflowEventResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(RiskAwareAuthenticationWebflowEventResolver.class);
    private final AuthenticationRiskEvaluator authenticationRiskEvaluator;
    private final AuthenticationRiskMitigator authenticationRiskMitigator;

    public RiskAwareAuthenticationWebflowEventResolver(CasWebflowEventResolutionConfigurationContext casWebflowEventResolutionConfigurationContext, AuthenticationRiskEvaluator authenticationRiskEvaluator, AuthenticationRiskMitigator authenticationRiskMitigator) {
        super(casWebflowEventResolutionConfigurationContext);
        this.authenticationRiskEvaluator = authenticationRiskEvaluator;
        this.authenticationRiskMitigator = authenticationRiskMitigator;
    }

    public Set<Event> resolveInternal(RequestContext requestContext) {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        RegisteredService registeredService = WebUtils.getRegisteredService(requestContext);
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        if (registeredService != null && authentication != null) {
            return handlePossibleSuspiciousAttempt(httpServletRequestFromExternalWebflowContext, authentication, registeredService);
        }
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }

    protected Set<Event> handlePossibleSuspiciousAttempt(HttpServletRequest httpServletRequest, Authentication authentication, RegisteredService registeredService) {
        ConfigurableApplicationContext applicationContext = getWebflowEventResolutionConfigurationContext().getApplicationContext();
        applicationContext.publishEvent(new CasRiskBasedAuthenticationEvaluationStartedEvent(this, authentication, registeredService));
        LOGGER.debug("Evaluating possible suspicious authentication attempt for [{}]", authentication.getPrincipal());
        AuthenticationRiskScore eval = this.authenticationRiskEvaluator.eval(authentication, registeredService, httpServletRequest);
        double threshold = getWebflowEventResolutionConfigurationContext().getCasProperties().getAuthn().getAdaptive().getRisk().getThreshold();
        if (!eval.isRiskGreaterThan(threshold)) {
            LOGGER.debug("Authentication request for [{}] is below the risk threshold", authentication.getPrincipal());
            return null;
        }
        applicationContext.publishEvent(new CasRiskyAuthenticationDetectedEvent(this, authentication, registeredService, eval));
        LOGGER.debug("Calculated risk score [{}] for authentication request by [{}] is above the risk threshold [{}].", new Object[]{eval.getScore(), authentication.getPrincipal(), Double.valueOf(threshold)});
        applicationContext.publishEvent(new CasRiskBasedAuthenticationMitigationStartedEvent(this, authentication, registeredService, eval));
        AuthenticationRiskContingencyResponse mitigate = this.authenticationRiskMitigator.mitigate(authentication, registeredService, eval, httpServletRequest);
        applicationContext.publishEvent(new CasRiskyAuthenticationMitigatedEvent(this, authentication, registeredService, mitigate));
        return CollectionUtils.wrapSet(mitigate.getResult());
    }
}
