package org.apereo.cas.impl.notify;

import java.time.Clock;
import java.time.LocalDateTime;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import lombok.Generated;
import org.apache.hc.core5.net.URIBuilder;
import org.apereo.cas.api.AuthenticationRiskNotifier;
import org.apereo.cas.api.AuthenticationRiskScore;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.notifications.CommunicationsManager;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.token.JwtBuilder;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.web.flow.RiskAuthenticationCheckTokenAction;
import org.apereo.inspektr.common.web.ClientInfo;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:org/apereo/cas/impl/notify/BaseAuthenticationRiskNotifier.class */
public abstract class BaseAuthenticationRiskNotifier implements AuthenticationRiskNotifier {
    protected final ApplicationContext applicationContext;
    protected final CasConfigurationProperties casProperties;
    protected final CommunicationsManager communicationsManager;
    protected final ServicesManager servicesManager;
    protected final PrincipalResolver principalResolver;
    protected final CipherExecutor riskVerificationCipherExecutor;
    protected Authentication authentication;
    protected RegisteredService registeredService;
    protected AuthenticationRiskScore authenticationRiskScore;
    protected ClientInfo clientInfo;

    @Override // java.lang.Runnable
    public void run() {
        FunctionUtils.doUnchecked(obj -> {
            publish();
        }, new Object[0]);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String buildRiskVerificationUrl() {
        return (String) FunctionUtils.doUnchecked(() -> {
            return new URIBuilder(this.casProperties.getServer().getPrefix()).appendPath("riskauthverify").addParameter(RiskAuthenticationCheckTokenAction.PARAMETER_NAME_RISK_TOKEN, createRiskToken()).build().toString();
        });
    }

    @Override // org.apereo.cas.api.AuthenticationRiskNotifier
    public String createRiskToken() throws Throwable {
        JwtBuilder jwtBuilder = new JwtBuilder(this.riskVerificationCipherExecutor, this.applicationContext, this.servicesManager, this.principalResolver, this.casProperties);
        Date dateOf = DateTimeUtils.dateOf(LocalDateTime.now(Clock.systemUTC()).plus((TemporalAmount) Beans.newDuration(this.casProperties.getAuthn().getAdaptive().getRisk().getResponse().getRiskVerificationTokenExpiration())));
        HashMap hashMap = new HashMap();
        hashMap.put("clientIpAddress", List.of(this.clientInfo.getClientIpAddress()));
        hashMap.put("userAgent", List.of(this.clientInfo.getUserAgent()));
        hashMap.put("geoLocation", List.of(this.clientInfo.getGeoLocation()));
        return jwtBuilder.build(JwtBuilder.JwtRequest.builder().serviceAudience(Set.of(this.casProperties.getServer().getPrefix())).subject(this.authentication.getPrincipal().getId()).jwtId(UUID.randomUUID().toString()).registeredService(Optional.of(this.registeredService)).issuer(this.casProperties.getServer().getName()).validUntilDate(dateOf).attributes(hashMap).build());
    }

    @Override // org.apereo.cas.api.AuthenticationRiskNotifier
    @Generated
    public void setAuthentication(Authentication authentication) {
        this.authentication = authentication;
    }

    @Override // org.apereo.cas.api.AuthenticationRiskNotifier
    @Generated
    public void setRegisteredService(RegisteredService registeredService) {
        this.registeredService = registeredService;
    }

    @Override // org.apereo.cas.api.AuthenticationRiskNotifier
    @Generated
    public void setAuthenticationRiskScore(AuthenticationRiskScore authenticationRiskScore) {
        this.authenticationRiskScore = authenticationRiskScore;
    }

    @Override // org.apereo.cas.api.AuthenticationRiskNotifier
    @Generated
    public void setClientInfo(ClientInfo clientInfo) {
        this.clientInfo = clientInfo;
    }

    @Generated
    public ApplicationContext getApplicationContext() {
        return this.applicationContext;
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }

    @Generated
    public CommunicationsManager getCommunicationsManager() {
        return this.communicationsManager;
    }

    @Generated
    public ServicesManager getServicesManager() {
        return this.servicesManager;
    }

    @Generated
    public PrincipalResolver getPrincipalResolver() {
        return this.principalResolver;
    }

    @Generated
    public CipherExecutor getRiskVerificationCipherExecutor() {
        return this.riskVerificationCipherExecutor;
    }

    @Generated
    public Authentication getAuthentication() {
        return this.authentication;
    }

    @Generated
    public RegisteredService getRegisteredService() {
        return this.registeredService;
    }

    @Generated
    public AuthenticationRiskScore getAuthenticationRiskScore() {
        return this.authenticationRiskScore;
    }

    @Generated
    public ClientInfo getClientInfo() {
        return this.clientInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Generated
    public BaseAuthenticationRiskNotifier(ApplicationContext applicationContext, CasConfigurationProperties casConfigurationProperties, CommunicationsManager communicationsManager, ServicesManager servicesManager, PrincipalResolver principalResolver, CipherExecutor cipherExecutor) {
        this.applicationContext = applicationContext;
        this.casProperties = casConfigurationProperties;
        this.communicationsManager = communicationsManager;
        this.servicesManager = servicesManager;
        this.principalResolver = principalResolver;
        this.riskVerificationCipherExecutor = cipherExecutor;
    }
}
