package org.apereo.cas.impl.engine;

import java.math.BigDecimal;
import java.math.RoundingMode;
import java.time.Clock;
import java.time.ZonedDateTime;
import java.time.temporal.TemporalAmount;
import java.util.List;
import java.util.Objects;
import lombok.Generated;
import org.apereo.cas.api.AuthenticationRequestRiskCalculator;
import org.apereo.cas.api.AuthenticationRiskEvaluator;
import org.apereo.cas.api.AuthenticationRiskScore;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.support.events.CasEventRepository;
import org.apereo.cas.support.events.authentication.adaptive.CasRiskyAuthenticationVerifiedEvent;
import org.apereo.inspektr.audit.annotation.Audit;
import org.apereo.inspektr.common.web.ClientInfo;

/* loaded from: input_file:org/apereo/cas/impl/engine/DefaultAuthenticationRiskEvaluator.class */
public class DefaultAuthenticationRiskEvaluator implements AuthenticationRiskEvaluator {
    private final List<AuthenticationRequestRiskCalculator> calculators;
    private final CasConfigurationProperties casProperties;
    private final CasEventRepository casEventRepository;

    @Override // org.apereo.cas.api.AuthenticationRiskEvaluator
    @Audit(action = "EVALUATE_RISKY_AUTHENTICATION", actionResolverName = "ADAPTIVE_RISKY_AUTHENTICATION_ACTION_RESOLVER", resourceResolverName = "ADAPTIVE_RISKY_AUTHENTICATION_RESOURCE_RESOLVER")
    public AuthenticationRiskScore evaluate(Authentication authentication, RegisteredService registeredService, ClientInfo clientInfo) {
        return this.calculators.isEmpty() ? AuthenticationRiskScore.highestRiskScore() : new AuthenticationRiskScore(((BigDecimal) this.calculators.stream().map(authenticationRequestRiskCalculator -> {
            return authenticationRequestRiskCalculator.calculate(authentication, registeredService, clientInfo);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).toList().stream().map((v0) -> {
            return v0.getScore();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).reduce(BigDecimal.ZERO, (v0, v1) -> {
            return v0.add(v1);
        })).divide(BigDecimal.valueOf(this.calculators.size()), 2, RoundingMode.UP)).withClientInfo(clientInfo);
    }

    @Override // org.apereo.cas.api.AuthenticationRiskEvaluator
    public boolean isRiskyAuthenticationScore(AuthenticationRiskScore authenticationRiskScore, Authentication authentication, RegisteredService registeredService) {
        return authenticationRiskScore.isRiskGreaterThan(this.casProperties.getAuthn().getAdaptive().getRisk().getCore().getThreshold()) && !isRiskyAuthenticationAcceptable(authentication, authenticationRiskScore);
    }

    protected boolean isRiskyAuthenticationAcceptable(Authentication authentication, AuthenticationRiskScore authenticationRiskScore) {
        return this.casEventRepository.getEventsOfTypeForPrincipal(CasRiskyAuthenticationVerifiedEvent.class.getName(), authentication.getPrincipal().getId(), ZonedDateTime.now(Clock.systemUTC()).minus((TemporalAmount) Beans.newDuration(this.casProperties.getAuthn().getAdaptive().getRisk().getResponse().getGetRiskVerificationHistory()))).anyMatch(casEvent -> {
            return casEvent.getClientIpAddress().equalsIgnoreCase(authenticationRiskScore.getClientInfo().getClientIpAddress()) && casEvent.getAgent().equalsIgnoreCase(authenticationRiskScore.getClientInfo().getUserAgent());
        });
    }

    @Override // org.apereo.cas.api.AuthenticationRiskEvaluator
    @Generated
    public List<AuthenticationRequestRiskCalculator> getCalculators() {
        return this.calculators;
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }

    @Generated
    public CasEventRepository getCasEventRepository() {
        return this.casEventRepository;
    }

    @Generated
    public DefaultAuthenticationRiskEvaluator(List<AuthenticationRequestRiskCalculator> list, CasConfigurationProperties casConfigurationProperties, CasEventRepository casEventRepository) {
        this.calculators = list;
        this.casProperties = casConfigurationProperties;
        this.casEventRepository = casEventRepository;
    }
}
