package org.apereo.cas.web.flow;

import edu.internet2.middleware.grouperClientExt.org.apache.commons.lang3.StringUtils;
import java.util.Collection;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderResolver;
import org.apereo.cas.authentication.MultifactorAuthenticationTrigger;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.grouper.GrouperFacade;
import org.apereo.cas.grouper.GrouperGroupField;
import org.apereo.cas.services.RegisteredService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:org/apereo/cas/web/flow/GrouperMultifactorAuthenticationTrigger.class */
public class GrouperMultifactorAuthenticationTrigger implements MultifactorAuthenticationTrigger {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(GrouperMultifactorAuthenticationTrigger.class);
    private final CasConfigurationProperties casProperties;
    private final MultifactorAuthenticationProviderResolver multifactorAuthenticationProviderResolver;
    private final GrouperFacade grouperFacade;
    private final ApplicationContext applicationContext;
    private int order = Integer.MAX_VALUE;

    public Optional<MultifactorAuthenticationProvider> isActivated(Authentication authentication, RegisteredService registeredService, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Service service) {
        String grouperGroupField = this.casProperties.getAuthn().getMfa().getTriggers().getGrouper().getGrouperGroupField();
        if (StringUtils.isBlank(grouperGroupField)) {
            LOGGER.debug("No group field is defined to process for Grouper multifactor trigger");
            return Optional.empty();
        }
        if (authentication == null || registeredService == null) {
            LOGGER.debug("No authentication or service is available to determine event for principal");
            return Optional.empty();
        }
        Map availableMultifactorAuthenticationProviders = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
        if (availableMultifactorAuthenticationProviders.isEmpty()) {
            LOGGER.error("No multifactor authentication providers are available in the application context");
            throw new AuthenticationException();
        }
        Principal principal = authentication.getPrincipal();
        Collection groupsForSubjectId = this.grouperFacade.getGroupsForSubjectId(principal.getId());
        if (groupsForSubjectId.isEmpty()) {
            LOGGER.debug("No groups could be found for [{}] to resolve events for MFA", principal);
            return Optional.empty();
        }
        GrouperGroupField valueOf = GrouperGroupField.valueOf(grouperGroupField);
        return MultifactorAuthenticationUtils.resolveProvider(availableMultifactorAuthenticationProviders, (Set) groupsForSubjectId.stream().map(wsGetGroupsResult -> {
            return Stream.of((Object[]) wsGetGroupsResult.getWsGroups());
        }).flatMap(Function.identity()).map(wsGroup -> {
            return GrouperFacade.getGrouperGroupAttribute(valueOf, wsGroup);
        }).collect(Collectors.toSet()));
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }

    @Generated
    public MultifactorAuthenticationProviderResolver getMultifactorAuthenticationProviderResolver() {
        return this.multifactorAuthenticationProviderResolver;
    }

    @Generated
    public GrouperFacade getGrouperFacade() {
        return this.grouperFacade;
    }

    @Generated
    public ApplicationContext getApplicationContext() {
        return this.applicationContext;
    }

    @Generated
    public int getOrder() {
        return this.order;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }

    @Generated
    public GrouperMultifactorAuthenticationTrigger(CasConfigurationProperties casConfigurationProperties, MultifactorAuthenticationProviderResolver multifactorAuthenticationProviderResolver, GrouperFacade grouperFacade, ApplicationContext applicationContext) {
        this.casProperties = casConfigurationProperties;
        this.multifactorAuthenticationProviderResolver = multifactorAuthenticationProviderResolver;
        this.grouperFacade = grouperFacade;
        this.applicationContext = applicationContext;
    }
}
