package org.apereo.cas.oidc.web.flow;

import java.util.Map;
import java.util.Optional;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.jasig.cas.client.util.URIBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/oidc/web/flow/OidcAuthenticationContextWebflowEventEventResolver.class */
public class OidcAuthenticationContextWebflowEventEventResolver extends BaseMultifactorAuthenticationProviderEventResolver {
    private static final Logger LOGGER = LoggerFactory.getLogger(OidcAuthenticationContextWebflowEventEventResolver.class);

    public OidcAuthenticationContextWebflowEventEventResolver(AuthenticationSystemSupport authenticationSystemSupport, CentralAuthenticationService centralAuthenticationService, ServicesManager servicesManager, TicketRegistrySupport ticketRegistrySupport, CookieGenerator cookieGenerator, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector) {
        super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, cookieGenerator, authenticationServiceSelectionPlan, multifactorAuthenticationProviderSelector);
    }

    public Set<Event> resolveInternal(RequestContext requestContext) {
        RegisteredService resolveRegisteredServiceInRequestContext = resolveRegisteredServiceInRequestContext(requestContext);
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        if (resolveRegisteredServiceInRequestContext == null || authentication == null) {
            LOGGER.debug("No service or authentication is available to determine event for principal");
            return null;
        }
        String parameter = httpServletRequestFromExternalWebflowContext.getParameter("acr_values");
        if (StringUtils.isBlank(parameter)) {
            Optional findFirst = new URIBuilder(StringUtils.trimToEmpty(requestContext.getFlowExecutionUrl())).getQueryParams().stream().filter(basicNameValuePair -> {
                return basicNameValuePair.getName().equals("acr_values");
            }).findFirst();
            if (findFirst.isPresent()) {
                parameter = ((URIBuilder.BasicNameValuePair) findFirst.get()).getValue();
            }
        }
        if (StringUtils.isBlank(parameter)) {
            LOGGER.debug("No ACR provided in the authentication request");
            return null;
        }
        Set commaDelimitedListToSet = org.springframework.util.StringUtils.commaDelimitedListToSet(parameter);
        if (commaDelimitedListToSet.isEmpty()) {
            LOGGER.debug("No ACR provided in the authentication request");
            return null;
        }
        Map availableMultifactorAuthenticationProviders = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
        if (availableMultifactorAuthenticationProviders == null || availableMultifactorAuthenticationProviders.isEmpty()) {
            LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", commaDelimitedListToSet);
            throw new AuthenticationException();
        }
        Optional findAny = flattenProviders(availableMultifactorAuthenticationProviders.values()).stream().filter(multifactorAuthenticationProvider -> {
            return commaDelimitedListToSet.contains(multifactorAuthenticationProvider.getId());
        }).findAny();
        if (findAny.isPresent()) {
            return CollectionUtils.wrapSet(new Event(this, ((MultifactorAuthenticationProvider) findAny.get()).getId()));
        }
        LOGGER.warn("The requested authentication class [{}] cannot be satisfied by any of the MFA providers available", commaDelimitedListToSet);
        throw new AuthenticationException();
    }
}
