package org.apereo.cas.web.flow;

import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationDiscoverySelectionProperties;
import org.apereo.cas.pac4j.client.DelegatedClientAuthenticationRequestCustomizer;
import org.apereo.cas.pac4j.client.DelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.validation.DelegatedAuthenticationAccessStrategyHelper;
import org.apereo.cas.web.DelegatedClientIdentityProviderConfiguration;
import org.apereo.cas.web.DelegatedClientIdentityProviderConfigurationFactory;
import org.apereo.cas.web.support.WebUtils;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/DefaultDelegatedClientIdentityProviderConfigurationProducer.class */
public class DefaultDelegatedClientIdentityProviderConfigurationProducer implements DelegatedClientIdentityProviderConfigurationProducer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultDelegatedClientIdentityProviderConfigurationProducer.class);
    private final AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies;
    private final Clients clients;
    private final DelegatedAuthenticationAccessStrategyHelper delegatedAuthenticationAccessStrategyHelper;
    private final CasConfigurationProperties casProperties;
    private final List<DelegatedClientAuthenticationRequestCustomizer> delegatedClientAuthenticationRequestCustomizers;
    private final DelegatedClientIdentityProviderRedirectionStrategy delegatedClientIdentityProviderRedirectionStrategy;

    /* renamed from: org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer$1, reason: invalid class name */
    /* loaded from: input_file:org/apereo/cas/web/flow/DefaultDelegatedClientIdentityProviderConfigurationProducer$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apereo$cas$configuration$model$support$pac4j$Pac4jDelegatedAuthenticationDiscoverySelectionProperties$Pac4jDelegatedAuthenticationSelectionTypes = new int[Pac4jDelegatedAuthenticationDiscoverySelectionProperties.Pac4jDelegatedAuthenticationSelectionTypes.values().length];

        static {
            try {
                $SwitchMap$org$apereo$cas$configuration$model$support$pac4j$Pac4jDelegatedAuthenticationDiscoverySelectionProperties$Pac4jDelegatedAuthenticationSelectionTypes[Pac4jDelegatedAuthenticationDiscoverySelectionProperties.Pac4jDelegatedAuthenticationSelectionTypes.DYNAMIC.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apereo$cas$configuration$model$support$pac4j$Pac4jDelegatedAuthenticationDiscoverySelectionProperties$Pac4jDelegatedAuthenticationSelectionTypes[Pac4jDelegatedAuthenticationDiscoverySelectionProperties.Pac4jDelegatedAuthenticationSelectionTypes.MENU.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public Set<DelegatedClientIdentityProviderConfiguration> produce(RequestContext requestContext) {
        WebApplicationService resolveService = this.authenticationRequestServiceSelectionStrategies.resolveService(WebUtils.getService(requestContext), WebApplicationService.class);
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        HttpServletResponse httpServletResponseFromExternalWebflowContext = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
        LOGGER.debug("Initialized context with request parameters [{}]", new JEEContext(httpServletRequestFromExternalWebflowContext, httpServletResponseFromExternalWebflowContext).getRequestParameters());
        List findAllClients = this.clients.findAllClients();
        LinkedHashSet linkedHashSet = new LinkedHashSet(findAllClients.size());
        Stream filter = findAllClients.stream().filter(client -> {
            return (client instanceof IndirectClient) && isDelegatedClientAuthorizedForService(client, resolveService, httpServletRequestFromExternalWebflowContext);
        });
        Class<IndirectClient> cls = IndirectClient.class;
        Objects.requireNonNull(IndirectClient.class);
        filter.map((v1) -> {
            return r1.cast(v1);
        }).forEach(indirectClient -> {
            try {
                produce(requestContext, indirectClient).ifPresent(delegatedClientIdentityProviderConfiguration -> {
                    linkedHashSet.add(delegatedClientIdentityProviderConfiguration);
                    this.delegatedClientIdentityProviderRedirectionStrategy.getPrimaryDelegatedAuthenticationProvider(requestContext, resolveService, delegatedClientIdentityProviderConfiguration).ifPresent(delegatedClientIdentityProviderConfiguration -> {
                        WebUtils.putDelegatedAuthenticationProviderPrimary(requestContext, delegatedClientIdentityProviderConfiguration);
                    });
                });
            } catch (Exception e) {
                LOGGER.error("Cannot process client [{}]", indirectClient);
                LoggingUtils.error(LOGGER, e);
            }
        });
        if (!linkedHashSet.isEmpty()) {
            switch (AnonymousClass1.$SwitchMap$org$apereo$cas$configuration$model$support$pac4j$Pac4jDelegatedAuthenticationDiscoverySelectionProperties$Pac4jDelegatedAuthenticationSelectionTypes[this.casProperties.getAuthn().getPac4j().getCore().getDiscoverySelection().getSelectionType().ordinal()]) {
                case 1:
                    WebUtils.putDelegatedAuthenticationProviderConfigurations(requestContext, new HashSet());
                    WebUtils.putDelegatedAuthenticationDynamicProviderSelection(requestContext, Boolean.TRUE);
                    break;
                case 2:
                default:
                    WebUtils.putDelegatedAuthenticationProviderConfigurations(requestContext, linkedHashSet);
                    WebUtils.putDelegatedAuthenticationDynamicProviderSelection(requestContext, Boolean.FALSE);
                    break;
            }
        } else if (httpServletResponseFromExternalWebflowContext.getStatus() != HttpStatus.UNAUTHORIZED.value()) {
            LOGGER.warn("No delegated authentication providers could be determined based on the provided configuration. Either no clients are configured, or the current access strategy rules prohibit CAS from using authentication providers");
        }
        return linkedHashSet;
    }

    public Optional<DelegatedClientIdentityProviderConfiguration> produce(RequestContext requestContext, IndirectClient indirectClient) {
        JEEContext jEEContext = new JEEContext(WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext), WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext));
        WebApplicationService service = WebUtils.getService(requestContext);
        LOGGER.debug("Initializing client [{}] with request parameters [{}] and service [{}]", new Object[]{indirectClient, requestContext.getRequestParameters(), service});
        indirectClient.init();
        if (indirectClient.isInitialized()) {
            return (this.delegatedClientAuthenticationRequestCustomizers.isEmpty() || this.delegatedClientAuthenticationRequestCustomizers.stream().anyMatch(delegatedClientAuthenticationRequestCustomizer -> {
                return delegatedClientAuthenticationRequestCustomizer.isAuthorized(jEEContext, indirectClient, service);
            })) ? DelegatedClientIdentityProviderConfigurationFactory.builder().client(indirectClient).webContext(jEEContext).service(service).casProperties(this.casProperties).build().resolve() : Optional.empty();
        }
        LOGGER.warn("Unable to initialize client [{}]. Verify the client configuration details.", indirectClient.getName());
        return Optional.empty();
    }

    private boolean isDelegatedClientAuthorizedForService(Client client, Service service, HttpServletRequest httpServletRequest) {
        return this.delegatedAuthenticationAccessStrategyHelper.isDelegatedClientAuthorizedForService(client, service, httpServletRequest);
    }

    @Generated
    public DefaultDelegatedClientIdentityProviderConfigurationProducer(AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, Clients clients, DelegatedAuthenticationAccessStrategyHelper delegatedAuthenticationAccessStrategyHelper, CasConfigurationProperties casConfigurationProperties, List<DelegatedClientAuthenticationRequestCustomizer> list, DelegatedClientIdentityProviderRedirectionStrategy delegatedClientIdentityProviderRedirectionStrategy) {
        this.authenticationRequestServiceSelectionStrategies = authenticationServiceSelectionPlan;
        this.clients = clients;
        this.delegatedAuthenticationAccessStrategyHelper = delegatedAuthenticationAccessStrategyHelper;
        this.casProperties = casConfigurationProperties;
        this.delegatedClientAuthenticationRequestCustomizers = list;
        this.delegatedClientIdentityProviderRedirectionStrategy = delegatedClientIdentityProviderRedirectionStrategy;
    }
}
