package org.apereo.cas.support.saml.web.idp.web;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationTrigger;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.support.saml.SamlIdPUtils;
import org.apereo.cas.support.saml.idp.SamlIdPSessionManager;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor;
import org.apereo.cas.support.saml.web.idp.profile.SamlProfileHandlerConfigurationContext;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.http.HttpRequestUtils;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.pac4j.jee.context.JEEContext;
import org.springframework.beans.factory.ObjectProvider;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/web/SamlIdPMultifactorAuthenticationTrigger.class */
public class SamlIdPMultifactorAuthenticationTrigger implements MultifactorAuthenticationTrigger {
    private final ObjectProvider<SamlProfileHandlerConfigurationContext> contextProvider;

    public Optional<MultifactorAuthenticationProvider> isActivated(Authentication authentication, RegisteredService registeredService, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Service service) {
        SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext = (SamlProfileHandlerConfigurationContext) this.contextProvider.getObject();
        Optional fetch = SamlIdPSessionManager.of(samlProfileHandlerConfigurationContext.getOpenSamlConfigBean(), samlProfileHandlerConfigurationContext.getSessionStore()).fetch(new JEEContext(httpServletRequest, httpServletResponse), AuthnRequest.class);
        Map<String, String> authenticationContextMappings = getAuthenticationContextMappings();
        return fetch.filter(pair -> {
            return (registeredService instanceof SamlRegisteredService) && (pair.getLeft() instanceof AuthnRequest);
        }).filter(pair2 -> {
            return isAuthnRequestSigned((SamlRegisteredService) registeredService, httpServletRequest, (AuthnRequest) pair2.getLeft(), (MessageContext) pair2.getRight(), samlProfileHandlerConfigurationContext).booleanValue();
        }).map(pair3 -> {
            return (AuthnRequest) pair3.getLeft();
        }).flatMap(authnRequest -> {
            return authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).filter(authnContextClassRef -> {
                return StringUtils.isNotBlank(authnContextClassRef.getURI());
            }).filter(authnContextClassRef2 -> {
                return authenticationContextMappings.containsKey(authnContextClassRef2.getURI());
            }).findFirst().map(authnContextClassRef3 -> {
                return (String) authenticationContextMappings.get(authnContextClassRef3.getURI());
            });
        }).flatMap(str -> {
            return MultifactorAuthenticationUtils.resolveProvider(MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(samlProfileHandlerConfigurationContext.getOpenSamlConfigBean().getApplicationContext()), str);
        });
    }

    private static Boolean isAuthnRequestSigned(SamlRegisteredService samlRegisteredService, HttpServletRequest httpServletRequest, AuthnRequest authnRequest, MessageContext messageContext, SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext) {
        if (!(authnRequest.isSigned() || SAMLBindingSupport.isMessageSigned(messageContext))) {
            return false;
        }
        SamlRegisteredServiceMetadataAdaptor samlRegisteredServiceMetadataAdaptor = (SamlRegisteredServiceMetadataAdaptor) SamlRegisteredServiceMetadataAdaptor.get(samlProfileHandlerConfigurationContext.getSamlRegisteredServiceCachingMetadataResolver(), samlRegisteredService, SamlIdPUtils.getIssuerFromSamlObject(authnRequest)).orElseThrow();
        return (Boolean) FunctionUtils.doAndHandle(() -> {
            return Boolean.valueOf(samlProfileHandlerConfigurationContext.getSamlObjectSignatureValidator().verifySamlProfileRequest((RequestAbstractType) authnRequest, samlRegisteredServiceMetadataAdaptor, httpServletRequest, messageContext));
        });
    }

    public boolean supports(HttpServletRequest httpServletRequest, RegisteredService registeredService, Authentication authentication, Service service) {
        if (getAuthenticationContextMappings().isEmpty() || !(registeredService instanceof SamlRegisteredService)) {
            return false;
        }
        HttpServletResponse httpServletResponseFromRequestAttributes = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
        SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext = (SamlProfileHandlerConfigurationContext) this.contextProvider.getObject();
        Optional fetch = SamlIdPSessionManager.of(samlProfileHandlerConfigurationContext.getOpenSamlConfigBean(), samlProfileHandlerConfigurationContext.getSessionStore()).fetch(new JEEContext(httpServletRequest, httpServletResponseFromRequestAttributes), AuthnRequest.class);
        if (!fetch.isPresent()) {
            return false;
        }
        AuthnRequest authnRequest = (AuthnRequest) ((Pair) fetch.get()).getLeft();
        return (authnRequest.getRequestedAuthnContext() == null || authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs() == null || authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().isEmpty()) ? false : true;
    }

    protected Map<String, String> getAuthenticationContextMappings() {
        return CollectionUtils.convertDirectedListToMap(((SamlProfileHandlerConfigurationContext) this.contextProvider.getObject()).getCasProperties().getAuthn().getSamlIdp().getCore().getContext().getAuthenticationContextClassMappings());
    }

    @Generated
    public SamlIdPMultifactorAuthenticationTrigger(ObjectProvider<SamlProfileHandlerConfigurationContext> objectProvider) {
        this.contextProvider = objectProvider;
    }
}
