package org.apereo.cas.trusted.web.flow;

import java.time.LocalDateTime;
import java.time.temporal.TemporalUnit;
import java.util.Set;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.configuration.model.support.mfa.TrustedDevicesMultifactorProperties;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustRecord;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustStorage;
import org.apereo.cas.trusted.util.MultifactorAuthenticationTrustUtils;
import org.apereo.cas.trusted.web.flow.fingerprint.DeviceFingerprintStrategy;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/trusted/web/flow/MultifactorAuthenticationVerifyTrustAction.class */
public class MultifactorAuthenticationVerifyTrustAction extends AbstractAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(MultifactorAuthenticationVerifyTrustAction.class);
    private final MultifactorAuthenticationTrustStorage storage;
    private final DeviceFingerprintStrategy deviceFingerprintStrategy;
    private final TrustedDevicesMultifactorProperties trustedProperties;

    protected Event doExecute(RequestContext requestContext) {
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        if (authentication == null) {
            LOGGER.warn("Could not determine authentication from the request context");
            return no();
        }
        String id = authentication.getPrincipal().getId();
        LocalDateTime minus = LocalDateTime.now().minus(this.trustedProperties.getExpiration(), (TemporalUnit) DateTimeUtils.toChronoUnit(this.trustedProperties.getTimeUnit()));
        LOGGER.debug("Retrieving trusted authentication records for [{}] that are on/after [{}]", id, minus);
        Set<? extends MultifactorAuthenticationTrustRecord> set = this.storage.get(id, minus);
        if (set.isEmpty()) {
            LOGGER.debug("No valid trusted authentication records could be found for [{}]", id);
            return no();
        }
        String determineFingerprint = this.deviceFingerprintStrategy.determineFingerprint(id, requestContext, false);
        LOGGER.debug("Retrieving authentication records for [{}] that matches [{}]", id, determineFingerprint);
        if (set.stream().noneMatch(multifactorAuthenticationTrustRecord -> {
            return multifactorAuthenticationTrustRecord.getDeviceFingerprint().equals(determineFingerprint);
        })) {
            LOGGER.debug("No trusted authentication records could be found for [{}] to match the current device fingerprint", id);
            return no();
        }
        LOGGER.debug("Trusted authentication records found for [{}] that matches the current device fingerprint", id);
        MultifactorAuthenticationTrustUtils.setMultifactorAuthenticationTrustedInScope(requestContext);
        MultifactorAuthenticationTrustUtils.trackTrustedMultifactorAuthenticationAttribute(authentication, this.trustedProperties.getAuthenticationContextAttribute());
        return yes();
    }

    @Generated
    public MultifactorAuthenticationVerifyTrustAction(MultifactorAuthenticationTrustStorage multifactorAuthenticationTrustStorage, DeviceFingerprintStrategy deviceFingerprintStrategy, TrustedDevicesMultifactorProperties trustedDevicesMultifactorProperties) {
        this.storage = multifactorAuthenticationTrustStorage;
        this.deviceFingerprintStrategy = deviceFingerprintStrategy;
        this.trustedProperties = trustedDevicesMultifactorProperties;
    }
}
