package org.apereo.cas.web.flow.resolver.impl;

import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationResultBuilder;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.core.collection.AttributeMap;
import org.springframework.webflow.core.collection.LocalAttributeMap;
import org.springframework.webflow.definition.TransitionDefinition;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-api-5.3.0-RC4.jar:org/apereo/cas/web/flow/resolver/impl/AbstractCasWebflowEventResolver.class */
public abstract class AbstractCasWebflowEventResolver implements CasWebflowEventResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractCasWebflowEventResolver.class);
    private static final String RESOLVED_AUTHENTICATION_EVENTS = "resolvedAuthenticationEvents";
    private static final String DEFAULT_MESSAGE_BUNDLE_PREFIX = "authenticationFailure.";

    @Autowired
    protected ApplicationEventPublisher eventPublisher;

    @Autowired
    protected ConfigurableApplicationContext applicationContext;
    protected final AuthenticationSystemSupport authenticationSystemSupport;
    protected final CentralAuthenticationService centralAuthenticationService;
    protected final ServicesManager servicesManager;
    protected final TicketRegistrySupport ticketRegistrySupport;
    protected final CookieGenerator warnCookieGenerator;
    protected final AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies;
    protected final MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector;

    /* JADX INFO: Access modifiers changed from: protected */
    public Event newEvent(String str, Exception exc) {
        return newEvent(str, new LocalAttributeMap("error", exc));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Event newEvent(String str) {
        return newEvent(str, new LocalAttributeMap());
    }

    protected Event newEvent(String str, AttributeMap attributeMap) {
        return new Event(this, str, attributeMap);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Credential getCredentialFromContext(RequestContext requestContext) {
        return WebUtils.getCredential(requestContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Event grantTicketGrantingTicketToAuthenticationResult(RequestContext requestContext, AuthenticationResultBuilder authenticationResultBuilder, Service service) {
        WebUtils.putAuthenticationResultBuilder(authenticationResultBuilder, requestContext);
        WebUtils.putService(requestContext, service);
        return newEvent("success");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<MultifactorAuthenticationProvider> getAuthenticationProviderForService(RegisteredService registeredService) {
        RegisteredServiceMultifactorPolicy multifactorPolicy = registeredService.getMultifactorPolicy();
        if (multifactorPolicy != null) {
            return (Collection) multifactorPolicy.getMultifactorAuthenticationProviders().stream().map(this::getMultifactorAuthenticationProviderFromApplicationContext).filter((v0) -> {
                return v0.isPresent();
            }).map((v0) -> {
                return v0.get();
            }).collect(Collectors.toSet());
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Event validateEventIdForMatchingTransitionInContext(String str, RequestContext requestContext, Map<String, Object> map) {
        Event event = new Event(this, str, new LocalAttributeMap(map));
        LOGGER.debug("Resulting event id is [{}] by provider [{}]. Locating transitions in the context for that event id...", event.getId(), getName());
        TransitionDefinition matchingTransition = requestContext.getMatchingTransition(event.getId());
        if (matchingTransition == null) {
            LOGGER.warn("Transition definition cannot be found for event [{}]", event.getId());
            throw new AuthenticationException();
        }
        LOGGER.debug("Found matching transition [{}] with target [{}] for event [{}] with attributes [{}].", matchingTransition.getId(), matchingTransition.getTargetStateId(), event.getId(), event.getAttributes());
        return event;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Map<String, Object> buildEventAttributeMap(Principal principal, RegisteredService registeredService, MultifactorAuthenticationProvider multifactorAuthenticationProvider) {
        HashMap hashMap = new HashMap();
        hashMap.put(Principal.class.getName(), principal);
        if (registeredService != null) {
            hashMap.put(RegisteredService.class.getName(), registeredService);
        }
        hashMap.put(MultifactorAuthenticationProvider.class.getName(), multifactorAuthenticationProvider);
        return hashMap;
    }

    private Set<Event> resolveEventViaMultivaluedAttribute(Principal principal, Object obj, RegisteredService registeredService, RequestContext requestContext, MultifactorAuthenticationProvider multifactorAuthenticationProvider, Predicate<String> predicate) {
        HashSet hashSet = new HashSet();
        if (!(obj instanceof Collection)) {
            LOGGER.debug("Attribute value [{}] of type [{}] is not a multi-valued attribute", obj, obj.getClass());
            return null;
        }
        LOGGER.debug("Attribute value [{}] is a multi-valued attribute", obj);
        ((Collection) obj).forEach(str -> {
            try {
                if (predicate.test(str)) {
                    LOGGER.debug("Attribute value predicate [{}] has successfully matched the [{}]. Attempting to verify multifactor authentication for [{}]", predicate, str, registeredService);
                    if (multifactorAuthenticationProvider.isAvailable(registeredService)) {
                        LOGGER.debug("Provider [{}] is successfully verified", multifactorAuthenticationProvider);
                        hashSet.add(validateEventIdForMatchingTransitionInContext(multifactorAuthenticationProvider.getId(), requestContext, buildEventAttributeMap(principal, registeredService, multifactorAuthenticationProvider)));
                    }
                } else {
                    LOGGER.debug("Attribute value predicate [{}] could not match the [{}]", predicate, str);
                }
            } catch (Exception e) {
                LOGGER.debug("Ignoring [{}] since no matching transition could be found", str);
            }
        });
        return hashSet;
    }

    private Set<Event> resolveEventViaSingleAttribute(Principal principal, Object obj, RegisteredService registeredService, RequestContext requestContext, MultifactorAuthenticationProvider multifactorAuthenticationProvider, Predicate<String> predicate) {
        if (obj instanceof String) {
            LOGGER.debug("Attribute value [{}] is a single-valued attribute", obj);
            if (predicate.test((String) obj)) {
                LOGGER.debug("Attribute value predicate [{}] has matched the [{}]", predicate, obj);
                return evaluateEventForProviderInContext(principal, registeredService, requestContext, multifactorAuthenticationProvider);
            }
            LOGGER.debug("Attribute value predicate [{}] could not match the [{}]", predicate, obj);
        }
        LOGGER.debug("Attribute value [{}] is not a single-valued attribute", obj);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<Event> evaluateEventForProviderInContext(Principal principal, RegisteredService registeredService, RequestContext requestContext, MultifactorAuthenticationProvider multifactorAuthenticationProvider) {
        LOGGER.debug("Attempting check for availability of multifactor authentication provider [{}] for [{}]", multifactorAuthenticationProvider, registeredService);
        if (multifactorAuthenticationProvider == null || !multifactorAuthenticationProvider.isAvailable(registeredService)) {
            LOGGER.debug("Provider [{}] could not be verified", multifactorAuthenticationProvider);
            return new HashSet(0);
        }
        LOGGER.debug("Provider [{}] is successfully verified", multifactorAuthenticationProvider);
        return CollectionUtils.wrapSet(validateEventIdForMatchingTransitionInContext(multifactorAuthenticationProvider.getId(), requestContext, buildEventAttributeMap(principal, registeredService, multifactorAuthenticationProvider)));
    }

    private Set<Event> resolveEventViaAttribute(Principal principal, Map<String, Object> map, Collection<String> collection, RegisteredService registeredService, RequestContext requestContext, Collection<MultifactorAuthenticationProvider> collection2, Predicate<String> predicate) {
        if (collection2 == null || collection2.isEmpty()) {
            LOGGER.debug("No authentication provider is associated with this service");
            return null;
        }
        LOGGER.debug("Locating attribute value for attribute(s): [{}]", collection);
        for (String str : collection) {
            Object obj = map.get(str);
            if (obj == null) {
                LOGGER.debug("Attribute value for [{}] to determine event is not configured for [{}]", str, principal.getId());
            } else {
                LOGGER.debug("Selecting a multifactor authentication provider out of [{}] for [{}] and service [{}]", collection2, principal.getId(), registeredService);
                MultifactorAuthenticationProvider resolve = this.multifactorAuthenticationProviderSelector.resolve(collection2, registeredService, principal);
                LOGGER.debug("Located attribute value [{}] for [{}]", obj, collection);
                Set<Event> resolveEventViaSingleAttribute = resolveEventViaSingleAttribute(principal, obj, registeredService, requestContext, resolve, predicate);
                if (resolveEventViaSingleAttribute == null || resolveEventViaSingleAttribute.isEmpty()) {
                    resolveEventViaSingleAttribute = resolveEventViaMultivaluedAttribute(principal, obj, registeredService, requestContext, resolve, predicate);
                }
                if (resolveEventViaSingleAttribute != null && !resolveEventViaSingleAttribute.isEmpty()) {
                    LOGGER.debug("Resolved set of events based on the attribute [{}] are [{}]", str, resolveEventViaSingleAttribute);
                    return resolveEventViaSingleAttribute;
                }
            }
        }
        LOGGER.debug("No set of events based on the attribute(s) [{}] could be matched", collection);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<Event> resolveEventViaAuthenticationAttribute(Authentication authentication, Collection<String> collection, RegisteredService registeredService, RequestContext requestContext, Collection<MultifactorAuthenticationProvider> collection2, Predicate<String> predicate) {
        return resolveEventViaAttribute(authentication.getPrincipal(), authentication.getAttributes(), collection, registeredService, requestContext, collection2, predicate);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<Event> resolveEventViaPrincipalAttribute(Principal principal, Collection<String> collection, RegisteredService registeredService, RequestContext requestContext, Collection<MultifactorAuthenticationProvider> collection2, Predicate<String> predicate) {
        if (collection.isEmpty()) {
            LOGGER.debug("No attribute names are provided to trigger a multifactor authentication provider via [{}]", getName());
            return null;
        }
        if (collection2 != null && !collection2.isEmpty()) {
            return resolveEventViaAttribute(principal, getPrincipalAttributesForMultifactorAuthentication(principal), collection, registeredService, requestContext, collection2, predicate);
        }
        LOGGER.error("No multifactor authentication providers are available in the application context");
        return null;
    }

    @Override // org.apereo.cas.web.flow.resolver.CasWebflowEventResolver
    public Set<Event> resolve(RequestContext requestContext) {
        LOGGER.debug("Attempting to resolve authentication event using resolver [{}]", getName());
        WebUtils.putWarnCookieIfRequestParameterPresent(this.warnCookieGenerator, requestContext);
        WebUtils.putPublicWorkstationToFlowIfRequestParameterPresent(requestContext);
        return resolveInternal(requestContext);
    }

    @Override // org.apereo.cas.web.flow.resolver.CasWebflowEventResolver
    public Event resolveSingle(RequestContext requestContext) {
        Set<Event> resolve = resolve(requestContext);
        if (resolve == null || resolve.isEmpty()) {
            return null;
        }
        Event next = resolve.iterator().next();
        LOGGER.debug("Resolved single event [{}] via [{}] for this context", next.getId(), next.getSource().getClass().getName());
        return next;
    }

    protected Optional<MultifactorAuthenticationProvider> getMultifactorAuthenticationProviderFromApplicationContext(String str) {
        try {
            LOGGER.debug("Locating bean definition for [{}]", str);
            return MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext).values().stream().filter(multifactorAuthenticationProvider -> {
                return multifactorAuthenticationProvider.matches(str);
            }).findFirst();
        } catch (Exception e) {
            LOGGER.debug("Could not locate [{}] bean id in the application context as an authentication provider.", str);
            return Optional.empty();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void putResolvedEventsAsAttribute(RequestContext requestContext, Set<Event> set) {
        requestContext.getAttributes().put(RESOLVED_AUTHENTICATION_EVENTS, set);
    }

    protected Service resolveServiceFromAuthenticationRequest(Service service) {
        return this.authenticationRequestServiceSelectionStrategies.resolveService(service);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Service resolveServiceFromAuthenticationRequest(RequestContext requestContext) {
        return resolveServiceFromAuthenticationRequest(WebUtils.getService(requestContext));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<Event> getResolvedEventsAsAttribute(RequestContext requestContext) {
        return (Set) requestContext.getAttributes().get(RESOLVED_AUTHENTICATION_EVENTS, Set.class);
    }

    protected Set<Event> handleAuthenticationTransactionAndGrantTicketGrantingTicket(RequestContext requestContext) {
        try {
            Credential credentialFromContext = getCredentialFromContext(requestContext);
            AuthenticationResultBuilder authenticationResultBuilder = WebUtils.getAuthenticationResultBuilder(requestContext);
            LOGGER.debug("Handling authentication transaction for credential [{}]", credentialFromContext);
            WebApplicationService service = WebUtils.getService(requestContext);
            AuthenticationResultBuilder handleAuthenticationTransaction = this.authenticationSystemSupport.handleAuthenticationTransaction(service, authenticationResultBuilder, credentialFromContext);
            LOGGER.debug("Issuing ticket-granting tickets for service [{}]", service);
            return CollectionUtils.wrapSet(grantTicketGrantingTicketToAuthenticationResult(requestContext, handleAuthenticationTransaction, service));
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            requestContext.getMessageContext().addMessage(new MessageBuilder().error().code(DEFAULT_MESSAGE_BUNDLE_PREFIX.concat(e.getClass().getSimpleName())).build());
            return CollectionUtils.wrapSet(new EventFactorySupport().error(this));
        }
    }

    protected Map<String, Object> getPrincipalAttributesForMultifactorAuthentication(Principal principal) {
        return principal.getAttributes();
    }

    @Generated
    public AbstractCasWebflowEventResolver(AuthenticationSystemSupport authenticationSystemSupport, CentralAuthenticationService centralAuthenticationService, ServicesManager servicesManager, TicketRegistrySupport ticketRegistrySupport, CookieGenerator cookieGenerator, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector) {
        this.authenticationSystemSupport = authenticationSystemSupport;
        this.centralAuthenticationService = centralAuthenticationService;
        this.servicesManager = servicesManager;
        this.ticketRegistrySupport = ticketRegistrySupport;
        this.warnCookieGenerator = cookieGenerator;
        this.authenticationRequestServiceSelectionStrategies = authenticationServiceSelectionPlan;
        this.multifactorAuthenticationProviderSelector = multifactorAuthenticationProviderSelector;
    }
}
