package org.apereo.cas.authentication.trigger;

import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationTrigger;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationResponse;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationService;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.util.HttpRequestUtils;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/authentication/trigger/AdaptiveMultifactorAuthenticationTrigger.class */
public class AdaptiveMultifactorAuthenticationTrigger implements MultifactorAuthenticationTrigger {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AdaptiveMultifactorAuthenticationTrigger.class);
    private final GeoLocationService geoLocationService;
    private final CasConfigurationProperties casProperties;
    private int order = Integer.MAX_VALUE;

    public Optional<MultifactorAuthenticationProvider> isActivated(Authentication authentication, RegisteredService registeredService, HttpServletRequest httpServletRequest, Service service) {
        Map requireMultifactor = this.casProperties.getAuthn().getAdaptive().getRequireMultifactor();
        if (service == null || authentication == null) {
            LOGGER.debug("No service or authentication is available to determine event for principal");
            return Optional.empty();
        }
        if (requireMultifactor == null || requireMultifactor.isEmpty()) {
            LOGGER.debug("Adaptive authentication is not configured to require multifactor authentication");
            return Optional.empty();
        }
        Map<String, MultifactorAuthenticationProvider> availableMultifactorAuthenticationProviders = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(ApplicationContextProvider.getApplicationContext());
        if (availableMultifactorAuthenticationProviders.isEmpty()) {
            LOGGER.error("No multifactor authentication providers are available in the application context");
            throw new AuthenticationException();
        }
        String clientIpAddress = ClientInfoHolder.getClientInfo().getClientIpAddress();
        LOGGER.debug("Located client IP address as [{}]", clientIpAddress);
        String httpServletRequestUserAgent = HttpRequestUtils.getHttpServletRequestUserAgent(httpServletRequest);
        for (Map.Entry entry : requireMultifactor.entrySet()) {
            String obj = entry.getKey().toString();
            String obj2 = entry.getValue().toString();
            Optional<MultifactorAuthenticationProvider> resolveProvider = MultifactorAuthenticationUtils.resolveProvider(availableMultifactorAuthenticationProviders, obj);
            if (resolveProvider.isEmpty()) {
                LOGGER.error("Adaptive authentication is configured to require [{}] for [{}], yet [{}] is absent in the configuration.", new Object[]{obj, obj2, obj});
                throw new AuthenticationException();
            }
            if (!checkUserAgentOrClientIp(clientIpAddress, httpServletRequestUserAgent, obj, obj2) && !checkRequestGeoLocation(httpServletRequest, clientIpAddress, obj, obj2)) {
            }
            return resolveProvider;
        }
        return Optional.empty();
    }

    private static boolean checkUserAgentOrClientIp(String str, String str2, String str3, String str4) {
        if (!str2.matches(str4) && !str.matches(str4)) {
            return false;
        }
        LOGGER.debug("Current user agent [{}] at [{}] matches the provided pattern [{}] for adaptive authentication and is required to use [{}]", new Object[]{str2, str, str4, str3});
        return true;
    }

    private boolean checkRequestGeoLocation(HttpServletRequest httpServletRequest, String str, String str2, String str3) {
        GeoLocationResponse locate;
        if (this.geoLocationService == null || (locate = this.geoLocationService.locate(str, HttpRequestUtils.getHttpServletRequestGeoLocation(httpServletRequest))) == null) {
            return false;
        }
        String build = locate.build();
        if (!build.matches(str3)) {
            return false;
        }
        LOGGER.debug("Current address [{}] at [{}] matches the provided pattern [{}] for adaptive authentication and is required to use [{}]", new Object[]{build, str, str3, str2});
        return true;
    }

    @Generated
    public GeoLocationService getGeoLocationService() {
        return this.geoLocationService;
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }

    @Generated
    public int getOrder() {
        return this.order;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }

    @Generated
    public AdaptiveMultifactorAuthenticationTrigger(GeoLocationService geoLocationService, CasConfigurationProperties casConfigurationProperties) {
        this.geoLocationService = geoLocationService;
        this.casProperties = casConfigurationProperties;
    }
}
