package org.apereo.cas.web.flow.resolver.impl.mfa;

import java.util.Collection;
import java.util.Map;
import java.util.Set;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.audit.annotation.Audit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-5.1.3.jar:org/apereo/cas/web/flow/resolver/impl/mfa/AuthenticationAttributeMultifactorAuthenticationPolicyEventResolver.class */
public class AuthenticationAttributeMultifactorAuthenticationPolicyEventResolver extends BaseMultifactorAuthenticationProviderEventResolver {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AuthenticationAttributeMultifactorAuthenticationPolicyEventResolver.class);
    private final String globalAuthenticationAttributeValueRegex;
    private final Set<String> attributeNames;

    public AuthenticationAttributeMultifactorAuthenticationPolicyEventResolver(AuthenticationSystemSupport authenticationSystemSupport, CentralAuthenticationService centralAuthenticationService, ServicesManager servicesManager, TicketRegistrySupport ticketRegistrySupport, CookieGenerator cookieGenerator, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector, CasConfigurationProperties casConfigurationProperties) {
        super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, cookieGenerator, authenticationServiceSelectionPlan, multifactorAuthenticationProviderSelector);
        this.globalAuthenticationAttributeValueRegex = casConfigurationProperties.getAuthn().getMfa().getGlobalAuthenticationAttributeValueRegex();
        this.attributeNames = StringUtils.commaDelimitedListToSet(casConfigurationProperties.getAuthn().getMfa().getGlobalAuthenticationAttributeNameTriggers());
    }

    @Override // org.apereo.cas.web.flow.resolver.CasWebflowEventResolver
    public Set<Event> resolveInternal(RequestContext requestContext) {
        RegisteredService resolveRegisteredServiceInRequestContext = resolveRegisteredServiceInRequestContext(requestContext);
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        if (resolveRegisteredServiceInRequestContext == null || authentication == null) {
            LOGGER.debug("No service or authentication is available to determine event for principal");
            return null;
        }
        if (this.attributeNames.isEmpty()) {
            LOGGER.debug("Authentication attribute name to determine event is not configured");
            return null;
        }
        Map<String, MultifactorAuthenticationProvider> availableMultifactorAuthenticationProviders = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
        if (availableMultifactorAuthenticationProviders == null || availableMultifactorAuthenticationProviders.isEmpty()) {
            LOGGER.error("No multifactor authentication providers are available in the application context");
            return null;
        }
        Collection<MultifactorAuthenticationProvider> flattenProviders = flattenProviders(availableMultifactorAuthenticationProviders.values());
        if (flattenProviders.size() != 1 || !org.apache.commons.lang3.StringUtils.isNotBlank(this.globalAuthenticationAttributeValueRegex)) {
            return resolveEventViaAuthenticationAttribute(authentication, this.attributeNames, resolveRegisteredServiceInRequestContext, requestContext, flattenProviders, str -> {
                return flattenProviders.stream().filter(multifactorAuthenticationProvider -> {
                    return str != null && multifactorAuthenticationProvider.matches(str);
                }).count() > 0;
            });
        }
        LOGGER.debug("Found a single multifactor provider [{}] in the application context", flattenProviders.iterator().next());
        return resolveEventViaAuthenticationAttribute(authentication, this.attributeNames, resolveRegisteredServiceInRequestContext, requestContext, flattenProviders, str2 -> {
            return str2 != null && str2.matches(this.globalAuthenticationAttributeValueRegex);
        });
    }

    @Override // org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver, org.apereo.cas.web.flow.resolver.CasWebflowEventResolver
    @Audit(action = "AUTHENTICATION_EVENT", actionResolverName = "AUTHENTICATION_EVENT_ACTION_RESOLVER", resourceResolverName = "AUTHENTICATION_EVENT_RESOURCE_RESOLVER")
    public Event resolveSingle(RequestContext requestContext) {
        return super.resolveSingle(requestContext);
    }
}
