package org.apereo.cas.authentication;

import java.util.Arrays;
import java.util.Collection;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.Pair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.core.OrderComparator;

/* loaded from: input_file:org/apereo/cas/authentication/AuthenticationContextValidator.class */
public class AuthenticationContextValidator {
    private transient Logger logger = LoggerFactory.getLogger(getClass());
    private String authenticationContextAttribute;
    private String globalFailureMode;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    public String getAuthenticationContextAttribute() {
        return this.authenticationContextAttribute;
    }

    public void setAuthenticationContextAttribute(String str) {
        this.authenticationContextAttribute = str;
    }

    public Pair<Boolean, Optional<MultifactorAuthenticationProvider>> validate(Authentication authentication, String str, RegisteredService registeredService) {
        Set convertValueToCollection = CollectionUtils.convertValueToCollection(authentication.getAttributes().get(this.authenticationContextAttribute));
        this.logger.debug("Attempting to match requested authentication context {} against {}", str, convertValueToCollection);
        Map<String, MultifactorAuthenticationProvider> allMultifactorAuthenticationProvidersFromApplicationContext = getAllMultifactorAuthenticationProvidersFromApplicationContext();
        if (allMultifactorAuthenticationProvidersFromApplicationContext == null) {
            this.logger.debug("No providers have been configured");
            return new Pair<>(Boolean.FALSE, Optional.empty());
        }
        Optional<MultifactorAuthenticationProvider> locateRequestedProvider = locateRequestedProvider(allMultifactorAuthenticationProvidersFromApplicationContext.values(), str);
        if (!locateRequestedProvider.isPresent()) {
            this.logger.debug("Requested authentication provider cannot be recognized.");
            return new Pair<>(Boolean.FALSE, Optional.empty());
        }
        if (convertValueToCollection.stream().filter(obj -> {
            return obj.toString().equals(str);
        }).count() > 0) {
            this.logger.debug("Requested authentication context {} is satisfied", str);
            return new Pair<>(Boolean.TRUE, locateRequestedProvider);
        }
        Collection<MultifactorAuthenticationProvider> satisfiedAuthenticationProviders = getSatisfiedAuthenticationProviders(authentication, allMultifactorAuthenticationProvidersFromApplicationContext.values());
        if (satisfiedAuthenticationProviders == null) {
            this.logger.debug("No satisfied multifactor authentication providers are recorded in the current authentication context.");
            return new Pair<>(Boolean.FALSE, locateRequestedProvider);
        }
        if (!satisfiedAuthenticationProviders.isEmpty()) {
            MultifactorAuthenticationProvider[] multifactorAuthenticationProviderArr = (MultifactorAuthenticationProvider[]) satisfiedAuthenticationProviders.toArray(new MultifactorAuthenticationProvider[0]);
            OrderComparator.sortIfNecessary(multifactorAuthenticationProviderArr);
            Optional findFirst = Arrays.stream(multifactorAuthenticationProviderArr).filter(multifactorAuthenticationProvider -> {
                MultifactorAuthenticationProvider multifactorAuthenticationProvider = (MultifactorAuthenticationProvider) locateRequestedProvider.get();
                return multifactorAuthenticationProvider.equals(multifactorAuthenticationProvider) || multifactorAuthenticationProvider.getOrder() >= multifactorAuthenticationProvider.getOrder();
            }).findFirst();
            if (findFirst.isPresent()) {
                this.logger.debug("Current provider {} already satisfies the authentication requirements of {}; proceed with flow normally.", findFirst.get(), locateRequestedProvider);
                return new Pair<>(Boolean.TRUE, locateRequestedProvider);
            }
        }
        this.logger.debug("No multifactor providers could be located to satisfy the requested context for {}", locateRequestedProvider);
        RegisteredServiceMultifactorPolicy.FailureModes multifactorFailureModeForService = getMultifactorFailureModeForService(registeredService);
        if (multifactorFailureModeForService == RegisteredServiceMultifactorPolicy.FailureModes.PHANTOM && !locateRequestedProvider.get().isAvailable(registeredService)) {
            this.logger.debug("Service {} is configured to use a {} failure mode for multifactor authentication policy. Since provider {} is unavailable at the moment, CAS will knowingly allow [{}] as a satisfied criteria of the present authentication context", new Object[]{registeredService.getServiceId(), multifactorFailureModeForService, locateRequestedProvider, str});
            return new Pair<>(true, locateRequestedProvider);
        }
        if (multifactorFailureModeForService != RegisteredServiceMultifactorPolicy.FailureModes.OPEN || locateRequestedProvider.get().isAvailable(registeredService)) {
            return new Pair<>(false, locateRequestedProvider);
        }
        this.logger.debug("Service {} is configured to use a {} failure mode for multifactor authentication policy and since provider {} is unavailable at the moment, CAS will consider the authentication satisfied without the presence of {}", new Object[]{registeredService.getServiceId(), multifactorFailureModeForService, locateRequestedProvider, str});
        return new Pair<>(true, satisfiedAuthenticationProviders.stream().findFirst());
    }

    private Map<String, MultifactorAuthenticationProvider> getAllMultifactorAuthenticationProvidersFromApplicationContext() {
        try {
            return this.applicationContext.getBeansOfType(MultifactorAuthenticationProvider.class, false, true);
        } catch (Exception e) {
            this.logger.warn("Could not locate beans of type {} in the application context", MultifactorAuthenticationProvider.class);
            return null;
        }
    }

    private Collection<MultifactorAuthenticationProvider> getSatisfiedAuthenticationProviders(Authentication authentication, Collection<MultifactorAuthenticationProvider> collection) {
        Set convertValueToCollection = CollectionUtils.convertValueToCollection(authentication.getAttributes().get(this.authenticationContextAttribute));
        if (convertValueToCollection == null || convertValueToCollection.isEmpty()) {
            this.logger.debug("No authentication context could be determined based on authentication attribute {}", this.authenticationContextAttribute);
            return null;
        }
        convertValueToCollection.stream().forEach(obj -> {
            collection.removeIf(multifactorAuthenticationProvider -> {
                return !multifactorAuthenticationProvider.getId().equals(obj);
            });
        });
        this.logger.debug("Found {} providers that may satisfy the context", Integer.valueOf(collection.size()));
        return collection;
    }

    private static Optional<MultifactorAuthenticationProvider> locateRequestedProvider(Collection<MultifactorAuthenticationProvider> collection, String str) {
        return collection.stream().filter(multifactorAuthenticationProvider -> {
            return multifactorAuthenticationProvider.getId().equals(str);
        }).findFirst();
    }

    private RegisteredServiceMultifactorPolicy.FailureModes getMultifactorFailureModeForService(RegisteredService registeredService) {
        RegisteredServiceMultifactorPolicy multifactorPolicy = registeredService.getMultifactorPolicy();
        return (multifactorPolicy == null || multifactorPolicy.getFailureMode() == null) ? RegisteredServiceMultifactorPolicy.FailureModes.valueOf(this.globalFailureMode) : multifactorPolicy.getFailureMode();
    }

    public void setGlobalFailureMode(String str) {
        this.globalFailureMode = str;
    }
}
