package org.apereo.cas.web.flow.resolver.impl;

import java.util.Collections;
import java.util.Optional;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationContextValidator;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.web.flow.CasWebflowConstants;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.audit.annotation.Audit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-5.1.0.jar:org/apereo/cas/web/flow/resolver/impl/RankedAuthenticationProviderWebflowEventResolver.class */
public class RankedAuthenticationProviderWebflowEventResolver extends AbstractCasWebflowEventResolver {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RankedAuthenticationProviderWebflowEventResolver.class);
    private final CasDelegatingWebflowEventResolver initialAuthenticationAttemptWebflowEventResolver;
    private final AuthenticationContextValidator authenticationContextValidator;

    public RankedAuthenticationProviderWebflowEventResolver(AuthenticationSystemSupport authenticationSystemSupport, CentralAuthenticationService centralAuthenticationService, ServicesManager servicesManager, TicketRegistrySupport ticketRegistrySupport, CookieGenerator cookieGenerator, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector, AuthenticationContextValidator authenticationContextValidator, CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver) {
        super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, cookieGenerator, authenticationServiceSelectionPlan, multifactorAuthenticationProviderSelector);
        this.authenticationContextValidator = authenticationContextValidator;
        this.initialAuthenticationAttemptWebflowEventResolver = casDelegatingWebflowEventResolver;
    }

    @Override // org.apereo.cas.web.flow.resolver.CasWebflowEventResolver
    public Set<Event> resolveInternal(RequestContext requestContext) {
        String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
        RegisteredService registeredService = WebUtils.getRegisteredService(requestContext);
        if (registeredService == null) {
            LOGGER.debug("No service is available to determine event for principal");
            return resumeFlow();
        }
        if (StringUtils.isBlank(ticketGrantingTicketId)) {
            LOGGER.trace("TGT is blank; proceed with flow normally.");
            return resumeFlow();
        }
        Authentication authenticationFrom = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicketId);
        if (authenticationFrom == null) {
            LOGGER.trace("TGT has no authentication and is blank; proceed with flow normally.");
            return resumeFlow();
        }
        WebUtils.putAuthenticationResultBuilder(this.authenticationSystemSupport.establishAuthenticationContextFromInitial(authenticationFrom, WebUtils.getCredential(requestContext)), requestContext);
        WebUtils.putAuthentication(authenticationFrom, requestContext);
        Event resolveSingle = this.initialAuthenticationAttemptWebflowEventResolver.resolveSingle(requestContext);
        if (resolveSingle == null) {
            LOGGER.trace("Request does not indicate a requirement for authentication policy; proceed with flow normally.");
            return resumeFlow();
        }
        String id = resolveSingle.getId();
        if (id.equals("error") || id.equals(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE) || id.equals("success")) {
            LOGGER.debug("Returning webflow event as [{}]", id);
            return Collections.singleton(resolveSingle);
        }
        Pair<Boolean, Optional<MultifactorAuthenticationProvider>> validate = this.authenticationContextValidator.validate(authenticationFrom, id, registeredService);
        if (validate.getKey().booleanValue()) {
            LOGGER.debug("Authentication context is successfully validated by [{}] for service [{}]", id, registeredService);
            return resumeFlow();
        }
        if (validate.getValue().isPresent()) {
            return Collections.singleton(validateEventIdForMatchingTransitionInContext(id, requestContext, buildEventAttributeMap(authenticationFrom.getPrincipal(), registeredService, validate.getValue().get())));
        }
        LOGGER.warn("The authentication context cannot be satisfied and the requested event [{}] is unrecognized", id);
        return Collections.singleton(new Event(this, "error"));
    }

    @Override // org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver, org.apereo.cas.web.flow.resolver.CasWebflowEventResolver
    @Audit(action = "AUTHENTICATION_EVENT", actionResolverName = "AUTHENTICATION_EVENT_ACTION_RESOLVER", resourceResolverName = "AUTHENTICATION_EVENT_RESOURCE_RESOLVER")
    public Event resolveSingle(RequestContext requestContext) {
        return super.resolveSingle(requestContext);
    }

    private Set<Event> resumeFlow() {
        return Collections.singleton(new EventFactorySupport().success(this));
    }
}
