package org.apereo.cas.web.flow.resolver.impl;

import com.google.common.collect.ImmutableSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationResponse;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/resolver/impl/AdaptiveMultifactorAuthenticationWebflowEventResolver.class */
public class AdaptiveMultifactorAuthenticationWebflowEventResolver extends AbstractCasWebflowEventResolver {
    private GeoLocationService geoLocationService;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Override // org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver
    protected Set<Event> resolveInternal(RequestContext requestContext) {
        GeoLocationResponse locate;
        RegisteredService registeredService = WebUtils.getRegisteredService(requestContext);
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        if (registeredService == null || authentication == null) {
            this.logger.debug("No service or authentication is available to determine event for principal");
            return null;
        }
        Map requireMultifactor = this.casProperties.getAuthn().getAdaptive().getRequireMultifactor();
        if (requireMultifactor == null || requireMultifactor.isEmpty()) {
            this.logger.debug("Adaptive authentication is not configured to require multifactor authentication");
            return null;
        }
        Map allMultifactorAuthenticationProviders = WebUtils.getAllMultifactorAuthenticationProviders(this.applicationContext);
        if (allMultifactorAuthenticationProviders == null || allMultifactorAuthenticationProviders.isEmpty()) {
            this.logger.warn("No multifactor authentication providers are available in the application context");
            throw new AuthenticationException();
        }
        String clientIpAddress = ClientInfoHolder.getClientInfo().getClientIpAddress();
        this.logger.debug("Located client IP address as [{}]", clientIpAddress);
        String httpServletRequestUserAgent = WebUtils.getHttpServletRequestUserAgent();
        for (Map.Entry entry : requireMultifactor.entrySet()) {
            String obj = entry.getKey().toString();
            String obj2 = entry.getValue().toString();
            Optional findFirst = allMultifactorAuthenticationProviders.values().stream().filter(multifactorAuthenticationProvider -> {
                return multifactorAuthenticationProvider.getId().equals(obj);
            }).findFirst();
            if (!findFirst.isPresent()) {
                this.logger.error("Adaptive authentication is configured to require [{}] for [{}], yet [{}] is absent in the configuration.", new Object[]{obj, obj2, obj});
                throw new AuthenticationException();
            }
            if (httpServletRequestUserAgent.matches(obj2) || clientIpAddress.matches(obj2)) {
                this.logger.debug("Current user agent [{}] at [{}] matches the provided pattern {} for adaptive authentication and is required to use [{}]", new Object[]{httpServletRequestUserAgent, clientIpAddress, obj2, obj});
                return buildEvent(requestContext, registeredService, authentication, (MultifactorAuthenticationProvider) findFirst.get());
            }
            if (this.geoLocationService != null && (locate = this.geoLocationService.locate(clientIpAddress, WebUtils.getHttpServletRequestGeoLocation())) != null) {
                String buildAddress = locate.buildAddress();
                if (buildAddress.matches(obj2)) {
                    this.logger.debug("Current address [{}] at [{}] matches the provided pattern {} for adaptive authentication and is required to use [{}]", new Object[]{buildAddress, clientIpAddress, obj2, obj});
                    return buildEvent(requestContext, registeredService, authentication, (MultifactorAuthenticationProvider) findFirst.get());
                }
            }
        }
        return null;
    }

    private Set<Event> buildEvent(RequestContext requestContext, RegisteredService registeredService, Authentication authentication, MultifactorAuthenticationProvider multifactorAuthenticationProvider) {
        if (multifactorAuthenticationProvider.isAvailable(registeredService)) {
            this.logger.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", multifactorAuthenticationProvider, registeredService.getName());
            return ImmutableSet.of(validateEventIdForMatchingTransitionInContext(multifactorAuthenticationProvider.getId(), requestContext, buildEventAttributeMap(authentication.getPrincipal(), registeredService, multifactorAuthenticationProvider)));
        }
        this.logger.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", multifactorAuthenticationProvider);
        return null;
    }

    public void setGeoLocationService(GeoLocationService geoLocationService) {
        this.geoLocationService = geoLocationService;
    }
}
