package org.apereo.cas.web.flow;

import java.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.ActionState;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.Transition;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.engine.support.DefaultTargetStateResolver;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-5.1.0.jar:org/apereo/cas/web/flow/AbstractMultifactorTrustedDeviceWebflowConfigurer.class */
public abstract class AbstractMultifactorTrustedDeviceWebflowConfigurer extends AbstractCasMultifactorWebflowConfigurer {
    public static final String MFA_TRUSTED_AUTHN_SCOPE_ATTR = "mfaTrustedAuthentication";
    private static final String STATE_ID_FINISH_MFA_TRUSTED_AUTH = "finishMfaTrustedAuth";
    private static final String MFA_VERIFY_TRUST_ACTION_BEAN_ID = "mfaVerifyTrustAction";
    private static final String MFA_SET_TRUST_ACTION_BEAN_ID = "mfaSetTrustAction";
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractMultifactorTrustedDeviceWebflowConfigurer.class);
    private boolean enableDeviceRegistration;

    public AbstractMultifactorTrustedDeviceWebflowConfigurer(FlowBuilderServices flowBuilderServices, FlowDefinitionRegistry flowDefinitionRegistry, boolean z) {
        super(flowBuilderServices, flowDefinitionRegistry);
        this.enableDeviceRegistration = true;
        this.enableDeviceRegistration = z;
    }

    protected void registerMultifactorTrustedAuthentication(FlowDefinitionRegistry flowDefinitionRegistry) {
        validateFlowDefinitionConfiguration(flowDefinitionRegistry);
        LOGGER.debug("Flow definitions found in the registry are [{}]", (Object[]) flowDefinitionRegistry.getFlowDefinitionIds());
        String str = (String) Arrays.stream(flowDefinitionRegistry.getFlowDefinitionIds()).findFirst().get();
        LOGGER.debug("Processing flow definition [{}]", str);
        Flow flow = (Flow) flowDefinitionRegistry.getFlowDefinition(str);
        Transition transition = (Transition) ((ActionState) flow.getState(CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM)).getTransition("success");
        String targetStateId = transition.getTargetStateId();
        transition.setTargetStateResolver(new DefaultTargetStateResolver(CasWebflowConstants.STATE_ID_VERIFY_TRUSTED_DEVICE));
        ActionState createActionState = createActionState(flow, CasWebflowConstants.STATE_ID_VERIFY_TRUSTED_DEVICE, createEvaluateAction(MFA_VERIFY_TRUST_ACTION_BEAN_ID));
        if (this.enableDeviceRegistration) {
            createTransitionForState(createActionState, "yes", STATE_ID_FINISH_MFA_TRUSTED_AUTH);
        } else {
            createTransitionForState(createActionState, "yes", CasWebflowConstants.TRANSITION_ID_REAL_SUBMIT);
        }
        createTransitionForState(createActionState, "no", targetStateId);
        createDecisionState(flow, CasWebflowConstants.DECISION_STATE_REQUIRE_REGISTRATION, isDeviceRegistrationRequired(), CasWebflowConstants.VIEW_ID_REGISTER_DEVICE, CasWebflowConstants.TRANSITION_ID_REAL_SUBMIT);
        ActionState actionState = (ActionState) flow.getState(CasWebflowConstants.TRANSITION_ID_REAL_SUBMIT);
        Transition transition2 = (Transition) actionState.getTransition("success");
        if (this.enableDeviceRegistration) {
            transition2.setTargetStateResolver(new DefaultTargetStateResolver(CasWebflowConstants.VIEW_ID_REGISTER_DEVICE));
        } else {
            transition2.setTargetStateResolver(new DefaultTargetStateResolver(CasWebflowConstants.STATE_ID_REGISTER_TRUSTED_DEVICE));
        }
        createViewState(flow, CasWebflowConstants.VIEW_ID_REGISTER_DEVICE, "casMfaRegisterDeviceView").getTransitionSet().add(createTransition(CasWebflowConstants.TRANSITION_ID_SUBMIT, CasWebflowConstants.STATE_ID_REGISTER_TRUSTED_DEVICE));
        createStateDefaultTransition(createActionState(flow, CasWebflowConstants.STATE_ID_REGISTER_TRUSTED_DEVICE, createEvaluateAction(MFA_SET_TRUST_ACTION_BEAN_ID)), "success");
        if (actionState.getActionList().size() == 0) {
            throw new IllegalArgumentException("There are no actions defined for the final submission event of " + str);
        }
        ActionState createActionState2 = createActionState(flow, STATE_ID_FINISH_MFA_TRUSTED_AUTH, actionState.getActionList().iterator().next());
        createActionState2.getTransitionSet().add(createTransition("success", "success"));
        createStateDefaultTransition(createActionState2, "success");
    }

    private void validateFlowDefinitionConfiguration(FlowDefinitionRegistry flowDefinitionRegistry) {
        if (flowDefinitionRegistry.getFlowDefinitionCount() <= 0) {
            throw new IllegalArgumentException("Flow definition registry has no flow definitions");
        }
        if (!this.applicationContext.containsBean(MFA_SET_TRUST_ACTION_BEAN_ID)) {
            throw new IllegalArgumentException(String.format("CAS application context cannot find bean [%s]. This typically indicates that configuration is attempting to activate trusted-device functionality for multifactor authentication, yet the configuration modules that auto-configure the webflow are absent from the CAS application runtime.", MFA_SET_TRUST_ACTION_BEAN_ID));
        }
        if (!this.applicationContext.containsBean(MFA_VERIFY_TRUST_ACTION_BEAN_ID)) {
            throw new IllegalArgumentException(String.format("CAS application context cannot find bean [%s]. This typically indicates that configuration is attempting to activate trusted-device functionality for multifactor authentication, yet the configuration modules that auto-configure the webflow are absent from the CAS application runtime.", MFA_VERIFY_TRUST_ACTION_BEAN_ID));
        }
    }

    public boolean isEnableDeviceRegistration() {
        return this.enableDeviceRegistration;
    }

    private static String isDeviceRegistrationRequired() {
        return "flashScope.".concat(MFA_TRUSTED_AUTHN_SCOPE_ATTR).concat("== null");
    }
}
