package org.apereo.cas.web.flow.resolver.impl;

import com.google.common.collect.ImmutableSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.web.support.WebUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-5.0.0.jar:org/apereo/cas/web/flow/resolver/impl/GlobalAuthenticationPolicyWebflowEventResolver.class */
public class GlobalAuthenticationPolicyWebflowEventResolver extends AbstractCasWebflowEventResolver {

    @Autowired
    private CasConfigurationProperties casProperties;

    @Override // org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver
    protected Set<Event> resolveInternal(RequestContext requestContext) {
        RegisteredService registeredService = WebUtils.getRegisteredService(requestContext);
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        if (authentication == null) {
            this.logger.debug("No authentication is available to determine event for principal");
            return null;
        }
        String globalProviderId = this.casProperties.getAuthn().getMfa().getGlobalProviderId();
        if (StringUtils.isBlank(globalProviderId)) {
            this.logger.debug("No value could be found for request parameter {}", globalProviderId);
            return null;
        }
        this.logger.debug("Attempting to globally activate {}", globalProviderId);
        Map<String, MultifactorAuthenticationProvider> allMultifactorAuthenticationProviders = WebUtils.getAllMultifactorAuthenticationProviders(this.applicationContext);
        if (allMultifactorAuthenticationProviders == null || allMultifactorAuthenticationProviders.isEmpty()) {
            this.logger.warn("No multifactor authentication providers are available in the application context");
            throw new AuthenticationException();
        }
        Optional<MultifactorAuthenticationProvider> findFirst = allMultifactorAuthenticationProviders.values().stream().filter(multifactorAuthenticationProvider -> {
            return multifactorAuthenticationProvider.getId().equals(globalProviderId);
        }).findFirst();
        if (!findFirst.isPresent()) {
            this.logger.warn("No multifactor provider could be found for {}", globalProviderId);
            throw new AuthenticationException();
        }
        if (findFirst.get().isAvailable(registeredService)) {
            this.logger.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", findFirst.get(), registeredService.getName());
            return ImmutableSet.of(validateEventIdForMatchingTransitionInContext(findFirst.get().getId(), requestContext, buildEventAttributeMap(authentication.getPrincipal(), registeredService, findFirst.get())));
        }
        this.logger.warn("Located multifactor provider {}, yet the provider cannot be reached or verified", findFirst.get());
        return null;
    }
}
