package org.apereo.cas.services;

import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProperties;
import org.apereo.cas.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-5.0.0.jar:org/apereo/cas/services/DefaultMultifactorAuthenticationProviderBypass.class */
public class DefaultMultifactorAuthenticationProviderBypass implements MultifactorAuthenticationProviderBypass {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultMultifactorAuthenticationProviderBypass.class);
    private MultifactorAuthenticationProperties.BaseProvider.Bypass bypass;

    public DefaultMultifactorAuthenticationProviderBypass(MultifactorAuthenticationProperties.BaseProvider.Bypass bypass) {
        this.bypass = bypass;
    }

    @Override // org.apereo.cas.services.MultifactorAuthenticationProviderBypass
    public boolean eval(Authentication authentication) {
        Principal principal = authentication.getPrincipal();
        if (!skipBypassAndSupportEventBasedOnPrincipalAttributes(this.bypass, principal)) {
            LOGGER.debug("Bypass rules for principal {} indicate the request may be ignored", principal.getId());
            return false;
        }
        if (!skipBypassAndSupportEventBasedOnAuthenticationAttributes(this.bypass, authentication)) {
            LOGGER.debug("Bypass rules for authentication {} indicate the request may be ignored", principal.getId());
            return false;
        }
        if (!(!evaluateAttributeRulesForBypass("authenticationMethod", this.bypass.getAuthenticationMethodName(), authentication.getAttributes()))) {
            LOGGER.debug("Bypass rules for authentication method {} indicate the request may be ignored", principal.getId());
            return false;
        }
        if (!(!evaluateAttributeRulesForBypass("successfulAuthenticationHandlers", this.bypass.getAuthenticationHandlerName(), authentication.getAttributes()))) {
            LOGGER.debug("Bypass rules for authentication handlers {} indicate the request may be ignored", principal.getId());
            return false;
        }
        if (!evaluateCredentialTypeForBypass(authentication, this.bypass.getCredentialClassType())) {
            return true;
        }
        LOGGER.debug("Bypass rules for credential types {} indicate the request may be ignored", principal.getId());
        return false;
    }

    private static boolean evaluateCredentialTypeForBypass(Authentication authentication, String str) {
        return StringUtils.isNotBlank(str) && authentication.getCredentials().stream().filter(credentialMetaData -> {
            return credentialMetaData.getCredentialClass().getName().matches(str);
        }).findAny().isPresent();
    }

    protected boolean skipBypassAndSupportEventBasedOnAuthenticationAttributes(MultifactorAuthenticationProperties.BaseProvider.Bypass bypass, Authentication authentication) {
        return evaluateAttributeRulesForBypass(bypass.getAuthenticationAttributeName(), bypass.getAuthenticationAttributeValue(), authentication.getAttributes());
    }

    protected boolean skipBypassAndSupportEventBasedOnPrincipalAttributes(MultifactorAuthenticationProperties.BaseProvider.Bypass bypass, Principal principal) {
        return evaluateAttributeRulesForBypass(bypass.getPrincipalAttributeName(), bypass.getAuthenticationAttributeValue(), principal.getAttributes());
    }

    protected boolean evaluateAttributeRulesForBypass(String str, String str2, Map<String, Object> map) {
        boolean z = true;
        if (StringUtils.isNotBlank(str)) {
            Set set = (Set) map.entrySet().stream().filter(entry -> {
                return ((String) entry.getKey()).matches(str);
            }).collect(Collectors.toSet());
            z = set.isEmpty();
            if (!set.isEmpty() && StringUtils.isNotBlank(str2)) {
                z = ((Set) set.stream().filter(entry2 -> {
                    return CollectionUtils.convertValueToCollection(entry2.getValue()).stream().filter(obj -> {
                        return obj.toString().matches(str2);
                    }).findAny().isPresent();
                }).collect(Collectors.toSet())).isEmpty();
            }
        }
        return z;
    }
}
