package org.apereo.cas.authentication.mfa.trigger;

import com.fasterxml.jackson.annotation.JsonIgnore;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Matcher;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException;
import org.apereo.cas.authentication.MultifactorAuthenticationTrigger;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.scripting.ExecutableCompiledGroovyScript;
import org.apereo.cas.util.scripting.GroovyShellScript;
import org.apereo.cas.util.scripting.ScriptingUtils;
import org.apereo.cas.util.scripting.WatchableGroovyScriptResource;
import org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.core.io.AbstractResource;
import org.springframework.data.annotation.Transient;

@Deprecated(since = "6.2.0")
/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-mfa-api-6.3.7.4.jar:org/apereo/cas/authentication/mfa/trigger/ScriptedRegisteredServiceMultifactorAuthenticationTrigger.class */
public class ScriptedRegisteredServiceMultifactorAuthenticationTrigger implements MultifactorAuthenticationTrigger {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ScriptedRegisteredServiceMultifactorAuthenticationTrigger.class);
    private final CasConfigurationProperties casProperties;
    private final ApplicationContext applicationContext;
    private int order = Integer.MAX_VALUE;

    @Transient
    @JsonIgnore
    @javax.persistence.Transient
    private Map<String, ExecutableCompiledGroovyScript> scriptCache = new ConcurrentHashMap(0);

    @Override // org.apereo.cas.authentication.MultifactorAuthenticationTrigger
    public Optional<MultifactorAuthenticationProvider> isActivated(Authentication authentication, RegisteredService registeredService, HttpServletRequest httpServletRequest, Service service) {
        if (authentication == null || registeredService == null) {
            LOGGER.debug("No authentication or service is available to determine event for principal");
            return Optional.empty();
        }
        RegisteredServiceMultifactorPolicy multifactorPolicy = registeredService.getMultifactorPolicy();
        if (multifactorPolicy == null || StringUtils.isBlank(multifactorPolicy.getScript())) {
            LOGGER.trace("Multifactor authentication policy is absent or does not define a script to trigger multifactor authentication");
            return Optional.empty();
        }
        String script = multifactorPolicy.getScript();
        Map<String, MultifactorAuthenticationProvider> availableMultifactorAuthenticationProviders = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
        if (availableMultifactorAuthenticationProviders.isEmpty()) {
            LOGGER.error("No multifactor authentication providers are available in the application context");
            throw new AuthenticationException(new MultifactorAuthenticationProviderAbsentException());
        }
        LOGGER.trace("Locating multifactor authentication trigger script [{}] in script cache...", script);
        if (!this.scriptCache.containsKey(script)) {
            Matcher matcherForInlineGroovyScript = ScriptingUtils.getMatcherForInlineGroovyScript(script);
            Matcher matcherForExternalGroovyScript = ScriptingUtils.getMatcherForExternalGroovyScript(script);
            if (matcherForInlineGroovyScript.find()) {
                this.scriptCache.put(script, new GroovyShellScript(matcherForInlineGroovyScript.group(1)));
                LOGGER.trace("Caching multifactor authentication trigger script as an executable shell script");
            } else if (matcherForExternalGroovyScript.find()) {
                try {
                    AbstractResource resourceFrom = ResourceUtils.getResourceFrom(SpringExpressionLanguageValueResolver.getInstance().resolve(matcherForExternalGroovyScript.group()));
                    this.scriptCache.put(script, new WatchableGroovyScriptResource(resourceFrom));
                    LOGGER.trace("Caching multifactor authentication trigger script as script resource [{}]", resourceFrom);
                } catch (Exception e) {
                    LoggingUtils.error(LOGGER, e);
                }
            }
        }
        if (!this.scriptCache.containsKey(script)) {
            return Optional.empty();
        }
        ExecutableCompiledGroovyScript executableCompiledGroovyScript = this.scriptCache.get(script);
        LOGGER.debug("Executing multifactor authentication trigger script [{}]", executableCompiledGroovyScript);
        String str = (String) executableCompiledGroovyScript.execute(new Object[]{authentication, registeredService, httpServletRequest, service, this.applicationContext, LOGGER}, String.class);
        LOGGER.debug("Multifactor authentication provider delivered by trigger script is [{}]", str);
        if (StringUtils.isBlank(str)) {
            LOGGER.debug("No multifactor authentication is returned from trigger script");
            return Optional.empty();
        }
        Optional<MultifactorAuthenticationProvider> findFirst = availableMultifactorAuthenticationProviders.values().stream().filter(multifactorAuthenticationProvider -> {
            return multifactorAuthenticationProvider.getId().equalsIgnoreCase(str);
        }).findFirst();
        if (!findFirst.isEmpty()) {
            return findFirst;
        }
        LOGGER.error("Unable to locate multifactor authentication provider [{}] in the application context", str);
        throw new AuthenticationException(new MultifactorAuthenticationProviderAbsentException());
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }

    @Generated
    public ApplicationContext getApplicationContext() {
        return this.applicationContext;
    }

    @Override // org.apereo.cas.authentication.MultifactorAuthenticationTrigger, org.springframework.core.Ordered
    @Generated
    public int getOrder() {
        return this.order;
    }

    @Generated
    public Map<String, ExecutableCompiledGroovyScript> getScriptCache() {
        return this.scriptCache;
    }

    @Generated
    public ScriptedRegisteredServiceMultifactorAuthenticationTrigger(CasConfigurationProperties casConfigurationProperties, ApplicationContext applicationContext) {
        this.casProperties = casConfigurationProperties;
        this.applicationContext = applicationContext;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }
}
