package org.apereo.cas.oidc.web.flow;

import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URIBuilder;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderResolver;
import org.apereo.cas.authentication.MultifactorAuthenticationTrigger;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.oidc.discovery.OidcServerDiscoverySettings;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.support.oauth.OAuth20Constants;
import org.apereo.cas.support.oauth.web.OAuth20RequestParameterResolver;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.jooq.lambda.Unchecked;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.context.ApplicationContext;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/web/flow/OidcMultifactorAuthenticationTrigger.class */
public class OidcMultifactorAuthenticationTrigger implements MultifactorAuthenticationTrigger {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcMultifactorAuthenticationTrigger.class);
    private final CasConfigurationProperties casProperties;
    private final MultifactorAuthenticationProviderResolver multifactorAuthenticationProviderResolver;
    private final ApplicationContext applicationContext;
    private final OAuth20RequestParameterResolver oauthRequestParameterResolver;
    private final FactoryBean<OidcServerDiscoverySettings> discoverySettingsFactory;
    private int order = Integer.MAX_VALUE;

    @Override // org.apereo.cas.authentication.MultifactorAuthenticationTrigger
    public Optional<MultifactorAuthenticationProvider> isActivated(Authentication authentication, RegisteredService registeredService, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Service service) {
        String authenticationClassReference = getAuthenticationClassReference(httpServletRequest, httpServletResponse);
        if (StringUtils.isBlank(authenticationClassReference)) {
            LOGGER.debug("No ACR provided in the authentication request");
            return Optional.empty();
        }
        Set<String> supportedAcrValues = getSupportedAcrValues(authentication, registeredService, httpServletRequest);
        List of = List.of((Object[]) org.springframework.util.StringUtils.delimitedListToStringArray(authenticationClassReference, " "));
        Stream stream = of.stream();
        Objects.requireNonNull(supportedAcrValues);
        if (stream.noneMatch((v1) -> {
            return r1.contains(v1);
        })) {
            LOGGER.warn("ACR [{}] is not defined as a supported ACR in CAS configuration, [{}]", authenticationClassReference, supportedAcrValues);
            return Optional.empty();
        }
        Map<String, MultifactorAuthenticationProvider> availableMultifactorAuthenticationProviders = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
        if (availableMultifactorAuthenticationProviders.isEmpty()) {
            LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", of);
            throw new AuthenticationException(new MultifactorAuthenticationProviderAbsentException());
        }
        Map<String, String> convertDirectedListToMap = CollectionUtils.convertDirectedListToMap(this.casProperties.getAuthn().getOidc().getCore().getAuthenticationContextReferenceMappings());
        List list = (List) of.stream().map(str -> {
            return (String) convertDirectedListToMap.getOrDefault(str, str);
        }).collect(Collectors.toList());
        LOGGER.debug("Mapped ACR values are [{}] to compare against [{}]", list, availableMultifactorAuthenticationProviders.values());
        return availableMultifactorAuthenticationProviders.values().stream().filter(multifactorAuthenticationProvider -> {
            return list.contains(multifactorAuthenticationProvider.getId());
        }).findAny();
    }

    protected Set<String> getSupportedAcrValues(Authentication authentication, RegisteredService registeredService, HttpServletRequest httpServletRequest) {
        return (Set) FunctionUtils.doUnchecked(() -> {
            return this.discoverySettingsFactory.getObject2().getAcrValuesSupported();
        });
    }

    protected String getAuthenticationClassReference(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String orElse = this.oauthRequestParameterResolver.resolveRequestParameter(new JEEContext(httpServletRequest, httpServletResponse), OAuth20Constants.ACR_VALUES).orElse("");
        if (StringUtils.isBlank(orElse)) {
            String parameter = httpServletRequest.getParameter("service");
            if (StringUtils.isNotBlank(parameter)) {
                Optional findFirst = ((List) Unchecked.supplier(() -> {
                    return new URIBuilder(UriComponentsBuilder.fromUriString(parameter).toUriString()).getQueryParams();
                }).get()).stream().filter(nameValuePair -> {
                    return nameValuePair.getName().equals(OAuth20Constants.ACR_VALUES);
                }).findFirst();
                if (findFirst.isPresent()) {
                    return EncodingUtils.urlDecode(((NameValuePair) findFirst.get()).getValue());
                }
            }
        }
        return EncodingUtils.urlDecode(orElse);
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }

    @Generated
    public MultifactorAuthenticationProviderResolver getMultifactorAuthenticationProviderResolver() {
        return this.multifactorAuthenticationProviderResolver;
    }

    @Generated
    public ApplicationContext getApplicationContext() {
        return this.applicationContext;
    }

    @Generated
    public OAuth20RequestParameterResolver getOauthRequestParameterResolver() {
        return this.oauthRequestParameterResolver;
    }

    @Generated
    public FactoryBean<OidcServerDiscoverySettings> getDiscoverySettingsFactory() {
        return this.discoverySettingsFactory;
    }

    @Override // org.apereo.cas.authentication.MultifactorAuthenticationTrigger, org.springframework.core.Ordered
    @Generated
    public int getOrder() {
        return this.order;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }

    @Generated
    public OidcMultifactorAuthenticationTrigger(CasConfigurationProperties casConfigurationProperties, MultifactorAuthenticationProviderResolver multifactorAuthenticationProviderResolver, ApplicationContext applicationContext, OAuth20RequestParameterResolver oAuth20RequestParameterResolver, FactoryBean<OidcServerDiscoverySettings> factoryBean) {
        this.casProperties = casConfigurationProperties;
        this.multifactorAuthenticationProviderResolver = multifactorAuthenticationProviderResolver;
        this.applicationContext = applicationContext;
        this.oauthRequestParameterResolver = oAuth20RequestParameterResolver;
        this.discoverySettingsFactory = factoryBean;
    }
}
