package org.apereo.cas.authentication;

import java.util.Comparator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apereo.cas.authentication.bypass.MultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.model.support.mfa.BaseMultifactorAuthenticationProviderProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.validation.Assertion;
import org.apereo.cas.validation.AuthenticationContextValidationResult;
import org.apereo.cas.validation.RequestedAuthenticationContextValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-mfa-api-6.4.6.jar:org/apereo/cas/authentication/DefaultRequestedAuthenticationContextValidator.class */
public class DefaultRequestedAuthenticationContextValidator implements RequestedAuthenticationContextValidator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultRequestedAuthenticationContextValidator.class);
    private final ServicesManager servicesManager;
    private final MultifactorAuthenticationTriggerSelectionStrategy multifactorTriggerSelectionStrategy;
    private final MultifactorAuthenticationContextValidator authenticationContextValidator;

    /* JADX WARN: Type inference failed for: r0v1, types: [org.apereo.cas.validation.AuthenticationContextValidationResult$AuthenticationContextValidationResultBuilder] */
    protected static AuthenticationContextValidationResult toSuccessfulResult() {
        return AuthenticationContextValidationResult.builder().success(true).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static AuthenticationContextValidationResult validateMultifactorProviderBypass(MultifactorAuthenticationProvider multifactorAuthenticationProvider, RegisteredService registeredService, Authentication authentication, Service service, HttpServletRequest httpServletRequest) {
        if (multifactorAuthenticationProvider.isAvailable(registeredService)) {
            MultifactorAuthenticationProviderBypassEvaluator bypassEvaluator = multifactorAuthenticationProvider.getBypassEvaluator();
            if (bypassEvaluator != null) {
                if (!bypassEvaluator.shouldMultifactorAuthenticationProviderExecute(authentication, registeredService, multifactorAuthenticationProvider, httpServletRequest)) {
                    LOGGER.debug("MFA provider [{}] should be bypassed for this service request [{}]", multifactorAuthenticationProvider, service);
                    bypassEvaluator.rememberBypass(authentication, multifactorAuthenticationProvider);
                    return toSuccessfulResult();
                }
                if (bypassEvaluator.isMultifactorAuthenticationBypassed(authentication, multifactorAuthenticationProvider.getId())) {
                    LOGGER.debug("Authentication attempt indicates that MFA is bypassed for this request for [{}]", multifactorAuthenticationProvider);
                    bypassEvaluator.rememberBypass(authentication, multifactorAuthenticationProvider);
                    return toSuccessfulResult();
                }
            }
        } else if (multifactorAuthenticationProvider.getFailureModeEvaluator().evaluate(registeredService, multifactorAuthenticationProvider) != BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.CLOSED) {
            return toSuccessfulResult();
        }
        return toFailureResult();
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.apereo.cas.validation.AuthenticationContextValidationResult$AuthenticationContextValidationResultBuilder] */
    private static AuthenticationContextValidationResult toFailureResult() {
        return AuthenticationContextValidationResult.builder().success(false).build();
    }

    @Override // org.apereo.cas.validation.RequestedAuthenticationContextValidator
    public AuthenticationContextValidationResult validateAuthenticationContext(Assertion assertion, HttpServletRequest httpServletRequest) {
        LOGGER.trace("Locating the primary authentication associated with this service request [{}]", assertion.getService());
        return validateAuthenticationContext(httpServletRequest, this.servicesManager.findServiceBy(assertion.getService()), assertion.getPrimaryAuthentication(), assertion.getService());
    }

    @Override // org.apereo.cas.validation.RequestedAuthenticationContextValidator
    public AuthenticationContextValidationResult validateAuthenticationContext(HttpServletRequest httpServletRequest, RegisteredService registeredService, Authentication authentication, Service service) {
        if (registeredService != null && registeredService.getMultifactorPolicy().isBypassEnabled()) {
            LOGGER.debug("Multifactor authentication execution is ignored for [{}]", registeredService.getName());
            return toSuccessfulResult();
        }
        Optional<MultifactorAuthenticationProvider> resolve = this.multifactorTriggerSelectionStrategy.resolve(httpServletRequest, registeredService, authentication, service);
        if (resolve.isEmpty()) {
            LOGGER.debug("No authentication context is required for this request");
            return toSuccessfulResult();
        }
        List list = (List) resolve.map(multifactorAuthenticationProvider -> {
            return multifactorAuthenticationProvider instanceof ChainingMultifactorAuthenticationProvider ? (List) ((ChainingMultifactorAuthenticationProvider) ChainingMultifactorAuthenticationProvider.class.cast(multifactorAuthenticationProvider)).getMultifactorAuthenticationProviders().stream().filter(multifactorAuthenticationProvider -> {
                return multifactorAuthenticationProvider.equals(multifactorAuthenticationProvider);
            }).collect(Collectors.toList()) : List.of(multifactorAuthenticationProvider);
        }).orElse(List.of());
        if (list.stream().map(multifactorAuthenticationProvider2 -> {
            return validateMultifactorProviderBypass(multifactorAuthenticationProvider2, registeredService, authentication, service, httpServletRequest);
        }).allMatch((v0) -> {
            return v0.isSuccess();
        })) {
            return toSuccessfulResult();
        }
        LOGGER.debug("Multifactor providers eligible for validation are [{}]", list);
        Optional map = list.stream().sorted(Comparator.comparing((v0) -> {
            return v0.getOrder();
        })).map(multifactorAuthenticationProvider3 -> {
            return this.authenticationContextValidator.validate(authentication, multifactorAuthenticationProvider3.getId(), Optional.ofNullable(registeredService));
        }).filter((v0) -> {
            return v0.isSuccess();
        }).findAny().map(multifactorAuthenticationContextValidationResult -> {
            return AuthenticationContextValidationResult.builder().success(multifactorAuthenticationContextValidationResult.isSuccess()).contextId(multifactorAuthenticationContextValidationResult.getProvider().map((v0) -> {
                return v0.getId();
            })).build();
        });
        Class<AuthenticationContextValidationResult> cls = AuthenticationContextValidationResult.class;
        Objects.requireNonNull(AuthenticationContextValidationResult.class);
        return (AuthenticationContextValidationResult) map.map((v1) -> {
            return r1.cast(v1);
        }).orElseGet(DefaultRequestedAuthenticationContextValidator::toFailureResult);
    }

    @Generated
    public DefaultRequestedAuthenticationContextValidator(ServicesManager servicesManager, MultifactorAuthenticationTriggerSelectionStrategy multifactorAuthenticationTriggerSelectionStrategy, MultifactorAuthenticationContextValidator multifactorAuthenticationContextValidator) {
        this.servicesManager = servicesManager;
        this.multifactorTriggerSelectionStrategy = multifactorAuthenticationTriggerSelectionStrategy;
        this.authenticationContextValidator = multifactorAuthenticationContextValidator;
    }
}
