package org.apereo.cas.authentication.bypass;

import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-mfa-api-6.6.11.jar:org/apereo/cas/authentication/bypass/RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator.class */
public class RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator extends BaseMultifactorAuthenticationProviderBypassEvaluator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator.class);
    private static final long serialVersionUID = -6123435418344342672L;

    public RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator(String str) {
        super(str);
    }

    @Override // org.apereo.cas.authentication.bypass.BaseMultifactorAuthenticationProviderBypassEvaluator
    public boolean shouldMultifactorAuthenticationProviderExecuteInternal(Authentication authentication, RegisteredService registeredService, MultifactorAuthenticationProvider multifactorAuthenticationProvider, HttpServletRequest httpServletRequest) {
        if (registeredService == null) {
            return true;
        }
        RegisteredServiceMultifactorPolicy multifactorAuthenticationPolicy = registeredService.getMultifactorAuthenticationPolicy();
        if (!(multifactorAuthenticationPolicy != null && StringUtils.isNotBlank(multifactorAuthenticationPolicy.getBypassPrincipalAttributeName()) && StringUtils.isNotBlank(multifactorAuthenticationPolicy.getBypassPrincipalAttributeValue()))) {
            return true;
        }
        Principal resolvePrincipal = resolvePrincipal(authentication.getPrincipal());
        if (!locateMatchingAttributeValue(multifactorAuthenticationPolicy.getBypassPrincipalAttributeName(), multifactorAuthenticationPolicy.getBypassPrincipalAttributeValue(), resolvePrincipal.getAttributes(), true)) {
            return true;
        }
        LOGGER.debug("Bypass rules for principal [{}] indicate the request may be ignored", resolvePrincipal.getId());
        return false;
    }
}
