package org.apereo.cas.authentication.mfa.trigger;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.authentication.MultifactorAuthenticationTrigger;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.GlobalMultifactorAuthenticationProperties;
import org.apereo.cas.multitenancy.TenantExtractor;
import org.apereo.cas.services.RegisteredService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-mfa-api-7.3.0-RC2.jar:org/apereo/cas/authentication/mfa/trigger/GlobalMultifactorAuthenticationTrigger.class */
public class GlobalMultifactorAuthenticationTrigger implements MultifactorAuthenticationTrigger {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) GlobalMultifactorAuthenticationTrigger.class);
    private final CasConfigurationProperties casProperties;
    private final ApplicationContext applicationContext;
    private final MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector;
    private final TenantExtractor tenantExtractor;
    private int order = Integer.MAX_VALUE;

    @Override // org.apereo.cas.authentication.MultifactorAuthenticationTrigger
    public Optional<MultifactorAuthenticationProvider> isActivated(Authentication authentication, RegisteredService registeredService, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Service service) throws Throwable {
        if (authentication == null) {
            LOGGER.debug("No authentication is available to determine event for principal");
            return Optional.empty();
        }
        Set<String> findGlobalProviderIds = findGlobalProviderIds(httpServletRequest);
        if (findGlobalProviderIds == null || findGlobalProviderIds.isEmpty()) {
            LOGGER.trace("No value could be found for for the global provider id");
            return Optional.empty();
        }
        LOGGER.debug("Attempting to globally activate [{}]", findGlobalProviderIds);
        Map<String, MultifactorAuthenticationProvider> availableMultifactorAuthenticationProviders = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
        if (availableMultifactorAuthenticationProviders.isEmpty()) {
            LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", findGlobalProviderIds);
            throw new AuthenticationException(new MultifactorAuthenticationProviderAbsentException());
        }
        List<MultifactorAuthenticationProvider> list = (List) findGlobalProviderIds.stream().map(str -> {
            return MultifactorAuthenticationUtils.resolveProvider((Map<String, MultifactorAuthenticationProvider>) availableMultifactorAuthenticationProviders, str);
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).sorted(Comparator.comparing((v0) -> {
            return v0.getOrder();
        })).collect(Collectors.toList());
        if (list.size() != findGlobalProviderIds.size()) {
            handleAbsentMultifactorProvider(findGlobalProviderIds, list);
        }
        return list.size() == 1 ? resolveSingleMultifactorProvider((MultifactorAuthenticationProvider) list.getFirst()) : resolveMultifactorProvider(authentication, registeredService, list);
    }

    protected Set<String> findGlobalProviderIds(HttpServletRequest httpServletRequest) {
        return (Set) this.tenantExtractor.extract(httpServletRequest).map((v0) -> {
            return v0.bindProperties();
        }).filter(configurationPropertiesBindingContext -> {
            return configurationPropertiesBindingContext.containsBindingFor(GlobalMultifactorAuthenticationProperties.class);
        }).map(configurationPropertiesBindingContext2 -> {
            return StringUtils.commaDelimitedListToSet(((CasConfigurationProperties) configurationPropertiesBindingContext2.value()).getAuthn().getMfa().getTriggers().getGlobal().getGlobalProviderId());
        }).filter(set -> {
            return !set.isEmpty();
        }).orElseGet(() -> {
            return StringUtils.commaDelimitedListToSet(this.casProperties.getAuthn().getMfa().getTriggers().getGlobal().getGlobalProviderId());
        });
    }

    protected void handleAbsentMultifactorProvider(Set<String> set, List<MultifactorAuthenticationProvider> list) {
        String format = String.format("Not all requested multifactor providers could be found. Requested providers are [%s] and resolved providers are [%s]", set, (String) list.stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.joining(",")));
        LOGGER.warn(format, set);
        throw new MultifactorAuthenticationProviderAbsentException(format);
    }

    protected Optional<MultifactorAuthenticationProvider> resolveSingleMultifactorProvider(MultifactorAuthenticationProvider multifactorAuthenticationProvider) {
        LOGGER.debug("Resolved single multifactor provider [{}]", multifactorAuthenticationProvider);
        return Optional.of(multifactorAuthenticationProvider);
    }

    protected Optional<MultifactorAuthenticationProvider> resolveMultifactorProvider(Authentication authentication, RegisteredService registeredService, List<MultifactorAuthenticationProvider> list) throws Throwable {
        MultifactorAuthenticationProvider resolve = this.multifactorAuthenticationProviderSelector.resolve(list, registeredService, authentication.getPrincipal());
        LOGGER.debug("Selected multifactor authentication provider for this transaction is [{}]", resolve);
        return Optional.ofNullable(resolve);
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }

    @Generated
    public ApplicationContext getApplicationContext() {
        return this.applicationContext;
    }

    @Generated
    public MultifactorAuthenticationProviderSelector getMultifactorAuthenticationProviderSelector() {
        return this.multifactorAuthenticationProviderSelector;
    }

    @Generated
    public TenantExtractor getTenantExtractor() {
        return this.tenantExtractor;
    }

    @Override // org.apereo.cas.authentication.MultifactorAuthenticationTrigger, org.springframework.core.Ordered
    @Generated
    public int getOrder() {
        return this.order;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }

    @Generated
    public GlobalMultifactorAuthenticationTrigger(CasConfigurationProperties casConfigurationProperties, ApplicationContext applicationContext, MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector, TenantExtractor tenantExtractor) {
        this.casProperties = casConfigurationProperties;
        this.applicationContext = applicationContext;
        this.multifactorAuthenticationProviderSelector = multifactorAuthenticationProviderSelector;
        this.tenantExtractor = tenantExtractor;
    }
}
