package org.apereo.cas.authentication;

import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.bypass.MultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceMultifactorPolicyFailureModes;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.validation.Assertion;
import org.apereo.cas.validation.RequestedAuthenticationContextValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-mfa-api-6.1.0.jar:org/apereo/cas/authentication/DefaultRequestedAuthenticationContextValidator.class */
public class DefaultRequestedAuthenticationContextValidator implements RequestedAuthenticationContextValidator<MultifactorAuthenticationProvider> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultRequestedAuthenticationContextValidator.class);
    private final ServicesManager servicesManager;
    private final MultifactorAuthenticationTriggerSelectionStrategy multifactorTriggerSelectionStrategy;
    private final MultifactorAuthenticationContextValidator authenticationContextValidator;
    private final ApplicationContext applicationContext;

    @Override // org.apereo.cas.validation.RequestedAuthenticationContextValidator
    public Pair<Boolean, Optional<MultifactorAuthenticationProvider>> validateAuthenticationContext(Assertion assertion, HttpServletRequest httpServletRequest) {
        LOGGER.trace("Locating the primary authentication associated with this service request [{}]", assertion.getService());
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(assertion.getService());
        Authentication primaryAuthentication = assertion.getPrimaryAuthentication();
        Optional<String> resolve = this.multifactorTriggerSelectionStrategy.resolve(httpServletRequest, findServiceBy, primaryAuthentication, assertion.getService());
        if (resolve.isEmpty()) {
            LOGGER.debug("No particular authentication context is required for this request");
            return Pair.of(Boolean.TRUE, Optional.empty());
        }
        String str = resolve.get();
        Optional<MultifactorAuthenticationProvider> multifactorAuthenticationProviderById = MultifactorAuthenticationUtils.getMultifactorAuthenticationProviderById(str, this.applicationContext);
        if (multifactorAuthenticationProviderById.isPresent()) {
            MultifactorAuthenticationProvider multifactorAuthenticationProvider = multifactorAuthenticationProviderById.get();
            if (multifactorAuthenticationProvider.isAvailable(findServiceBy)) {
                MultifactorAuthenticationProviderBypassEvaluator bypassEvaluator = multifactorAuthenticationProvider.getBypassEvaluator();
                if (bypassEvaluator != null) {
                    if (!bypassEvaluator.shouldMultifactorAuthenticationProviderExecute(primaryAuthentication, findServiceBy, multifactorAuthenticationProvider, httpServletRequest)) {
                        LOGGER.debug("MFA provider [{}] has determined that it should be bypassed for this service request [{}]", str, assertion.getService());
                        bypassEvaluator.rememberBypass(primaryAuthentication, multifactorAuthenticationProvider);
                        return Pair.of(Boolean.TRUE, Optional.empty());
                    }
                    if (bypassEvaluator.isMultifactorAuthenticationBypassed(primaryAuthentication, str)) {
                        LOGGER.debug("Authentication attempt indicates that MFA is bypassed for this request for [{}]", resolve);
                        bypassEvaluator.rememberBypass(primaryAuthentication, multifactorAuthenticationProvider);
                        return Pair.of(Boolean.TRUE, Optional.empty());
                    }
                }
            } else if (multifactorAuthenticationProvider.getFailureModeEvaluator().evaluate(findServiceBy, multifactorAuthenticationProvider) != RegisteredServiceMultifactorPolicyFailureModes.CLOSED) {
                return Pair.of(Boolean.TRUE, Optional.empty());
            }
        }
        return this.authenticationContextValidator.validate(primaryAuthentication, str, findServiceBy);
    }

    @Generated
    public DefaultRequestedAuthenticationContextValidator(ServicesManager servicesManager, MultifactorAuthenticationTriggerSelectionStrategy multifactorAuthenticationTriggerSelectionStrategy, MultifactorAuthenticationContextValidator multifactorAuthenticationContextValidator, ApplicationContext applicationContext) {
        this.servicesManager = servicesManager;
        this.multifactorTriggerSelectionStrategy = multifactorAuthenticationTriggerSelectionStrategy;
        this.authenticationContextValidator = multifactorAuthenticationContextValidator;
        this.applicationContext = applicationContext;
    }
}
