package org.apereo.cas.web.flow.resolver.impl.mfa;

import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.audit.annotation.Audit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-5.2.4.jar:org/apereo/cas/web/flow/resolver/impl/mfa/RestEndpointMultifactorAuthenticationPolicyEventResolver.class */
public class RestEndpointMultifactorAuthenticationPolicyEventResolver extends BaseMultifactorAuthenticationProviderEventResolver {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RestEndpointMultifactorAuthenticationPolicyEventResolver.class);
    private final String restEndpoint;

    /* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-5.2.4.jar:org/apereo/cas/web/flow/resolver/impl/mfa/RestEndpointMultifactorAuthenticationPolicyEventResolver$RestEndpointEntity.class */
    public static class RestEndpointEntity {
        private String principalId;
        private String serviceId;

        public RestEndpointEntity(String str, String str2) {
            this.principalId = str;
            this.serviceId = str2;
        }

        public String getPrincipalId() {
            return this.principalId;
        }

        public void setPrincipalId(String str) {
            this.principalId = str;
        }

        public String getServiceId() {
            return this.serviceId;
        }

        public void setServiceId(String str) {
            this.serviceId = str;
        }
    }

    public RestEndpointMultifactorAuthenticationPolicyEventResolver(AuthenticationSystemSupport authenticationSystemSupport, CentralAuthenticationService centralAuthenticationService, ServicesManager servicesManager, TicketRegistrySupport ticketRegistrySupport, CookieGenerator cookieGenerator, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector, CasConfigurationProperties casConfigurationProperties) {
        super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, cookieGenerator, authenticationServiceSelectionPlan, multifactorAuthenticationProviderSelector);
        this.restEndpoint = casConfigurationProperties.getAuthn().getMfa().getRestEndpoint();
    }

    @Override // org.apereo.cas.web.flow.resolver.CasWebflowEventResolver
    public Set<Event> resolveInternal(RequestContext requestContext) {
        RegisteredService resolveRegisteredServiceInRequestContext = resolveRegisteredServiceInRequestContext(requestContext);
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        if (resolveRegisteredServiceInRequestContext == null || authentication == null) {
            LOGGER.debug("No service or authentication is available to determine event for principal");
            return null;
        }
        Principal principal = authentication.getPrincipal();
        if (StringUtils.isBlank(this.restEndpoint)) {
            LOGGER.debug("Rest endpoint to determine event is not configured for [{}]", principal.getId());
            return null;
        }
        Map<String, MultifactorAuthenticationProvider> availableMultifactorAuthenticationProviders = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
        if (availableMultifactorAuthenticationProviders == null || availableMultifactorAuthenticationProviders.isEmpty()) {
            LOGGER.error("No multifactor authentication providers are available in the application context");
            return null;
        }
        Collection<MultifactorAuthenticationProvider> flattenProviders = flattenProviders(availableMultifactorAuthenticationProviders.values());
        LOGGER.debug("Contacting [{}] to inquire about [{}]", this.restEndpoint, principal.getId());
        String callRestEndpointForMultifactor = callRestEndpointForMultifactor(principal, requestContext);
        if (StringUtils.isNotBlank(callRestEndpointForMultifactor)) {
            return resolveMultifactorEventViaRestResult(callRestEndpointForMultifactor, flattenProviders);
        }
        LOGGER.debug("No providers are available to match rest endpoint results");
        return new HashSet(0);
    }

    @Override // org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver, org.apereo.cas.web.flow.resolver.CasWebflowEventResolver
    @Audit(action = "AUTHENTICATION_EVENT", actionResolverName = "AUTHENTICATION_EVENT_ACTION_RESOLVER", resourceResolverName = "AUTHENTICATION_EVENT_RESOURCE_RESOLVER")
    public Event resolveSingle(RequestContext requestContext) {
        return super.resolveSingle(requestContext);
    }

    protected Set<Event> resolveMultifactorEventViaRestResult(String str, Collection<MultifactorAuthenticationProvider> collection) {
        LOGGER.debug("Result returned from the rest endpoint is [{}]", str);
        MultifactorAuthenticationProvider orElse = collection.stream().filter(multifactorAuthenticationProvider -> {
            return multifactorAuthenticationProvider.matches(str);
        }).findFirst().orElse(null);
        if (orElse != null) {
            LOGGER.debug("Found multifactor authentication provider [{}]", orElse.getId());
            return CollectionUtils.wrapSet(new Event(this, orElse.getId()));
        }
        LOGGER.debug("No multifactor authentication provider could be matched against [{}]", str);
        return new HashSet(0);
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected String callRestEndpointForMultifactor(Principal principal, RequestContext requestContext) {
        ResponseEntity postForEntity = new RestTemplate().postForEntity(this.restEndpoint, new RestEndpointEntity(principal.getId(), resolveServiceFromAuthenticationRequest(requestContext).getId()), String.class, new Object[0]);
        if (postForEntity == null || postForEntity.getStatusCode() != HttpStatus.OK) {
            return null;
        }
        return (String) postForEntity.getBody();
    }
}
