package org.apereo.cas.web.flow.configurer;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.CasWebflowConstants;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.util.StringUtils;
import org.springframework.webflow.definition.FlowDefinition;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.ActionState;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.SubflowState;
import org.springframework.webflow.engine.Transition;
import org.springframework.webflow.engine.TransitionSet;
import org.springframework.webflow.engine.TransitionableState;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.engine.support.DefaultTargetStateResolver;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-mfa-api-6.1.7.2.jar:org/apereo/cas/web/flow/configurer/AbstractCasMultifactorWebflowConfigurer.class */
public abstract class AbstractCasMultifactorWebflowConfigurer extends AbstractCasWebflowConfigurer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractCasMultifactorWebflowConfigurer.class);
    private static final String MFA_CHECK_AVAILABLE_BEAN_ID = "mfaAvailableAction";
    private static final String MFA_CHECK_BYPASS_BEAN_ID = "mfaBypassAction";
    private static final String MFA_CHECK_FAILURE_BEAN_ID = "mfaFailureAction";

    public AbstractCasMultifactorWebflowConfigurer(FlowBuilderServices flowBuilderServices, FlowDefinitionRegistry flowDefinitionRegistry, ApplicationContext applicationContext, CasConfigurationProperties casConfigurationProperties) {
        super(flowBuilderServices, flowDefinitionRegistry, applicationContext, casConfigurationProperties);
        setOrder(Integer.MAX_VALUE);
    }

    protected void registerMultifactorFlowDefinitionIntoLoginFlowRegistry(FlowDefinitionRegistry flowDefinitionRegistry) {
        for (String str : flowDefinitionRegistry.getFlowDefinitionIds()) {
            FlowDefinition flowDefinition = flowDefinitionRegistry.getFlowDefinition(str);
            if (flowDefinition != null) {
                LOGGER.trace("Registering flow definition [{}]", str);
                this.loginFlowDefinitionRegistry.registerFlowDefinition(flowDefinition);
            }
        }
    }

    private void ensureEndStateTransitionExists(TransitionableState transitionableState, Flow flow, String str, String str2) {
        if (containsTransition(transitionableState, str)) {
            return;
        }
        createTransitionForState(transitionableState, str, str2);
        if (containsFlowState(flow, str2)) {
            return;
        }
        createEndState(flow, str2);
    }

    protected void augmentMultifactorProviderFlowRegistry(FlowDefinitionRegistry flowDefinitionRegistry) {
        Arrays.stream(flowDefinitionRegistry.getFlowDefinitionIds()).forEach(str -> {
            Flow flow = (Flow) flowDefinitionRegistry.getFlowDefinition(str);
            if (flow == null || !containsFlowState(flow, CasWebflowConstants.STATE_ID_REAL_SUBMIT)) {
                return;
            }
            getCandidateStatesForMultifactorAuthentication().forEach(str -> {
                TransitionableState state = getState(flow, str);
                if (state == null) {
                    LOGGER.error("Unable to locate state definition [{}] in flow [{}]", str, flow.getId());
                    return;
                }
                ensureEndStateTransitionExists(state, flow, "success", "success");
                ensureEndStateTransitionExists(state, flow, CasWebflowConstants.TRANSITION_ID_SUCCESS_WITH_WARNINGS, CasWebflowConstants.TRANSITION_ID_SUCCESS_WITH_WARNINGS);
                ensureEndStateTransitionExists(state, flow, CasWebflowConstants.TRANSITION_ID_UNAVAILABLE, CasWebflowConstants.STATE_ID_MFA_UNAVAILABLE);
                ensureEndStateTransitionExists(state, flow, CasWebflowConstants.TRANSITION_ID_DENY, CasWebflowConstants.STATE_ID_MFA_DENIED);
            });
        });
    }

    protected void registerMultifactorProviderAuthenticationWebflow(Flow flow, String str, FlowDefinitionRegistry flowDefinitionRegistry, String str2) {
        if (!flowDefinitionRegistry.containsFlowDefinition(str)) {
            LOGGER.error("Could not locate flow id [{}]", str);
            return;
        }
        if (flow == null) {
            LOGGER.error("Unable to locate parent flow definition to register provider [{}]", str2);
            return;
        }
        Flow flow2 = (Flow) flowDefinitionRegistry.getFlowDefinition(str);
        flow2.getStartActionList().add(requestContext -> {
            WebUtils.createCredential(requestContext);
            return null;
        });
        flow2.getStartActionList().add(createSetAction("flowScope.".concat(CasWebflowConstants.VAR_ID_MFA_PROVIDER_ID), StringUtils.quote(str2)));
        Transition transition = (Transition) ((ActionState) flow2.getStartState()).getTransition("success");
        String targetStateId = transition.getTargetStateId();
        transition.setTargetStateResolver(new DefaultTargetStateResolver(CasWebflowConstants.STATE_ID_MFA_CHECK_BYPASS));
        registerMultifactorProviderBypassAction(flow2);
        registerMultifactorProviderAvailableAction(flow2, targetStateId);
        registerMultifactorProviderFailureAction(flow, flow2);
        SubflowState createSubflowState = createSubflowState(flow, str, str);
        Collection<String> candidateStatesForMultifactorAuthentication = getCandidateStatesForMultifactorAuthentication();
        LOGGER.trace("Candidate states for multifactor authentication are [{}]", candidateStatesForMultifactorAuthentication);
        candidateStatesForMultifactorAuthentication.forEach(str3 -> {
            LOGGER.trace("Locating state [{}] to process for multifactor authentication", str3);
            TransitionableState state = getState(flow, str3);
            if (state == null) {
                LOGGER.error("Unable to locate state definition [{}] in flow [{}]", str3, flow.getId());
                return;
            }
            LOGGER.trace("Adding transition [{}] to [{}] for [{}]", CasWebflowConstants.TRANSITION_ID_DENY, CasWebflowConstants.STATE_ID_MFA_DENIED, str3);
            createTransitionForState(state, CasWebflowConstants.TRANSITION_ID_DENY, CasWebflowConstants.STATE_ID_MFA_DENIED);
            LOGGER.trace("Adding transition [{}] to [{}] for [{}]", CasWebflowConstants.TRANSITION_ID_UNAVAILABLE, CasWebflowConstants.STATE_ID_MFA_UNAVAILABLE, str3);
            createTransitionForState(state, CasWebflowConstants.TRANSITION_ID_UNAVAILABLE, CasWebflowConstants.STATE_ID_MFA_UNAVAILABLE);
            LOGGER.trace("Locating transition id [{}] to process multifactor authentication for state [{}]", "success", str3);
            String targetStateId2 = state.getTransition("success").getTargetStateId();
            LOGGER.trace("Locating transition id [{}] to process multifactor authentication for state [{}]", CasWebflowConstants.TRANSITION_ID_SUCCESS_WITH_WARNINGS, str3);
            String targetStateId3 = state.getTransition(CasWebflowConstants.TRANSITION_ID_SUCCESS_WITH_WARNINGS).getTargetStateId();
            LOGGER.trace("Locating transition id [{}] to process multifactor authentication for state [{}]", CasWebflowConstants.TRANSITION_ID_DENY, str3);
            String targetStateId4 = state.getTransition(CasWebflowConstants.TRANSITION_ID_DENY).getTargetStateId();
            LOGGER.trace("Location transition id [{}] to process multifactor authentication for stat [{}]", CasWebflowConstants.TRANSITION_ID_UNAVAILABLE, str3);
            String targetStateId5 = state.getTransition(CasWebflowConstants.TRANSITION_ID_UNAVAILABLE).getTargetStateId();
            createSubflowState.setAttributeMapper(createSubflowAttributeMapper(createMapperToSubflowState(new ArrayList()), null));
            LOGGER.trace("Creating transitions to subflow state [{}]", createSubflowState.getId());
            TransitionSet transitionSet = createSubflowState.getTransitionSet();
            transitionSet.add(createTransition("success", targetStateId2));
            transitionSet.add(createTransition(CasWebflowConstants.TRANSITION_ID_SUCCESS_WITH_WARNINGS, targetStateId3));
            transitionSet.add(createTransition(CasWebflowConstants.TRANSITION_ID_DENY, targetStateId4));
            transitionSet.add(createTransition(CasWebflowConstants.TRANSITION_ID_UNAVAILABLE, targetStateId5));
            transitionSet.add(createTransition(CasWebflowConstants.TRANSITION_ID_CANCEL, CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM));
            LOGGER.trace("Creating transition [{}] for state [{}]", str, state.getId());
            createTransitionForState(state, str, str);
        });
        registerMultifactorFlowDefinitionIntoLoginFlowRegistry(flowDefinitionRegistry);
        augmentMultifactorProviderFlowRegistry(flowDefinitionRegistry);
        LOGGER.trace("Registering the [{}] flow into the flow [{}]", str, flow.getId());
        createTransitionForState(flow.getTransitionableState(flow.getStartState().getId()), str, str, true);
        createTransitionForState(flow.getTransitionableState(CasWebflowConstants.STATE_ID_INITIAL_AUTHN_REQUEST_VALIDATION_CHECK), str, str, true);
    }

    private void registerMultifactorProviderFailureAction(Flow flow, Flow flow2) {
        if (flow != null) {
            ActionState createActionState = createActionState(flow2, CasWebflowConstants.TRANSITION_ID_MFA_FAILURE, createEvaluateAction(MFA_CHECK_FAILURE_BEAN_ID));
            createTransitionForState(createActionState, CasWebflowConstants.TRANSITION_ID_UNAVAILABLE, CasWebflowConstants.TRANSITION_ID_UNAVAILABLE);
            createTransitionForState(createActionState, CasWebflowConstants.TRANSITION_ID_BYPASS, "success");
            LOGGER.trace("Adding end state [{}] with transition to [{}] to flow [{}] for MFA", CasWebflowConstants.STATE_ID_MFA_UNAVAILABLE, CasWebflowConstants.VIEW_ID_MFA_UNAVAILABLE, flow.getId());
            createEndState(flow, CasWebflowConstants.STATE_ID_MFA_UNAVAILABLE, CasWebflowConstants.VIEW_ID_MFA_UNAVAILABLE);
            LOGGER.trace("Adding end state [{}] with transition to [{}] to flow [{}] for MFA", CasWebflowConstants.STATE_ID_MFA_DENIED, CasWebflowConstants.VIEW_ID_MFA_DENIED, flow.getId());
            createEndState(flow, CasWebflowConstants.STATE_ID_MFA_DENIED, CasWebflowConstants.VIEW_ID_MFA_DENIED);
        }
    }

    private void registerMultifactorProviderAvailableAction(Flow flow, String str) {
        ActionState createActionState = createActionState(flow, CasWebflowConstants.STATE_ID_MFA_CHECK_AVAILABLE, createEvaluateAction(MFA_CHECK_AVAILABLE_BEAN_ID));
        if (flow.containsState(CasWebflowConstants.STATE_ID_MFA_PRE_AUTH)) {
            createTransitionForState(createActionState, "yes", CasWebflowConstants.STATE_ID_MFA_PRE_AUTH);
        } else {
            createTransitionForState(createActionState, "yes", str);
        }
        createTransitionForState(createActionState, "no", CasWebflowConstants.TRANSITION_ID_MFA_FAILURE);
    }

    private void registerMultifactorProviderBypassAction(Flow flow) {
        ActionState createActionState = createActionState(flow, CasWebflowConstants.STATE_ID_MFA_CHECK_BYPASS, createEvaluateAction(MFA_CHECK_BYPASS_BEAN_ID));
        createTransitionForState(createActionState, "no", CasWebflowConstants.STATE_ID_MFA_CHECK_AVAILABLE);
        createTransitionForState(createActionState, "yes", "success");
    }

    protected Collection<String> getCandidateStatesForMultifactorAuthentication() {
        return CollectionUtils.wrapSet(CasWebflowConstants.STATE_ID_REAL_SUBMIT);
    }
}
