package org.apereo.cas.authentication.mfa.trigger;

import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationTrigger;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.scripting.WatchableGroovyScriptResource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.context.ApplicationContext;
import org.springframework.core.io.Resource;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-mfa-api-6.2.1.jar:org/apereo/cas/authentication/mfa/trigger/GroovyScriptMultifactorAuthenticationTrigger.class */
public class GroovyScriptMultifactorAuthenticationTrigger implements MultifactorAuthenticationTrigger, DisposableBean {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) GroovyScriptMultifactorAuthenticationTrigger.class);
    private final CasConfigurationProperties casProperties;
    private final WatchableGroovyScriptResource watchableScript;
    private final ApplicationContext applicationContext;
    private int order = Integer.MAX_VALUE;

    public GroovyScriptMultifactorAuthenticationTrigger(CasConfigurationProperties casConfigurationProperties, ApplicationContext applicationContext) {
        this.casProperties = casConfigurationProperties;
        this.watchableScript = new WatchableGroovyScriptResource(casConfigurationProperties.getAuthn().getMfa().getGroovyScript());
        this.applicationContext = applicationContext;
    }

    @Override // org.apereo.cas.authentication.MultifactorAuthenticationTrigger
    public Optional<MultifactorAuthenticationProvider> isActivated(Authentication authentication, RegisteredService registeredService, HttpServletRequest httpServletRequest, Service service) {
        Resource groovyScript = this.casProperties.getAuthn().getMfa().getGroovyScript();
        if (groovyScript == null) {
            LOGGER.trace("No groovy script is configured for multifactor authentication");
            return Optional.empty();
        }
        if (!ResourceUtils.doesResourceExist(groovyScript)) {
            LOGGER.warn("No groovy script is found at [{}] for multifactor authentication", groovyScript);
            return Optional.empty();
        }
        if (authentication == null) {
            LOGGER.debug("No authentication is available to determine event for principal");
            return Optional.empty();
        }
        if (registeredService == null) {
            LOGGER.debug("No registered service is available to determine event for principal [{}]", authentication.getPrincipal());
            return Optional.empty();
        }
        if (service == null) {
            LOGGER.debug("No service is available to determine event for principal [{}]", authentication.getPrincipal());
            return Optional.empty();
        }
        Map<String, MultifactorAuthenticationProvider> availableMultifactorAuthenticationProviders = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
        if (availableMultifactorAuthenticationProviders.isEmpty()) {
            LOGGER.error("No multifactor authentication providers are available in the application context");
            throw new AuthenticationException();
        }
        try {
            String str = (String) this.watchableScript.execute(new Object[]{service, registeredService, authentication, httpServletRequest, LOGGER}, String.class);
            LOGGER.debug("Groovy script run for [{}] returned the provider id [{}]", registeredService, str);
            return StringUtils.isBlank(str) ? Optional.empty() : MultifactorAuthenticationUtils.resolveProvider(availableMultifactorAuthenticationProviders, str);
        } catch (Exception e) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.error(e.getMessage(), (Throwable) e);
            } else {
                LOGGER.error(e.getMessage());
            }
            return Optional.empty();
        }
    }

    @Override // org.springframework.beans.factory.DisposableBean
    public void destroy() {
        this.watchableScript.close();
    }

    @Generated
    public CasConfigurationProperties getCasProperties() {
        return this.casProperties;
    }

    @Generated
    public WatchableGroovyScriptResource getWatchableScript() {
        return this.watchableScript;
    }

    @Generated
    public ApplicationContext getApplicationContext() {
        return this.applicationContext;
    }

    @Override // org.apereo.cas.authentication.MultifactorAuthenticationTrigger, org.springframework.core.Ordered
    @Generated
    public int getOrder() {
        return this.order;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }
}
