package org.apereo.cas.authentication;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.util.Collection;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProperties;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
import org.apereo.cas.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-services-authentication-5.3.0.jar:org/apereo/cas/authentication/DefaultMultifactorTriggerSelectionStrategy.class */
public class DefaultMultifactorTriggerSelectionStrategy implements MultifactorTriggerSelectionStrategy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultMultifactorTriggerSelectionStrategy.class);
    private final MultifactorAuthenticationProperties mfaProperties;

    @Override // org.apereo.cas.authentication.MultifactorTriggerSelectionStrategy
    public Optional<String> resolve(Collection<MultifactorAuthenticationProvider> collection, HttpServletRequest httpServletRequest, RegisteredService registeredService, Authentication authentication) {
        if (collection == null || collection.isEmpty()) {
            return Optional.empty();
        }
        Set<String> set = (Set) collection.stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet());
        Principal principal = authentication != null ? authentication.getPrincipal() : null;
        Optional<String> resolveRequestParameterTrigger = resolveRequestParameterTrigger(httpServletRequest, set);
        if (!resolveRequestParameterTrigger.isPresent()) {
            resolveRequestParameterTrigger = resolveRegisteredServiceTrigger(registeredService, principal, set);
        }
        if (!resolveRequestParameterTrigger.isPresent()) {
            resolveRequestParameterTrigger = resolvePrincipalAttributeTrigger(principal, set);
        }
        if (!resolveRequestParameterTrigger.isPresent()) {
            resolveRequestParameterTrigger = resolveAuthenticationAttributeTrigger(authentication, set);
        }
        return resolveRequestParameterTrigger;
    }

    private Optional<String> resolveRequestParameterTrigger(HttpServletRequest httpServletRequest, Set<String> set) {
        Optional map = Optional.ofNullable(httpServletRequest).map(httpServletRequest2 -> {
            return httpServletRequest2.getParameter(this.mfaProperties.getRequestParameter());
        });
        Objects.requireNonNull(set);
        return map.filter((v1) -> {
            return r1.contains(v1);
        });
    }

    private Optional<String> resolveRegisteredServiceTrigger(RegisteredService registeredService, Principal principal, Set<String> set) {
        if (registeredService == null) {
            return Optional.empty();
        }
        RegisteredServiceMultifactorPolicy multifactorPolicy = registeredService.getMultifactorPolicy();
        String principalAttributeNameTrigger = multifactorPolicy.getPrincipalAttributeNameTrigger();
        String principalAttributeValueToMatch = multifactorPolicy.getPrincipalAttributeValueToMatch();
        if (!StringUtils.hasText(principalAttributeNameTrigger) || !StringUtils.hasText(principalAttributeValueToMatch)) {
            return resolveRegisteredServicePolicyTrigger(multifactorPolicy, set);
        }
        if (principal != null && !hasMatchingAttribute(principal.getAttributes(), principalAttributeNameTrigger, principalAttributeValueToMatch)) {
            return Optional.empty();
        }
        return resolveRegisteredServicePolicyTrigger(multifactorPolicy, set);
    }

    private Optional<String> resolveRegisteredServicePolicyTrigger(RegisteredServiceMultifactorPolicy registeredServiceMultifactorPolicy, Set<String> set) {
        Stream<String> stream = registeredServiceMultifactorPolicy.getMultifactorAuthenticationProviders().stream();
        Objects.requireNonNull(set);
        return stream.filter((v1) -> {
            return r1.contains(v1);
        }).findFirst();
    }

    private Optional<String> resolveAuthenticationAttributeTrigger(Authentication authentication, Set<String> set) {
        return authentication == null ? Optional.empty() : resolveAttributeTrigger(authentication.getAttributes(), this.mfaProperties.getGlobalAuthenticationAttributeNameTriggers(), this.mfaProperties.getGlobalAuthenticationAttributeValueRegex(), set);
    }

    private Optional<String> resolvePrincipalAttributeTrigger(Principal principal, Set<String> set) {
        return principal == null ? Optional.empty() : resolveAttributeTrigger(principal.getAttributes(), this.mfaProperties.getGlobalPrincipalAttributeNameTriggers(), this.mfaProperties.getGlobalPrincipalAttributeValueRegex(), set);
    }

    private Optional<String> resolveAttributeTrigger(Map<String, Object> map, String str, String str2, Set<String> set) {
        return !StringUtils.hasText(str) ? Optional.empty() : (set.size() == 1 && hasMatchingAttribute(map, str, str2)) ? set.stream().findAny() : resolveAttributeTrigger(map, str, set);
    }

    @SuppressFBWarnings({"PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS"})
    private Optional<String> resolveAttributeTrigger(Map<String, Object> map, String str, Set<String> set) {
        Stream<String> stream = StringUtils.commaDelimitedListToSet(str).stream();
        Objects.requireNonNull(map);
        Stream flatMap = stream.map((v1) -> {
            return r1.get(v1);
        }).filter(Objects::nonNull).map(CollectionUtils::toCollection).flatMap((v0) -> {
            return v0.stream();
        });
        Class<String> cls = String.class;
        Objects.requireNonNull(String.class);
        Stream filter = flatMap.filter(cls::isInstance);
        Class<String> cls2 = String.class;
        Objects.requireNonNull(String.class);
        Stream map2 = filter.map(cls2::cast);
        Objects.requireNonNull(set);
        return map2.filter((v1) -> {
            return r1.contains(v1);
        }).findFirst();
    }

    @SuppressFBWarnings({"PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS"})
    private boolean hasMatchingAttribute(Map<String, Object> map, String str, String str2) {
        if (!StringUtils.hasText(str) || !StringUtils.hasText(str2)) {
            return false;
        }
        Predicate<String> asPredicate = Pattern.compile(str2).asPredicate();
        Stream<String> stream = StringUtils.commaDelimitedListToSet(str).stream();
        Objects.requireNonNull(map);
        Stream flatMap = stream.map((v1) -> {
            return r1.get(v1);
        }).filter(Objects::nonNull).map(CollectionUtils::toCollection).flatMap((v0) -> {
            return v0.stream();
        });
        Class<String> cls = String.class;
        Objects.requireNonNull(String.class);
        Stream filter = flatMap.filter(cls::isInstance);
        Class<String> cls2 = String.class;
        Objects.requireNonNull(String.class);
        return filter.map(cls2::cast).anyMatch(asPredicate);
    }

    @Generated
    public DefaultMultifactorTriggerSelectionStrategy(MultifactorAuthenticationProperties multifactorAuthenticationProperties) {
        this.mfaProperties = multifactorAuthenticationProperties;
    }
}
