package org.apereo.cas.impl.plans;

import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.api.AuthenticationRiskContingencyResponse;
import org.apereo.cas.api.AuthenticationRiskScore;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.webflow.execution.Event;

/* loaded from: input_file:org/apereo/cas/impl/plans/MultifactorAuthenticationContingencyPlan.class */
public class MultifactorAuthenticationContingencyPlan extends BaseAuthenticationRiskContingencyPlan {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(MultifactorAuthenticationContingencyPlan.class);

    public MultifactorAuthenticationContingencyPlan(CasConfigurationProperties casConfigurationProperties, ApplicationContext applicationContext) {
        super(casConfigurationProperties, applicationContext);
    }

    @Override // org.apereo.cas.impl.plans.BaseAuthenticationRiskContingencyPlan
    protected AuthenticationRiskContingencyResponse executeInternal(Authentication authentication, RegisteredService registeredService, AuthenticationRiskScore authenticationRiskScore, HttpServletRequest httpServletRequest) {
        Map availableMultifactorAuthenticationProviders = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
        if (availableMultifactorAuthenticationProviders.isEmpty()) {
            LOGGER.warn("No multifactor authentication providers are available in the application context");
            throw new AuthenticationException();
        }
        String mfaProvider = this.casProperties.getAuthn().getAdaptive().getRisk().getResponse().getMfaProvider();
        if (StringUtils.isBlank(mfaProvider)) {
            if (availableMultifactorAuthenticationProviders.size() != 1) {
                LOGGER.warn("No multifactor authentication providers are specified to handle risk-based authentication");
                throw new AuthenticationException();
            }
            mfaProvider = ((MultifactorAuthenticationProvider) availableMultifactorAuthenticationProviders.values().iterator().next()).getId();
        }
        String riskyAuthenticationAttribute = this.casProperties.getAuthn().getAdaptive().getRisk().getResponse().getRiskyAuthenticationAttribute();
        Authentication build = DefaultAuthenticationBuilder.newInstance(authentication).addAttribute(riskyAuthenticationAttribute, Boolean.TRUE).build();
        LOGGER.debug("Updated authentication to remember risk-based authn via [{}]", riskyAuthenticationAttribute);
        authentication.update(build);
        return new AuthenticationRiskContingencyResponse(new Event(this, mfaProvider));
    }
}
