package org.apereo.cas.web.flow;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.authentication.principal.provision.DelegatedAuthenticationFailureException;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationDiscoverySelectionProperties;
import org.apereo.cas.pac4j.client.DelegatedClientAuthenticationRequestCustomizer;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.web.DelegatedClientIdentityProviderConfiguration;
import org.apereo.cas.web.DelegatedClientIdentityProviderConfigurationFactory;
import org.apereo.cas.web.support.WebUtils;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.http.HttpStatus;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/DefaultDelegatedClientIdentityProviderConfigurationProducer.class */
public class DefaultDelegatedClientIdentityProviderConfigurationProducer implements DelegatedClientIdentityProviderConfigurationProducer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultDelegatedClientIdentityProviderConfigurationProducer.class);
    private final ObjectProvider<DelegatedClientAuthenticationConfigurationContext> configurationContext;

    /* renamed from: org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer$1, reason: invalid class name */
    /* loaded from: input_file:org/apereo/cas/web/flow/DefaultDelegatedClientIdentityProviderConfigurationProducer$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apereo$cas$configuration$model$support$pac4j$Pac4jDelegatedAuthenticationDiscoverySelectionProperties$Pac4jDelegatedAuthenticationSelectionTypes = new int[Pac4jDelegatedAuthenticationDiscoverySelectionProperties.Pac4jDelegatedAuthenticationSelectionTypes.values().length];

        static {
            try {
                $SwitchMap$org$apereo$cas$configuration$model$support$pac4j$Pac4jDelegatedAuthenticationDiscoverySelectionProperties$Pac4jDelegatedAuthenticationSelectionTypes[Pac4jDelegatedAuthenticationDiscoverySelectionProperties.Pac4jDelegatedAuthenticationSelectionTypes.DYNAMIC.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apereo$cas$configuration$model$support$pac4j$Pac4jDelegatedAuthenticationDiscoverySelectionProperties$Pac4jDelegatedAuthenticationSelectionTypes[Pac4jDelegatedAuthenticationDiscoverySelectionProperties.Pac4jDelegatedAuthenticationSelectionTypes.MENU.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public Set<DelegatedClientIdentityProviderConfiguration> produce(RequestContext requestContext) {
        WebApplicationService resolveService = ((DelegatedClientAuthenticationConfigurationContext) this.configurationContext.getObject()).getAuthenticationRequestServiceSelectionStrategies().resolveService(WebUtils.getService(requestContext), WebApplicationService.class);
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        HttpServletResponse httpServletResponseFromExternalWebflowContext = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
        LOGGER.debug("Initialized context with request parameters [{}]", new JEEContext(httpServletRequestFromExternalWebflowContext, httpServletResponseFromExternalWebflowContext).getRequestParameters());
        Stream filter = ((DelegatedClientAuthenticationConfigurationContext) this.configurationContext.getObject()).getClients().findAllClients().stream().filter(client -> {
            return (client instanceof IndirectClient) && isDelegatedClientAuthorizedForService(client, resolveService, requestContext);
        });
        Class<IndirectClient> cls = IndirectClient.class;
        Objects.requireNonNull(IndirectClient.class);
        LinkedHashSet linkedHashSet = (LinkedHashSet) filter.map((v1) -> {
            return r1.cast(v1);
        }).map(indirectClient -> {
            return produce(requestContext, indirectClient);
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).collect(Collectors.toCollection(LinkedHashSet::new));
        ((DelegatedClientAuthenticationConfigurationContext) this.configurationContext.getObject()).getDelegatedClientIdentityProviderRedirectionStrategy().select(requestContext, resolveService, linkedHashSet).ifPresent(delegatedClientIdentityProviderConfiguration -> {
            DelegationWebflowUtils.putDelegatedAuthenticationProviderPrimary(requestContext, delegatedClientIdentityProviderConfiguration);
        });
        if (!linkedHashSet.isEmpty()) {
            switch (AnonymousClass1.$SwitchMap$org$apereo$cas$configuration$model$support$pac4j$Pac4jDelegatedAuthenticationDiscoverySelectionProperties$Pac4jDelegatedAuthenticationSelectionTypes[((DelegatedClientAuthenticationConfigurationContext) this.configurationContext.getObject()).getCasProperties().getAuthn().getPac4j().getCore().getDiscoverySelection().getSelectionType().ordinal()]) {
                case 1:
                    DelegationWebflowUtils.putDelegatedAuthenticationProviderConfigurations(requestContext, new HashSet());
                    DelegationWebflowUtils.putDelegatedAuthenticationDynamicProviderSelection(requestContext, Boolean.TRUE);
                    break;
                case 2:
                    DelegationWebflowUtils.putDelegatedAuthenticationProviderConfigurations(requestContext, linkedHashSet);
                    DelegationWebflowUtils.putDelegatedAuthenticationDynamicProviderSelection(requestContext, Boolean.FALSE);
                    break;
            }
        } else if (httpServletResponseFromExternalWebflowContext.getStatus() != HttpStatus.UNAUTHORIZED.value()) {
            LOGGER.warn("No delegated authentication providers could be determined based on the provided configuration. Either no clients are configured, or the current access strategy rules prohibit CAS from using authentication providers");
        }
        return linkedHashSet;
    }

    public Optional<DelegatedClientIdentityProviderConfiguration> produce(RequestContext requestContext, IndirectClient indirectClient) {
        return (Optional) FunctionUtils.doAndHandle(() -> {
            JEEContext jEEContext = new JEEContext(WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext), WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext));
            WebApplicationService service = WebUtils.getService(requestContext);
            LOGGER.debug("Initializing client [{}] with request parameters [{}] and service [{}]", new Object[]{indirectClient, requestContext.getRequestParameters(), service});
            initializeClientIdentityProvider(indirectClient);
            List<DelegatedClientAuthenticationRequestCustomizer> delegatedClientAuthenticationRequestCustomizers = ((DelegatedClientAuthenticationConfigurationContext) this.configurationContext.getObject()).getDelegatedClientAuthenticationRequestCustomizers();
            return (delegatedClientAuthenticationRequestCustomizers.isEmpty() || delegatedClientAuthenticationRequestCustomizers.stream().filter((v0) -> {
                return BeanSupplier.isNotProxy(v0);
            }).anyMatch(delegatedClientAuthenticationRequestCustomizer -> {
                return delegatedClientAuthenticationRequestCustomizer.isAuthorized(jEEContext, indirectClient, service);
            })) ? DelegatedClientIdentityProviderConfigurationFactory.builder().client(indirectClient).webContext(jEEContext).service(service).casProperties(((DelegatedClientAuthenticationConfigurationContext) this.configurationContext.getObject()).getCasProperties()).build().resolve() : Optional.empty();
        }, th -> {
            return Optional.empty();
        }).get();
    }

    protected void initializeClientIdentityProvider(IndirectClient indirectClient) {
        indirectClient.init();
        FunctionUtils.throwIf(!indirectClient.isInitialized(), DelegatedAuthenticationFailureException::new);
    }

    protected boolean isDelegatedClientAuthorizedForService(Client client, Service service, RequestContext requestContext) {
        return ((DelegatedClientAuthenticationConfigurationContext) this.configurationContext.getObject()).getDelegatedClientIdentityProviderAuthorizers().stream().allMatch(delegatedClientIdentityProviderAuthorizer -> {
            return delegatedClientIdentityProviderAuthorizer.isDelegatedClientAuthorizedForService(client, service, requestContext);
        });
    }

    @Generated
    public DefaultDelegatedClientIdentityProviderConfigurationProducer(ObjectProvider<DelegatedClientAuthenticationConfigurationContext> objectProvider) {
        this.configurationContext = objectProvider;
    }
}
