package org.apereo.cas.web.flow;

import java.io.Serializable;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import lombok.Generated;
import org.apereo.cas.api.PasswordlessUserAccount;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.util.scripting.WatchableGroovyScriptResource;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/DetermineDelegatedAuthenticationAction.class */
public class DetermineDelegatedAuthenticationAction extends AbstractAction implements DisposableBean {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DetermineDelegatedAuthenticationAction.class);
    private final CasConfigurationProperties casProperties;
    private final Function<RequestContext, Set<? extends Serializable>> providerConfigurationFunction;
    private final transient WatchableGroovyScriptResource watchableScript;

    protected Event doExecute(RequestContext requestContext) {
        PasswordlessUserAccount passwordlessUserAccount = (PasswordlessUserAccount) WebUtils.getPasswordlessAuthenticationAccount(requestContext, PasswordlessUserAccount.class);
        if (passwordlessUserAccount == null) {
            LOGGER.error("Unable to locate passwordless account in the flow");
            return error();
        }
        Set<? extends Serializable> apply = this.providerConfigurationFunction.apply(requestContext);
        if (apply.isEmpty()) {
            LOGGER.debug("No delegated authentication providers are available or defined");
            return success();
        }
        if (!isDelegatedAuthenticationActiveFor(requestContext, passwordlessUserAccount)) {
            LOGGER.debug("User [{}] is not activated to use CAS delegated authentication to external identity providers. You may wish to re-examine your CAS configuration to enable and allow for delegated authentication to be combined with passwordless authentication", passwordlessUserAccount);
            return success();
        }
        Optional<Serializable> determineDelegatedIdentityProviderConfiguration = determineDelegatedIdentityProviderConfiguration(requestContext, passwordlessUserAccount, apply);
        if (!determineDelegatedIdentityProviderConfiguration.isPresent()) {
            return success();
        }
        Serializable serializable = determineDelegatedIdentityProviderConfiguration.get();
        requestContext.getFlashScope().put("delegatedClientIdentityProvider", serializable);
        return new EventFactorySupport().event(this, "redirect", "delegatedClientIdentityProvider", serializable);
    }

    protected Optional<Serializable> determineDelegatedIdentityProviderConfiguration(RequestContext requestContext, PasswordlessUserAccount passwordlessUserAccount, Set<? extends Serializable> set) {
        return Optional.ofNullable((Serializable) this.watchableScript.execute(new Object[]{passwordlessUserAccount, set, WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext), LOGGER}, Serializable.class));
    }

    protected boolean isDelegatedAuthenticationActiveFor(RequestContext requestContext, PasswordlessUserAccount passwordlessUserAccount) {
        return this.casProperties.getAuthn().getPasswordless().isDelegatedAuthenticationActivated() || passwordlessUserAccount.isDelegatedAuthenticationEligible();
    }

    public void destroy() throws Exception {
        this.watchableScript.close();
    }

    @Generated
    public DetermineDelegatedAuthenticationAction(CasConfigurationProperties casConfigurationProperties, Function<RequestContext, Set<? extends Serializable>> function, WatchableGroovyScriptResource watchableGroovyScriptResource) {
        this.casProperties = casConfigurationProperties;
        this.providerConfigurationFunction = function;
        this.watchableScript = watchableGroovyScriptResource;
    }
}
