package org.apereo.cas.web.flow.delegation;

import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import lombok.Generated;
import org.apereo.cas.api.PasswordlessUserAccount;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.util.scripting.WatchableGroovyScriptResource;
import org.apereo.cas.web.DelegatedClientIdentityProviderConfiguration;
import org.apereo.cas.web.flow.BasePasswordlessCasWebflowAction;
import org.apereo.cas.web.flow.DelegatedClientIdentityProviderConfigurationProducer;
import org.apereo.cas.web.flow.DelegationWebflowUtils;
import org.apereo.cas.web.flow.PasswordlessWebflowUtils;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/delegation/PasswordlessDetermineDelegatedAuthenticationAction.class */
public class PasswordlessDetermineDelegatedAuthenticationAction extends BasePasswordlessCasWebflowAction implements DisposableBean {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(PasswordlessDetermineDelegatedAuthenticationAction.class);
    private final DelegatedClientIdentityProviderConfigurationProducer providerConfigurationProducer;
    private final WatchableGroovyScriptResource watchableScript;

    public PasswordlessDetermineDelegatedAuthenticationAction(CasConfigurationProperties casConfigurationProperties, DelegatedClientIdentityProviderConfigurationProducer delegatedClientIdentityProviderConfigurationProducer, WatchableGroovyScriptResource watchableGroovyScriptResource) {
        super(casConfigurationProperties);
        this.providerConfigurationProducer = delegatedClientIdentityProviderConfigurationProducer;
        this.watchableScript = watchableGroovyScriptResource;
    }

    public void destroy() {
        this.watchableScript.close();
    }

    protected Event doExecuteInternal(RequestContext requestContext) throws Throwable {
        PasswordlessUserAccount passwordlessUserAccount = (PasswordlessUserAccount) PasswordlessWebflowUtils.getPasswordlessAuthenticationAccount(requestContext, PasswordlessUserAccount.class);
        if (passwordlessUserAccount == null) {
            LOGGER.error("Unable to locate passwordless account in the flow");
            return error();
        }
        Set<? extends DelegatedClientIdentityProviderConfiguration> produce = this.providerConfigurationProducer.produce(requestContext);
        if (produce.isEmpty()) {
            LOGGER.debug("No delegated authentication providers are available or defined");
            return success();
        }
        if (!isDelegatedAuthenticationActiveFor(requestContext, passwordlessUserAccount)) {
            LOGGER.debug("User [{}] is not activated to use CAS delegated authentication to external identity providers. You may wish to re-examine your CAS configuration to enable and allow for delegated authentication to be combined with passwordless authentication", passwordlessUserAccount);
            DelegationWebflowUtils.putDelegatedAuthenticationDisabled(requestContext, true);
            return success();
        }
        DelegationWebflowUtils.putDelegatedAuthenticationDisabled(requestContext, false);
        Optional<DelegatedClientIdentityProviderConfiguration> determineDelegatedAuthenticationProvider = determineDelegatedAuthenticationProvider(requestContext, passwordlessUserAccount, produce);
        if (!determineDelegatedAuthenticationProvider.isPresent()) {
            LOGGER.trace("Delegated identity provider could not be determined for [{}] based on [{}]", passwordlessUserAccount, produce);
            return success();
        }
        DelegatedClientIdentityProviderConfiguration delegatedClientIdentityProviderConfiguration = determineDelegatedAuthenticationProvider.get();
        DelegationWebflowUtils.putDelegatedAuthenticationProviderPrimary(requestContext, delegatedClientIdentityProviderConfiguration);
        WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext).setAttribute("client_name", delegatedClientIdentityProviderConfiguration.getName());
        return new EventFactorySupport().event(this, "prompt");
    }

    protected Optional<DelegatedClientIdentityProviderConfiguration> determineDelegatedAuthenticationProvider(RequestContext requestContext, PasswordlessUserAccount passwordlessUserAccount, Set<? extends DelegatedClientIdentityProviderConfiguration> set) throws Throwable {
        if (passwordlessUserAccount.getAllowedDelegatedClients() == null || passwordlessUserAccount.getAllowedDelegatedClients().size() != 1) {
            return determineDelegatedIdentityProviderConfiguration(requestContext, passwordlessUserAccount, set);
        }
        String str = (String) passwordlessUserAccount.getAllowedDelegatedClients().getFirst();
        Optional<? extends DelegatedClientIdentityProviderConfiguration> findFirst = set.stream().filter(delegatedClientIdentityProviderConfiguration -> {
            return delegatedClientIdentityProviderConfiguration.getName().equalsIgnoreCase(str);
        }).findFirst();
        Class<DelegatedClientIdentityProviderConfiguration> cls = DelegatedClientIdentityProviderConfiguration.class;
        Objects.requireNonNull(DelegatedClientIdentityProviderConfiguration.class);
        return findFirst.map((v1) -> {
            return r1.cast(v1);
        });
    }

    protected Optional<DelegatedClientIdentityProviderConfiguration> determineDelegatedIdentityProviderConfiguration(RequestContext requestContext, PasswordlessUserAccount passwordlessUserAccount, Set<? extends DelegatedClientIdentityProviderConfiguration> set) throws Throwable {
        Optional ofNullable = Optional.ofNullable((DelegatedClientIdentityProviderConfiguration) this.watchableScript.execute(new Object[]{passwordlessUserAccount, set, WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext), LOGGER}, DelegatedClientIdentityProviderConfiguration.class));
        Class<DelegatedClientIdentityProviderConfiguration> cls = DelegatedClientIdentityProviderConfiguration.class;
        Objects.requireNonNull(DelegatedClientIdentityProviderConfiguration.class);
        return ofNullable.map((v1) -> {
            return r1.cast(v1);
        });
    }
}
