package org.apereo.cas.web.flow;

import java.util.Map;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.api.PasswordlessUserAccount;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.AuthenticationResultBuilder;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationTriggerSelectionStrategy;
import org.apereo.cas.authentication.credential.BasicIdentifiableCredential;
import org.apereo.cas.authentication.principal.NullPrincipal;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/DetermineMultifactorPasswordlessAuthenticationAction.class */
public class DetermineMultifactorPasswordlessAuthenticationAction extends BasePasswordlessCasWebflowAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DetermineMultifactorPasswordlessAuthenticationAction.class);
    private final MultifactorAuthenticationTriggerSelectionStrategy multifactorTriggerSelectionStrategy;
    private final PrincipalFactory passwordlessPrincipalFactory;
    private final AuthenticationSystemSupport authenticationSystemSupport;

    public DetermineMultifactorPasswordlessAuthenticationAction(CasConfigurationProperties casConfigurationProperties, MultifactorAuthenticationTriggerSelectionStrategy multifactorAuthenticationTriggerSelectionStrategy, PrincipalFactory principalFactory, AuthenticationSystemSupport authenticationSystemSupport) {
        super(casConfigurationProperties);
        this.multifactorTriggerSelectionStrategy = multifactorAuthenticationTriggerSelectionStrategy;
        this.passwordlessPrincipalFactory = principalFactory;
        this.authenticationSystemSupport = authenticationSystemSupport;
    }

    protected Event doExecuteInternal(RequestContext requestContext) throws Throwable {
        PasswordlessUserAccount passwordlessUserAccount = (PasswordlessUserAccount) PasswordlessWebflowUtils.getPasswordlessAuthenticationAccount(requestContext, PasswordlessUserAccount.class);
        if (passwordlessUserAccount == null) {
            LOGGER.error("Unable to locate passwordless account in the flow");
            return error();
        }
        if (StringUtils.isBlank(passwordlessUserAccount.getPhone()) && StringUtils.isBlank(passwordlessUserAccount.getEmail())) {
            WebUtils.addErrorMessageToContext(requestContext, "passwordless.error.invalid.user");
            return error();
        }
        if (this.multifactorTriggerSelectionStrategy.multifactorAuthenticationTriggers().isEmpty()) {
            LOGGER.debug("No multifactor authentication triggers are available or defined");
            return success();
        }
        if (!shouldActivateMultifactorAuthenticationFor(requestContext, passwordlessUserAccount)) {
            LOGGER.debug("User [{}] is not activated to use CAS-provided multifactor authentication providers. You may wish to re-examine your CAS configuration to enable and allow for multifactor authentication to be combined with passwordless authentication", passwordlessUserAccount);
            return success();
        }
        Authentication buildAuthentication = buildAuthentication(passwordlessUserAccount);
        WebApplicationService service = WebUtils.getService(requestContext);
        Optional<MultifactorAuthenticationProvider> resolveMultifactorAuthenticationProvider = resolveMultifactorAuthenticationProvider(requestContext, buildAuthentication, service);
        if (resolveMultifactorAuthenticationProvider.isEmpty()) {
            LOGGER.debug("No CAS-provided multifactor authentication trigger required user [{}] to proceed with MFA. CAS will proceed with its normal passwordless authentication flow.", passwordlessUserAccount);
            return success();
        }
        populateContextWithAuthenticationResult(requestContext, buildAuthentication, service);
        LOGGER.debug("Proceed with multifactor authentication flow [{}] for user [{}]", resolveMultifactorAuthenticationProvider.get(), passwordlessUserAccount);
        return new EventFactorySupport().event(this, (String) resolveMultifactorAuthenticationProvider.map((v0) -> {
            return v0.getId();
        }).orElse(""));
    }

    protected Authentication buildAuthentication(PasswordlessUserAccount passwordlessUserAccount) throws Throwable {
        Map multiValuedMap = CollectionUtils.toMultiValuedMap(passwordlessUserAccount.getAttributes());
        Principal resolve = this.authenticationSystemSupport.getPrincipalResolver().resolve(new BasicIdentifiableCredential(passwordlessUserAccount.getUsername()));
        return DefaultAuthenticationBuilder.newInstance().setPrincipal(this.passwordlessPrincipalFactory.createPrincipal(resolve instanceof NullPrincipal ? passwordlessUserAccount.getUsername() : resolve.getId(), CoreAuthenticationUtils.mergeAttributes(multiValuedMap, resolve.getAttributes()))).build();
    }

    protected void populateContextWithAuthenticationResult(RequestContext requestContext, Authentication authentication, WebApplicationService webApplicationService) throws Throwable {
        AuthenticationResultBuilder newBuilder = this.authenticationSystemSupport.getAuthenticationResultBuilderFactory().newBuilder();
        AuthenticationResult build = newBuilder.collect(authentication).build(this.authenticationSystemSupport.getPrincipalElectionStrategy(), webApplicationService);
        WebUtils.putAuthenticationResultBuilder(newBuilder, requestContext);
        WebUtils.putAuthenticationResult(build, requestContext);
        WebUtils.putAuthentication(authentication, requestContext);
    }

    protected Optional<MultifactorAuthenticationProvider> resolveMultifactorAuthenticationProvider(RequestContext requestContext, Authentication authentication, WebApplicationService webApplicationService) {
        try {
            return this.multifactorTriggerSelectionStrategy.resolve(WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext), WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext), WebUtils.getRegisteredService(requestContext), authentication, webApplicationService);
        } catch (Throwable th) {
            LoggingUtils.error(LOGGER, th);
            return Optional.empty();
        }
    }
}
