package org.apereo.cas.trusted.web.flow;

import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.web.flow.configurer.AbstractCasMultifactorWebflowConfigurer;
import org.apereo.cas.web.flow.configurer.CasMultifactorWebflowCustomizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.util.Assert;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.ActionState;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.Transition;
import org.springframework.webflow.engine.ViewState;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.engine.support.DefaultTargetStateResolver;
import org.springframework.webflow.execution.Action;

/* loaded from: input_file:org/apereo/cas/trusted/web/flow/AbstractMultifactorTrustedDeviceWebflowConfigurer.class */
public abstract class AbstractMultifactorTrustedDeviceWebflowConfigurer extends AbstractCasMultifactorWebflowConfigurer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractMultifactorTrustedDeviceWebflowConfigurer.class);
    public static final String MFA_TRUSTED_AUTHN_SCOPE_ATTR = "mfaTrustedAuthentication";
    private static final String ACTION_ID_MFA_VERIFY_TRUST_ACTION = "mfaVerifyTrustAction";
    private static final String ACTION_ID_MFA_SET_TRUST_ACTION = "mfaSetTrustAction";
    private static final String ACTION_ID_MFA_PREPARE_TRUST_DEVICE_VIEW_ACTION = "mfaPrepareTrustDeviceViewAction";

    protected AbstractMultifactorTrustedDeviceWebflowConfigurer(FlowBuilderServices flowBuilderServices, FlowDefinitionRegistry flowDefinitionRegistry, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, Optional<FlowDefinitionRegistry> optional, List<CasMultifactorWebflowCustomizer> list) {
        super(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties, optional, list);
    }

    private void createRegisterDeviceView(Flow flow) {
        ActionState createActionState = createActionState(flow, "prepareRegisterTrustedDevice", ACTION_ID_MFA_PREPARE_TRUST_DEVICE_VIEW_ACTION);
        createTransitionForState(createActionState, "skip", "success");
        createTransitionForState(createActionState, "register", "registerDeviceView");
        createFlowVariable(flow, "mfaTrustRecord", MultifactorAuthenticationTrustBean.class);
        ViewState createViewState = createViewState(flow, "registerDeviceView", "casMfaRegisterDeviceView", createStateBinderConfiguration((List) Arrays.stream(MultifactorAuthenticationTrustBean.class.getDeclaredFields()).map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList())));
        createStateModelBinding(createViewState, "mfaTrustRecord", MultifactorAuthenticationTrustBean.class);
        createTransitionForState(createViewState, "submit", "registerTrustedDevice", Map.of("bind", Boolean.TRUE, "validate", Boolean.TRUE));
        createTransitionForState(createViewState, "skip", "success", Map.of("bind", Boolean.FALSE, "validate", Boolean.FALSE));
    }

    private void validateFlowDefinitionConfiguration() {
        this.multifactorAuthenticationFlowDefinitionRegistries.forEach(flowDefinitionRegistry -> {
            if (flowDefinitionRegistry.getFlowDefinitionCount() <= 0) {
                throw new IllegalArgumentException("Flow definition registry " + Arrays.toString(flowDefinitionRegistry.getFlowDefinitionIds()) + " has no flow definitions");
            }
            if (!this.applicationContext.containsBean(ACTION_ID_MFA_SET_TRUST_ACTION)) {
                throw new IllegalArgumentException(String.format("CAS application context cannot find bean [%s]. This typically indicates that configuration is attempting to activate trusted-devices functionality for multifactor authentication, yet the configuration modules that auto-configure the webflow are absent from the CAS application runtime. If you have no need for trusted-devices functionality and wish to let the multifactor authentication provider (and not CAS) remember and record trusted devices for you, you need to turn this behavior off.", ACTION_ID_MFA_SET_TRUST_ACTION));
            }
            if (!this.applicationContext.containsBean(ACTION_ID_MFA_VERIFY_TRUST_ACTION)) {
                throw new IllegalArgumentException(String.format("CAS application context cannot find bean [%s]. This typically indicates that configuration is attempting to activate trusted-devices functionality for multifactor authentication, yet the configuration modules that auto-configure the webflow are absent from the CAS application runtime. If you have no need for trusted-devices functionality and wish to let the multifactor authentication provider (and not CAS) remember and record trusted devices for you, you need to turn this behavior off.", ACTION_ID_MFA_VERIFY_TRUST_ACTION));
            }
        });
    }

    protected void registerMultifactorTrustedAuthentication() {
        this.multifactorAuthenticationFlowDefinitionRegistries.forEach(this::registerMultifactorTrustedAuthentication);
    }

    protected void registerMultifactorTrustedAuthentication(FlowDefinitionRegistry flowDefinitionRegistry) {
        validateFlowDefinitionConfiguration();
        LOGGER.trace("Flow definitions found in the registry are [{}]", flowDefinitionRegistry.getFlowDefinitionIds());
        String str = (String) Arrays.stream(flowDefinitionRegistry.getFlowDefinitionIds()).findFirst().orElseThrow();
        LOGGER.trace("Processing flow definition [{}]", str);
        Flow flow = (Flow) flowDefinitionRegistry.getFlowDefinition(str);
        Assert.notNull(flow, String.format("%s flow cannot be null or undefined", str));
        ActionState actionState = (ActionState) getState(flow, "initializeLoginForm", ActionState.class);
        Assert.notNull(actionState, String.format("%s state cannot be null or undefined", "initializeLoginForm"));
        Transition transition = actionState.getTransition("success");
        Assert.notNull(actionState, String.format("%s transition cannot be null or undefined", "success"));
        String targetStateId = transition.getTargetStateId();
        transition.setTargetStateResolver(new DefaultTargetStateResolver("verifyTrustedDevice"));
        ActionState createActionState = createActionState(flow, "verifyTrustedDevice", ACTION_ID_MFA_VERIFY_TRUST_ACTION);
        boolean isDeviceRegistrationEnabled = this.casProperties.getAuthn().getMfa().getTrusted().getCore().isDeviceRegistrationEnabled();
        if (isDeviceRegistrationEnabled) {
            LOGGER.trace("Device registration is turned on for multifactor flow [{}]", str);
            createTransitionForState(createActionState, "yes", "finishMfaTrustedAuth");
        } else {
            createTransitionForState(createActionState, "yes", "realSubmit");
        }
        createTransitionForState(createActionState, "no", targetStateId);
        createTransitionForState(createActionState, "skip", targetStateId);
        ActionState actionState2 = (ActionState) getState(flow, "realSubmit", ActionState.class);
        Transition transition2 = actionState2.getTransition("success");
        Assert.notNull(actionState, String.format("%s transition cannot be null or undefined", "success"));
        if (isDeviceRegistrationEnabled) {
            transition2.setTargetStateResolver(new DefaultTargetStateResolver("prepareRegisterTrustedDevice"));
        } else {
            transition2.setTargetStateResolver(new DefaultTargetStateResolver("registerTrustedDevice"));
        }
        createRegisterDeviceView(flow);
        createStateDefaultTransition(createActionState(flow, "registerTrustedDevice", ACTION_ID_MFA_SET_TRUST_ACTION), "success");
        if (actionState2.getActionList().size() == 0) {
            throw new IllegalArgumentException("There are no actions defined for the final submission event of " + str);
        }
        ActionState createActionState2 = createActionState(flow, "finishMfaTrustedAuth", (Action) actionState2.getActionList().iterator().next());
        createActionState2.getTransitionSet().add(createTransition("success", "success"));
        createStateDefaultTransition(createActionState2, "success");
    }
}
