package org.apereo.cas.trusted.web.flow;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.trusted.authentication.MultifactorAuthenticationTrustedDeviceNamingStrategy;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustRecord;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustStorage;
import org.apereo.cas.trusted.web.flow.fingerprint.DeviceFingerprintStrategy;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.flow.actions.composite.MultifactorProviderSelectionCriteria;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/trusted/web/flow/MultifactorAuthenticationTrustProviderSelectionCriteria.class */
public class MultifactorAuthenticationTrustProviderSelectionCriteria implements MultifactorProviderSelectionCriteria {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(MultifactorAuthenticationTrustProviderSelectionCriteria.class);
    protected final ServicesManager servicesManager;
    protected final MultifactorAuthenticationTrustStorage mfaTrustEngine;
    protected final MultifactorAuthenticationTrustedDeviceNamingStrategy mfaTrustDeviceNamingStrategy;
    protected final DeviceFingerprintStrategy deviceFingerprintStrategy;
    protected final CasCookieBuilder deviceFingerprintCookieGenerator;
    protected final CasConfigurationProperties casProperties;

    public boolean shouldProceedWithMultifactorProviderSelection(RequestContext requestContext) {
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        HttpServletResponse httpServletResponseFromExternalWebflowContext = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
        String id = authentication.getPrincipal().getId();
        LOGGER.trace("Retrieving trusted authentication records for [{}]", id);
        Set<? extends MultifactorAuthenticationTrustRecord> set = this.mfaTrustEngine.get(id);
        String determineFingerprintComponent = this.deviceFingerprintStrategy.determineFingerprintComponent(id, httpServletRequestFromExternalWebflowContext, httpServletResponseFromExternalWebflowContext);
        LOGGER.trace("Checking trusted authentication records for [{}] that matches [{}]", id, determineFingerprintComponent);
        List<? extends MultifactorAuthenticationTrustRecord> list = set.stream().filter(multifactorAuthenticationTrustRecord -> {
            return multifactorAuthenticationTrustRecord.getDeviceFingerprint().equals(determineFingerprintComponent);
        }).toList();
        if (list.isEmpty()) {
            LOGGER.debug("No trusted authentication records could be found for [{}] to match the current device fingerprint", id);
            return true;
        }
        MultifactorAuthenticationProvider multifactorAuthenticationProvider = (MultifactorAuthenticationProvider) requestContext.getCurrentEvent().getAttributes().get(MultifactorAuthenticationProvider.class.getName(), MultifactorAuthenticationProvider.class);
        Optional<? extends MultifactorAuthenticationTrustRecord> findFirst = list.stream().filter(multifactorAuthenticationTrustRecord2 -> {
            return StringUtils.isNotBlank(multifactorAuthenticationTrustRecord2.getMultifactorAuthenticationProvider());
        }).filter(multifactorAuthenticationTrustRecord3 -> {
            return multifactorAuthenticationProvider.matches(multifactorAuthenticationTrustRecord3.getMultifactorAuthenticationProvider());
        }).findFirst();
        if (!findFirst.isPresent()) {
            return true;
        }
        requestContext.getFlashScope().put("mfaProvider", MultifactorAuthenticationUtils.getMultifactorAuthenticationProviderById(findFirst.get().getMultifactorAuthenticationProvider(), requestContext.getActiveFlow().getApplicationContext()).orElseThrow());
        return false;
    }

    @Generated
    public MultifactorAuthenticationTrustProviderSelectionCriteria(ServicesManager servicesManager, MultifactorAuthenticationTrustStorage multifactorAuthenticationTrustStorage, MultifactorAuthenticationTrustedDeviceNamingStrategy multifactorAuthenticationTrustedDeviceNamingStrategy, DeviceFingerprintStrategy deviceFingerprintStrategy, CasCookieBuilder casCookieBuilder, CasConfigurationProperties casConfigurationProperties) {
        this.servicesManager = servicesManager;
        this.mfaTrustEngine = multifactorAuthenticationTrustStorage;
        this.mfaTrustDeviceNamingStrategy = multifactorAuthenticationTrustedDeviceNamingStrategy;
        this.deviceFingerprintStrategy = deviceFingerprintStrategy;
        this.deviceFingerprintCookieGenerator = casCookieBuilder;
        this.casProperties = casConfigurationProperties;
    }
}
