package org.apereo.cas.trusted.web.flow;

import java.util.Set;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.configuration.model.support.mfa.trusteddevice.TrustedDevicesMultifactorProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.trusted.authentication.MultifactorAuthenticationTrustedDeviceBypassEvaluator;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustRecord;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustStorage;
import org.apereo.cas.trusted.util.MultifactorAuthenticationTrustUtils;
import org.apereo.cas.trusted.web.flow.fingerprint.DeviceFingerprintStrategy;
import org.apereo.cas.web.flow.actions.BaseCasWebflowAction;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/trusted/web/flow/MultifactorAuthenticationVerifyTrustAction.class */
public class MultifactorAuthenticationVerifyTrustAction extends BaseCasWebflowAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(MultifactorAuthenticationVerifyTrustAction.class);
    private final MultifactorAuthenticationTrustStorage storage;
    private final DeviceFingerprintStrategy deviceFingerprintStrategy;
    private final TrustedDevicesMultifactorProperties trustedProperties;
    private final AuditableExecution registeredServiceAccessStrategyEnforcer;
    private final MultifactorAuthenticationTrustedDeviceBypassEvaluator bypassEvaluator;

    protected Event doExecuteInternal(RequestContext requestContext) throws Throwable {
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        if (authentication == null) {
            LOGGER.warn("Could not determine authentication from the request context");
            return no();
        }
        RegisteredService registeredService = WebUtils.getRegisteredService(requestContext);
        if (this.bypassEvaluator.shouldBypassTrustedDevice(registeredService, WebUtils.getService(requestContext), authentication)) {
            LOGGER.debug("Trusted device registration is disabled for [{}]", registeredService);
            return result("skip");
        }
        String id = authentication.getPrincipal().getId();
        LOGGER.trace("Retrieving trusted authentication records for [{}]", id);
        Set<? extends MultifactorAuthenticationTrustRecord> set = this.storage.get(id);
        if (set.isEmpty()) {
            LOGGER.debug("No valid trusted authentication records could be found for [{}]", id);
            return no();
        }
        String determineFingerprintComponent = this.deviceFingerprintStrategy.determineFingerprintComponent(id, WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext), WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext));
        LOGGER.trace("Retrieving authentication records for [{}] that matches [{}]", id, determineFingerprintComponent);
        if (set.stream().filter(multifactorAuthenticationTrustRecord -> {
            return StringUtils.isNotBlank(multifactorAuthenticationTrustRecord.getDeviceFingerprint());
        }).noneMatch(multifactorAuthenticationTrustRecord2 -> {
            return multifactorAuthenticationTrustRecord2.getDeviceFingerprint().equals(determineFingerprintComponent);
        })) {
            LOGGER.debug("No trusted authentication records could be found for [{}] to match the current device fingerprint", id);
            return no();
        }
        LOGGER.debug("Trusted authentication records found for [{}] that matches the current device fingerprint", id);
        MultifactorAuthenticationTrustUtils.setMultifactorAuthenticationTrustedInScope(requestContext);
        MultifactorAuthenticationTrustUtils.trackTrustedMultifactorAuthenticationAttribute(authentication, this.trustedProperties.getCore().getAuthenticationContextAttribute());
        return yes();
    }

    @Generated
    public MultifactorAuthenticationVerifyTrustAction(MultifactorAuthenticationTrustStorage multifactorAuthenticationTrustStorage, DeviceFingerprintStrategy deviceFingerprintStrategy, TrustedDevicesMultifactorProperties trustedDevicesMultifactorProperties, AuditableExecution auditableExecution, MultifactorAuthenticationTrustedDeviceBypassEvaluator multifactorAuthenticationTrustedDeviceBypassEvaluator) {
        this.storage = multifactorAuthenticationTrustStorage;
        this.deviceFingerprintStrategy = deviceFingerprintStrategy;
        this.trustedProperties = trustedDevicesMultifactorProperties;
        this.registeredServiceAccessStrategyEnforcer = auditableExecution;
        this.bypassEvaluator = multifactorAuthenticationTrustedDeviceBypassEvaluator;
    }

    @Generated
    public MultifactorAuthenticationTrustStorage getStorage() {
        return this.storage;
    }

    @Generated
    public DeviceFingerprintStrategy getDeviceFingerprintStrategy() {
        return this.deviceFingerprintStrategy;
    }

    @Generated
    public TrustedDevicesMultifactorProperties getTrustedProperties() {
        return this.trustedProperties;
    }

    @Generated
    public AuditableExecution getRegisteredServiceAccessStrategyEnforcer() {
        return this.registeredServiceAccessStrategyEnforcer;
    }

    @Generated
    public MultifactorAuthenticationTrustedDeviceBypassEvaluator getBypassEvaluator() {
        return this.bypassEvaluator;
    }
}
