package org.apereo.cas.webauthn.web.flow;

import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.webauthn.WebAuthnMultifactorProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.configurer.AbstractCasMultifactorWebflowConfigurer;
import org.apereo.cas.web.flow.configurer.CasMultifactorWebflowCustomizer;
import org.apereo.cas.webauthn.WebAuthnCredential;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.util.StringUtils;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.ActionState;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.ViewState;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

/* loaded from: input_file:org/apereo/cas/webauthn/web/flow/WebAuthnMultifactorWebflowConfigurer.class */
public class WebAuthnMultifactorWebflowConfigurer extends AbstractCasMultifactorWebflowConfigurer {
    public static final String MFA_WEB_AUTHN_EVENT_ID = "mfa-webauthn";
    private static final String TRANSITION_ID_VALIDATE_WEBAUTHN = "validateWebAuthn";

    public WebAuthnMultifactorWebflowConfigurer(FlowBuilderServices flowBuilderServices, FlowDefinitionRegistry flowDefinitionRegistry, FlowDefinitionRegistry flowDefinitionRegistry2, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, List<CasMultifactorWebflowCustomizer> list) {
        super(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties, Optional.of(flowDefinitionRegistry2), list);
    }

    protected void doInitialize() {
        this.multifactorAuthenticationFlowDefinitionRegistries.forEach(flowDefinitionRegistry -> {
            Flow flow = getFlow(flowDefinitionRegistry, MFA_WEB_AUTHN_EVENT_ID);
            createFlowVariable(flow, "credential", WebAuthnCredential.class);
            flow.getStartActionList().add(createEvaluateAction("initialFlowSetupAction"));
            ActionState createActionState = createActionState(flow, "initializeLoginForm", createEvaluateAction("initializeLoginAction"));
            createTransitionForState(createActionState, "success", "accountRegistrationCheck");
            setStartState(flow, createActionState);
            ActionState createActionState2 = createActionState(flow, "accountRegistrationCheck", createEvaluateAction("webAuthnCheckAccountRegistrationAction"));
            createTransitionForState(createActionState2, "register", "viewRegistrationWebAuthn");
            createTransitionForState(createActionState2, "success", "viewLoginForm");
            Action createSetAction = createSetAction("viewScope.principal", "conversationScope.authentication.principal");
            ViewState createViewState = createViewState(flow, "viewRegistrationWebAuthn", "casWebAuthnRegistrationView");
            createViewState.getEntryActionList().addAll(new Action[]{createEvaluateAction("webAuthnStartRegistrationAction"), createSetAction});
            createTransitionForState(createViewState, "submit", "saveRegistration");
            ActionState createActionState3 = createActionState(flow, "saveRegistration", "webAuthnSaveAccountRegistrationAction");
            createTransitionForState(createActionState3, "success", "accountRegistrationCheck");
            createTransitionForState(createActionState3, "error", "stopWebflow");
            ViewState createViewState2 = createViewState(flow, "viewLoginForm", "casWebAuthnLoginView", createStateBinderConfiguration(CollectionUtils.wrapList(new String[]{"token"})));
            createStateModelBinding(createViewState2, "credential", WebAuthnCredential.class);
            createViewState2.getEntryActionList().addAll(new Action[]{createEvaluateAction("webAuthnStartAuthenticationAction"), createSetAction});
            createTransitionForState(createViewState2, TRANSITION_ID_VALIDATE_WEBAUTHN, "realSubmit", Map.of("bind", Boolean.TRUE, "validate", Boolean.TRUE));
            ActionState createActionState4 = createActionState(flow, "realSubmit", createEvaluateAction("webAuthnAuthenticationWebflowAction"));
            createTransitionForState(createActionState4, "success", "success");
            createTransitionForState(createActionState4, "error", "viewLoginForm");
            createViewState(flow, "stopWebflow", "error");
        });
        WebAuthnMultifactorProperties webAuthn = this.casProperties.getAuthn().getMfa().getWebAuthn();
        registerMultifactorProviderAuthenticationWebflow(getLoginFlow(), MFA_WEB_AUTHN_EVENT_ID, webAuthn.getId());
        Flow loginFlow = getLoginFlow();
        if (loginFlow == null || !webAuthn.isAllowPrimaryAuthentication()) {
            return;
        }
        loginFlow.getStartActionList().add(createSetAction("flowScope.webauthnApplicationId", StringUtils.quote(webAuthn.getApplicationId())));
        loginFlow.getStartActionList().add(createSetAction("flowScope.webAuthnPrimaryAuthenticationEnabled", "true"));
        createTransitionForState(getState(loginFlow, "viewLoginForm"), TRANSITION_ID_VALIDATE_WEBAUTHN, "validateWebAuthnToken");
        createTransitionForState(createActionState(loginFlow, "validateWebAuthnToken", "webAuthnValidateSessionCredentialTokenAction"), "finalize", "realSubmit");
    }
}
