package org.apereo.cas.support.saml.web.idp.web;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Optional;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.MultifactorAuthenticationContextValidationResult;
import org.apereo.cas.authentication.MultifactorAuthenticationContextValidator;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationTriggerSelectionStrategy;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.web.flow.BaseSingleSignOnParticipationStrategy;
import org.apereo.cas.web.flow.SingleSignOnParticipationRequest;
import org.apereo.cas.web.support.WebUtils;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/web/SamlIdPSingleSignOnParticipationStrategy.class */
public class SamlIdPSingleSignOnParticipationStrategy extends BaseSingleSignOnParticipationStrategy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlIdPSingleSignOnParticipationStrategy.class);
    private final MultifactorAuthenticationContextValidator authenticationContextValidator;
    private final MultifactorAuthenticationTriggerSelectionStrategy multifactorTriggerSelectionStrategy;

    public SamlIdPSingleSignOnParticipationStrategy(ServicesManager servicesManager, TicketRegistrySupport ticketRegistrySupport, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, MultifactorAuthenticationContextValidator multifactorAuthenticationContextValidator, MultifactorAuthenticationTriggerSelectionStrategy multifactorAuthenticationTriggerSelectionStrategy) {
        super(servicesManager, ticketRegistrySupport, authenticationServiceSelectionPlan);
        this.authenticationContextValidator = multifactorAuthenticationContextValidator;
        this.multifactorTriggerSelectionStrategy = multifactorAuthenticationTriggerSelectionStrategy;
    }

    public boolean isParticipating(SingleSignOnParticipationRequest singleSignOnParticipationRequest) {
        Service service = (Service) singleSignOnParticipationRequest.getAttributeValue(Service.class.getName(), Service.class);
        RegisteredService registeredService = (RegisteredService) singleSignOnParticipationRequest.getAttributeValue(RegisteredService.class.getName(), RegisteredService.class);
        Authentication authentication = (Authentication) singleSignOnParticipationRequest.getAttributeValue(Authentication.class.getName(), Authentication.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) singleSignOnParticipationRequest.getHttpServletRequest().orElseGet(() -> {
            return WebUtils.getHttpServletRequestFromExternalWebflowContext((RequestContext) singleSignOnParticipationRequest.getRequestContext().get());
        });
        HttpServletResponse httpServletResponse = (HttpServletResponse) singleSignOnParticipationRequest.getHttpServletResponse().orElseGet(() -> {
            return WebUtils.getHttpServletResponseFromExternalWebflowContext((RequestContext) singleSignOnParticipationRequest.getRequestContext().get());
        });
        boolean z = supports(singleSignOnParticipationRequest) && !((AuthnRequest) singleSignOnParticipationRequest.getAttributeValue(AuthnRequest.class.getName(), AuthnRequest.class)).isForceAuthn().booleanValue();
        return ((Boolean) FunctionUtils.doAndHandle(() -> {
            return (Boolean) resolveMultifactorAuthenticationTrigger(service, registeredService, authentication, httpServletRequest, httpServletResponse).map(multifactorAuthenticationProvider -> {
                LOGGER.trace("Validating authentication context for event [{}] and service [{}]", multifactorAuthenticationProvider.getId(), registeredService);
                MultifactorAuthenticationContextValidationResult validate = this.authenticationContextValidator.validate(authentication, multifactorAuthenticationProvider.getId(), Optional.ofNullable(registeredService));
                return Boolean.valueOf(z && validate.isSuccess() && validate.getProvider().isPresent() && !registeredService.getMultifactorAuthenticationPolicy().isForceExecution());
            }).orElse(Boolean.valueOf(z));
        }, th -> {
            return false;
        }).get()).booleanValue();
    }

    protected Optional<MultifactorAuthenticationProvider> resolveMultifactorAuthenticationTrigger(Service service, RegisteredService registeredService, Authentication authentication, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this.multifactorTriggerSelectionStrategy.resolve(httpServletRequest, httpServletResponse, registeredService, authentication, service);
    }

    public boolean supports(SingleSignOnParticipationRequest singleSignOnParticipationRequest) {
        return singleSignOnParticipationRequest.containsAttribute(AuthnRequest.class.getName()) && singleSignOnParticipationRequest.containsAttribute(Issuer.class.getName());
    }
}
