package org.apereo.cas.authentication.bypass;

import jakarta.servlet.http.HttpServletRequest;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.RegexUtils;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.apereo.inspektr.audit.annotation.Audit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/authentication/bypass/BaseMultifactorAuthenticationProviderBypassEvaluator.class */
public abstract class BaseMultifactorAuthenticationProviderBypassEvaluator implements MultifactorAuthenticationProviderBypassEvaluator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(BaseMultifactorAuthenticationProviderBypassEvaluator.class);
    private static final long serialVersionUID = 2372899636154131393L;
    private final String providerId;
    private final String id = getClass().getSimpleName();

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean locateMatchingAttributeValue(String str, Set<String> set, Map<String, List<Object>> map, boolean z) {
        LOGGER.debug("Locating matching attribute [{}] with value [{}] amongst the attribute collection [{}]", new Object[]{str, set, map});
        if (StringUtils.isBlank(str)) {
            LOGGER.debug("Failed to match since attribute name is undefined");
            return false;
        }
        Map<String, List<Object>> locateMatchingAttributeName = locateMatchingAttributeName(map, str);
        if (locateMatchingAttributeName.isEmpty()) {
            return false;
        }
        if (set == null || set.isEmpty()) {
            LOGGER.debug("No attribute value to match is provided; Match result is set to [{}]", Boolean.valueOf(z));
            return z;
        }
        Set set2 = (Set) locateMatchingAttributeName.entrySet().stream().filter(entry -> {
            Set collection = CollectionUtils.toCollection(entry.getValue());
            LOGGER.debug("Matching attribute [{}] with values [{}] against [{}]", new Object[]{entry.getKey(), collection, set});
            return RegexUtils.findFirst(set, collection).isPresent();
        }).collect(Collectors.toSet());
        LOGGER.debug("Matching attribute values remaining are [{}]", set2);
        return !set2.isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Map<String, List<Object>> locateMatchingAttributeName(Map<String, List<Object>> map, String str) {
        Map<String, List<Object>> map2 = (Map) map.entrySet().stream().filter(entry -> {
            LOGGER.debug("Attempting to match [{}] against [{}]", str, entry.getKey());
            return RegexUtils.find(str, (String) entry.getKey());
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        LOGGER.debug("Found [{}] attributes relevant for multifactor authentication bypass", Integer.valueOf(map2.size()));
        return map2;
    }

    @Audit(action = "MULTIFACTOR_AUTHENTICATION_BYPASS_EVALUATION", actionResolverName = "MULTIFACTOR_AUTHENTICATION_BYPASS_ACTION_RESOLVER", resourceResolverName = "MULTIFACTOR_AUTHENTICATION_BYPASS_RESOURCE_RESOLVER")
    public boolean shouldMultifactorAuthenticationProviderExecute(Authentication authentication, RegisteredService registeredService, MultifactorAuthenticationProvider multifactorAuthenticationProvider, HttpServletRequest httpServletRequest, Service service) {
        return shouldMultifactorAuthenticationProviderExecuteInternal(authentication, registeredService, multifactorAuthenticationProvider, httpServletRequest);
    }

    public boolean isMultifactorAuthenticationBypassed(Authentication authentication, String str) {
        Map attributes = authentication.getAttributes();
        if (!attributes.containsKey("bypassMultifactorAuthentication")) {
            return false;
        }
        Optional firstElement = CollectionUtils.firstElement(attributes.get("bypassMultifactorAuthentication"));
        Optional firstElement2 = CollectionUtils.firstElement(attributes.get("bypassedMultifactorAuthenticationProviderId"));
        if (firstElement.isPresent() && ((Boolean) firstElement.get()).booleanValue() && firstElement2.isPresent()) {
            return StringUtils.equalsIgnoreCase(str, firstElement2.get().toString());
        }
        return false;
    }

    public void forgetBypass(Authentication authentication) {
        authentication.addAttribute("bypassMultifactorAuthentication", Boolean.FALSE);
    }

    public void rememberBypass(Authentication authentication, MultifactorAuthenticationProvider multifactorAuthenticationProvider) {
        authentication.addAttribute("bypassMultifactorAuthentication", Boolean.TRUE);
        authentication.addAttribute("bypassedMultifactorAuthenticationProviderId", multifactorAuthenticationProvider.getId());
    }

    public Optional<MultifactorAuthenticationProviderBypassEvaluator> belongsToMultifactorAuthenticationProvider(String str) {
        return getProviderId().equalsIgnoreCase(str) ? Optional.of(this) : Optional.empty();
    }

    protected abstract boolean shouldMultifactorAuthenticationProviderExecuteInternal(Authentication authentication, RegisteredService registeredService, MultifactorAuthenticationProvider multifactorAuthenticationProvider, HttpServletRequest httpServletRequest);

    /* JADX INFO: Access modifiers changed from: protected */
    public Principal resolvePrincipal(Principal principal) {
        return (Principal) ApplicationContextProvider.getMultifactorAuthenticationPrincipalResolvers().stream().filter(multifactorAuthenticationPrincipalResolver -> {
            return multifactorAuthenticationPrincipalResolver.supports(principal);
        }).findFirst().map(multifactorAuthenticationPrincipalResolver2 -> {
            return multifactorAuthenticationPrincipalResolver2.resolve(principal);
        }).orElseThrow(() -> {
            return new IllegalStateException("Unable to resolve principal for multifactor authentication");
        });
    }

    @Generated
    public String getProviderId() {
        return this.providerId;
    }

    @Generated
    public String getId() {
        return this.id;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Generated
    public BaseMultifactorAuthenticationProviderBypassEvaluator(String str) {
        this.providerId = str;
    }

    @Generated
    public String toString() {
        return "BaseMultifactorAuthenticationProviderBypassEvaluator(providerId=" + this.providerId + ", id=" + this.id + ")";
    }
}
