package org.apereo.cas.interrupt.webflow.actions;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.interrupt.InterruptInquirer;
import org.apereo.cas.interrupt.InterruptResponse;
import org.apereo.cas.interrupt.InterruptTrackingEngine;
import org.apereo.cas.interrupt.webflow.InterruptUtils;
import org.apereo.cas.services.RegisteredServiceWebflowInterruptPolicy;
import org.apereo.cas.services.WebBasedRegisteredService;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.RegexUtils;
import org.apereo.cas.util.scripting.ExecutableCompiledGroovyScript;
import org.apereo.cas.util.scripting.ScriptResourceCacheManager;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver;
import org.apereo.cas.web.flow.actions.BaseCasWebflowAction;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/interrupt/webflow/actions/InquireInterruptAction.class */
public class InquireInterruptAction extends BaseCasWebflowAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(InquireInterruptAction.class);
    private final List<InterruptInquirer> interruptInquirers;
    private final CasConfigurationProperties casProperties;
    private final InterruptTrackingEngine interruptTrackingEngine;

    protected Event doExecuteInternal(RequestContext requestContext) throws Throwable {
        if (WebUtils.isInterruptAuthenticationFlowFinalized(requestContext)) {
            return getInterruptSkippedEvent();
        }
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        WebBasedRegisteredService webBasedRegisteredService = (WebBasedRegisteredService) WebUtils.getRegisteredService(requestContext);
        if (!isInterruptInquiryForcedFor(webBasedRegisteredService) && this.interruptTrackingEngine.isInterrupted(requestContext)) {
            Optional forCurrentRequest = this.interruptTrackingEngine.forCurrentRequest(requestContext);
            if (forCurrentRequest.isPresent()) {
                Optional<InterruptResponse> inquire = inquire(requestContext);
                if (inquire.isPresent() && inquire.get().equals(forCurrentRequest.get())) {
                    LOGGER.debug("Authentication event has already finalized interrupt. Skipping...");
                    return getInterruptSkippedEvent();
                }
            }
        }
        if (webBasedRegisteredService == null || webBasedRegisteredService.getWebflowInterruptPolicy() == null || (!shouldSkipInterruptForPrincipalAttributes(webBasedRegisteredService, authentication) && !shouldSkipInterruptForGroovyScript(requestContext, webBasedRegisteredService, authentication))) {
            return (Event) inquire(requestContext).map(interruptResponse -> {
                LOGGER.debug("Interrupt inquiry is required since inquirer produced a response [{}]", interruptResponse);
                InterruptUtils.putInterruptIn(requestContext, interruptResponse);
                InterruptUtils.putInterruptTriggerMode(requestContext, this.casProperties.getInterrupt().getCore().getTriggerMode());
                WebUtils.putPrincipal(requestContext, authentication.getPrincipal());
                return new EventFactorySupport().event(this, "interruptRequired");
            }).orElseGet(() -> {
                LOGGER.debug("Webflow interrupt is skipped since no inquirer produced a response");
                return getInterruptSkippedEvent();
            });
        }
        return getInterruptSkippedEvent();
    }

    protected boolean shouldSkipInterruptForGroovyScript(RequestContext requestContext, WebBasedRegisteredService webBasedRegisteredService, Authentication authentication) throws Throwable {
        RegisteredServiceWebflowInterruptPolicy webflowInterruptPolicy = webBasedRegisteredService.getWebflowInterruptPolicy();
        if (StringUtils.isBlank(webflowInterruptPolicy.getGroovyScript())) {
            return false;
        }
        ExecutableCompiledGroovyScript resolveScriptableResource = ((ScriptResourceCacheManager) ApplicationContextProvider.getScriptResourceCacheManager().orElseThrow(() -> {
            return new RuntimeException("No groovy script cache manager is available to evaluate interrupt policy");
        })).resolveScriptableResource(SpringExpressionLanguageValueResolver.getInstance().resolve(webflowInterruptPolicy.getGroovyScript()), new String[]{webBasedRegisteredService.getServiceId(), webBasedRegisteredService.getName()});
        HashMap hashMap = new HashMap(authentication.getAttributes());
        hashMap.putAll(authentication.getPrincipal().getAttributes());
        Map wrap = CollectionUtils.wrap("attributes", hashMap, "username", authentication.getPrincipal().getId(), "registeredService", webBasedRegisteredService, "service", WebUtils.getService(requestContext), "logger", LOGGER);
        resolveScriptableResource.setBinding(wrap);
        return !((Boolean) resolveScriptableResource.execute(wrap.values().toArray(), Boolean.class)).booleanValue();
    }

    protected boolean shouldSkipInterruptForPrincipalAttributes(WebBasedRegisteredService webBasedRegisteredService, Authentication authentication) {
        RegisteredServiceWebflowInterruptPolicy webflowInterruptPolicy = webBasedRegisteredService.getWebflowInterruptPolicy();
        if (StringUtils.isBlank(webflowInterruptPolicy.getAttributeName()) || StringUtils.isBlank(webflowInterruptPolicy.getAttributeValue())) {
            return false;
        }
        SpringExpressionLanguageValueResolver springExpressionLanguageValueResolver = SpringExpressionLanguageValueResolver.getInstance();
        String resolve = springExpressionLanguageValueResolver.resolve(webflowInterruptPolicy.getAttributeName());
        String resolve2 = springExpressionLanguageValueResolver.resolve(webflowInterruptPolicy.getAttributeValue());
        HashMap hashMap = new HashMap(authentication.getAttributes());
        hashMap.putAll(authentication.getPrincipal().getAttributes());
        Optional findFirst = RegexUtils.findFirst(resolve, hashMap.keySet());
        LOGGER.trace("Checking attribute [{}] to match [{}] in current set of attributes [{}]", new Object[]{findFirst, resolve2, hashMap});
        Objects.requireNonNull(hashMap);
        Optional filter = findFirst.filter((v1) -> {
            return r1.containsKey(v1);
        });
        Objects.requireNonNull(hashMap);
        return filter.map((v1) -> {
            return r1.get(v1);
        }).flatMap(list -> {
            return RegexUtils.findFirst(resolve2, list);
        }).stream().findFirst().isEmpty();
    }

    private boolean isInterruptInquiryForcedFor(WebBasedRegisteredService webBasedRegisteredService) {
        return this.casProperties.getInterrupt().getCore().isForceExecution() || (webBasedRegisteredService != null && webBasedRegisteredService.getWebflowInterruptPolicy().getForceExecution().isTrue());
    }

    private Event getInterruptSkippedEvent() {
        return new EventFactorySupport().event(this, "interruptSkipped");
    }

    protected Optional<InterruptResponse> inquire(RequestContext requestContext) {
        return this.interruptInquirers.stream().map(interruptInquirer -> {
            try {
                LOGGER.trace("Invoking interrupt inquirer using [{}]", interruptInquirer.getName());
                return interruptInquirer.inquire(WebUtils.getAuthentication(requestContext), WebUtils.getRegisteredService(requestContext), WebUtils.getService(requestContext), WebUtils.getCredential(requestContext), requestContext);
            } catch (Throwable th) {
                LoggingUtils.error(LOGGER, th);
                return null;
            }
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).filter((v0) -> {
            return v0.isInterrupt();
        }).findFirst();
    }

    @Generated
    public InquireInterruptAction(List<InterruptInquirer> list, CasConfigurationProperties casConfigurationProperties, InterruptTrackingEngine interruptTrackingEngine) {
        this.interruptInquirers = list;
        this.casProperties = casConfigurationProperties;
        this.interruptTrackingEngine = interruptTrackingEngine;
    }
}
