package org.apereo.cas.web.flow.resolver.impl.mfa.adaptive;

import java.time.DayOfWeek;
import java.time.LocalDateTime;
import java.time.format.TextStyle;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.authentication.TimeBasedAuthenticationProperties;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.audit.annotation.Audit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-api-5.3.9.jar:org/apereo/cas/web/flow/resolver/impl/mfa/adaptive/TimedMultifactorAuthenticationPolicyEventResolver.class */
public class TimedMultifactorAuthenticationPolicyEventResolver extends BaseMultifactorAuthenticationProviderEventResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) TimedMultifactorAuthenticationPolicyEventResolver.class);
    private final List<TimeBasedAuthenticationProperties> timedMultifactor;

    public TimedMultifactorAuthenticationPolicyEventResolver(AuthenticationSystemSupport authenticationSystemSupport, CentralAuthenticationService centralAuthenticationService, ServicesManager servicesManager, TicketRegistrySupport ticketRegistrySupport, CookieGenerator cookieGenerator, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector, CasConfigurationProperties casConfigurationProperties) {
        super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, cookieGenerator, authenticationServiceSelectionPlan, multifactorAuthenticationProviderSelector);
        this.timedMultifactor = casConfigurationProperties.getAuthn().getAdaptive().getRequireTimedMultifactor();
    }

    @Override // org.apereo.cas.web.flow.resolver.CasWebflowEventResolver
    public Set<Event> resolveInternal(RequestContext requestContext) {
        RegisteredService resolveRegisteredServiceInRequestContext = resolveRegisteredServiceInRequestContext(requestContext);
        Authentication authentication = WebUtils.getAuthentication(requestContext);
        if (resolveRegisteredServiceInRequestContext == null || authentication == null) {
            LOGGER.debug("No service or authentication is available to determine event for principal");
            return null;
        }
        if (this.timedMultifactor == null || this.timedMultifactor.isEmpty()) {
            LOGGER.debug("Adaptive authentication is not configured to require multifactor authentication by time");
            return null;
        }
        Map<String, MultifactorAuthenticationProvider> availableMultifactorAuthenticationProviders = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
        if (availableMultifactorAuthenticationProviders == null || availableMultifactorAuthenticationProviders.isEmpty()) {
            LOGGER.error("No multifactor authentication providers are available in the application context");
            throw new AuthenticationException();
        }
        Set<Event> checkTimedMultifactorProvidersForRequest = checkTimedMultifactorProvidersForRequest(requestContext, resolveRegisteredServiceInRequestContext, authentication);
        if (checkTimedMultifactorProvidersForRequest == null || checkTimedMultifactorProvidersForRequest.isEmpty()) {
            return null;
        }
        LOGGER.warn("Found multifactor authentication providers [{}] required for this authentication event", checkTimedMultifactorProvidersForRequest);
        return checkTimedMultifactorProvidersForRequest;
    }

    private Set<Event> checkTimedMultifactorProvidersForRequest(RequestContext requestContext, RegisteredService registeredService, Authentication authentication) {
        LocalDateTime now = LocalDateTime.now();
        DayOfWeek from = DayOfWeek.from(now);
        List list = (List) Arrays.stream(TextStyle.values()).map(textStyle -> {
            return from.getDisplayName(textStyle, Locale.getDefault());
        }).collect(Collectors.toList());
        Map<String, MultifactorAuthenticationProvider> availableMultifactorAuthenticationProviders = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
        TimeBasedAuthenticationProperties orElse = this.timedMultifactor.stream().filter(timeBasedAuthenticationProperties -> {
            boolean z = false;
            if (!timeBasedAuthenticationProperties.getOnDays().isEmpty()) {
                Stream<String> stream = timeBasedAuthenticationProperties.getOnDays().stream();
                Objects.requireNonNull(list);
                z = stream.filter((v1) -> {
                    return r1.contains(v1);
                }).findAny().isPresent();
            }
            if (timeBasedAuthenticationProperties.getOnOrAfterHour() >= 0) {
                z = ((long) now.getHour()) >= timeBasedAuthenticationProperties.getOnOrAfterHour();
            }
            if (timeBasedAuthenticationProperties.getOnOrBeforeHour() >= 0) {
                z = ((long) now.getHour()) <= timeBasedAuthenticationProperties.getOnOrBeforeHour();
            }
            return z;
        }).findFirst().orElse(null);
        if (orElse == null) {
            return null;
        }
        Optional<MultifactorAuthenticationProvider> resolveProvider = resolveProvider(availableMultifactorAuthenticationProviders, orElse.getProviderId());
        if (resolveProvider.isPresent()) {
            return buildEvent(requestContext, registeredService, authentication, resolveProvider.get());
        }
        LOGGER.error("Adaptive authentication is configured to require [{}] for [{}], yet [{}] absent in the configuration.", orElse.getProviderId(), registeredService, orElse.getProviderId());
        throw new AuthenticationException();
    }

    private Set<Event> buildEvent(RequestContext requestContext, RegisteredService registeredService, Authentication authentication, MultifactorAuthenticationProvider multifactorAuthenticationProvider) {
        LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", multifactorAuthenticationProvider, registeredService.getName());
        return CollectionUtils.wrapSet(validateEventIdForMatchingTransitionInContext(multifactorAuthenticationProvider.getId(), requestContext, buildEventAttributeMap(authentication.getPrincipal(), registeredService, multifactorAuthenticationProvider)));
    }

    @Override // org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver, org.apereo.cas.web.flow.resolver.CasWebflowEventResolver
    @Audit(action = "AUTHENTICATION_EVENT", actionResolverName = "AUTHENTICATION_EVENT_ACTION_RESOLVER", resourceResolverName = "AUTHENTICATION_EVENT_RESOURCE_RESOLVER")
    public Event resolveSingle(RequestContext requestContext) {
        return super.resolveSingle(requestContext);
    }
}
