package org.apereo.cas.web.flow.resolver.impl.mfa;

import java.util.Collection;
import java.util.Comparator;
import java.util.Set;
import java.util.function.Predicate;
import lombok.Generated;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.scripting.ScriptingUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-api-5.3.10.jar:org/apereo/cas/web/flow/resolver/impl/mfa/PredicatedPrincipalAttributeMultifactorAuthenticationPolicyEventResolver.class */
public class PredicatedPrincipalAttributeMultifactorAuthenticationPolicyEventResolver extends PrincipalAttributeMultifactorAuthenticationPolicyEventResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) PredicatedPrincipalAttributeMultifactorAuthenticationPolicyEventResolver.class);
    private static final Class[] PREDICATE_CTOR_PARAMETERS = {Object.class, Object.class, Object.class, Object.class};
    private final Resource predicateResource;

    public PredicatedPrincipalAttributeMultifactorAuthenticationPolicyEventResolver(AuthenticationSystemSupport authenticationSystemSupport, CentralAuthenticationService centralAuthenticationService, ServicesManager servicesManager, TicketRegistrySupport ticketRegistrySupport, CookieGenerator cookieGenerator, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector, CasConfigurationProperties casConfigurationProperties) {
        super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, cookieGenerator, authenticationServiceSelectionPlan, multifactorAuthenticationProviderSelector, casConfigurationProperties);
        this.predicateResource = casConfigurationProperties.getAuthn().getMfa().getGlobalPrincipalAttributePredicate();
    }

    @Override // org.apereo.cas.web.flow.resolver.impl.mfa.PrincipalAttributeMultifactorAuthenticationPolicyEventResolver
    protected Set<Event> resolveMultifactorProviderViaPredicate(RequestContext requestContext, RegisteredService registeredService, Principal principal, Collection<MultifactorAuthenticationProvider> collection) {
        if (this.predicateResource == null || !ResourceUtils.doesResourceExist(this.predicateResource)) {
            LOGGER.debug("No groovy script predicate is defined to decide which multifactor authentication provider should be chosen");
            return null;
        }
        if (collection == null || collection.isEmpty()) {
            LOGGER.error("No multifactor authentication providers are available in the application context");
            return null;
        }
        Predicate<? super MultifactorAuthenticationProvider> predicate = (Predicate) ScriptingUtils.getObjectInstanceFromGroovyResource(this.predicateResource, PREDICATE_CTOR_PARAMETERS, new Object[]{registeredService, principal, collection, LOGGER}, Predicate.class);
        LOGGER.debug("Created predicate instance [{}] from [{}] to filter multifactor authentication providers [{}]", predicate.getClass().getSimpleName(), this.predicateResource, collection);
        MultifactorAuthenticationProvider orElse = collection.stream().filter(predicate).sorted(Comparator.comparingInt((v0) -> {
            return v0.getOrder();
        })).findFirst().orElse(null);
        LOGGER.debug("Predicate instance [{}] returned multifactor authentication provider [{}]", predicate.getClass().getSimpleName(), orElse);
        return evaluateEventForProviderInContext(principal, registeredService, requestContext, orElse);
    }
}
