package net.unicon.cas.mfa.web.flow;

import java.util.Set;
import net.unicon.cas.addons.authentication.AuthenticationSupport;
import net.unicon.cas.mfa.authentication.MultiFactorAuthenticationTransactionContext;
import net.unicon.cas.mfa.authentication.RequestedAuthenticationMethodRankingStrategy;
import net.unicon.cas.mfa.util.MultiFactorUtils;
import net.unicon.cas.mfa.web.flow.event.MultiFactorAuthenticationSpringWebflowEventBuilder;
import net.unicon.cas.mfa.web.flow.util.MultiFactorRequestContextUtils;
import net.unicon.cas.mfa.web.support.MultiFactorAuthenticationSupportingWebApplicationService;
import org.apache.commons.lang.StringUtils;
import org.jasig.cas.authentication.Authentication;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/cas-mfa-java-1.0.0-RC8.jar:net/unicon/cas/mfa/web/flow/ValidateInitialMultiFactorAuthenticationRequestAction.class */
public final class ValidateInitialMultiFactorAuthenticationRequestAction extends AbstractAction {
    private final Logger logger = LoggerFactory.getLogger(ValidateInitialMultiFactorAuthenticationRequestAction.class);
    public static final String EVENT_ID_REQUIRE_TGT = "requireTgt";
    private final AuthenticationSupport authenticationSupport;
    private final RequestedAuthenticationMethodRankingStrategy authnMethodRankingStrategy;

    public ValidateInitialMultiFactorAuthenticationRequestAction(AuthenticationSupport authenticationSupport, RequestedAuthenticationMethodRankingStrategy requestedAuthenticationMethodRankingStrategy) {
        this.authenticationSupport = authenticationSupport;
        this.authnMethodRankingStrategy = requestedAuthenticationMethodRankingStrategy;
    }

    @Override // org.springframework.webflow.action.AbstractAction
    protected Event doExecute(RequestContext requestContext) throws Exception {
        MultiFactorAuthenticationTransactionContext mfaTransaction = MultiFactorRequestContextUtils.getMfaTransaction(requestContext);
        if (mfaTransaction == null) {
            return new Event(this, EVENT_ID_REQUIRE_TGT);
        }
        MultiFactorAuthenticationSupportingWebApplicationService computeHighestRankingAuthenticationMethod = this.authnMethodRankingStrategy.computeHighestRankingAuthenticationMethod(mfaTransaction);
        String authenticationMethod = computeHighestRankingAuthenticationMethod != null ? computeHighestRankingAuthenticationMethod.getAuthenticationMethod() : null;
        String ticketGrantingTicketId = MultiFactorRequestContextUtils.getTicketGrantingTicketId(requestContext);
        if (StringUtils.isBlank(ticketGrantingTicketId)) {
            this.logger.trace("TGT is blank; proceed flow normally.");
            return new Event(this, EVENT_ID_REQUIRE_TGT);
        }
        if (StringUtils.isBlank(authenticationMethod)) {
            this.logger.trace("Since required authentication method is blank, proceed flow normally.");
            return new Event(this, EVENT_ID_REQUIRE_TGT);
        }
        this.logger.trace("Service [{}] requires authentication method [{}]", mfaTransaction.getTargetServiceId(), authenticationMethod);
        Authentication authenticationFrom = this.authenticationSupport.getAuthenticationFrom(ticketGrantingTicketId);
        if (authenticationFrom == null) {
            this.logger.warn("TGT had no Authentication, which is odd. Proceeding as if additional authentication required.");
            MultiFactorRequestContextUtils.setMultifactorWebApplicationService(requestContext, computeHighestRankingAuthenticationMethod);
            return new Event(this, getMultiFactorEventIdByAuthenticationMethod(authenticationMethod));
        }
        Set<String> satisfiedAuthenticationMethods = MultiFactorUtils.getSatisfiedAuthenticationMethods(authenticationFrom);
        if (this.authnMethodRankingStrategy.anyPreviouslyAchievedAuthenticationMethodsStrongerThanRequestedOne(satisfiedAuthenticationMethods, authenticationMethod)) {
            this.logger.trace("Authentication method [{}] is EQUAL -- OR -- WEAKER than any previously fulfilled methods [{}]; proceeding with flow normally...", authenticationMethod, satisfiedAuthenticationMethods);
            return new Event(this, EVENT_ID_REQUIRE_TGT);
        }
        this.logger.trace("Authentication method [{}] is STRONGER than any previously fulfilled methods [{}]; branching to prompt for required authentication method.", authenticationMethod, satisfiedAuthenticationMethods);
        MultiFactorRequestContextUtils.setMultifactorWebApplicationService(requestContext, computeHighestRankingAuthenticationMethod);
        return new Event(this, getMultiFactorEventIdByAuthenticationMethod(authenticationMethod));
    }

    private String getMultiFactorEventIdByAuthenticationMethod(String str) {
        return MultiFactorAuthenticationSpringWebflowEventBuilder.MFA_EVENT_ID_PREFIX + str;
    }
}
