package io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.mfa;

import io.gravitee.am.common.factor.FactorType;
import io.gravitee.am.gateway.handler.common.factor.FactorManager;
import io.gravitee.am.gateway.handler.common.ruleengine.RuleEngine;
import io.gravitee.am.gateway.handler.common.utils.RoutingContextHelper;
import io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.mfa.utils.MfaUtils;
import io.gravitee.am.gateway.handler.context.EvaluableExecutionContext;
import io.gravitee.am.gateway.handler.context.EvaluableRequest;
import io.gravitee.am.model.ApplicationFactorSettings;
import io.gravitee.am.model.Factor;
import io.gravitee.am.model.FactorSettings;
import io.gravitee.am.model.RememberDeviceSettings;
import io.gravitee.am.model.User;
import io.gravitee.am.model.factor.FactorStatus;
import io.gravitee.am.model.oidc.Client;
import io.vertx.rxjava3.ext.web.RoutingContext;
import io.vertx.rxjava3.ext.web.Session;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jsoup.internal.StringUtil;
import org.springframework.util.StringUtils;

/* loaded from: input_file:io/gravitee/am/gateway/handler/common/vertx/web/handler/impl/internal/mfa/MfaFilterContext.class */
public class MfaFilterContext {
    private final RoutingContext routingContext;
    private final Client client;
    private final Session session;
    private final User endUser;
    private final FactorManager factorManager;
    private final RuleEngine ruleEngine;

    public MfaFilterContext(RoutingContext routingContext, Client client, FactorManager factorManager, RuleEngine ruleEngine) {
        this.routingContext = routingContext;
        this.client = client;
        this.session = routingContext.session();
        this.endUser = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser();
        this.factorManager = factorManager;
        this.ruleEngine = ruleEngine;
    }

    public boolean isEnrollSkipped() {
        if (!Objects.nonNull(this.endUser.getMfaEnrollmentSkippedAt())) {
            return false;
        }
        return this.endUser.getMfaEnrollmentSkippedAt().getTime() + (((Long) Optional.ofNullable(MfaUtils.getEnrollSettings(this.client).getSkipTimeSeconds()).orElse(36000L)).longValue() * 1000) > new Date().getTime();
    }

    public boolean isUserStronglyAuth() {
        return MfaUtils.isUserStronglyAuth(this.session);
    }

    public RememberDeviceSettings getRememberDeviceSettings() {
        return MfaUtils.getRememberDeviceSettings(this.client);
    }

    public boolean deviceAlreadyExists() {
        return MfaUtils.deviceAlreadyExists(this.session);
    }

    public RoutingContext routingContext() {
        return this.routingContext;
    }

    public Session session() {
        return this.session;
    }

    public Object getLoginAttempt() {
        return this.session.get("login_attempts");
    }

    public boolean isUserSelectedEnrollFactor() {
        return Objects.nonNull(this.session.get("enrolledFactorId"));
    }

    public Map<String, Object> getEvaluableContext() {
        Map<String, Object> evaluableAttributes = RoutingContextHelper.getEvaluableAttributes(this.routingContext);
        Object loginAttempt = getLoginAttempt();
        evaluableAttributes.put("login_attempts", Objects.isNull(loginAttempt) ? 0 : loginAttempt);
        return Map.of("request", new EvaluableRequest(new VertxHttpServerRequest(this.routingContext.request().getDelegate())), "context", new EvaluableExecutionContext(evaluableAttributes));
    }

    public boolean userHasMatchingActivatedFactors() {
        if (Objects.isNull(this.endUser.getFactors()) || this.endUser.getFactors().isEmpty()) {
            return false;
        }
        Set set = (Set) this.client.getFactorSettings().getApplicationFactors().stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet());
        Stream filter = this.endUser.getFactors().stream().filter(enrolledFactor -> {
            return FactorStatus.ACTIVATED.equals(enrolledFactor.getStatus());
        }).map((v0) -> {
            return v0.getFactorId();
        }).filter(this::isNotRecoveryCodeType);
        Objects.requireNonNull(set);
        return filter.anyMatch((v1) -> {
            return r1.contains(v1);
        });
    }

    public boolean isDeviceRiskAssessmentEnabled() {
        return ((Boolean) Optional.ofNullable(this.client.getRiskAssessment()).filter((v0) -> {
            return v0.isEnabled();
        }).map((v0) -> {
            return v0.getDeviceAssessment();
        }).map((v0) -> {
            return v0.isEnabled();
        }).orElse(false)).booleanValue();
    }

    public boolean isChallengeCompleted() {
        return Boolean.TRUE.equals(this.session.get("mfaChallengeCompleted"));
    }

    public boolean checkSelectedFactor() {
        String str = (String) this.session.get("enrolledFactorId");
        return getApplicableFactors().stream().anyMatch(applicationFactorSettings -> {
            return applicationFactorSettings.getId().equals(str);
        });
    }

    private List<ApplicationFactorSettings> getApplicableFactors() {
        FactorSettings factorSettings = (FactorSettings) Optional.ofNullable(this.client.getFactorSettings()).orElseGet(FactorSettings::new);
        List<ApplicationFactorSettings> list = factorSettings.getApplicationFactors().stream().filter(applicationFactorSettings -> {
            return evaluateFactorRule(applicationFactorSettings.getSelectionRule());
        }).toList();
        return list.isEmpty() ? factorSettings.getApplicationFactors().stream().filter(applicationFactorSettings2 -> {
            return applicationFactorSettings2.getId().equals(factorSettings.getDefaultFactorId());
        }).toList() : list;
    }

    public boolean isFactorSelected() {
        return !StringUtil.isBlank((String) this.session.get("enrolledFactorId"));
    }

    public boolean evaluateFactorRuleByFactorId(String str) {
        FactorSettings factorSettings = (FactorSettings) Optional.ofNullable(this.client.getFactorSettings()).orElseGet(FactorSettings::new);
        List applicationFactors = factorSettings.getApplicationFactors();
        if (applicationFactors.size() == 1 && str.equals(factorSettings.getDefaultFactorId())) {
            return true;
        }
        return ((Boolean) applicationFactors.stream().filter(applicationFactorSettings -> {
            return applicationFactorSettings.getId().equals(str);
        }).map(applicationFactorSettings2 -> {
            return Boolean.valueOf(evaluateFactorRule(applicationFactorSettings2.getSelectionRule()));
        }).findFirst().orElse(false)).booleanValue();
    }

    public boolean isDefaultFactor(String str) {
        return ((Boolean) Optional.ofNullable(this.client.getFactorSettings()).map(factorSettings -> {
            return Boolean.valueOf(factorSettings.getDefaultFactorId().equals(str));
        }).orElse(false)).booleanValue();
    }

    private boolean evaluateFactorRule(String str) {
        return !StringUtils.hasText(str) || Boolean.TRUE.equals(Boolean.valueOf(MfaUtils.evaluateRule(str, this, this.ruleEngine)));
    }

    private boolean isNotRecoveryCodeType(String str) {
        Factor factor = this.factorManager.getFactor(str);
        return Objects.nonNull(factor) && !FactorType.RECOVERY_CODE.equals(factor.getFactorType());
    }

    public boolean isUserSilentAuth() {
        return Boolean.TRUE.equals(this.routingContext.get("silentAuth"));
    }
}
