package io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.mfa.utils;

import com.google.common.base.Strings;
import io.gravitee.am.common.factor.FactorType;
import io.gravitee.am.gateway.handler.common.factor.FactorManager;
import io.gravitee.am.gateway.handler.common.ruleengine.RuleEngine;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.AuthenticationFlowChain;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.mfa.MFAStep;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.mfa.MfaFilterContext;
import io.gravitee.am.model.ChallengeSettings;
import io.gravitee.am.model.EnrollSettings;
import io.gravitee.am.model.MFASettings;
import io.gravitee.am.model.MfaEnrollType;
import io.gravitee.am.model.RememberDeviceSettings;
import io.gravitee.am.model.StepUpAuthenticationSettings;
import io.gravitee.am.model.oidc.Client;
import io.vertx.rxjava3.ext.web.RoutingContext;
import io.vertx.rxjava3.ext.web.Session;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.Generated;

/* loaded from: input_file:io/gravitee/am/gateway/handler/common/vertx/web/handler/impl/internal/mfa/utils/MfaUtils.class */
public class MfaUtils {
    public static boolean isUserStronglyAuth(Session session) {
        return Boolean.TRUE.equals(session.get("strongAuthCompleted"));
    }

    public static StepUpAuthenticationSettings getMfaStepUp(Client client) {
        return (StepUpAuthenticationSettings) Optional.ofNullable(client.getMfaSettings()).map((v0) -> {
            return v0.getStepUpAuthentication();
        }).orElse(new StepUpAuthenticationSettings());
    }

    public static String getAdaptiveMfaStepUpRule(Client client) {
        return (String) Optional.ofNullable(client.getMfaSettings()).map((v0) -> {
            return v0.getChallenge();
        }).map((v0) -> {
            return v0.getChallengeRule();
        }).orElse("");
    }

    public static RememberDeviceSettings getRememberDeviceSettings(Client client) {
        return (RememberDeviceSettings) Optional.ofNullable(client.getMfaSettings()).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.getRememberDevice();
        }).orElse(new RememberDeviceSettings());
    }

    public static boolean deviceAlreadyExists(Session session) {
        return Boolean.TRUE.equals(session.get("deviceAlreadyExists"));
    }

    public static ChallengeSettings getChallengeSettings(Client client) {
        return (ChallengeSettings) Optional.ofNullable(client.getMfaSettings()).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.getChallenge();
        }).orElse(new ChallengeSettings());
    }

    public static EnrollSettings getEnrollSettings(Client client) {
        return (EnrollSettings) Optional.ofNullable(client.getMfaSettings()).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.getEnroll();
        }).orElse(new EnrollSettings());
    }

    public static MFASettings getMfaSettings(Client client) {
        return (MFASettings) Optional.ofNullable(client.getMfaSettings()).orElse(new MFASettings());
    }

    public static boolean isChallengeActive(Client client) {
        return getChallengeSettings(client).isActive();
    }

    public static void stopMfaFlow(MfaFilterContext mfaFilterContext, AuthenticationFlowChain authenticationFlowChain) {
        mfaFilterContext.session().put("mfaStop", true);
        authenticationFlowChain.doNext(mfaFilterContext.routingContext());
    }

    public static void executeFlowStep(MfaFilterContext mfaFilterContext, AuthenticationFlowChain authenticationFlowChain, MFAStep mFAStep) {
        mfaFilterContext.session().put("mfaStop", false);
        authenticationFlowChain.exit(mFAStep);
    }

    public static void continueMfaFlow(MfaFilterContext mfaFilterContext, AuthenticationFlowChain authenticationFlowChain) {
        mfaFilterContext.session().put("mfaStop", false);
        authenticationFlowChain.doNext(mfaFilterContext.routingContext());
    }

    public static boolean isMfaFlowStopped(MfaFilterContext mfaFilterContext) {
        return ((Boolean) Optional.ofNullable((Boolean) mfaFilterContext.session().get("mfaStop")).orElse(false)).booleanValue();
    }

    public static boolean hasFactors(Client client, FactorManager factorManager) {
        Set set = (Set) ((List) Optional.ofNullable(client.getFactorSettings()).map((v0) -> {
            return v0.getApplicationFactors();
        }).orElse(List.of())).stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet());
        return !set.isEmpty() && notOnlyRecoveryCodeFactors(set, factorManager);
    }

    private static boolean notOnlyRecoveryCodeFactors(Set<String> set, FactorManager factorManager) {
        return set.stream().anyMatch(str -> {
            return !factorManager.getFactor(str).getFactorType().equals(FactorType.RECOVERY_CODE);
        });
    }

    public static boolean evaluateRule(String str, MfaFilterContext mfaFilterContext, RuleEngine ruleEngine) {
        return (Strings.isNullOrEmpty(str) || str.isBlank() || !((Boolean) ruleEngine.evaluate(str, mfaFilterContext.getEvaluableContext(), Boolean.class, false)).booleanValue()) ? false : true;
    }

    public static boolean challengeConditionSatisfied(Client client, MfaFilterContext mfaFilterContext, RuleEngine ruleEngine) {
        return evaluateRule(getChallengeSettings(client).getChallengeRule(), mfaFilterContext, ruleEngine);
    }

    public static boolean stepUpRequired(MfaFilterContext mfaFilterContext, Client client, RuleEngine ruleEngine) {
        StepUpAuthenticationSettings mfaStepUp = getMfaStepUp(client);
        return mfaStepUp.isActive() && evaluateRule(mfaStepUp.getStepUpAuthenticationRule(), mfaFilterContext, ruleEngine);
    }

    public static boolean isCanSkip(RoutingContext routingContext, Client client) {
        EnrollSettings enrollSettings = getEnrollSettings(client);
        return enrollSettings.isActive() && ((enrollSettings.getForceEnrollment() != null && !enrollSettings.getForceEnrollment().booleanValue()) || (MfaEnrollType.CONDITIONAL.equals(enrollSettings.getType()) && Boolean.TRUE.equals(routingContext.session().get("mfaEnrollmentCanBeSkippedConditionally"))));
    }

    @Generated
    private MfaUtils() {
    }
}
