package io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.mfa;

import io.gravitee.am.common.factor.FactorType;
import io.gravitee.am.gateway.handler.common.factor.FactorManager;
import io.gravitee.am.gateway.handler.common.ruleengine.RuleEngine;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.AuthenticationFlowChain;
import io.gravitee.am.model.FactorSettings;
import io.gravitee.am.model.User;
import io.gravitee.am.model.factor.FactorStatus;
import io.gravitee.am.model.oidc.Client;
import io.vertx.core.Handler;
import io.vertx.rxjava3.ext.web.RoutingContext;
import java.util.Objects;
import java.util.stream.Stream;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:io/gravitee/am/gateway/handler/common/vertx/web/handler/impl/internal/mfa/MFARecoveryCodeStep.class */
public class MFARecoveryCodeStep extends MFAStep {
    private final FactorManager factorManager;

    public MFARecoveryCodeStep(Handler<RoutingContext> handler, RuleEngine ruleEngine, FactorManager factorManager) {
        super(handler, ruleEngine);
        this.factorManager = factorManager;
    }

    @Override // io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.AuthenticationFlowStep
    public void execute(RoutingContext routingContext, AuthenticationFlowChain authenticationFlowChain) {
        User user = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser();
        Client client = (Client) routingContext.get("client");
        if (client.getFactorSettings() == null || CollectionUtils.isEmpty(client.getFactorSettings().getApplicationFactors())) {
            authenticationFlowChain.doNext(routingContext);
            return;
        }
        if (user.getFactors() == null || user.getFactors().isEmpty()) {
            authenticationFlowChain.doNext(routingContext);
        } else if (hasActiveRecoveryCode(user) || recoveryFactorDisabled(client.getFactorSettings())) {
            authenticationFlowChain.doNext(routingContext);
        } else {
            authenticationFlowChain.exit(this);
        }
    }

    private boolean hasActiveRecoveryCode(User user) {
        return hasRecoveryCode(user) && isRecoveryCodeActivated(user);
    }

    private boolean hasRecoveryCode(User user) {
        return user.getFactors().stream().anyMatch(enrolledFactor -> {
            return enrolledFactor.getSecurity() != null && "RECOVERY_CODE".equals(enrolledFactor.getSecurity().getType());
        });
    }

    private boolean isRecoveryCodeActivated(User user) {
        return user.getFactors().stream().filter(enrolledFactor -> {
            return enrolledFactor.getSecurity() != null && "RECOVERY_CODE".equals(enrolledFactor.getSecurity().getType());
        }).anyMatch(enrolledFactor2 -> {
            return FactorStatus.ACTIVATED.equals(enrolledFactor2.getStatus());
        });
    }

    private boolean recoveryFactorDisabled(FactorSettings factorSettings) {
        Stream map = factorSettings.getApplicationFactors().stream().map((v0) -> {
            return v0.getId();
        });
        FactorManager factorManager = this.factorManager;
        Objects.requireNonNull(factorManager);
        return map.map(factorManager::getFactor).filter((v0) -> {
            return Objects.nonNull(v0);
        }).noneMatch(factor -> {
            return factor.is(FactorType.RECOVERY_CODE);
        });
    }
}
