package io.gardenerframework.camellia.authentication.server.main.mfa.event.listener;

import io.gardenerframework.camellia.authentication.infra.challenge.core.exception.ChallengeInCooldownException;
import io.gardenerframework.camellia.authentication.server.common.annotation.AuthenticationServerEngineComponent;
import io.gardenerframework.camellia.authentication.server.main.event.listener.AuthenticationEventListenerSkeleton;
import io.gardenerframework.camellia.authentication.server.main.event.listener.annotation.CareForAuthenticationServerEnginePreservedPrincipal;
import io.gardenerframework.camellia.authentication.server.main.event.schema.AuthenticationSuccessEvent;
import io.gardenerframework.camellia.authentication.server.main.event.schema.UserAuthenticatedEvent;
import io.gardenerframework.camellia.authentication.server.main.event.support.AuthenticationEventBuilder;
import io.gardenerframework.camellia.authentication.server.main.exception.NestedAuthenticationException;
import io.gardenerframework.camellia.authentication.server.main.mfa.advisor.AuthenticationServerMfaAuthenticatorAdvisor;
import io.gardenerframework.camellia.authentication.server.main.mfa.challenge.AuthenticationServerMfaChallengeResponseService;
import io.gardenerframework.camellia.authentication.server.main.mfa.challenge.schema.AuthenticationServerMfaChallenge;
import io.gardenerframework.camellia.authentication.server.main.mfa.challenge.schema.AuthenticationServerMfaChallengeContext;
import io.gardenerframework.camellia.authentication.server.main.mfa.challenge.schema.AuthenticationServerMfaChallengeRequest;
import io.gardenerframework.camellia.authentication.server.main.mfa.exception.client.MfaAuthenticatorNotReadyException;
import io.gardenerframework.camellia.authentication.server.main.mfa.exception.client.MfaRequiredException;
import io.gardenerframework.camellia.authentication.server.main.mfa.schema.principal.MfaPrincipal;
import java.util.Collection;
import java.util.Iterator;
import java.util.Objects;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.event.EventListener;
import org.springframework.security.core.AuthenticationException;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

@AuthenticationServerEngineComponent
/* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/mfa/event/listener/MfaAuthenticationListener.class */
public class MfaAuthenticationListener implements AuthenticationEventListenerSkeleton, ApplicationEventPublisherAware, AuthenticationEventBuilder {
    private static final Logger log = LoggerFactory.getLogger(MfaAuthenticationListener.class);

    @NonNull
    private final Collection<AuthenticationServerMfaAuthenticatorAdvisor> mfaAuthenticationAdvisors;

    @NonNull
    private final AuthenticationServerMfaChallengeResponseService authenticationServerMfaChallengeResponseService;

    @NonNull
    private ApplicationEventPublisher eventPublisher;

    @EventListener
    public void onUserAuthenticated(UserAuthenticatedEvent userAuthenticatedEvent) throws AuthenticationException {
        if (CollectionUtils.isEmpty(this.mfaAuthenticationAdvisors)) {
            return;
        }
        try {
            String str = null;
            Iterator<AuthenticationServerMfaAuthenticatorAdvisor> it = this.mfaAuthenticationAdvisors.iterator();
            while (it.hasNext()) {
                str = it.next().getAuthenticator(userAuthenticatedEvent.getRequest(), userAuthenticatedEvent.getClient(), userAuthenticatedEvent.getAuthenticationType(), userAuthenticatedEvent.getUser(), userAuthenticatedEvent.getContext());
                if (StringUtils.hasText(str)) {
                    break;
                }
            }
            if (StringUtils.hasText(str)) {
                throw new MfaRequiredException(((AuthenticationServerMfaChallenge) this.authenticationServerMfaChallengeResponseService.sendChallenge(userAuthenticatedEvent.getClient(), this.authenticationServerMfaChallengeResponseService.getClass(), new AuthenticationServerMfaChallengeRequest(str, userAuthenticatedEvent.getPrincipal(), userAuthenticatedEvent.getUser(), userAuthenticatedEvent.getContext()))).getTarget());
            }
        } catch (ChallengeInCooldownException e) {
            throw new MfaAuthenticatorNotReadyException(e.getTimeRemaining());
        } catch (MfaRequiredException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new NestedAuthenticationException(e3);
        }
    }

    @CareForAuthenticationServerEnginePreservedPrincipal
    @EventListener
    public void onAuthenticationSuccess(AuthenticationSuccessEvent authenticationSuccessEvent) {
        if (authenticationSuccessEvent.getPrincipal() instanceof MfaPrincipal) {
            this.eventPublisher.publishEvent(buildAuthenticationEvent(AuthenticationSuccessEvent.builder(), authenticationSuccessEvent.getRequest(), authenticationSuccessEvent.getAuthenticationType(), ((AuthenticationServerMfaChallengeContext) Objects.requireNonNull((AuthenticationServerMfaChallengeContext) authenticationSuccessEvent.getContext().get(AuthenticationServerMfaChallengeContext.class.getName()), "no AuthenticationServerMfaChallengeContext load from context. review MfaAuthenticationUserService.load!")).getPrincipal(), authenticationSuccessEvent.getClient(), authenticationSuccessEvent.getContext()).user(authenticationSuccessEvent.getUser()).build());
        }
    }

    public void setApplicationEventPublisher(@NonNull ApplicationEventPublisher applicationEventPublisher) {
        if (applicationEventPublisher == null) {
            throw new NullPointerException("applicationEventPublisher is marked non-null but is null");
        }
        this.eventPublisher = applicationEventPublisher;
    }

    public MfaAuthenticationListener(@NonNull Collection<AuthenticationServerMfaAuthenticatorAdvisor> collection, @NonNull AuthenticationServerMfaChallengeResponseService authenticationServerMfaChallengeResponseService, @NonNull ApplicationEventPublisher applicationEventPublisher) {
        if (collection == null) {
            throw new NullPointerException("mfaAuthenticationAdvisors is marked non-null but is null");
        }
        if (authenticationServerMfaChallengeResponseService == null) {
            throw new NullPointerException("authenticationServerMfaChallengeResponseService is marked non-null but is null");
        }
        if (applicationEventPublisher == null) {
            throw new NullPointerException("eventPublisher is marked non-null but is null");
        }
        this.mfaAuthenticationAdvisors = collection;
        this.authenticationServerMfaChallengeResponseService = authenticationServerMfaChallengeResponseService;
        this.eventPublisher = applicationEventPublisher;
    }
}
