package org.apereo.cas.mgmt.config;

import java.util.ArrayList;
import java.util.List;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.CasManagementConfigurationProperties;
import org.pac4j.cas.client.CasClient;
import org.pac4j.cas.config.CasConfiguration;
import org.pac4j.core.authorization.generator.AuthorizationGenerator;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.direct.AnonymousClient;
import org.pac4j.http.client.direct.IpClient;
import org.pac4j.http.credentials.authenticator.IpRegexpAuthenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties({CasConfigurationProperties.class, CasManagementConfigurationProperties.class})
@Configuration(value = "casManagementAuthenticationConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:WEB-INF/lib/cas-mgmt-config-authentication-6.5.5.jar:org/apereo/cas/mgmt/config/CasManagementAuthenticationConfiguration.class */
public class CasManagementAuthenticationConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CasManagementAuthenticationConfiguration.class);

    @Bean
    public List<Client> authenticationClients(@Qualifier("staticAdminRolesAuthorizationGenerator") AuthorizationGenerator authorizationGenerator, @Qualifier("authorizationGenerator") AuthorizationGenerator authorizationGenerator2, CasConfigurationProperties casConfigurationProperties, CasManagementConfigurationProperties casManagementConfigurationProperties) {
        ArrayList arrayList = new ArrayList();
        if (casManagementConfigurationProperties.isCasSso()) {
            LOGGER.debug("Configuring an authentication strategy based on CAS running at [{}]", casConfigurationProperties.getServer().getName());
            CasClient casClient = new CasClient(new CasConfiguration(casConfigurationProperties.getServer().getLoginUrl()));
            casClient.setAuthorizationGenerator(authorizationGenerator2);
            casClient.setName("CasClient");
            arrayList.add(casClient);
        } else {
            LOGGER.debug("Skipping CAS authentication strategy configuration; because you turned off the flag for CAS SSO");
        }
        if (StringUtils.hasText(casManagementConfigurationProperties.getAuthzIpRegex())) {
            LOGGER.info("Configuring an authentication strategy based on authorized IP addresses matching [{}]", casManagementConfigurationProperties.getAuthzIpRegex());
            IpClient ipClient = new IpClient(new IpRegexpAuthenticator(casManagementConfigurationProperties.getAuthzIpRegex()));
            ipClient.setName("IpClient");
            ipClient.setAuthorizationGenerator(authorizationGenerator);
            arrayList.add(ipClient);
        } else {
            LOGGER.debug("Skipping IP address authentication strategy configuration; no pattern is defined");
        }
        if (arrayList.isEmpty()) {
            LOGGER.warn("No authentication strategy is defined, CAS will establish an anonymous authentication mode whereby access is immediately granted. This may NOT be relevant for production purposes. Consider configuring alternative authentication strategies for maximum security.");
            AnonymousClient anonymousClient = new AnonymousClient();
            anonymousClient.setAuthorizationGenerator(authorizationGenerator);
            arrayList.add(anonymousClient);
        }
        return arrayList;
    }
}
