package org.apereo.cas.config;

import java.util.List;
import org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationService;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.SurrogateAuthenticationException;
import org.apereo.cas.authentication.SurrogatePrincipalBuilder;
import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.SurrogateWebflowConfigurer;
import org.apereo.cas.web.flow.action.LoadSurrogatesListAction;
import org.apereo.cas.web.flow.action.SurrogateAuthorizationAction;
import org.apereo.cas.web.flow.action.SurrogateInitialAuthenticationAction;
import org.apereo.cas.web.flow.action.SurrogateSelectionAction;
import org.apereo.cas.web.flow.actions.WebflowActionBeanSupplier;
import org.apereo.cas.web.flow.authentication.CasWebflowExceptionCatalog;
import org.apereo.cas.web.flow.configurer.CasMultifactorWebflowCustomizer;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
/* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationWebflowConfiguration.class */
public class SurrogateAuthenticationWebflowConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationDuoSecurityWebflowPlanConfiguration", proxyBeanMethods = false)
    @ConditionalOnClass({DuoSecurityAuthenticationService.class})
    @ConditionalOnFeatureEnabled(feature = CasFeatureModule.FeatureCatalog.MultifactorAuthentication, module = "duo")
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationWebflowConfiguration$SurrogateAuthenticationDuoSecurityWebflowPlanConfiguration.class */
    public static class SurrogateAuthenticationDuoSecurityWebflowPlanConfiguration {
        @ConditionalOnMissingBean(name = {"surrogateDuoSecurityMultifactorAuthenticationWebflowExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowExecutionPlanConfigurer surrogateDuoSecurityMultifactorAuthenticationWebflowExecutionPlanConfigurer(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("surrogateDuoSecurityMultifactorAuthenticationWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return (CasWebflowExecutionPlanConfigurer) BeanSupplier.of(CasWebflowExecutionPlanConfigurer.class).when(DuoSecurityAuthenticationService.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return casWebflowExecutionPlan -> {
                    casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
                };
            }).otherwiseProxy().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationInitializerConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationWebflowConfiguration$SurrogateAuthenticationInitializerConfiguration.class */
    public static class SurrogateAuthenticationInitializerConfiguration {
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public InitializingBean surrogateAuthenticationWebflowInitializer(@Qualifier("handledAuthenticationExceptions") CasWebflowExceptionCatalog casWebflowExceptionCatalog) {
            return () -> {
                casWebflowExceptionCatalog.registerException(SurrogateAuthenticationException.class);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationWebflowActionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationWebflowConfiguration$SurrogateAuthenticationWebflowActionConfiguration.class */
    public static class SurrogateAuthenticationWebflowActionConfiguration {
        @ConditionalOnMissingBean(name = {"selectSurrogateAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action selectSurrogateAction(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("surrogatePrincipalBuilder") SurrogatePrincipalBuilder surrogatePrincipalBuilder) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new SurrogateSelectionAction(surrogatePrincipalBuilder);
            }).withId("selectSurrogateAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"surrogateInitialAuthenticationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action surrogateInitialAuthenticationAction(CasConfigurationProperties casConfigurationProperties) {
            return new SurrogateInitialAuthenticationAction(casConfigurationProperties.getAuthn().getSurrogate().getSeparator());
        }

        @ConditionalOnMissingBean(name = {"surrogateAuthorizationCheck"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action surrogateAuthorizationCheck(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new SurrogateAuthorizationAction(auditableExecution);
            }).withId("surrogateAuthorizationCheck").build().get();
        }

        @ConditionalOnMissingBean(name = {"loadSurrogatesListAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action loadSurrogatesListAction(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("surrogateAuthenticationService") SurrogateAuthenticationService surrogateAuthenticationService, @Qualifier("surrogatePrincipalBuilder") SurrogatePrincipalBuilder surrogatePrincipalBuilder) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new LoadSurrogatesListAction(surrogateAuthenticationService, surrogatePrincipalBuilder);
            }).withId("loadSurrogatesListAction").build().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationWebflowBaseConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationWebflowConfiguration$SurrogateAuthenticationWebflowBaseConfiguration.class */
    public static class SurrogateAuthenticationWebflowBaseConfiguration {
        @ConditionalOnClass({DuoSecurityAuthenticationService.class})
        @ConditionalOnFeatureEnabled(feature = CasFeatureModule.FeatureCatalog.MultifactorAuthentication, module = "duo")
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasMultifactorWebflowCustomizer surrogateCasMultifactorWebflowCustomizer(ConfigurableApplicationContext configurableApplicationContext) {
            return (CasMultifactorWebflowCustomizer) BeanSupplier.of(CasMultifactorWebflowCustomizer.class).when(DuoSecurityAuthenticationService.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new CasMultifactorWebflowCustomizer() { // from class: org.apereo.cas.config.SurrogateAuthenticationWebflowConfiguration.SurrogateAuthenticationWebflowBaseConfiguration.1
                    public List<String> getWebflowAttributeMappings() {
                        return List.of("requestSurrogateAccount");
                    }
                };
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"surrogateWebflowConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowConfigurer surrogateWebflowConfigurer(@Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return new SurrogateWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
        }

        @ConditionalOnClass({DuoSecurityAuthenticationService.class})
        @ConditionalOnFeatureEnabled(feature = CasFeatureModule.FeatureCatalog.MultifactorAuthentication, module = "duo")
        @ConditionalOnMissingBean(name = {"surrogateDuoSecurityMultifactorAuthenticationWebflowConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowConfigurer surrogateDuoSecurityMultifactorAuthenticationWebflowConfigurer(@Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return (CasWebflowConfigurer) BeanSupplier.of(CasWebflowConfigurer.class).when(DuoSecurityAuthenticationService.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new SurrogateWebflowConfigurer.DuoSecurityMultifactorAuthenticationWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
            }).otherwiseProxy().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationWebflowPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationWebflowConfiguration$SurrogateAuthenticationWebflowPlanConfiguration.class */
    public static class SurrogateAuthenticationWebflowPlanConfiguration {
        @ConditionalOnMissingBean(name = {"surrogateCasWebflowExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowExecutionPlanConfigurer surrogateCasWebflowExecutionPlanConfigurer(@Qualifier("surrogateWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
            };
        }
    }
}
