package org.apereo.cas.adaptors.duo.config;

import java.util.Comparator;
import java.util.List;
import java.util.stream.Collectors;
import org.apereo.cas.adaptors.duo.DuoSecurityHealthIndicator;
import org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationHandler;
import org.apereo.cas.adaptors.duo.authn.DuoSecurityCredential;
import org.apereo.cas.adaptors.duo.authn.DuoSecurityDirectCredential;
import org.apereo.cas.adaptors.duo.authn.DuoSecurityMultifactorAuthenticationProvider;
import org.apereo.cas.adaptors.duo.authn.DuoSecurityMultifactorAuthenticationProviderFactory;
import org.apereo.cas.adaptors.duo.config.cond.ConditionalOnDuoSecurityAdminApiConfigured;
import org.apereo.cas.adaptors.duo.config.cond.ConditionalOnDuoSecurityConfigured;
import org.apereo.cas.adaptors.duo.web.DuoSecurityAdminApiEndpoint;
import org.apereo.cas.adaptors.duo.web.DuoSecurityPingEndpoint;
import org.apereo.cas.adaptors.duo.web.DuoSecurityUserAccountStatusEndpoint;
import org.apereo.cas.adaptors.duo.web.flow.DuoSecurityMultifactorWebflowConfigurer;
import org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityDetermineUserAccountAction;
import org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityPrepareWebLoginFormAction;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.MultifactorAuthenticationFailureModeEvaluator;
import org.apereo.cas.authentication.MultifactorAuthenticationPrincipalResolver;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderBean;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderFactoryBean;
import org.apereo.cas.authentication.bypass.ChainingMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.handler.ByCredentialTypeAuthenticationHandlerResolver;
import org.apereo.cas.authentication.metadata.AuthenticationContextAttributeMetaDataPopulator;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.DuoSecurityMultifactorAuthenticationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.util.spring.BeanContainer;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.util.MultifactorAuthenticationWebflowUtils;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnAvailableEndpoint;
import org.springframework.boot.actuate.autoconfigure.health.ConditionalOnEnabledHealthIndicator;
import org.springframework.boot.actuate.health.HealthIndicator;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.web.context.support.GenericWebApplicationContext;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@ConditionalOnDuoSecurityConfigured
@Configuration(value = "DuoSecurityAuthenticationEventExecutionPlanConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:org/apereo/cas/adaptors/duo/config/DuoSecurityAuthenticationEventExecutionPlanConfiguration.class */
public class DuoSecurityAuthenticationEventExecutionPlanConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DuoSecurityAuthenticationEventExecutionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/adaptors/duo/config/DuoSecurityAuthenticationEventExecutionPlanConfiguration$DuoSecurityAuthenticationEventExecutionConfiguration.class */
    public static class DuoSecurityAuthenticationEventExecutionConfiguration {
        private static AuthenticationMetaDataPopulator duoAuthenticationMetaDataPopulator(DuoSecurityAuthenticationHandler duoSecurityAuthenticationHandler, CasConfigurationProperties casConfigurationProperties) {
            return new AuthenticationContextAttributeMetaDataPopulator(casConfigurationProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute(), duoSecurityAuthenticationHandler, duoSecurityAuthenticationHandler.getMultifactorAuthenticationProvider().getId());
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public BeanContainer<DuoSecurityAuthenticationHandler> duoAuthenticationHandlers(List<MultifactorAuthenticationPrincipalResolver> list, CasConfigurationProperties casConfigurationProperties, @Qualifier("duoPrincipalFactory") PrincipalFactory principalFactory, @Qualifier("duoProviderBean") MultifactorAuthenticationProviderBean<DuoSecurityMultifactorAuthenticationProvider, DuoSecurityMultifactorAuthenticationProperties> multifactorAuthenticationProviderBean, @Qualifier("servicesManager") ServicesManager servicesManager) {
            AnnotationAwareOrderComparator.sort(list);
            return BeanContainer.of((List) casConfigurationProperties.getAuthn().getMfa().getDuo().stream().map(duoSecurityMultifactorAuthenticationProperties -> {
                return new DuoSecurityAuthenticationHandler(duoSecurityMultifactorAuthenticationProperties.getName(), servicesManager, principalFactory, multifactorAuthenticationProviderBean.getProvider(duoSecurityMultifactorAuthenticationProperties.getId()), Integer.valueOf(duoSecurityMultifactorAuthenticationProperties.getOrder()), list);
            }).sorted(Comparator.comparing((v0) -> {
                return v0.getOrder();
            })).collect(Collectors.toList()));
        }

        @ConditionalOnMissingBean(name = {"duoSecurityAuthenticationEventExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationEventExecutionPlanConfigurer duoSecurityAuthenticationEventExecutionPlanConfigurer(CasConfigurationProperties casConfigurationProperties, @Qualifier("duoAuthenticationHandlers") BeanContainer<DuoSecurityAuthenticationHandler> beanContainer) {
            return authenticationEventExecutionPlan -> {
                beanContainer.toList().forEach(duoSecurityAuthenticationHandler -> {
                    authenticationEventExecutionPlan.registerAuthenticationHandler(duoSecurityAuthenticationHandler);
                    authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(duoAuthenticationMetaDataPopulator(duoSecurityAuthenticationHandler, casConfigurationProperties));
                });
                authenticationEventExecutionPlan.registerAuthenticationHandlerResolver(new ByCredentialTypeAuthenticationHandlerResolver(new Class[]{DuoSecurityCredential.class, DuoSecurityDirectCredential.class}));
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DuoSecurityAuthenticationEventExecutionPlanCoreConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/adaptors/duo/config/DuoSecurityAuthenticationEventExecutionPlanConfiguration$DuoSecurityAuthenticationEventExecutionPlanCoreConfiguration.class */
    public static class DuoSecurityAuthenticationEventExecutionPlanCoreConfiguration {
        @ConditionalOnMissingBean(name = {"duoPrincipalFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PrincipalFactory duoPrincipalFactory() {
            return PrincipalFactoryUtils.newPrincipalFactory();
        }

        @ConditionalOnMissingBean(name = {"duoProviderFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public MultifactorAuthenticationProviderFactoryBean<DuoSecurityMultifactorAuthenticationProvider, DuoSecurityMultifactorAuthenticationProperties> duoProviderFactory(CasConfigurationProperties casConfigurationProperties, List<MultifactorAuthenticationPrincipalResolver> list, @Qualifier("httpClient") HttpClient httpClient, @Qualifier("duoSecurityBypassEvaluator") ChainingMultifactorAuthenticationProviderBypassEvaluator chainingMultifactorAuthenticationProviderBypassEvaluator, @Qualifier("failureModeEvaluator") MultifactorAuthenticationFailureModeEvaluator multifactorAuthenticationFailureModeEvaluator) {
            AnnotationAwareOrderComparator.sort(list);
            return new DuoSecurityMultifactorAuthenticationProviderFactory(httpClient, chainingMultifactorAuthenticationProviderBypassEvaluator, multifactorAuthenticationFailureModeEvaluator, casConfigurationProperties, list);
        }

        @ConditionalOnMissingBean(name = {"duoProviderBean"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public MultifactorAuthenticationProviderBean<DuoSecurityMultifactorAuthenticationProvider, DuoSecurityMultifactorAuthenticationProperties> duoProviderBean(CasConfigurationProperties casConfigurationProperties, GenericWebApplicationContext genericWebApplicationContext, @Qualifier("duoProviderFactory") MultifactorAuthenticationProviderFactoryBean<DuoSecurityMultifactorAuthenticationProvider, DuoSecurityMultifactorAuthenticationProperties> multifactorAuthenticationProviderFactoryBean) {
            return new MultifactorAuthenticationProviderBean<>(multifactorAuthenticationProviderFactoryBean, genericWebApplicationContext.getDefaultListableBeanFactory(), casConfigurationProperties.getAuthn().getMfa().getDuo());
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DuoSecurityAuthenticationEventExecutionPlanWebConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/adaptors/duo/config/DuoSecurityAuthenticationEventExecutionPlanConfiguration$DuoSecurityAuthenticationEventExecutionPlanWebConfiguration.class */
    public static class DuoSecurityAuthenticationEventExecutionPlanWebConfiguration {
        @ConditionalOnAvailableEndpoint
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DuoSecurityPingEndpoint duoPingEndpoint(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return new DuoSecurityPingEndpoint(casConfigurationProperties, configurableApplicationContext);
        }

        @ConditionalOnAvailableEndpoint
        @Bean
        public DuoSecurityUserAccountStatusEndpoint duoAccountStatusEndpoint(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return new DuoSecurityUserAccountStatusEndpoint(casConfigurationProperties, configurableApplicationContext);
        }

        @ConditionalOnAvailableEndpoint
        @ConditionalOnDuoSecurityAdminApiConfigured
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DuoSecurityAdminApiEndpoint duoAdminApiEndpoint(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return new DuoSecurityAdminApiEndpoint(casConfigurationProperties, configurableApplicationContext);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DuoSecurityAuthenticationMonitorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/adaptors/duo/config/DuoSecurityAuthenticationEventExecutionPlanConfiguration$DuoSecurityAuthenticationMonitorConfiguration.class */
    public static class DuoSecurityAuthenticationMonitorConfiguration {
        @ConditionalOnEnabledHealthIndicator("duoSecurityHealthIndicator")
        @Bean
        public HealthIndicator duoSecurityHealthIndicator(ConfigurableApplicationContext configurableApplicationContext) {
            return new DuoSecurityHealthIndicator(configurableApplicationContext);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DuoSecurityAuthenticationWebflowActionsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/adaptors/duo/config/DuoSecurityAuthenticationEventExecutionPlanConfiguration$DuoSecurityAuthenticationWebflowActionsConfiguration.class */
    public static class DuoSecurityAuthenticationWebflowActionsConfiguration {
        @ConditionalOnMissingBean(name = {"duoMultifactorWebflowConfigurer"})
        @Bean
        public CasWebflowConfigurer duoMultifactorWebflowConfigurer(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices) {
            return new DuoSecurityMultifactorWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties, MultifactorAuthenticationWebflowUtils.getMultifactorAuthenticationWebflowCustomizers(configurableApplicationContext));
        }

        @ConditionalOnMissingBean(name = {"duoSecurityCasWebflowExecutionPlanConfigurer"})
        @Bean
        public CasWebflowExecutionPlanConfigurer duoSecurityCasWebflowExecutionPlanConfigurer(@Qualifier("duoMultifactorWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
            };
        }

        @ConditionalOnMissingBean(name = {"prepareDuoWebLoginFormAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action prepareDuoWebLoginFormAction() {
            return new DuoSecurityPrepareWebLoginFormAction();
        }

        @ConditionalOnMissingBean(name = {"determineDuoUserAccountAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action determineDuoUserAccountAction() {
            return new DuoSecurityDetermineUserAccountAction();
        }
    }
}
