package org.apereo.cas.config;

import java.util.ArrayList;
import java.util.HashMap;
import lombok.Generated;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationPostProcessor;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.MultifactorAuthenticationPrincipalResolver;
import org.apereo.cas.authentication.SurrogateAuthenticationExpirationPolicyBuilder;
import org.apereo.cas.authentication.SurrogateAuthenticationPostProcessor;
import org.apereo.cas.authentication.SurrogateMultifactorAuthenticationPrincipalResolver;
import org.apereo.cas.authentication.SurrogatePrincipalBuilder;
import org.apereo.cas.authentication.SurrogatePrincipalElectionStrategy;
import org.apereo.cas.authentication.SurrogatePrincipalResolver;
import org.apereo.cas.authentication.event.DefaultSurrogateAuthenticationEventListener;
import org.apereo.cas.authentication.event.SurrogateAuthenticationEventListener;
import org.apereo.cas.authentication.principal.PrincipalElectionStrategyConfigurer;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolutionExecutionPlanConfigurer;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.surrogate.GroovySurrogateAuthenticationService;
import org.apereo.cas.authentication.surrogate.JsonResourceSurrogateAuthenticationService;
import org.apereo.cas.authentication.surrogate.SimpleSurrogateAuthenticationService;
import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties;
import org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationProperties;
import org.apereo.cas.notifications.CommunicationsManager;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.expiration.builder.TicketGrantingTicketExpirationPolicyBuilder;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = CasFeatureModule.FeatureCatalog.SurrogateAuthentication)
/* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration.class */
public class SurrogateAuthenticationConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SurrogateAuthenticationConfiguration.class);

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationEventsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration$SurrogateAuthenticationEventsConfiguration.class */
    public static class SurrogateAuthenticationEventsConfiguration {
        @ConditionalOnMissingBean(name = {"surrogateAuthenticationEventListener"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SurrogateAuthenticationEventListener surrogateAuthenticationEventListener(@Qualifier("communicationsManager") CommunicationsManager communicationsManager, CasConfigurationProperties casConfigurationProperties) {
            return new DefaultSurrogateAuthenticationEventListener(communicationsManager, casConfigurationProperties);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationExpirationPolicyConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration$SurrogateAuthenticationExpirationPolicyConfiguration.class */
    public static class SurrogateAuthenticationExpirationPolicyConfiguration {
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ExpirationPolicyBuilder grantingTicketExpirationPolicy(CasConfigurationProperties casConfigurationProperties) {
            return new SurrogateAuthenticationExpirationPolicyBuilder(new TicketGrantingTicketExpirationPolicyBuilder(casConfigurationProperties), casConfigurationProperties);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationMultifactorPrincipalResolutionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration$SurrogateAuthenticationMultifactorPrincipalResolutionConfiguration.class */
    public static class SurrogateAuthenticationMultifactorPrincipalResolutionConfiguration {
        @ConditionalOnMissingBean(name = {"surrogateMultifactorAuthenticationPrincipalResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public MultifactorAuthenticationPrincipalResolver surrogateMultifactorAuthenticationPrincipalResolver() {
            return new SurrogateMultifactorAuthenticationPrincipalResolver();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration$SurrogateAuthenticationPlanConfiguration.class */
    public static class SurrogateAuthenticationPlanConfiguration {
        @ConditionalOnMissingBean(name = {"surrogateAuthenticationEventExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationEventExecutionPlanConfigurer surrogateAuthenticationEventExecutionPlanConfigurer(@Qualifier("surrogateAuthenticationPostProcessor") AuthenticationPostProcessor authenticationPostProcessor) throws Exception {
            return authenticationEventExecutionPlan -> {
                authenticationEventExecutionPlan.registerAuthenticationPostProcessor(authenticationPostProcessor);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationPrincipalBuilderConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration$SurrogateAuthenticationPrincipalBuilderConfiguration.class */
    public static class SurrogateAuthenticationPrincipalBuilderConfiguration {
        @ConditionalOnMissingBean(name = {"surrogatePrincipalBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SurrogatePrincipalBuilder surrogatePrincipalBuilder(@Qualifier("surrogateAuthenticationService") SurrogateAuthenticationService surrogateAuthenticationService, @Qualifier("surrogatePrincipalFactory") PrincipalFactory principalFactory, @Qualifier("attributeRepository") IPersonAttributeDao iPersonAttributeDao) throws Exception {
            return new SurrogatePrincipalBuilder(principalFactory, iPersonAttributeDao, surrogateAuthenticationService);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationPrincipalElectionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration$SurrogateAuthenticationPrincipalElectionConfiguration.class */
    public static class SurrogateAuthenticationPrincipalElectionConfiguration {
        @ConditionalOnMissingBean(name = {"surrogatePrincipalElectionStrategyConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PrincipalElectionStrategyConfigurer surrogatePrincipalElectionStrategyConfigurer(CasConfigurationProperties casConfigurationProperties) {
            return chainingPrincipalElectionStrategy -> {
                SurrogatePrincipalElectionStrategy surrogatePrincipalElectionStrategy = new SurrogatePrincipalElectionStrategy();
                surrogatePrincipalElectionStrategy.setAttributeMerger(CoreAuthenticationUtils.getAttributeMerger(casConfigurationProperties.getAuthn().getAttributeRepository().getCore().getMerger()));
                chainingPrincipalElectionStrategy.registerElectionStrategy(surrogatePrincipalElectionStrategy);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationPrincipalFactoryConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration$SurrogateAuthenticationPrincipalFactoryConfiguration.class */
    public static class SurrogateAuthenticationPrincipalFactoryConfiguration {
        @ConditionalOnMissingBean(name = {"surrogatePrincipalFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PrincipalFactory surrogatePrincipalFactory() {
            return PrincipalFactoryUtils.newPrincipalFactory();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationPrincipalPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration$SurrogateAuthenticationPrincipalPlanConfiguration.class */
    public static class SurrogateAuthenticationPrincipalPlanConfiguration {
        @ConditionalOnMissingBean(name = {"surrogatePrincipalResolutionExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PrincipalResolutionExecutionPlanConfigurer surrogatePrincipalResolutionExecutionPlanConfigurer(@Qualifier("surrogatePrincipalResolver") PrincipalResolver principalResolver) {
            return principalResolutionExecutionPlan -> {
                principalResolutionExecutionPlan.registerPrincipalResolver(principalResolver);
            };
        }
    }

    @DependsOn({"attributeRepository"})
    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationPrincipalResolutionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration$SurrogateAuthenticationPrincipalResolutionConfiguration.class */
    public static class SurrogateAuthenticationPrincipalResolutionConfiguration {
        @ConditionalOnMissingBean(name = {"surrogatePrincipalResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PrincipalResolver surrogatePrincipalResolver(CasConfigurationProperties casConfigurationProperties, @Qualifier("surrogatePrincipalFactory") PrincipalFactory principalFactory, @Qualifier("surrogatePrincipalBuilder") SurrogatePrincipalBuilder surrogatePrincipalBuilder, @Qualifier("attributeRepository") IPersonAttributeDao iPersonAttributeDao) {
            SurrogatePrincipalResolver newPersonDirectoryPrincipalResolver = CoreAuthenticationUtils.newPersonDirectoryPrincipalResolver(principalFactory, iPersonAttributeDao, CoreAuthenticationUtils.getAttributeMerger(casConfigurationProperties.getAuthn().getAttributeRepository().getCore().getMerger()), SurrogatePrincipalResolver.class, new PersonDirectoryPrincipalResolverProperties[]{casConfigurationProperties.getAuthn().getSurrogate().getPrincipal(), casConfigurationProperties.getPersonDirectory()});
            newPersonDirectoryPrincipalResolver.setSurrogatePrincipalBuilder(surrogatePrincipalBuilder);
            return newPersonDirectoryPrincipalResolver;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationProcessorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration$SurrogateAuthenticationProcessorConfiguration.class */
    public static class SurrogateAuthenticationProcessorConfiguration {
        @ConditionalOnMissingBean(name = {"surrogateAuthenticationPostProcessor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationPostProcessor surrogateAuthenticationPostProcessor(@Qualifier("surrogateAuthenticationService") SurrogateAuthenticationService surrogateAuthenticationService, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution, @Qualifier("surrogateEligibilityAuditableExecution") AuditableExecution auditableExecution2, ConfigurableApplicationContext configurableApplicationContext) throws Exception {
            return new SurrogateAuthenticationPostProcessor(surrogateAuthenticationService, servicesManager, configurableApplicationContext, auditableExecution, auditableExecution2);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationServiceConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration$SurrogateAuthenticationServiceConfiguration.class */
    public static class SurrogateAuthenticationServiceConfiguration {
        @ConditionalOnMissingBean(name = {"surrogateAuthenticationService"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SurrogateAuthenticationService surrogateAuthenticationService(@Qualifier("servicesManager") ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties) throws Exception {
            SurrogateAuthenticationProperties surrogate = casConfigurationProperties.getAuthn().getSurrogate();
            if (surrogate.getGroovy().getLocation() != null) {
                SurrogateAuthenticationConfiguration.LOGGER.debug("Using Groovy resource [{}] to locate surrogate accounts", surrogate.getGroovy().getLocation());
                return new GroovySurrogateAuthenticationService(servicesManager, surrogate.getGroovy().getLocation());
            }
            if (surrogate.getJson().getLocation() != null) {
                SurrogateAuthenticationConfiguration.LOGGER.debug("Using JSON resource [{}] to locate surrogate accounts", surrogate.getJson().getLocation());
                return new JsonResourceSurrogateAuthenticationService(surrogate.getJson().getLocation(), servicesManager);
            }
            HashMap hashMap = new HashMap();
            surrogate.getSimple().getSurrogates().forEach((str, str2) -> {
                hashMap.put(str, new ArrayList(StringUtils.commaDelimitedListToSet(str2)));
            });
            SurrogateAuthenticationConfiguration.LOGGER.debug("Using accounts [{}] for surrogate authentication", hashMap);
            return new SimpleSurrogateAuthenticationService(hashMap, servicesManager);
        }
    }
}
