package org.apereo.cas.config;

import java.util.List;
import org.apereo.cas.adaptors.duo.config.cond.ConditionalOnDuoSecurityConfigured;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.SurrogateAuthenticationException;
import org.apereo.cas.authentication.SurrogatePrincipalBuilder;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.SurrogateWebflowConfigurer;
import org.apereo.cas.web.flow.action.LoadSurrogatesListAction;
import org.apereo.cas.web.flow.action.SurrogateAuthorizationAction;
import org.apereo.cas.web.flow.action.SurrogateInitialAuthenticationAction;
import org.apereo.cas.web.flow.action.SurrogateSelectionAction;
import org.apereo.cas.web.flow.authentication.CasWebflowExceptionCatalog;
import org.apereo.cas.web.flow.configurer.CasMultifactorWebflowCustomizer;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "SurrogateAuthenticationWebflowConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationWebflowConfiguration.class */
public class SurrogateAuthenticationWebflowConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @ConditionalOnDuoSecurityConfigured
    @Configuration(value = "SurrogateAuthenticationDuoSecurityWebflowPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationWebflowConfiguration$SurrogateAuthenticationDuoSecurityWebflowPlanConfiguration.class */
    public static class SurrogateAuthenticationDuoSecurityWebflowPlanConfiguration {
        @ConditionalOnMissingBean(name = {"surrogateDuoSecurityMultifactorAuthenticationWebflowExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowExecutionPlanConfigurer surrogateDuoSecurityMultifactorAuthenticationWebflowExecutionPlanConfigurer(@Qualifier("surrogateDuoSecurityMultifactorAuthenticationWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationInitializerConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationWebflowConfiguration$SurrogateAuthenticationInitializerConfiguration.class */
    public static class SurrogateAuthenticationInitializerConfiguration {
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public InitializingBean surrogateAuthenticationWebflowInitializer(@Qualifier("handledAuthenticationExceptions") CasWebflowExceptionCatalog casWebflowExceptionCatalog) {
            return () -> {
                casWebflowExceptionCatalog.registerException(SurrogateAuthenticationException.class);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationWebflowActionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationWebflowConfiguration$SurrogateAuthenticationWebflowActionConfiguration.class */
    public static class SurrogateAuthenticationWebflowActionConfiguration {
        @ConditionalOnMissingBean(name = {"selectSurrogateAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action selectSurrogateAction(@Qualifier("surrogatePrincipalBuilder") SurrogatePrincipalBuilder surrogatePrincipalBuilder) {
            return new SurrogateSelectionAction(surrogatePrincipalBuilder);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action authenticationViaFormAction(@Qualifier("initialAuthenticationAttemptWebflowEventResolver") CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver, @Qualifier("adaptiveAuthenticationPolicy") AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy, @Qualifier("serviceTicketRequestWebflowEventResolver") CasWebflowEventResolver casWebflowEventResolver, CasConfigurationProperties casConfigurationProperties) {
            return new SurrogateInitialAuthenticationAction(casDelegatingWebflowEventResolver, casWebflowEventResolver, adaptiveAuthenticationPolicy, casConfigurationProperties.getAuthn().getSurrogate().getSeparator());
        }

        @ConditionalOnMissingBean(name = {"surrogateAuthorizationCheck"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action surrogateAuthorizationCheck(@Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution) {
            return new SurrogateAuthorizationAction(auditableExecution);
        }

        @ConditionalOnMissingBean(name = {"loadSurrogatesListAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action loadSurrogatesListAction(@Qualifier("surrogateAuthenticationService") SurrogateAuthenticationService surrogateAuthenticationService, @Qualifier("surrogatePrincipalBuilder") SurrogatePrincipalBuilder surrogatePrincipalBuilder) {
            return new LoadSurrogatesListAction(surrogateAuthenticationService, surrogatePrincipalBuilder);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationWebflowBaseConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationWebflowConfiguration$SurrogateAuthenticationWebflowBaseConfiguration.class */
    public static class SurrogateAuthenticationWebflowBaseConfiguration {
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @ConditionalOnDuoSecurityConfigured
        @Bean
        public CasMultifactorWebflowCustomizer surrogateCasMultifactorWebflowCustomizer() {
            return new CasMultifactorWebflowCustomizer() { // from class: org.apereo.cas.config.SurrogateAuthenticationWebflowConfiguration.SurrogateAuthenticationWebflowBaseConfiguration.1
                public List<String> getMultifactorWebflowAttributeMappings() {
                    return List.of("requestSurrogateAccount");
                }
            };
        }

        @ConditionalOnMissingBean(name = {"surrogateWebflowConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowConfigurer surrogateWebflowConfigurer(@Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return new SurrogateWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"surrogateDuoSecurityMultifactorAuthenticationWebflowConfigurer"})
        @ConditionalOnDuoSecurityConfigured
        @Bean
        public CasWebflowConfigurer surrogateDuoSecurityMultifactorAuthenticationWebflowConfigurer(@Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return new SurrogateWebflowConfigurer.DuoSecurityMultifactorAuthenticationWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SurrogateAuthenticationWebflowPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationWebflowConfiguration$SurrogateAuthenticationWebflowPlanConfiguration.class */
    public static class SurrogateAuthenticationWebflowPlanConfiguration {
        @ConditionalOnMissingBean(name = {"surrogateCasWebflowExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowExecutionPlanConfigurer surrogateCasWebflowExecutionPlanConfigurer(@Qualifier("surrogateWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
            };
        }
    }
}
