package org.apereo.cas.pm.config;

import lombok.Generated;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.captcha.GoogleRecaptchaProperties;
import org.apereo.cas.notifications.CommunicationsManager;
import org.apereo.cas.pm.PasswordManagementService;
import org.apereo.cas.pm.PasswordValidationService;
import org.apereo.cas.pm.web.flow.PasswordManagementCaptchaWebflowConfigurer;
import org.apereo.cas.pm.web.flow.PasswordManagementSingleSignOnParticipationStrategy;
import org.apereo.cas.pm.web.flow.PasswordManagementWebflowConfigurer;
import org.apereo.cas.pm.web.flow.actions.HandlePasswordExpirationWarningMessagesAction;
import org.apereo.cas.pm.web.flow.actions.InitPasswordChangeAction;
import org.apereo.cas.pm.web.flow.actions.InitPasswordResetAction;
import org.apereo.cas.pm.web.flow.actions.PasswordChangeAction;
import org.apereo.cas.pm.web.flow.actions.SendPasswordResetInstructionsAction;
import org.apereo.cas.pm.web.flow.actions.ValidatePasswordResetTokenAction;
import org.apereo.cas.pm.web.flow.actions.VerifyPasswordResetRequestAction;
import org.apereo.cas.pm.web.flow.actions.VerifySecurityQuestionsAction;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.web.CaptchaActivationStrategy;
import org.apereo.cas.web.CaptchaValidator;
import org.apereo.cas.web.DefaultCaptchaActivationStrategy;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowConstants;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.InitializeCaptchaAction;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategy;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategyConfigurer;
import org.apereo.cas.web.flow.ValidateCaptchaAction;
import org.apereo.cas.web.flow.actions.StaticEventExecutionAction;
import org.apereo.cas.web.support.WebUtils;
import org.pac4j.core.authorization.generator.SpringSecurityPropertiesAuthorizationGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.web.servlet.HandlerAdapter;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;
import org.springframework.webflow.executor.FlowExecutor;
import org.springframework.webflow.mvc.servlet.FlowHandler;
import org.springframework.webflow.mvc.servlet.FlowHandlerAdapter;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "PasswordManagementWebflowConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:WEB-INF/lib/cas-server-support-pm-webflow-6.5.9.4.jar:org/apereo/cas/pm/config/PasswordManagementWebflowConfiguration.class */
public class PasswordManagementWebflowConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) PasswordManagementWebflowConfiguration.class);

    @ConditionalOnProperty(prefix = "cas.authn.pm.google-recaptcha", name = {SpringSecurityPropertiesAuthorizationGenerator.ENABLED}, havingValue = "true")
    @Configuration(value = "PasswordManagementCaptchaConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:WEB-INF/lib/cas-server-support-pm-webflow-6.5.9.4.jar:org/apereo/cas/pm/config/PasswordManagementWebflowConfiguration$PasswordManagementCaptchaConfiguration.class */
    public static class PasswordManagementCaptchaConfiguration {
        @ConditionalOnMissingBean(name = {"passwordManagementCaptchaWebflowConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowConfigurer passwordManagementCaptchaWebflowConfigurer(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices) {
            PasswordManagementCaptchaWebflowConfigurer passwordManagementCaptchaWebflowConfigurer = new PasswordManagementCaptchaWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
            passwordManagementCaptchaWebflowConfigurer.setOrder(casConfigurationProperties.getAuthn().getPm().getWebflow().getOrder() + 1);
            return passwordManagementCaptchaWebflowConfigurer;
        }

        @ConditionalOnMissingBean(name = {CasWebflowConstants.ACTION_ID_PASSWORD_RESET_VALIDATE_CAPTCHA})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action passwordResetValidateCaptchaAction(CasConfigurationProperties casConfigurationProperties, @Qualifier("passwordResetCaptchaActivationStrategy") CaptchaActivationStrategy captchaActivationStrategy) {
            return new ValidateCaptchaAction(CaptchaValidator.getInstance(casConfigurationProperties.getAuthn().getPm().getGoogleRecaptcha()), captchaActivationStrategy);
        }

        @ConditionalOnMissingBean(name = {"passwordResetCaptchaActivationStrategy"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CaptchaActivationStrategy passwordResetCaptchaActivationStrategy(@Qualifier("servicesManager") ServicesManager servicesManager) {
            return new DefaultCaptchaActivationStrategy(servicesManager);
        }

        @ConditionalOnMissingBean(name = {CasWebflowConstants.ACTION_ID_PASSWORD_RESET_INIT_CAPTCHA})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action passwordResetInitializeCaptchaAction(@Qualifier("passwordResetCaptchaActivationStrategy") CaptchaActivationStrategy captchaActivationStrategy, CasConfigurationProperties casConfigurationProperties) {
            GoogleRecaptchaProperties googleRecaptcha = casConfigurationProperties.getAuthn().getPm().getGoogleRecaptcha();
            return new InitializeCaptchaAction(captchaActivationStrategy, requestContext -> {
                WebUtils.putRecaptchaPasswordManagementEnabled(requestContext, googleRecaptcha);
            }, googleRecaptcha);
        }

        @ConditionalOnMissingBean(name = {"passwordManagementCaptchaWebflowExecutionPlanConfigurer"})
        @Bean
        public CasWebflowExecutionPlanConfigurer passwordManagementCaptchaWebflowExecutionPlanConfigurer(@Qualifier("passwordManagementCaptchaWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "PasswordManagementWebflowActionsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:WEB-INF/lib/cas-server-support-pm-webflow-6.5.9.4.jar:org/apereo/cas/pm/config/PasswordManagementWebflowConfiguration$PasswordManagementWebflowActionsConfiguration.class */
    public static class PasswordManagementWebflowActionsConfiguration {
        @ConditionalOnMissingBean(name = {CasWebflowConstants.ACTION_ID_INIT_PASSWORD_CHANGE})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action initPasswordChangeAction(CasConfigurationProperties casConfigurationProperties) {
            return new InitPasswordChangeAction(casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"initPasswordResetAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action initPasswordResetAction(@Qualifier("passwordChangeService") PasswordManagementService passwordManagementService) {
            return new InitPasswordResetAction(passwordManagementService);
        }

        @ConditionalOnMissingBean(name = {CasWebflowConstants.STATE_ID_PASSWORD_CHANGE_ACTION})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action passwordChangeAction(@Qualifier("passwordChangeService") PasswordManagementService passwordManagementService, @Qualifier("passwordValidationService") PasswordValidationService passwordValidationService) {
            return new PasswordChangeAction(passwordManagementService, passwordValidationService);
        }

        @ConditionalOnMissingBean(name = {"sendPasswordResetInstructionsAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action sendPasswordResetInstructionsAction(CasConfigurationProperties casConfigurationProperties, @Qualifier("passwordChangeService") PasswordManagementService passwordManagementService, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("defaultPrincipalResolver") PrincipalResolver principalResolver, @Qualifier("communicationsManager") CommunicationsManager communicationsManager, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory) {
            return new SendPasswordResetInstructionsAction(casConfigurationProperties, communicationsManager, passwordManagementService, ticketRegistry, ticketFactory, principalResolver);
        }

        @ConditionalOnMissingBean(name = {"verifyPasswordResetRequestAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action verifyPasswordResetRequestAction(CasConfigurationProperties casConfigurationProperties, @Qualifier("passwordChangeService") PasswordManagementService passwordManagementService, @Qualifier("centralAuthenticationService") CentralAuthenticationService centralAuthenticationService) {
            return new VerifyPasswordResetRequestAction(casConfigurationProperties, passwordManagementService, centralAuthenticationService);
        }

        @ConditionalOnMissingBean(name = {"handlePasswordExpirationWarningMessagesAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action handlePasswordExpirationWarningMessagesAction() {
            return new HandlePasswordExpirationWarningMessagesAction();
        }

        @ConditionalOnMissingBean(name = {"verifySecurityQuestionsAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action verifySecurityQuestionsAction(CasConfigurationProperties casConfigurationProperties, @Qualifier("passwordChangeService") PasswordManagementService passwordManagementService) {
            if (casConfigurationProperties.getAuthn().getPm().getReset().isSecurityQuestionsEnabled()) {
                return new VerifySecurityQuestionsAction(passwordManagementService);
            }
            PasswordManagementWebflowConfiguration.LOGGER.debug("Functionality to handle security questions for password management is not enabled");
            return new StaticEventExecutionAction("success");
        }

        @ConditionalOnMissingBean(name = {"validatePasswordResetTokenAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action validatePasswordResetTokenAction(@Qualifier("passwordChangeService") PasswordManagementService passwordManagementService, @Qualifier("centralAuthenticationService") CentralAuthenticationService centralAuthenticationService) {
            return new ValidatePasswordResetTokenAction(passwordManagementService, centralAuthenticationService);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "PasswordManagementWebflowAdapterConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:WEB-INF/lib/cas-server-support-pm-webflow-6.5.9.4.jar:org/apereo/cas/pm/config/PasswordManagementWebflowConfiguration$PasswordManagementWebflowAdapterConfiguration.class */
    public static class PasswordManagementWebflowAdapterConfiguration {
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public HandlerAdapter passwordResetHandlerAdapter(@Qualifier("loginFlowExecutor") FlowExecutor flowExecutor) {
            FlowHandlerAdapter flowHandlerAdapter = new FlowHandlerAdapter() { // from class: org.apereo.cas.pm.config.PasswordManagementWebflowConfiguration.PasswordManagementWebflowAdapterConfiguration.1
                @Override // org.springframework.webflow.mvc.servlet.FlowHandlerAdapter, org.springframework.web.servlet.HandlerAdapter
                public boolean supports(Object obj) {
                    return super.supports(obj) && ((FlowHandler) obj).getFlowId().equals(PasswordManagementWebflowConfigurer.FLOW_ID_PASSWORD_RESET);
                }
            };
            flowHandlerAdapter.setFlowExecutor(flowExecutor);
            return flowHandlerAdapter;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "PasswordManagementWebflowBaseConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:WEB-INF/lib/cas-server-support-pm-webflow-6.5.9.4.jar:org/apereo/cas/pm/config/PasswordManagementWebflowConfiguration$PasswordManagementWebflowBaseConfiguration.class */
    public static class PasswordManagementWebflowBaseConfiguration {
        @ConditionalOnMissingBean(name = {"passwordManagementWebflowConfigurer"})
        @Bean
        public CasWebflowConfigurer passwordManagementWebflowConfigurer(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices) {
            return new PasswordManagementWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"passwordManagementCasWebflowExecutionPlanConfigurer"})
        @Bean
        public CasWebflowExecutionPlanConfigurer passwordManagementCasWebflowExecutionPlanConfigurer(@Qualifier("passwordManagementWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "PasswordManagementWebflowSingleSignOnConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:WEB-INF/lib/cas-server-support-pm-webflow-6.5.9.4.jar:org/apereo/cas/pm/config/PasswordManagementWebflowConfiguration$PasswordManagementWebflowSingleSignOnConfiguration.class */
    public static class PasswordManagementWebflowSingleSignOnConfiguration {
        @ConditionalOnMissingBean(name = {"passwordManagementSingleSignOnParticipationStrategy"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SingleSignOnParticipationStrategy passwordManagementSingleSignOnParticipationStrategy(@Qualifier("authenticationServiceSelectionPlan") AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, @Qualifier("defaultTicketRegistrySupport") TicketRegistrySupport ticketRegistrySupport, @Qualifier("centralAuthenticationService") CentralAuthenticationService centralAuthenticationService, @Qualifier("servicesManager") ServicesManager servicesManager) {
            return new PasswordManagementSingleSignOnParticipationStrategy(servicesManager, ticketRegistrySupport, authenticationServiceSelectionPlan, centralAuthenticationService);
        }

        @ConditionalOnMissingBean(name = {"passwordManagementSingleSignOnParticipationStrategyConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SingleSignOnParticipationStrategyConfigurer passwordManagementSingleSignOnParticipationStrategyConfigurer(@Qualifier("passwordManagementSingleSignOnParticipationStrategy") SingleSignOnParticipationStrategy singleSignOnParticipationStrategy) {
            return chainingSingleSignOnParticipationStrategy -> {
                chainingSingleSignOnParticipationStrategy.addStrategy(singleSignOnParticipationStrategy);
            };
        }
    }
}
