package org.apereo.cas.config;

import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.MultifactorAuthenticationFailureModeEvaluator;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.bypass.MultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.handler.ByCredentialTypeAuthenticationHandlerResolver;
import org.apereo.cas.authentication.metadata.AuthenticationContextAttributeMetaDataPopulator;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorProperties;
import org.apereo.cas.mfa.accepto.AccepttoMultifactorAuthenticationHandler;
import org.apereo.cas.mfa.accepto.AccepttoMultifactorAuthenticationProvider;
import org.apereo.cas.mfa.accepto.AccepttoMultifactorTokenCredential;
import org.apereo.cas.services.ServicesManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("accepttoMultifactorAuthenticationEventExecutionPlanConfiguration")
/* loaded from: input_file:org/apereo/cas/config/AccepttoMultifactorAuthenticationEventExecutionPlanConfiguration.class */
public class AccepttoMultifactorAuthenticationEventExecutionPlanConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AccepttoMultifactorAuthenticationEventExecutionPlanConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    @Qualifier("casAccepttoMultifactorBypassEvaluator")
    private ObjectProvider<MultifactorAuthenticationProviderBypassEvaluator> casAccepttoMultifactorBypassEvaluator;

    @Autowired
    @Qualifier("failureModeEvaluator")
    private ObjectProvider<MultifactorAuthenticationFailureModeEvaluator> failureModeEvaluator;

    @ConditionalOnMissingBean(name = {"casAccepttoMultifactorAuthenticationHandler"})
    @RefreshScope
    @Bean
    public AuthenticationHandler casAccepttoMultifactorAuthenticationHandler() {
        AccepttoMultifactorProperties acceptto = this.casProperties.getAuthn().getMfa().getAcceptto();
        validateConfigurationProperties();
        return new AccepttoMultifactorAuthenticationHandler((ServicesManager) this.servicesManager.getObject(), casAccepttoMultifactorPrincipalFactory(), acceptto);
    }

    @RefreshScope
    @Bean
    public MultifactorAuthenticationProvider casAccepttoMultifactorAuthenticationProvider() {
        AccepttoMultifactorProperties acceptto = this.casProperties.getAuthn().getMfa().getAcceptto();
        AccepttoMultifactorAuthenticationProvider accepttoMultifactorAuthenticationProvider = new AccepttoMultifactorAuthenticationProvider();
        accepttoMultifactorAuthenticationProvider.setBypassEvaluator((MultifactorAuthenticationProviderBypassEvaluator) this.casAccepttoMultifactorBypassEvaluator.getObject());
        accepttoMultifactorAuthenticationProvider.setFailureMode(acceptto.getFailureMode());
        accepttoMultifactorAuthenticationProvider.setFailureModeEvaluator((MultifactorAuthenticationFailureModeEvaluator) this.failureModeEvaluator.getObject());
        accepttoMultifactorAuthenticationProvider.setOrder(acceptto.getRank());
        accepttoMultifactorAuthenticationProvider.setId(acceptto.getId());
        return accepttoMultifactorAuthenticationProvider;
    }

    @RefreshScope
    @Bean
    public AuthenticationMetaDataPopulator casAccepttoMultifactorAuthenticationMetaDataPopulator() {
        return new AuthenticationContextAttributeMetaDataPopulator(this.casProperties.getAuthn().getMfa().getAuthenticationContextAttribute(), casAccepttoMultifactorAuthenticationHandler(), casAccepttoMultifactorAuthenticationProvider().getId());
    }

    @ConditionalOnMissingBean(name = {"casAccepttoMultifactorPrincipalFactory"})
    @Bean
    public PrincipalFactory casAccepttoMultifactorPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"casAccepttoMultifactorAuthenticationEventExecutionPlanConfigurer"})
    @Bean
    public AuthenticationEventExecutionPlanConfigurer casAccepttoMultifactorAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            authenticationEventExecutionPlan.registerAuthenticationHandler(casAccepttoMultifactorAuthenticationHandler());
            authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(casAccepttoMultifactorAuthenticationMetaDataPopulator());
            authenticationEventExecutionPlan.registerAuthenticationHandlerResolver(new ByCredentialTypeAuthenticationHandlerResolver(new Class[]{AccepttoMultifactorTokenCredential.class}));
        };
    }

    private void validateConfigurationProperties() {
        AccepttoMultifactorProperties acceptto = this.casProperties.getAuthn().getMfa().getAcceptto();
        if (StringUtils.isBlank(acceptto.getApiUrl()) || StringUtils.isBlank(acceptto.getRegistrationApiUrl())) {
            throw new BeanCreationException("No API urls are defined for the Acceptto integration.");
        }
        if (StringUtils.isBlank(acceptto.getOrganizationId()) || StringUtils.isBlank(acceptto.getApplicationId())) {
            throw new BeanCreationException("No application or organization id is defined for the Acceptto integration.");
        }
        if (StringUtils.isBlank(acceptto.getSecret()) || StringUtils.isBlank(acceptto.getOrganizationSecret())) {
            throw new BeanCreationException("No application or organization secret is defined for the Acceptto integration.");
        }
        if (StringUtils.isBlank(acceptto.getEmailAttribute())) {
            throw new BeanCreationException("No email attribute is defined for the Acceptto integration.");
        }
        if (acceptto.getRegistrationApiPublicKey().getLocation() == null) {
            throw new BeanCreationException("No registration API public key is defined for the Acceptto integration.");
        }
    }
}
