package org.apereo.cas.config;

import java.security.PublicKey;
import lombok.Generated;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.MultifactorAuthenticationContextValidator;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.handler.ByCredentialTypeAuthenticationHandlerResolver;
import org.apereo.cas.authentication.metadata.AuthenticationContextAttributeMetaDataPopulator;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.mfa.accepto.AccepttoEmailCredential;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorAuthenticationWebflowEventResolver;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorDetermineUserAccountStatusAction;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorFetchChannelAction;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorFinalizeAuthenticationWebflowAction;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorValidateChannelAction;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorValidateUserDeviceRegistrationAction;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorWebflowConfigurer;
import org.apereo.cas.mfa.accepto.web.flow.qr.AccepttoQRCodeAuthenticationHandler;
import org.apereo.cas.mfa.accepto.web.flow.qr.AccepttoQRCodeValidateWebSocketChannelAction;
import org.apereo.cas.pac4j.DistributedJEESessionStore;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.crypto.PublicKeyFactoryBean;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategy;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.impl.CasWebflowEventResolutionConfigurationContext;
import org.apereo.cas.web.flow.util.MultifactorAuthenticationWebflowUtils;
import org.apereo.cas.web.support.CookieUtils;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.session.SessionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.core.io.Resource;
import org.springframework.retry.annotation.EnableRetry;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.webflow.config.FlowDefinitionRegistryBuilder;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.FlowBuilder;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@EnableScheduling
@Configuration("accepttoMultifactorAuthenticationConfiguration")
@EnableRetry
/* loaded from: input_file:org/apereo/cas/config/AccepttoMultifactorAuthenticationConfiguration.class */
public class AccepttoMultifactorAuthenticationConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AccepttoMultifactorAuthenticationConfiguration.class);

    @Autowired
    @Qualifier("singleSignOnParticipationStrategy")
    private ObjectProvider<SingleSignOnParticipationStrategy> webflowSingleSignOnParticipationStrategy;

    @Autowired
    @Qualifier("authenticationEventExecutionPlan")
    private ObjectProvider<AuthenticationEventExecutionPlan> authenticationEventExecutionPlan;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Autowired
    @Qualifier("defaultAuthenticationSystemSupport")
    private ObjectProvider<AuthenticationSystemSupport> authenticationSystemSupport;

    @Autowired
    @Qualifier("authenticationContextValidator")
    private ObjectProvider<MultifactorAuthenticationContextValidator> authenticationContextValidator;

    @Autowired
    @Qualifier("defaultTicketRegistrySupport")
    private ObjectProvider<TicketRegistrySupport> ticketRegistrySupport;

    @Autowired
    @Qualifier("warnCookieGenerator")
    private ObjectProvider<CasCookieBuilder> warnCookieGenerator;

    @Autowired
    @Qualifier("centralAuthenticationService")
    private ObjectProvider<CentralAuthenticationService> centralAuthenticationService;

    @Autowired
    @Qualifier("loginFlowRegistry")
    private ObjectProvider<FlowDefinitionRegistry> loginFlowDefinitionRegistry;

    @Autowired
    @Qualifier("initialAuthenticationAttemptWebflowEventResolver")
    private ObjectProvider<CasDelegatingWebflowEventResolver> initialAuthenticationAttemptWebflowEventResolver;

    @Autowired
    @Qualifier("ticketRegistry")
    private ObjectProvider<TicketRegistry> ticketRegistry;

    @Autowired
    @Qualifier("authenticationServiceSelectionPlan")
    private ObjectProvider<AuthenticationServiceSelectionPlan> authenticationRequestServiceSelectionStrategies;

    @Autowired
    @Qualifier("registeredServiceAccessStrategyEnforcer")
    private ObjectProvider<AuditableExecution> registeredServiceAccessStrategyEnforcer;

    @Autowired
    private ObjectProvider<FlowBuilderServices> flowBuilderServices;

    @Autowired
    @Qualifier("defaultTicketFactory")
    private ObjectProvider<TicketFactory> ticketFactory;

    @Autowired
    @Qualifier("defaultPrincipalResolver")
    private ObjectProvider<PrincipalResolver> defaultPrincipalResolver;

    @Autowired
    @Qualifier("casAccepttoMultifactorAuthenticationProvider")
    private ObjectProvider<MultifactorAuthenticationProvider> casAccepttoMultifactorAuthenticationProvider;

    @Autowired
    @Qualifier("flowBuilder")
    private ObjectProvider<FlowBuilder> flowBuilder;

    @ConditionalOnMissingBean(name = {"mfaAccepttoAuthenticatorFlowRegistry"})
    @Bean
    public FlowDefinitionRegistry mfaAccepttoAuthenticatorFlowRegistry() {
        FlowDefinitionRegistryBuilder flowDefinitionRegistryBuilder = new FlowDefinitionRegistryBuilder(this.applicationContext, (FlowBuilderServices) this.flowBuilderServices.getObject());
        flowDefinitionRegistryBuilder.addFlowBuilder((FlowBuilder) this.flowBuilder.getObject(), AccepttoMultifactorWebflowConfigurer.MFA_ACCEPTTO_EVENT_ID);
        return flowDefinitionRegistryBuilder.build();
    }

    @ConditionalOnMissingBean(name = {"mfaAccepttoMultifactorWebflowConfigurer"})
    @DependsOn({"defaultWebflowConfigurer"})
    @Bean
    public CasWebflowConfigurer mfaAccepttoMultifactorWebflowConfigurer() {
        return new AccepttoMultifactorWebflowConfigurer((FlowBuilderServices) this.flowBuilderServices.getObject(), (FlowDefinitionRegistry) this.loginFlowDefinitionRegistry.getObject(), mfaAccepttoAuthenticatorFlowRegistry(), this.applicationContext, this.casProperties, MultifactorAuthenticationWebflowUtils.getMultifactorAuthenticationWebflowCustomizers(this.applicationContext));
    }

    @ConditionalOnMissingBean(name = {"mfaAccepttoCasWebflowExecutionPlanConfigurer"})
    @Bean
    public CasWebflowExecutionPlanConfigurer mfaAccepttoCasWebflowExecutionPlanConfigurer() {
        return casWebflowExecutionPlan -> {
            casWebflowExecutionPlan.registerWebflowConfigurer(mfaAccepttoMultifactorWebflowConfigurer());
        };
    }

    @ConditionalOnMissingBean(name = {"mfaAccepttoDistributedSessionStore"})
    @Bean
    public SessionStore<JEEContext> mfaAccepttoDistributedSessionStore() {
        return new DistributedJEESessionStore((CentralAuthenticationService) this.centralAuthenticationService.getObject(), (TicketFactory) this.ticketFactory.getObject(), CookieUtils.buildCookieRetrievingGenerator(this.casProperties.getSessionReplication().getCookie()));
    }

    @ConditionalOnMissingBean(name = {"mfaAccepttoMultifactorFetchChannelAction"})
    @RefreshScope
    @Bean
    public Action mfaAccepttoMultifactorFetchChannelAction() throws Exception {
        return new AccepttoMultifactorFetchChannelAction(this.casProperties, mfaAccepttoDistributedSessionStore(), mfaAccepttoApiPublicKey());
    }

    @ConditionalOnMissingBean(name = {"mfaAccepttoMultifactorValidateChannelAction"})
    @RefreshScope
    @Bean
    public Action mfaAccepttoMultifactorValidateChannelAction() {
        return new AccepttoMultifactorValidateChannelAction(mfaAccepttoDistributedSessionStore(), (AuthenticationSystemSupport) this.authenticationSystemSupport.getObject());
    }

    @ConditionalOnMissingBean(name = {"mfaAccepttoQRCodeValidateWebSocketChannelAction"})
    @Bean
    public Action mfaAccepttoQRCodeValidateWebSocketChannelAction() {
        return new AccepttoQRCodeValidateWebSocketChannelAction(this.casProperties, mfaAccepttoDistributedSessionStore());
    }

    @ConditionalOnMissingBean(name = {"mfaAccepttoMultifactorDetermineUserAccountStatusAction"})
    @RefreshScope
    @Bean
    public Action mfaAccepttoMultifactorDetermineUserAccountStatusAction() throws Exception {
        return new AccepttoMultifactorDetermineUserAccountStatusAction(this.casProperties, mfaAccepttoApiPublicKey());
    }

    @ConditionalOnMissingBean(name = {"mfaAccepttoApiPublicKey"})
    @RefreshScope
    @Bean
    public PublicKey mfaAccepttoApiPublicKey() throws Exception {
        Resource location = this.casProperties.getAuthn().getMfa().getAcceptto().getRegistrationApiPublicKey().getLocation();
        if (location == null) {
            throw new BeanCreationException("No registration API public key is defined for the Acceptto integration.");
        }
        PublicKeyFactoryBean publicKeyFactoryBean = new PublicKeyFactoryBean(location, "RSA");
        LOGGER.debug("Locating Acceptto registration API public key from [{}]", location);
        publicKeyFactoryBean.setSingleton(false);
        return (PublicKey) publicKeyFactoryBean.getObject();
    }

    @ConditionalOnMissingBean(name = {"mfaAccepttoMultifactorValidateUserDeviceRegistrationAction"})
    @RefreshScope
    @Bean
    public Action mfaAccepttoMultifactorValidateUserDeviceRegistrationAction() {
        return new AccepttoMultifactorValidateUserDeviceRegistrationAction(this.casProperties);
    }

    @RefreshScope
    @Bean
    public CasWebflowEventResolver mfaAccepttoMultifactorAuthenticationWebflowEventResolver() {
        return new AccepttoMultifactorAuthenticationWebflowEventResolver(CasWebflowEventResolutionConfigurationContext.builder().casDelegatingWebflowEventResolver((CasDelegatingWebflowEventResolver) this.initialAuthenticationAttemptWebflowEventResolver.getObject()).authenticationContextValidator((MultifactorAuthenticationContextValidator) this.authenticationContextValidator.getObject()).authenticationSystemSupport((AuthenticationSystemSupport) this.authenticationSystemSupport.getObject()).centralAuthenticationService((CentralAuthenticationService) this.centralAuthenticationService.getObject()).servicesManager((ServicesManager) this.servicesManager.getObject()).ticketRegistrySupport((TicketRegistrySupport) this.ticketRegistrySupport.getObject()).warnCookieGenerator((CasCookieBuilder) this.warnCookieGenerator.getObject()).authenticationRequestServiceSelectionStrategies((AuthenticationServiceSelectionPlan) this.authenticationRequestServiceSelectionStrategies.getObject()).registeredServiceAccessStrategyEnforcer((AuditableExecution) this.registeredServiceAccessStrategyEnforcer.getObject()).casProperties(this.casProperties).singleSignOnParticipationStrategy((SingleSignOnParticipationStrategy) this.webflowSingleSignOnParticipationStrategy.getObject()).ticketRegistry((TicketRegistry) this.ticketRegistry.getObject()).applicationContext(this.applicationContext).authenticationEventExecutionPlan((AuthenticationEventExecutionPlan) this.authenticationEventExecutionPlan.getObject()).build());
    }

    @ConditionalOnMissingBean(name = {"mfaAccepttoMultifactorFinalizeAuthenticationWebflowAction"})
    @Bean
    public Action mfaAccepttoMultifactorFinalizeAuthenticationWebflowAction() {
        return new AccepttoMultifactorFinalizeAuthenticationWebflowAction(mfaAccepttoMultifactorAuthenticationWebflowEventResolver());
    }

    @ConditionalOnMissingBean(name = {"casAccepttoQRCodePrincipalFactory"})
    @Bean
    public PrincipalFactory casAccepttoQRCodePrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"casAccepttoQRCodeAuthenticationHandler"})
    @RefreshScope
    @Bean
    public AuthenticationHandler casAccepttoQRCodeAuthenticationHandler() {
        return new AccepttoQRCodeAuthenticationHandler((ServicesManager) this.servicesManager.getObject(), casAccepttoQRCodePrincipalFactory());
    }

    @RefreshScope
    @Bean
    public AuthenticationMetaDataPopulator casAccepttoQRCodeAuthenticationMetaDataPopulator() {
        return new AuthenticationContextAttributeMetaDataPopulator(this.casProperties.getAuthn().getMfa().getAuthenticationContextAttribute(), casAccepttoQRCodeAuthenticationHandler(), ((MultifactorAuthenticationProvider) this.casAccepttoMultifactorAuthenticationProvider.getObject()).getId());
    }

    @ConditionalOnMissingBean(name = {"casAccepttoAuthenticationQRCodeEventExecutionPlanConfigurer"})
    @Bean
    public AuthenticationEventExecutionPlanConfigurer casAccepttoAuthenticationQRCodeEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(casAccepttoQRCodeAuthenticationHandler(), (PrincipalResolver) this.defaultPrincipalResolver.getObject());
            authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(casAccepttoQRCodeAuthenticationMetaDataPopulator());
            authenticationEventExecutionPlan.registerAuthenticationHandlerResolver(new ByCredentialTypeAuthenticationHandlerResolver(new Class[]{AccepttoEmailCredential.class}));
        };
    }
}
