package org.apereo.cas.config;

import java.security.PublicKey;
import java.util.Objects;
import java.util.function.Supplier;
import lombok.Generated;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.handler.ByCredentialTypeAuthenticationHandlerResolver;
import org.apereo.cas.authentication.metadata.AuthenticationContextAttributeMetaDataPopulator;
import org.apereo.cas.authentication.metadata.MultifactorAuthenticationProviderMetadataPopulator;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.mfa.accepto.AccepttoEmailCredential;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorAuthenticationWebflowEventResolver;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorDetermineUserAccountStatusAction;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorFetchChannelAction;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorFinalizeAuthenticationWebflowAction;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorValidateChannelAction;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorValidateUserDeviceRegistrationAction;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorWebflowConfigurer;
import org.apereo.cas.mfa.accepto.web.flow.qr.AccepttoQRCodeAuthenticationHandler;
import org.apereo.cas.mfa.accepto.web.flow.qr.AccepttoQRCodeValidateWebSocketChannelAction;
import org.apereo.cas.pac4j.DistributedJEESessionStore;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.crypto.PublicKeyFactoryBean;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.impl.CasWebflowEventResolutionConfigurationContext;
import org.apereo.cas.web.flow.util.MultifactorAuthenticationWebflowUtils;
import org.apereo.cas.web.support.CookieUtils;
import org.pac4j.core.context.session.SessionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.core.io.Resource;
import org.springframework.retry.annotation.EnableRetry;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.webflow.config.FlowDefinitionRegistryBuilder;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.FlowBuilder;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@EnableScheduling
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = CasFeatureModule.FeatureCatalog.MultifactorAuthentication, module = "acceptto")
@EnableRetry
/* loaded from: input_file:org/apereo/cas/config/AccepttoMultifactorAuthenticationConfiguration.class */
public class AccepttoMultifactorAuthenticationConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AccepttoMultifactorAuthenticationConfiguration.class);

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "AccepttoMultifactorAuthenticationActionsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/AccepttoMultifactorAuthenticationConfiguration$AccepttoMultifactorAuthenticationActionsConfiguration.class */
    public static class AccepttoMultifactorAuthenticationActionsConfiguration {
        @ConditionalOnMissingBean(name = {"mfaAccepttoMultifactorValidateUserDeviceRegistrationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action mfaAccepttoMultifactorValidateUserDeviceRegistrationAction(CasConfigurationProperties casConfigurationProperties) {
            return new AccepttoMultifactorValidateUserDeviceRegistrationAction(casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"mfaAccepttoMultifactorFetchChannelAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action mfaAccepttoMultifactorFetchChannelAction(CasConfigurationProperties casConfigurationProperties, @Qualifier("mfaAccepttoDistributedSessionStore") SessionStore sessionStore, @Qualifier("mfaAccepttoApiPublicKey") PublicKey publicKey) throws Exception {
            return new AccepttoMultifactorFetchChannelAction(casConfigurationProperties, sessionStore, publicKey);
        }

        @ConditionalOnMissingBean(name = {"mfaAccepttoMultifactorValidateChannelAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action mfaAccepttoMultifactorValidateChannelAction(@Qualifier("mfaAccepttoDistributedSessionStore") SessionStore sessionStore, @Qualifier("defaultAuthenticationSystemSupport") AuthenticationSystemSupport authenticationSystemSupport) {
            return new AccepttoMultifactorValidateChannelAction(sessionStore, authenticationSystemSupport);
        }

        @ConditionalOnMissingBean(name = {"mfaAccepttoQRCodeValidateWebSocketChannelAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action mfaAccepttoQRCodeValidateWebSocketChannelAction(CasConfigurationProperties casConfigurationProperties, @Qualifier("mfaAccepttoDistributedSessionStore") SessionStore sessionStore) {
            return new AccepttoQRCodeValidateWebSocketChannelAction(casConfigurationProperties, sessionStore);
        }

        @ConditionalOnMissingBean(name = {"mfaAccepttoMultifactorFinalizeAuthenticationWebflowAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action mfaAccepttoMultifactorFinalizeAuthenticationWebflowAction(@Qualifier("mfaAccepttoMultifactorAuthenticationWebflowEventResolver") CasWebflowEventResolver casWebflowEventResolver) {
            return new AccepttoMultifactorFinalizeAuthenticationWebflowAction(casWebflowEventResolver);
        }

        @ConditionalOnMissingBean(name = {"mfaAccepttoMultifactorDetermineUserAccountStatusAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action mfaAccepttoMultifactorDetermineUserAccountStatusAction(CasConfigurationProperties casConfigurationProperties, @Qualifier("mfaAccepttoApiPublicKey") PublicKey publicKey) throws Exception {
            return new AccepttoMultifactorDetermineUserAccountStatusAction(casConfigurationProperties, publicKey);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "AccepttoMultifactorAuthenticationCoreConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/AccepttoMultifactorAuthenticationConfiguration$AccepttoMultifactorAuthenticationCoreConfiguration.class */
    public static class AccepttoMultifactorAuthenticationCoreConfiguration {
        @ConditionalOnMissingBean(name = {"mfaAccepttoApiPublicKey"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PublicKey mfaAccepttoApiPublicKey(CasConfigurationProperties casConfigurationProperties) throws Exception {
            Resource resource = (Resource) Objects.requireNonNull(casConfigurationProperties.getAuthn().getMfa().getAcceptto().getRegistrationApiPublicKey().getLocation(), (Supplier<String>) () -> {
                return "No registration API public key is defined for the Acceptto integration.";
            });
            PublicKeyFactoryBean publicKeyFactoryBean = new PublicKeyFactoryBean(resource, "RSA");
            AccepttoMultifactorAuthenticationConfiguration.LOGGER.debug("Locating Acceptto registration API public key from [{}]", resource);
            publicKeyFactoryBean.setSingleton(false);
            return (PublicKey) publicKeyFactoryBean.getObject();
        }

        @ConditionalOnMissingBean(name = {"casAccepttoQRCodePrincipalFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PrincipalFactory casAccepttoQRCodePrincipalFactory() {
            return PrincipalFactoryUtils.newPrincipalFactory();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "AccepttoMultifactorAuthenticationHandlerConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/AccepttoMultifactorAuthenticationConfiguration$AccepttoMultifactorAuthenticationHandlerConfiguration.class */
    public static class AccepttoMultifactorAuthenticationHandlerConfiguration {
        @ConditionalOnMissingBean(name = {"casAccepttoQRCodeAuthenticationHandler"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationHandler casAccepttoQRCodeAuthenticationHandler(@Qualifier("casAccepttoMultifactorAuthenticationProvider") ObjectProvider<MultifactorAuthenticationProvider> objectProvider, @Qualifier("casAccepttoQRCodePrincipalFactory") PrincipalFactory principalFactory, @Qualifier("servicesManager") ServicesManager servicesManager) {
            return new AccepttoQRCodeAuthenticationHandler(servicesManager, principalFactory, objectProvider);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "AccepttoMultifactorAuthenticationMetadataConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/AccepttoMultifactorAuthenticationConfiguration$AccepttoMultifactorAuthenticationMetadataConfiguration.class */
    public static class AccepttoMultifactorAuthenticationMetadataConfiguration {
        @ConditionalOnMissingBean(name = {"casAccepttoMultifactorProviderAuthenticationMetadataPopulator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationMetaDataPopulator casAccepttoMultifactorProviderAuthenticationMetadataPopulator(@Qualifier("servicesManager") ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties, @Qualifier("casAccepttoMultifactorAuthenticationProvider") ObjectProvider<MultifactorAuthenticationProvider> objectProvider) {
            return new MultifactorAuthenticationProviderMetadataPopulator(casConfigurationProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute(), objectProvider, servicesManager);
        }

        @ConditionalOnMissingBean(name = {"casAccepttoQRCodeAuthenticationMetaDataPopulator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationMetaDataPopulator casAccepttoQRCodeAuthenticationMetaDataPopulator(CasConfigurationProperties casConfigurationProperties, @Qualifier("casAccepttoQRCodeAuthenticationHandler") AuthenticationHandler authenticationHandler, @Qualifier("casAccepttoMultifactorAuthenticationProvider") MultifactorAuthenticationProvider multifactorAuthenticationProvider) {
            return new AuthenticationContextAttributeMetaDataPopulator(casConfigurationProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute(), authenticationHandler, multifactorAuthenticationProvider.getId());
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "AccepttoMultifactorAuthenticationPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/AccepttoMultifactorAuthenticationConfiguration$AccepttoMultifactorAuthenticationPlanConfiguration.class */
    public static class AccepttoMultifactorAuthenticationPlanConfiguration {
        @ConditionalOnMissingBean(name = {"casAccepttoAuthenticationQRCodeEventExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationEventExecutionPlanConfigurer casAccepttoAuthenticationQRCodeEventExecutionPlanConfigurer(@Qualifier("casAccepttoMultifactorProviderAuthenticationMetadataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator, @Qualifier("casAccepttoQRCodeAuthenticationHandler") AuthenticationHandler authenticationHandler, @Qualifier("casAccepttoQRCodeAuthenticationMetaDataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator2, @Qualifier("defaultPrincipalResolver") PrincipalResolver principalResolver) {
            return authenticationEventExecutionPlan -> {
                authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(authenticationHandler, principalResolver);
                authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator2);
                authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator);
                authenticationEventExecutionPlan.registerAuthenticationHandlerResolver(new ByCredentialTypeAuthenticationHandlerResolver(new Class[]{AccepttoEmailCredential.class}));
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "AccepttoMultifactorAuthenticationSessionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/AccepttoMultifactorAuthenticationConfiguration$AccepttoMultifactorAuthenticationSessionConfiguration.class */
    public static class AccepttoMultifactorAuthenticationSessionConfiguration {
        @ConditionalOnMissingBean(name = {"mfaAccepttoDistributedSessionStore"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SessionStore mfaAccepttoDistributedSessionStore(@Qualifier("ticketRegistry") TicketRegistry ticketRegistry, CasConfigurationProperties casConfigurationProperties, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory) {
            return new DistributedJEESessionStore(ticketRegistry, ticketFactory, CookieUtils.buildCookieRetrievingGenerator(casConfigurationProperties.getSessionReplication().getCookie()));
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "AccepttoMultifactorAuthenticationWebflowConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/AccepttoMultifactorAuthenticationConfiguration$AccepttoMultifactorAuthenticationWebflowConfiguration.class */
    public static class AccepttoMultifactorAuthenticationWebflowConfiguration {
        @ConditionalOnMissingBean(name = {"mfaAccepttoAuthenticatorFlowRegistry"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public FlowDefinitionRegistry mfaAccepttoAuthenticatorFlowRegistry(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices, @Qualifier("flowBuilder") FlowBuilder flowBuilder) {
            FlowDefinitionRegistryBuilder flowDefinitionRegistryBuilder = new FlowDefinitionRegistryBuilder(configurableApplicationContext, flowBuilderServices);
            flowDefinitionRegistryBuilder.addFlowBuilder(flowBuilder, AccepttoMultifactorWebflowConfigurer.MFA_ACCEPTTO_EVENT_ID);
            return flowDefinitionRegistryBuilder.build();
        }

        @ConditionalOnMissingBean(name = {"mfaAccepttoMultifactorWebflowConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowConfigurer mfaAccepttoMultifactorWebflowConfigurer(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("mfaAccepttoAuthenticatorFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry2, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices) {
            return new AccepttoMultifactorWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry2, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties, MultifactorAuthenticationWebflowUtils.getMultifactorAuthenticationWebflowCustomizers(configurableApplicationContext));
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowEventResolver mfaAccepttoMultifactorAuthenticationWebflowEventResolver(@Qualifier("casWebflowConfigurationContext") CasWebflowEventResolutionConfigurationContext casWebflowEventResolutionConfigurationContext) {
            return new AccepttoMultifactorAuthenticationWebflowEventResolver(casWebflowEventResolutionConfigurationContext);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "AccepttoMultifactorAuthenticationWebflowPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/AccepttoMultifactorAuthenticationConfiguration$AccepttoMultifactorAuthenticationWebflowPlanConfiguration.class */
    public static class AccepttoMultifactorAuthenticationWebflowPlanConfiguration {
        @ConditionalOnMissingBean(name = {"mfaAccepttoCasWebflowExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowExecutionPlanConfigurer mfaAccepttoCasWebflowExecutionPlanConfigurer(@Qualifier("mfaAccepttoMultifactorWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
            };
        }
    }
}
