package org.apereo.cas.adaptors.authy.config;

import com.google.common.base.Throwables;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.adaptors.authy.AuthyAuthenticationHandler;
import org.apereo.cas.adaptors.authy.AuthyAuthenticationMetaDataPopulator;
import org.apereo.cas.adaptors.authy.AuthyClientInstance;
import org.apereo.cas.adaptors.authy.AuthyMultifactorAuthenticationProvider;
import org.apereo.cas.adaptors.authy.web.flow.AuthyAuthenticationRegistrationWebflowAction;
import org.apereo.cas.adaptors.authy.web.flow.AuthyAuthenticationWebflowAction;
import org.apereo.cas.adaptors.authy.web.flow.AuthyAuthenticationWebflowEventResolver;
import org.apereo.cas.adaptors.authy.web.flow.AuthyMultifactorTrustWebflowConfigurer;
import org.apereo.cas.adaptors.authy.web.flow.AuthyMultifactorWebflowConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.AbstractMultifactorAuthenticationProvider;
import org.apereo.cas.services.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustStorage;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.authentication.FirstMultifactorAuthenticationProviderSelector;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.config.FlowDefinitionRegistryBuilder;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("authyConfiguration")
/* loaded from: input_file:org/apereo/cas/adaptors/authy/config/AuthyConfiguration.class */
public class AuthyConfiguration {

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private ApplicationContext applicationContext;

    @Autowired
    @Qualifier("loginFlowRegistry")
    private FlowDefinitionRegistry loginFlowDefinitionRegistry;

    @Autowired
    private FlowBuilderServices flowBuilderServices;

    @Autowired
    @Qualifier("centralAuthenticationService")
    private CentralAuthenticationService centralAuthenticationService;

    @Autowired
    @Qualifier("defaultAuthenticationSystemSupport")
    private AuthenticationSystemSupport authenticationSystemSupport;

    @Autowired
    @Qualifier("defaultTicketRegistrySupport")
    private TicketRegistrySupport ticketRegistrySupport;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired(required = false)
    @Qualifier("multifactorAuthenticationProviderSelector")
    private MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector = new FirstMultifactorAuthenticationProviderSelector();

    @Autowired
    @Qualifier("warnCookieGenerator")
    private CookieGenerator warnCookieGenerator;

    @Autowired
    @Qualifier("authenticationHandlersResolvers")
    private Map authenticationHandlersResolvers;

    @Autowired
    @Qualifier("authenticationMetadataPopulators")
    private List authenticationMetadataPopulators;

    @ConditionalOnClass({MultifactorAuthenticationTrustStorage.class})
    @ConditionalOnProperty(prefix = "cas.authn.mfa.authy", name = {"trustedDeviceEnabled"}, havingValue = "true", matchIfMissing = true)
    @Configuration("authyMultifactorTrustConfiguration")
    /* loaded from: input_file:org/apereo/cas/adaptors/authy/config/AuthyConfiguration$AuthyMultifactorTrustConfiguration.class */
    public class AuthyMultifactorTrustConfiguration {
        public AuthyMultifactorTrustConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"authyMultifactorTrustWebflowConfigurer"})
        @Bean
        public CasWebflowConfigurer authyMultifactorTrustWebflowConfigurer() {
            AuthyMultifactorTrustWebflowConfigurer authyMultifactorTrustWebflowConfigurer = new AuthyMultifactorTrustWebflowConfigurer();
            authyMultifactorTrustWebflowConfigurer.setFlowDefinitionRegistry(AuthyConfiguration.this.authyAuthenticatorFlowRegistry());
            authyMultifactorTrustWebflowConfigurer.setLoginFlowDefinitionRegistry(AuthyConfiguration.this.loginFlowDefinitionRegistry);
            authyMultifactorTrustWebflowConfigurer.setFlowBuilderServices(AuthyConfiguration.this.flowBuilderServices);
            authyMultifactorTrustWebflowConfigurer.setEnableDeviceRegistration(AuthyConfiguration.this.casProperties.getAuthn().getMfa().getTrusted().isDeviceRegistrationEnabled());
            return authyMultifactorTrustWebflowConfigurer;
        }
    }

    @Bean
    public FlowDefinitionRegistry authyAuthenticatorFlowRegistry() {
        FlowDefinitionRegistryBuilder flowDefinitionRegistryBuilder = new FlowDefinitionRegistryBuilder(this.applicationContext, this.flowBuilderServices);
        flowDefinitionRegistryBuilder.setBasePath("classpath*:/webflow");
        flowDefinitionRegistryBuilder.addFlowLocationPattern("/mfa-authy/*-webflow.xml");
        return flowDefinitionRegistryBuilder.build();
    }

    @RefreshScope
    @Bean
    public AuthenticationHandler authyAuthenticationHandler() {
        try {
            AuthyAuthenticationHandler authyAuthenticationHandler = new AuthyAuthenticationHandler(authyClientInstance());
            authyAuthenticationHandler.setServicesManager(this.servicesManager);
            authyAuthenticationHandler.setPrincipalFactory(authyPrincipalFactory());
            authyAuthenticationHandler.setForceVerification(Boolean.valueOf(this.casProperties.getAuthn().getMfa().getAuthy().isForceVerification()));
            return authyAuthenticationHandler;
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    @RefreshScope
    @Bean
    public PrincipalFactory authyPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @RefreshScope
    @Bean
    public AuthenticationMetaDataPopulator authyAuthenticationMetaDataPopulator() {
        return new AuthyAuthenticationMetaDataPopulator(this.casProperties.getAuthn().getMfa().getAuthenticationContextAttribute(), authyAuthenticationHandler(), authyAuthenticatorAuthenticationProvider());
    }

    @RefreshScope
    @Bean
    public AbstractMultifactorAuthenticationProvider authyAuthenticatorAuthenticationProvider() {
        return new AuthyMultifactorAuthenticationProvider();
    }

    @RefreshScope
    @Bean
    public CasWebflowEventResolver authyAuthenticationWebflowEventResolver() {
        AuthyAuthenticationWebflowEventResolver authyAuthenticationWebflowEventResolver = new AuthyAuthenticationWebflowEventResolver();
        authyAuthenticationWebflowEventResolver.setAuthenticationSystemSupport(this.authenticationSystemSupport);
        authyAuthenticationWebflowEventResolver.setCentralAuthenticationService(this.centralAuthenticationService);
        authyAuthenticationWebflowEventResolver.setMultifactorAuthenticationProviderSelector(this.multifactorAuthenticationProviderSelector);
        authyAuthenticationWebflowEventResolver.setServicesManager(this.servicesManager);
        authyAuthenticationWebflowEventResolver.setTicketRegistrySupport(this.ticketRegistrySupport);
        authyAuthenticationWebflowEventResolver.setWarnCookieGenerator(this.warnCookieGenerator);
        return authyAuthenticationWebflowEventResolver;
    }

    @ConditionalOnMissingBean(name = {"authyMultifactorWebflowConfigurer"})
    @Bean
    public CasWebflowConfigurer authyMultifactorWebflowConfigurer() {
        AuthyMultifactorWebflowConfigurer authyMultifactorWebflowConfigurer = new AuthyMultifactorWebflowConfigurer();
        authyMultifactorWebflowConfigurer.setFlowDefinitionRegistry(authyAuthenticatorFlowRegistry());
        authyMultifactorWebflowConfigurer.setLoginFlowDefinitionRegistry(this.loginFlowDefinitionRegistry);
        authyMultifactorWebflowConfigurer.setFlowBuilderServices(this.flowBuilderServices);
        return authyMultifactorWebflowConfigurer;
    }

    @RefreshScope
    @Bean
    public Action authyAuthenticationWebflowAction() {
        AuthyAuthenticationWebflowAction authyAuthenticationWebflowAction = new AuthyAuthenticationWebflowAction();
        authyAuthenticationWebflowAction.setCasWebflowEventResolver(authyAuthenticationWebflowEventResolver());
        return authyAuthenticationWebflowAction;
    }

    @RefreshScope
    @Bean
    public AuthyClientInstance authyClientInstance() {
        if (StringUtils.isBlank(this.casProperties.getAuthn().getMfa().getAuthy().getApiKey())) {
            throw new IllegalArgumentException("Authy API key must be defined");
        }
        AuthyClientInstance authyClientInstance = new AuthyClientInstance(this.casProperties.getAuthn().getMfa().getAuthy().getApiKey(), this.casProperties.getAuthn().getMfa().getAuthy().getApiUrl());
        authyClientInstance.setMailAttribute(this.casProperties.getAuthn().getMfa().getAuthy().getMailAttribute());
        authyClientInstance.setPhoneAttribute(this.casProperties.getAuthn().getMfa().getAuthy().getPhoneAttribute());
        return authyClientInstance;
    }

    @RefreshScope
    @Bean
    public Action authyAuthenticationRegistrationWebflowAction() {
        return new AuthyAuthenticationRegistrationWebflowAction(authyClientInstance());
    }

    @PostConstruct
    protected void initializeRootApplicationContext() {
        this.authenticationHandlersResolvers.put(authyAuthenticationHandler(), null);
        this.authenticationMetadataPopulators.add(0, authyAuthenticationMetaDataPopulator());
    }
}
