package org.apereo.cas.adaptors.authy.config.support.authentication;

import com.authy.AuthyApiClient;
import java.net.URL;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.adaptors.authy.AuthyAuthenticationHandler;
import org.apereo.cas.adaptors.authy.AuthyClientInstance;
import org.apereo.cas.adaptors.authy.AuthyMultifactorAuthenticationProvider;
import org.apereo.cas.adaptors.authy.AuthyTokenCredential;
import org.apereo.cas.adaptors.authy.DefaultAuthyClientInstance;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.MultifactorAuthenticationFailureModeEvaluator;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.bypass.MultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.handler.ByCredentialTypeAuthenticationHandlerResolver;
import org.apereo.cas.authentication.metadata.AuthenticationContextAttributeMetaDataPopulator;
import org.apereo.cas.authentication.metadata.MultifactorAuthenticationProviderMetadataPopulator;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.support.mfa.AuthyMultifactorAuthenticationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.jooq.lambda.Unchecked;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = CasFeatureModule.FeatureCatalog.Authy)
/* loaded from: input_file:org/apereo/cas/adaptors/authy/config/support/authentication/AuthyAuthenticationEventExecutionPlanConfiguration.class */
public class AuthyAuthenticationEventExecutionPlanConfiguration {
    private static final BeanCondition CONDITION = BeanCondition.on("cas.authn.mfa.authy.api-key");

    @ConditionalOnMissingBean(name = {"authyClientInstance"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthyClientInstance authyClientInstance(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) throws Exception {
        return (AuthyClientInstance) BeanSupplier.of(AuthyClientInstance.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(Unchecked.supplier(() -> {
            AuthyMultifactorAuthenticationProperties authy = casConfigurationProperties.getAuthn().getMfa().getAuthy();
            String str = (String) StringUtils.defaultIfBlank(authy.getApiUrl(), "https://api.authy.com");
            return new DefaultAuthyClientInstance(new AuthyApiClient(authy.getApiKey(), str, new URL(str).getProtocol().equalsIgnoreCase("http")), authy);
        })).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"authyAuthenticationHandler"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthenticationHandler authyAuthenticationHandler(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("authyPrincipalFactory") PrincipalFactory principalFactory, @Qualifier("authyAuthenticatorMultifactorAuthenticationProvider") ObjectProvider<MultifactorAuthenticationProvider> objectProvider, @Qualifier("authyClientInstance") AuthyClientInstance authyClientInstance, @Qualifier("servicesManager") ServicesManager servicesManager) throws Exception {
        return (AuthenticationHandler) BeanSupplier.of(AuthenticationHandler.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            AuthyMultifactorAuthenticationProperties authy = casConfigurationProperties.getAuthn().getMfa().getAuthy();
            return new AuthyAuthenticationHandler(authy.getName(), servicesManager, principalFactory, authyClientInstance, authy.isForceVerification(), Integer.valueOf(authy.getOrder()), objectProvider);
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"authyPrincipalFactory"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PrincipalFactory authyPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProvider authyAuthenticatorMultifactorAuthenticationProvider(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("authyBypassEvaluator") MultifactorAuthenticationProviderBypassEvaluator multifactorAuthenticationProviderBypassEvaluator, @Qualifier("failureModeEvaluator") MultifactorAuthenticationFailureModeEvaluator multifactorAuthenticationFailureModeEvaluator) throws Exception {
        return (MultifactorAuthenticationProvider) BeanSupplier.of(MultifactorAuthenticationProvider.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            AuthyMultifactorAuthenticationProvider authyMultifactorAuthenticationProvider = new AuthyMultifactorAuthenticationProvider();
            authyMultifactorAuthenticationProvider.setBypassEvaluator(multifactorAuthenticationProviderBypassEvaluator);
            AuthyMultifactorAuthenticationProperties authy = casConfigurationProperties.getAuthn().getMfa().getAuthy();
            authyMultifactorAuthenticationProvider.setFailureMode(authy.getFailureMode());
            authyMultifactorAuthenticationProvider.setFailureModeEvaluator(multifactorAuthenticationFailureModeEvaluator);
            authyMultifactorAuthenticationProvider.setOrder(authy.getRank());
            authyMultifactorAuthenticationProvider.setId(authy.getId());
            return authyMultifactorAuthenticationProvider;
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"authyMultifactorProviderAuthenticationMetadataPopulator"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthenticationMetaDataPopulator authyMultifactorProviderAuthenticationMetadataPopulator(@Qualifier("servicesManager") ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties, @Qualifier("authyAuthenticatorMultifactorAuthenticationProvider") ObjectProvider<MultifactorAuthenticationProvider> objectProvider) {
        return new MultifactorAuthenticationProviderMetadataPopulator(casConfigurationProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute(), objectProvider, servicesManager);
    }

    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthenticationMetaDataPopulator authyAuthenticationMetaDataPopulator(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("authyAuthenticationHandler") AuthenticationHandler authenticationHandler, @Qualifier("authyAuthenticatorMultifactorAuthenticationProvider") MultifactorAuthenticationProvider multifactorAuthenticationProvider) throws Exception {
        return (AuthenticationMetaDataPopulator) BeanSupplier.of(AuthenticationMetaDataPopulator.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return new AuthenticationContextAttributeMetaDataPopulator(casConfigurationProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute(), authenticationHandler, multifactorAuthenticationProvider.getId());
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"authyAuthenticationEventExecutionPlanConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthenticationEventExecutionPlanConfigurer authyAuthenticationEventExecutionPlanConfigurer(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("authyMultifactorProviderAuthenticationMetadataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator, @Qualifier("authyAuthenticationHandler") AuthenticationHandler authenticationHandler, @Qualifier("authyAuthenticationMetaDataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator2) throws Exception {
        return (AuthenticationEventExecutionPlanConfigurer) BeanSupplier.of(AuthenticationEventExecutionPlanConfigurer.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return authenticationEventExecutionPlan -> {
                authenticationEventExecutionPlan.registerAuthenticationHandler(authenticationHandler);
                authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator2);
                authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator);
                authenticationEventExecutionPlan.registerAuthenticationHandlerResolver(new ByCredentialTypeAuthenticationHandlerResolver(new Class[]{AuthyTokenCredential.class}));
            };
        }).otherwiseProxy().get();
    }
}
