package org.apereo.cas.adaptors.duo.config;

import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.adaptors.duo.authn.DuoMultifactorAuthenticationProvider;
import org.apereo.cas.adaptors.duo.authn.api.DuoApiAuthenticationHandler;
import org.apereo.cas.adaptors.duo.authn.api.DuoApiAuthenticationMetaDataPopulator;
import org.apereo.cas.adaptors.duo.authn.api.DuoApiAuthenticationService;
import org.apereo.cas.adaptors.duo.authn.web.DuoAuthenticationHandler;
import org.apereo.cas.adaptors.duo.authn.web.DuoAuthenticationMetaDataPopulator;
import org.apereo.cas.adaptors.duo.authn.web.DuoAuthenticationService;
import org.apereo.cas.adaptors.duo.web.flow.DuoAuthenticationWebflowAction;
import org.apereo.cas.adaptors.duo.web.flow.DuoAuthenticationWebflowEventResolver;
import org.apereo.cas.adaptors.duo.web.flow.DuoMultifactorTrustWebflowConfigurer;
import org.apereo.cas.adaptors.duo.web.flow.DuoMultifactorWebflowConfigurer;
import org.apereo.cas.adaptors.duo.web.flow.DuoNonWebAuthenticationAction;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustStorage;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.authentication.FirstMultifactorAuthenticationProviderSelector;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.config.FlowDefinitionRegistryBuilder;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("duoConfiguration")
/* loaded from: input_file:org/apereo/cas/adaptors/duo/config/DuoConfiguration.class */
public class DuoConfiguration {

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private ApplicationContext applicationContext;

    @Autowired
    @Qualifier("loginFlowRegistry")
    private FlowDefinitionRegistry loginFlowDefinitionRegistry;

    @Autowired
    private FlowBuilderServices flowBuilderServices;

    @Autowired
    @Qualifier("noRedirectHttpClient")
    private HttpClient httpClient;

    @Autowired
    @Qualifier("centralAuthenticationService")
    private CentralAuthenticationService centralAuthenticationService;

    @Autowired
    @Qualifier("defaultAuthenticationSystemSupport")
    private AuthenticationSystemSupport authenticationSystemSupport;

    @Autowired
    @Qualifier("defaultTicketRegistrySupport")
    private TicketRegistrySupport ticketRegistrySupport;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired(required = false)
    @Qualifier("multifactorAuthenticationProviderSelector")
    private MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector = new FirstMultifactorAuthenticationProviderSelector();

    @Autowired
    @Qualifier("warnCookieGenerator")
    private CookieGenerator warnCookieGenerator;

    @Autowired
    @Qualifier("authenticationHandlersResolvers")
    private Map authenticationHandlersResolvers;

    @Autowired
    @Qualifier("authenticationMetadataPopulators")
    private List authenticationMetadataPopulators;

    @ConditionalOnClass({MultifactorAuthenticationTrustStorage.class})
    @Configuration("duoMultifactorTrustConfiguration")
    /* loaded from: input_file:org/apereo/cas/adaptors/duo/config/DuoConfiguration$DuoMultifactorTrustConfiguration.class */
    public class DuoMultifactorTrustConfiguration {
        public DuoMultifactorTrustConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"duoMultifactorTrustWebflowConfigurer"})
        @ConditionalOnProperty(prefix = "cas.authn.mfa.duo", name = {"trustedDeviceEnabled"}, havingValue = "true", matchIfMissing = true)
        @Bean
        public CasWebflowConfigurer duoMultifactorTrustWebflowConfigurer() {
            DuoMultifactorTrustWebflowConfigurer duoMultifactorTrustWebflowConfigurer = new DuoMultifactorTrustWebflowConfigurer();
            duoMultifactorTrustWebflowConfigurer.setFlowDefinitionRegistry(DuoConfiguration.this.duoFlowRegistry());
            duoMultifactorTrustWebflowConfigurer.setLoginFlowDefinitionRegistry(DuoConfiguration.this.loginFlowDefinitionRegistry);
            duoMultifactorTrustWebflowConfigurer.setFlowBuilderServices(DuoConfiguration.this.flowBuilderServices);
            duoMultifactorTrustWebflowConfigurer.setEnableDeviceRegistration(DuoConfiguration.this.casProperties.getAuthn().getMfa().getTrusted().isDeviceRegistrationEnabled());
            return duoMultifactorTrustWebflowConfigurer;
        }
    }

    @Bean
    public FlowDefinitionRegistry duoFlowRegistry() {
        FlowDefinitionRegistryBuilder flowDefinitionRegistryBuilder = new FlowDefinitionRegistryBuilder(this.applicationContext, this.flowBuilderServices);
        flowDefinitionRegistryBuilder.setBasePath("classpath*:/webflow");
        flowDefinitionRegistryBuilder.addFlowLocationPattern("/mfa-duo/*-webflow.xml");
        return flowDefinitionRegistryBuilder.build();
    }

    @Bean
    public AuthenticationHandler duoAuthenticationHandler() {
        DuoAuthenticationHandler duoAuthenticationHandler = new DuoAuthenticationHandler();
        duoAuthenticationHandler.setDuoAuthenticationService(duoAuthenticationService());
        duoAuthenticationHandler.setPrincipalFactory(duoPrincipalFactory());
        duoAuthenticationHandler.setServicesManager(this.servicesManager);
        return duoAuthenticationHandler;
    }

    @Bean
    public PrincipalFactory duoPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @RefreshScope
    @Bean
    public AuthenticationMetaDataPopulator duoAuthenticationMetaDataPopulator() {
        DuoAuthenticationMetaDataPopulator duoAuthenticationMetaDataPopulator = new DuoAuthenticationMetaDataPopulator();
        duoAuthenticationMetaDataPopulator.setAuthenticationContextAttribute(this.casProperties.getAuthn().getMfa().getAuthenticationContextAttribute());
        duoAuthenticationMetaDataPopulator.setAuthenticationHandler(duoAuthenticationHandler());
        duoAuthenticationMetaDataPopulator.setProvider(duoAuthenticationProvider());
        return duoAuthenticationMetaDataPopulator;
    }

    @RefreshScope
    @Bean
    public AuthenticationMetaDataPopulator duoApiAuthenticationMetaDataPopulator() {
        DuoApiAuthenticationMetaDataPopulator duoApiAuthenticationMetaDataPopulator = new DuoApiAuthenticationMetaDataPopulator();
        duoApiAuthenticationMetaDataPopulator.setAuthenticationContextAttribute(this.casProperties.getAuthn().getMfa().getAuthenticationContextAttribute());
        duoApiAuthenticationMetaDataPopulator.setAuthenticationHandler(duoApiAuthenticationHandler());
        duoApiAuthenticationMetaDataPopulator.setProvider(duoAuthenticationProvider());
        return duoApiAuthenticationMetaDataPopulator;
    }

    @Bean
    public AuthenticationHandler duoApiAuthenticationHandler() {
        DuoApiAuthenticationHandler duoApiAuthenticationHandler = new DuoApiAuthenticationHandler();
        duoApiAuthenticationHandler.setDuoApiAuthenticationService(duoApiAuthenticationService());
        duoApiAuthenticationHandler.setPrincipalFactory(duoPrincipalFactory());
        duoApiAuthenticationHandler.setServicesManager(this.servicesManager);
        return duoApiAuthenticationHandler;
    }

    @RefreshScope
    @Bean
    public DuoApiAuthenticationService duoApiAuthenticationService() {
        return new DuoApiAuthenticationService();
    }

    @RefreshScope
    @Bean
    public DuoAuthenticationService duoAuthenticationService() {
        DuoAuthenticationService duoAuthenticationService = new DuoAuthenticationService();
        duoAuthenticationService.setHttpClient(this.httpClient);
        return duoAuthenticationService;
    }

    @RefreshScope
    @Bean
    public MultifactorAuthenticationProvider duoAuthenticationProvider() {
        DuoMultifactorAuthenticationProvider duoMultifactorAuthenticationProvider = new DuoMultifactorAuthenticationProvider();
        duoMultifactorAuthenticationProvider.setDuoAuthenticationService(duoAuthenticationService());
        return duoMultifactorAuthenticationProvider;
    }

    @Bean
    public Action duoNonWebAuthenticationAction() {
        return new DuoNonWebAuthenticationAction();
    }

    @Bean
    public Action duoAuthenticationWebflowAction() {
        DuoAuthenticationWebflowAction duoAuthenticationWebflowAction = new DuoAuthenticationWebflowAction();
        duoAuthenticationWebflowAction.setDuoAuthenticationWebflowEventResolver(duoAuthenticationWebflowEventResolver());
        return duoAuthenticationWebflowAction;
    }

    @Bean
    public CasWebflowEventResolver duoAuthenticationWebflowEventResolver() {
        DuoAuthenticationWebflowEventResolver duoAuthenticationWebflowEventResolver = new DuoAuthenticationWebflowEventResolver();
        duoAuthenticationWebflowEventResolver.setAuthenticationSystemSupport(this.authenticationSystemSupport);
        duoAuthenticationWebflowEventResolver.setCentralAuthenticationService(this.centralAuthenticationService);
        duoAuthenticationWebflowEventResolver.setMultifactorAuthenticationProviderSelector(this.multifactorAuthenticationProviderSelector);
        duoAuthenticationWebflowEventResolver.setServicesManager(this.servicesManager);
        duoAuthenticationWebflowEventResolver.setTicketRegistrySupport(this.ticketRegistrySupport);
        duoAuthenticationWebflowEventResolver.setWarnCookieGenerator(this.warnCookieGenerator);
        return duoAuthenticationWebflowEventResolver;
    }

    @ConditionalOnMissingBean(name = {"duoMultifactorWebflowConfigurer"})
    @Bean
    public CasWebflowConfigurer duoMultifactorWebflowConfigurer() {
        DuoMultifactorWebflowConfigurer duoMultifactorWebflowConfigurer = new DuoMultifactorWebflowConfigurer();
        duoMultifactorWebflowConfigurer.setDuoFlowRegistry(duoFlowRegistry());
        duoMultifactorWebflowConfigurer.setLoginFlowDefinitionRegistry(this.loginFlowDefinitionRegistry);
        duoMultifactorWebflowConfigurer.setFlowBuilderServices(this.flowBuilderServices);
        return duoMultifactorWebflowConfigurer;
    }

    @PostConstruct
    protected void initializeServletApplicationContext() {
        if (StringUtils.isNotBlank(this.casProperties.getAuthn().getMfa().getDuo().getDuoApiHost()) && StringUtils.isNotBlank(this.casProperties.getAuthn().getMfa().getDuo().getDuoSecretKey())) {
            this.authenticationHandlersResolvers.put(duoAuthenticationHandler(), null);
            this.authenticationHandlersResolvers.put(duoApiAuthenticationHandler(), null);
            this.authenticationMetadataPopulators.add(0, duoAuthenticationMetaDataPopulator());
            this.authenticationMetadataPopulators.add(0, duoApiAuthenticationMetaDataPopulator());
        }
    }
}
