package org.apereo.cas.adaptors.duo.config;

import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apereo.cas.adaptors.duo.DuoSecurityHealthIndicator;
import org.apereo.cas.adaptors.duo.authn.DuoAuthenticationHandler;
import org.apereo.cas.adaptors.duo.authn.DuoCredential;
import org.apereo.cas.adaptors.duo.authn.DuoDirectCredential;
import org.apereo.cas.adaptors.duo.authn.DuoMultifactorAuthenticationProvider;
import org.apereo.cas.adaptors.duo.authn.DuoProviderFactory;
import org.apereo.cas.adaptors.duo.web.flow.action.DetermineDuoUserAccountAction;
import org.apereo.cas.adaptors.duo.web.flow.action.PrepareDuoWebLoginFormAction;
import org.apereo.cas.adaptors.duo.web.flow.config.DuoMultifactorWebflowConfigurer;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.MultifactorAuthenticationFailureModeEvaluator;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderBean;
import org.apereo.cas.authentication.handler.ByCredentialTypeAuthenticationHandlerResolver;
import org.apereo.cas.authentication.metadata.AuthenticationContextAttributeMetaDataPopulator;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.DuoSecurityMultifactorProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlan;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.actuate.health.HealthIndicator;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.web.context.support.GenericWebApplicationContext;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("duoSecurityAuthenticationEventExecutionPlanConfiguration")
/* loaded from: input_file:org/apereo/cas/adaptors/duo/config/DuoSecurityAuthenticationEventExecutionPlanConfiguration.class */
public class DuoSecurityAuthenticationEventExecutionPlanConfiguration implements CasWebflowExecutionPlanConfigurer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DuoSecurityAuthenticationEventExecutionPlanConfiguration.class);

    @Autowired
    private GenericWebApplicationContext applicationContext;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("loginFlowRegistry")
    private ObjectProvider<FlowDefinitionRegistry> loginFlowDefinitionRegistry;

    @Autowired
    private ObjectProvider<FlowBuilderServices> flowBuilderServices;

    @Autowired
    @Qualifier("noRedirectHttpClient")
    private ObjectProvider<HttpClient> httpClient;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    @Qualifier("failureModeEvaluator")
    private ObjectProvider<MultifactorAuthenticationFailureModeEvaluator> failureModeEvaluator;

    @ConditionalOnMissingBean(name = {"duoPrincipalFactory"})
    @Bean
    public PrincipalFactory duoPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @Bean
    public Action prepareDuoWebLoginFormAction() {
        return new PrepareDuoWebLoginFormAction();
    }

    @ConditionalOnMissingBean(name = {"determineDuoUserAccountAction"})
    @Bean
    public Action determineDuoUserAccountAction() {
        return new DetermineDuoUserAccountAction();
    }

    @ConditionalOnMissingBean(name = {"duoProviderFactory"})
    @RefreshScope
    @Bean
    public DuoProviderFactory duoProviderFactory() {
        return new DuoProviderFactory((HttpClient) this.httpClient.getIfAvailable(), (MultifactorAuthenticationFailureModeEvaluator) this.failureModeEvaluator.getIfAvailable());
    }

    @ConditionalOnMissingBean(name = {"duoProviderBean"})
    @RefreshScope
    @Bean
    public MultifactorAuthenticationProviderBean<DuoMultifactorAuthenticationProvider, DuoSecurityMultifactorProperties> duoProviderBean() {
        return new MultifactorAuthenticationProviderBean<>(duoProviderFactory(), this.applicationContext.getDefaultListableBeanFactory(), this.casProperties.getAuthn().getMfa().getDuo());
    }

    private AuthenticationMetaDataPopulator duoAuthenticationMetaDataPopulator(AuthenticationHandler authenticationHandler) {
        return new AuthenticationContextAttributeMetaDataPopulator(this.casProperties.getAuthn().getMfa().getAuthenticationContextAttribute(), authenticationHandler, duoProviderBean().getProvider(authenticationHandler.getName()).getId());
    }

    @RefreshScope
    @Bean
    public Collection<AuthenticationHandler> duoAuthenticationHandler() {
        List duo = this.casProperties.getAuthn().getMfa().getDuo();
        if (duo.isEmpty()) {
            throw new BeanCreationException("No configuration/settings could be found for Duo Security. Review settings and ensure the correct syntax is used");
        }
        return (Collection) duo.stream().map(duoSecurityMultifactorProperties -> {
            return new DuoAuthenticationHandler(duoSecurityMultifactorProperties.getId(), (ServicesManager) this.servicesManager.getIfAvailable(), duoPrincipalFactory(), duoProviderBean().getProvider(duoSecurityMultifactorProperties.getId()), Integer.valueOf(duoSecurityMultifactorProperties.getOrder()));
        }).collect(Collectors.toList());
    }

    @ConditionalOnMissingBean(name = {"duoMultifactorWebflowConfigurer"})
    @DependsOn({"defaultWebflowConfigurer"})
    @Bean
    public CasWebflowConfigurer duoMultifactorWebflowConfigurer() {
        return new DuoMultifactorWebflowConfigurer((FlowBuilderServices) this.flowBuilderServices.getIfAvailable(), (FlowDefinitionRegistry) this.loginFlowDefinitionRegistry.getIfAvailable(), this.casProperties.getAuthn().getMfa().getTrusted().isDeviceRegistrationEnabled(), this.applicationContext, this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"duoSecurityAuthenticationEventExecutionPlanConfigurer"})
    @Bean
    public AuthenticationEventExecutionPlanConfigurer duoSecurityAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            duoAuthenticationHandler().forEach(authenticationHandler -> {
                authenticationEventExecutionPlan.registerAuthenticationHandler(authenticationHandler);
                authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(duoAuthenticationMetaDataPopulator(authenticationHandler));
            });
            authenticationEventExecutionPlan.registerAuthenticationHandlerResolver(new ByCredentialTypeAuthenticationHandlerResolver(new Class[]{DuoCredential.class, DuoDirectCredential.class}));
        };
    }

    public void configureWebflowExecutionPlan(CasWebflowExecutionPlan casWebflowExecutionPlan) {
        casWebflowExecutionPlan.registerWebflowConfigurer(duoMultifactorWebflowConfigurer());
    }

    @Bean
    public HealthIndicator duoSecurityHealthIndicator() {
        return new DuoSecurityHealthIndicator();
    }
}
