package org.apereo.cas.config;

import java.util.List;
import org.apereo.cas.api.AuthenticationRequestRiskCalculator;
import org.apereo.cas.api.AuthenticationRiskContingencyPlan;
import org.apereo.cas.api.AuthenticationRiskEvaluator;
import org.apereo.cas.api.AuthenticationRiskMitigator;
import org.apereo.cas.api.AuthenticationRiskNotifier;
import org.apereo.cas.audit.AuditTrailRecordResolutionPlanConfigurer;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.core.authentication.RiskBasedAuthenticationProperties;
import org.apereo.cas.impl.calcs.DateTimeAuthenticationRequestRiskCalculator;
import org.apereo.cas.impl.calcs.GeoLocationAuthenticationRequestRiskCalculator;
import org.apereo.cas.impl.calcs.IpAddressAuthenticationRequestRiskCalculator;
import org.apereo.cas.impl.calcs.UserAgentAuthenticationRequestRiskCalculator;
import org.apereo.cas.impl.engine.DefaultAuthenticationRiskEvaluator;
import org.apereo.cas.impl.engine.DefaultAuthenticationRiskMitigator;
import org.apereo.cas.impl.notify.AuthenticationRiskEmailNotifier;
import org.apereo.cas.impl.notify.AuthenticationRiskSmsNotifier;
import org.apereo.cas.impl.plans.BaseAuthenticationRiskContingencyPlan;
import org.apereo.cas.impl.plans.BlockAuthenticationContingencyPlan;
import org.apereo.cas.impl.plans.MultifactorAuthenticationContingencyPlan;
import org.apereo.cas.notifications.CommunicationsManager;
import org.apereo.cas.support.events.CasEventRepository;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.inspektr.audit.spi.AuditResourceResolver;
import org.apereo.inspektr.audit.spi.support.DefaultAuditActionResolver;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.scheduling.annotation.EnableScheduling;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@EnableScheduling
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = CasFeatureModule.FeatureCatalog.Electrofence)
/* loaded from: input_file:org/apereo/cas/config/ElectronicFenceConfiguration.class */
public class ElectronicFenceConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "ElectronicFenceAuditConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/ElectronicFenceConfiguration$ElectronicFenceAuditConfiguration.class */
    public static class ElectronicFenceAuditConfiguration {
        @ConditionalOnMissingBean(name = {"casElectrofenceAuditTrailRecordResolutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditTrailRecordResolutionPlanConfigurer casElectrofenceAuditTrailRecordResolutionPlanConfigurer(@Qualifier("returnValueResourceResolver") AuditResourceResolver auditResourceResolver) {
            return auditTrailRecordResolutionPlan -> {
                auditTrailRecordResolutionPlan.registerAuditActionResolver("ADAPTIVE_RISKY_AUTHENTICATION_ACTION_RESOLVER", new DefaultAuditActionResolver());
                auditTrailRecordResolutionPlan.registerAuditResourceResolver("ADAPTIVE_RISKY_AUTHENTICATION_RESOURCE_RESOLVER", auditResourceResolver);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "ElectronicFenceCalculatorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/ElectronicFenceConfiguration$ElectronicFenceCalculatorConfiguration.class */
    public static class ElectronicFenceCalculatorConfiguration {
        @ConditionalOnMissingBean(name = {"ipAddressAuthenticationRequestRiskCalculator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationRequestRiskCalculator ipAddressAuthenticationRequestRiskCalculator(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("casEventRepository") CasEventRepository casEventRepository) throws Exception {
            return (AuthenticationRequestRiskCalculator) BeanSupplier.of(AuthenticationRequestRiskCalculator.class).when(BeanCondition.on("cas.authn.adaptive.risk.ip.enabled").isTrue().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new IpAddressAuthenticationRequestRiskCalculator(casEventRepository, casConfigurationProperties);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"userAgentAuthenticationRequestRiskCalculator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationRequestRiskCalculator userAgentAuthenticationRequestRiskCalculator(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("casEventRepository") CasEventRepository casEventRepository) throws Exception {
            return (AuthenticationRequestRiskCalculator) BeanSupplier.of(AuthenticationRequestRiskCalculator.class).when(BeanCondition.on("cas.authn.adaptive.risk.agent.enabled").isTrue().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new UserAgentAuthenticationRequestRiskCalculator(casEventRepository, casConfigurationProperties);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"dateTimeAuthenticationRequestRiskCalculator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationRequestRiskCalculator dateTimeAuthenticationRequestRiskCalculator(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("casEventRepository") CasEventRepository casEventRepository) throws Exception {
            return (AuthenticationRequestRiskCalculator) BeanSupplier.of(AuthenticationRequestRiskCalculator.class).when(BeanCondition.on("cas.authn.adaptive.risk.date-time.enabled").isTrue().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new DateTimeAuthenticationRequestRiskCalculator(casEventRepository, casConfigurationProperties);
            }).otherwiseProxy().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "ElectronicFenceContingencyConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/ElectronicFenceConfiguration$ElectronicFenceContingencyConfiguration.class */
    public static class ElectronicFenceContingencyConfiguration {
        private static void configureContingencyPlan(BaseAuthenticationRiskContingencyPlan baseAuthenticationRiskContingencyPlan, CasConfigurationProperties casConfigurationProperties, AuthenticationRiskNotifier authenticationRiskNotifier, AuthenticationRiskNotifier authenticationRiskNotifier2) {
            RiskBasedAuthenticationProperties.Response response = casConfigurationProperties.getAuthn().getAdaptive().getRisk().getResponse();
            if (response.getMail().isDefined()) {
                baseAuthenticationRiskContingencyPlan.getNotifiers().add(authenticationRiskNotifier);
            }
            if (response.getSms().isDefined()) {
                baseAuthenticationRiskContingencyPlan.getNotifiers().add(authenticationRiskNotifier2);
            }
        }

        @ConditionalOnMissingBean(name = {"blockAuthenticationContingencyPlan"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationRiskContingencyPlan blockAuthenticationContingencyPlan(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("authenticationRiskEmailNotifier") AuthenticationRiskNotifier authenticationRiskNotifier, @Qualifier("authenticationRiskSmsNotifier") AuthenticationRiskNotifier authenticationRiskNotifier2) {
            BlockAuthenticationContingencyPlan blockAuthenticationContingencyPlan = new BlockAuthenticationContingencyPlan(casConfigurationProperties, configurableApplicationContext);
            configureContingencyPlan(blockAuthenticationContingencyPlan, casConfigurationProperties, authenticationRiskNotifier, authenticationRiskNotifier2);
            return blockAuthenticationContingencyPlan;
        }

        @ConditionalOnMissingBean(name = {"multifactorAuthenticationContingencyPlan"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationRiskContingencyPlan multifactorAuthenticationContingencyPlan(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("authenticationRiskEmailNotifier") AuthenticationRiskNotifier authenticationRiskNotifier, @Qualifier("authenticationRiskSmsNotifier") AuthenticationRiskNotifier authenticationRiskNotifier2) {
            MultifactorAuthenticationContingencyPlan multifactorAuthenticationContingencyPlan = new MultifactorAuthenticationContingencyPlan(casConfigurationProperties, configurableApplicationContext);
            configureContingencyPlan(multifactorAuthenticationContingencyPlan, casConfigurationProperties, authenticationRiskNotifier, authenticationRiskNotifier2);
            return multifactorAuthenticationContingencyPlan;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "ElectronicFenceEvaluatorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/ElectronicFenceConfiguration$ElectronicFenceEvaluatorConfiguration.class */
    public static class ElectronicFenceEvaluatorConfiguration {
        @ConditionalOnMissingBean(name = {"authenticationRiskEvaluator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationRiskEvaluator authenticationRiskEvaluator(List<AuthenticationRequestRiskCalculator> list) {
            return new DefaultAuthenticationRiskEvaluator(list);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @ConditionalOnBean(name = {"geoLocationService"})
    @Configuration(value = "ElectronicFenceGeoLocationConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/ElectronicFenceConfiguration$ElectronicFenceGeoLocationConfiguration.class */
    public static class ElectronicFenceGeoLocationConfiguration {
        @ConditionalOnMissingBean(name = {"geoLocationAuthenticationRequestRiskCalculator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationRequestRiskCalculator geoLocationAuthenticationRequestRiskCalculator(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("geoLocationService") GeoLocationService geoLocationService, @Qualifier("casEventRepository") CasEventRepository casEventRepository) throws Exception {
            return (AuthenticationRequestRiskCalculator) BeanSupplier.of(AuthenticationRequestRiskCalculator.class).when(BeanCondition.on("cas.authn.adaptive.risk.geo-location.enabled").isTrue().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new GeoLocationAuthenticationRequestRiskCalculator(casEventRepository, casConfigurationProperties, geoLocationService);
            }).otherwiseProxy().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "ElectronicFenceMitigatorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/ElectronicFenceConfiguration$ElectronicFenceMitigatorConfiguration.class */
    public static class ElectronicFenceMitigatorConfiguration {
        @ConditionalOnMissingBean(name = {"authenticationRiskMitigator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationRiskMitigator authenticationRiskMitigator(CasConfigurationProperties casConfigurationProperties, @Qualifier("blockAuthenticationContingencyPlan") AuthenticationRiskContingencyPlan authenticationRiskContingencyPlan, @Qualifier("multifactorAuthenticationContingencyPlan") AuthenticationRiskContingencyPlan authenticationRiskContingencyPlan2) {
            return casConfigurationProperties.getAuthn().getAdaptive().getRisk().getResponse().isBlockAttempt() ? new DefaultAuthenticationRiskMitigator(authenticationRiskContingencyPlan) : new DefaultAuthenticationRiskMitigator(authenticationRiskContingencyPlan2);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "ElectronicFenceNotifierConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/ElectronicFenceConfiguration$ElectronicFenceNotifierConfiguration.class */
    public static class ElectronicFenceNotifierConfiguration {
        @ConditionalOnMissingBean(name = {"authenticationRiskEmailNotifier"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationRiskNotifier authenticationRiskEmailNotifier(CasConfigurationProperties casConfigurationProperties, @Qualifier("communicationsManager") CommunicationsManager communicationsManager) {
            return new AuthenticationRiskEmailNotifier(casConfigurationProperties, communicationsManager);
        }

        @ConditionalOnMissingBean(name = {"authenticationRiskSmsNotifier"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationRiskNotifier authenticationRiskSmsNotifier(CasConfigurationProperties casConfigurationProperties, @Qualifier("communicationsManager") CommunicationsManager communicationsManager) {
            return new AuthenticationRiskSmsNotifier(casConfigurationProperties, communicationsManager);
        }
    }
}
