package org.apereo.cas.config;

import com.warrenstrange.googleauth.IGoogleAuthenticator;
import org.apereo.cas.authentication.CasSSLContext;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.support.mfa.gauth.GoogleAuthenticatorMultifactorProperties;
import org.apereo.cas.gauth.credential.RedisGoogleAuthenticatorTokenCredentialRepository;
import org.apereo.cas.gauth.token.GoogleAuthenticatorRedisTokenRepository;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialRepository;
import org.apereo.cas.otp.repository.token.OneTimeTokenRepository;
import org.apereo.cas.redis.core.CasRedisTemplate;
import org.apereo.cas.redis.core.RedisObjectFactory;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.dao.annotation.PersistenceExceptionTranslationPostProcessor;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.transaction.annotation.EnableTransactionManagement;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@EnableScheduling
@EnableTransactionManagement(proxyTargetClass = false)
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.GoogleAuthenticator}, module = "redis")
/* loaded from: input_file:org/apereo/cas/config/GoogleAuthenticatorRedisConfiguration.class */
public class GoogleAuthenticatorRedisConfiguration {
    private static final BeanCondition CONDITION = BeanCondition.on("cas.authn.mfa.gauth.redis.enabled").isTrue().evenIfMissing();

    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public BeanPostProcessor persistenceExceptionTranslationPostProcessor() {
        return new PersistenceExceptionTranslationPostProcessor();
    }

    @ConditionalOnMissingBean(name = {"redisGoogleAuthenticatorConnectionFactory"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public RedisConnectionFactory redisGoogleAuthenticatorConnectionFactory(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("casSslContext") CasSSLContext casSSLContext, CasConfigurationProperties casConfigurationProperties) {
        return (RedisConnectionFactory) BeanSupplier.of(RedisConnectionFactory.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return RedisObjectFactory.newRedisConnectionFactory(casConfigurationProperties.getAuthn().getMfa().getGauth().getRedis(), casSSLContext);
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"redisAccountsGoogleAuthenticatorTemplate"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasRedisTemplate redisAccountsGoogleAuthenticatorTemplate(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("redisGoogleAuthenticatorConnectionFactory") RedisConnectionFactory redisConnectionFactory) {
        return (CasRedisTemplate) BeanSupplier.of(CasRedisTemplate.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return RedisObjectFactory.newRedisTemplate(redisConnectionFactory);
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"redisPrincipalsGoogleAuthenticatorTemplate"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasRedisTemplate redisPrincipalsGoogleAuthenticatorTemplate(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("redisGoogleAuthenticatorConnectionFactory") RedisConnectionFactory redisConnectionFactory) {
        return (CasRedisTemplate) BeanSupplier.of(CasRedisTemplate.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return RedisObjectFactory.newRedisTemplate(redisConnectionFactory);
        }).otherwiseProxy().get();
    }

    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public OneTimeTokenCredentialRepository googleAuthenticatorAccountRegistry(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("googleAuthenticatorInstance") IGoogleAuthenticator iGoogleAuthenticator, @Qualifier("googleAuthenticatorAccountCipherExecutor") CipherExecutor cipherExecutor, @Qualifier("googleAuthenticatorScratchCodesCipherExecutor") CipherExecutor cipherExecutor2, @Qualifier("redisAccountsGoogleAuthenticatorTemplate") CasRedisTemplate casRedisTemplate, @Qualifier("redisPrincipalsGoogleAuthenticatorTemplate") CasRedisTemplate casRedisTemplate2, CasConfigurationProperties casConfigurationProperties) {
        return (OneTimeTokenCredentialRepository) BeanSupplier.of(OneTimeTokenCredentialRepository.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return new RedisGoogleAuthenticatorTokenCredentialRepository(iGoogleAuthenticator, new RedisGoogleAuthenticatorTokenCredentialRepository.CasRedisTemplates(casRedisTemplate, casRedisTemplate2), cipherExecutor, cipherExecutor2);
        }).otherwiseProxy().get();
    }

    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public OneTimeTokenRepository oneTimeTokenAuthenticatorTokenRepository(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("redisAccountsGoogleAuthenticatorTemplate") CasRedisTemplate casRedisTemplate) {
        return (OneTimeTokenRepository) BeanSupplier.of(OneTimeTokenRepository.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            GoogleAuthenticatorMultifactorProperties gauth = casConfigurationProperties.getAuthn().getMfa().getGauth();
            return new GoogleAuthenticatorRedisTokenRepository(casRedisTemplate, gauth.getCore().getTimeStepSize(), gauth.getRedis().getScanCount());
        }).otherwiseProxy().get();
    }
}
