package org.apereo.cas.config;

import com.warrenstrange.googleauth.GoogleAuthenticator;
import com.warrenstrange.googleauth.GoogleAuthenticatorConfig;
import com.warrenstrange.googleauth.ICredentialRepository;
import com.warrenstrange.googleauth.IGoogleAuthenticator;
import com.warrenstrange.googleauth.KeyRepresentation;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.annotation.PostConstruct;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler;
import org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationMetaDataPopulator;
import org.apereo.cas.adaptors.gauth.GoogleAuthenticatorMultifactorAuthenticationProvider;
import org.apereo.cas.adaptors.gauth.InMemoryGoogleAuthenticatorAccountRegistry;
import org.apereo.cas.adaptors.gauth.web.flow.GoogleAccountCheckRegistrationAction;
import org.apereo.cas.adaptors.gauth.web.flow.GoogleAccountSaveRegistrationAction;
import org.apereo.cas.adaptors.gauth.web.flow.GoogleAuthenticatorAuthenticationWebflowAction;
import org.apereo.cas.adaptors.gauth.web.flow.GoogleAuthenticatorAuthenticationWebflowEventResolver;
import org.apereo.cas.adaptors.gauth.web.flow.GoogleAuthenticatorMultifactorTrustWebflowConfigurer;
import org.apereo.cas.adaptors.gauth.web.flow.GoogleAuthenticatorMultifactorWebflowConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.DefaultMultifactorAuthenticationProviderBypass;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.MultifactorAuthenticationProviderBypass;
import org.apereo.cas.services.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustStorage;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.authentication.FirstMultifactorAuthenticationProviderSelector;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.config.FlowDefinitionRegistryBuilder;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("googleAuthenticatorConfiguration")
/* loaded from: input_file:org/apereo/cas/config/GoogleAuthentiacatorConfiguration.class */
public class GoogleAuthentiacatorConfiguration {

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private ApplicationContext applicationContext;

    @Autowired
    @Qualifier("googleAuthenticatorAccountRegistry")
    private ICredentialRepository googleAuthenticatorAccountRegistry;

    @Autowired
    @Qualifier("loginFlowRegistry")
    private FlowDefinitionRegistry loginFlowDefinitionRegistry;

    @Autowired
    private FlowBuilderServices flowBuilderServices;

    @Autowired
    @Qualifier("centralAuthenticationService")
    private CentralAuthenticationService centralAuthenticationService;

    @Autowired
    @Qualifier("defaultAuthenticationSystemSupport")
    private AuthenticationSystemSupport authenticationSystemSupport;

    @Autowired
    @Qualifier("defaultTicketRegistrySupport")
    private TicketRegistrySupport ticketRegistrySupport;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired(required = false)
    @Qualifier("multifactorAuthenticationProviderSelector")
    private MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector = new FirstMultifactorAuthenticationProviderSelector();

    @Autowired
    @Qualifier("warnCookieGenerator")
    private CookieGenerator warnCookieGenerator;

    @Autowired
    @Qualifier("authenticationHandlersResolvers")
    private Map authenticationHandlersResolvers;

    @Autowired
    @Qualifier("authenticationMetadataPopulators")
    private List authenticationMetadataPopulators;

    @ConditionalOnClass({MultifactorAuthenticationTrustStorage.class})
    @ConditionalOnProperty(prefix = "cas.authn.mfa.gauth", name = {"trustedDeviceEnabled"}, havingValue = "true", matchIfMissing = true)
    @Configuration("gauthMultifactorTrustConfiguration")
    /* loaded from: input_file:org/apereo/cas/config/GoogleAuthentiacatorConfiguration$GoogleAuthenticatorMultifactorTrustConfiguration.class */
    public class GoogleAuthenticatorMultifactorTrustConfiguration {
        public GoogleAuthenticatorMultifactorTrustConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"gauthMultifactorTrustWebflowConfigurer"})
        @Bean
        public CasWebflowConfigurer gauthMultifactorTrustWebflowConfigurer() {
            GoogleAuthenticatorMultifactorTrustWebflowConfigurer googleAuthenticatorMultifactorTrustWebflowConfigurer = new GoogleAuthenticatorMultifactorTrustWebflowConfigurer();
            googleAuthenticatorMultifactorTrustWebflowConfigurer.setFlowDefinitionRegistry(GoogleAuthentiacatorConfiguration.this.googleAuthenticatorFlowRegistry());
            googleAuthenticatorMultifactorTrustWebflowConfigurer.setLoginFlowDefinitionRegistry(GoogleAuthentiacatorConfiguration.this.loginFlowDefinitionRegistry);
            googleAuthenticatorMultifactorTrustWebflowConfigurer.setFlowBuilderServices(GoogleAuthentiacatorConfiguration.this.flowBuilderServices);
            googleAuthenticatorMultifactorTrustWebflowConfigurer.setEnableDeviceRegistration(GoogleAuthentiacatorConfiguration.this.casProperties.getAuthn().getMfa().getTrusted().isDeviceRegistrationEnabled());
            return googleAuthenticatorMultifactorTrustWebflowConfigurer;
        }
    }

    @Bean
    public FlowDefinitionRegistry googleAuthenticatorFlowRegistry() {
        FlowDefinitionRegistryBuilder flowDefinitionRegistryBuilder = new FlowDefinitionRegistryBuilder(this.applicationContext, this.flowBuilderServices);
        flowDefinitionRegistryBuilder.setBasePath("classpath*:/webflow");
        flowDefinitionRegistryBuilder.addFlowLocationPattern("/mfa-gauth/*-webflow.xml");
        return flowDefinitionRegistryBuilder.build();
    }

    @RefreshScope
    @Bean
    public AuthenticationHandler googleAuthenticatorAuthenticationHandler() {
        GoogleAuthenticatorAuthenticationHandler googleAuthenticatorAuthenticationHandler = new GoogleAuthenticatorAuthenticationHandler();
        googleAuthenticatorAuthenticationHandler.setGoogleAuthenticatorInstance(googleAuthenticatorInstance());
        googleAuthenticatorAuthenticationHandler.setPrincipalFactory(googlePrincipalFactory());
        googleAuthenticatorAuthenticationHandler.setServicesManager(this.servicesManager);
        return googleAuthenticatorAuthenticationHandler;
    }

    @RefreshScope
    @Bean
    public MultifactorAuthenticationProviderBypass googleBypassEvaluator() {
        return new DefaultMultifactorAuthenticationProviderBypass(this.casProperties.getAuthn().getMfa().getGauth().getBypass());
    }

    @Bean
    public PrincipalFactory googlePrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @RefreshScope
    @Bean
    public AuthenticationMetaDataPopulator googleAuthenticatorAuthenticationMetaDataPopulator() {
        return new GoogleAuthenticatorAuthenticationMetaDataPopulator(this.casProperties.getAuthn().getMfa().getAuthenticationContextAttribute(), googleAuthenticatorAuthenticationHandler(), googleAuthenticatorAuthenticationProvider());
    }

    @ConditionalOnMissingBean(name = {"googleAuthenticatorAccountRegistry"})
    @RefreshScope
    @Bean
    public ICredentialRepository googleAuthenticatorAccountRegistry() {
        return new InMemoryGoogleAuthenticatorAccountRegistry();
    }

    @RefreshScope
    @Bean
    public IGoogleAuthenticator googleAuthenticatorInstance() {
        GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder googleAuthenticatorConfigBuilder = new GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder();
        googleAuthenticatorConfigBuilder.setCodeDigits(this.casProperties.getAuthn().getMfa().getGauth().getCodeDigits());
        googleAuthenticatorConfigBuilder.setTimeStepSizeInMillis(TimeUnit.SECONDS.toMillis(this.casProperties.getAuthn().getMfa().getGauth().getTimeStepSize()));
        googleAuthenticatorConfigBuilder.setWindowSize(this.casProperties.getAuthn().getMfa().getGauth().getWindowSize());
        googleAuthenticatorConfigBuilder.setKeyRepresentation(KeyRepresentation.BASE32);
        GoogleAuthenticator googleAuthenticator = new GoogleAuthenticator(googleAuthenticatorConfigBuilder.build());
        googleAuthenticator.setCredentialRepository(this.googleAuthenticatorAccountRegistry);
        return googleAuthenticator;
    }

    @RefreshScope
    @Bean
    public MultifactorAuthenticationProvider googleAuthenticatorAuthenticationProvider() {
        GoogleAuthenticatorMultifactorAuthenticationProvider googleAuthenticatorMultifactorAuthenticationProvider = new GoogleAuthenticatorMultifactorAuthenticationProvider();
        googleAuthenticatorMultifactorAuthenticationProvider.setBypassEvaluator(googleBypassEvaluator());
        return googleAuthenticatorMultifactorAuthenticationProvider;
    }

    @RefreshScope
    @Bean
    public CasWebflowEventResolver googleAuthenticatorAuthenticationWebflowEventResolver() {
        GoogleAuthenticatorAuthenticationWebflowEventResolver googleAuthenticatorAuthenticationWebflowEventResolver = new GoogleAuthenticatorAuthenticationWebflowEventResolver();
        googleAuthenticatorAuthenticationWebflowEventResolver.setAuthenticationSystemSupport(this.authenticationSystemSupport);
        googleAuthenticatorAuthenticationWebflowEventResolver.setCentralAuthenticationService(this.centralAuthenticationService);
        googleAuthenticatorAuthenticationWebflowEventResolver.setMultifactorAuthenticationProviderSelector(this.multifactorAuthenticationProviderSelector);
        googleAuthenticatorAuthenticationWebflowEventResolver.setServicesManager(this.servicesManager);
        googleAuthenticatorAuthenticationWebflowEventResolver.setTicketRegistrySupport(this.ticketRegistrySupport);
        googleAuthenticatorAuthenticationWebflowEventResolver.setWarnCookieGenerator(this.warnCookieGenerator);
        return googleAuthenticatorAuthenticationWebflowEventResolver;
    }

    @RefreshScope
    @Bean
    public Action saveAccountRegistrationAction() {
        GoogleAccountSaveRegistrationAction googleAccountSaveRegistrationAction = new GoogleAccountSaveRegistrationAction();
        googleAccountSaveRegistrationAction.setGoogleAuthenticator(googleAuthenticatorInstance());
        return googleAccountSaveRegistrationAction;
    }

    @RefreshScope
    @Bean
    public Action googleAuthenticatorAuthenticationWebflowAction() {
        GoogleAuthenticatorAuthenticationWebflowAction googleAuthenticatorAuthenticationWebflowAction = new GoogleAuthenticatorAuthenticationWebflowAction();
        googleAuthenticatorAuthenticationWebflowAction.setCasWebflowEventResolver(googleAuthenticatorAuthenticationWebflowEventResolver());
        return googleAuthenticatorAuthenticationWebflowAction;
    }

    @ConditionalOnMissingBean(name = {"googleAuthenticatorMultifactorWebflowConfigurer"})
    @Bean
    public CasWebflowConfigurer googleAuthenticatorMultifactorWebflowConfigurer() {
        GoogleAuthenticatorMultifactorWebflowConfigurer googleAuthenticatorMultifactorWebflowConfigurer = new GoogleAuthenticatorMultifactorWebflowConfigurer();
        googleAuthenticatorMultifactorWebflowConfigurer.setFlowDefinitionRegistry(googleAuthenticatorFlowRegistry());
        googleAuthenticatorMultifactorWebflowConfigurer.setLoginFlowDefinitionRegistry(this.loginFlowDefinitionRegistry);
        googleAuthenticatorMultifactorWebflowConfigurer.setFlowBuilderServices(this.flowBuilderServices);
        return googleAuthenticatorMultifactorWebflowConfigurer;
    }

    @RefreshScope
    @Bean
    public Action googleAccountRegistrationAction() {
        GoogleAccountCheckRegistrationAction googleAccountCheckRegistrationAction = new GoogleAccountCheckRegistrationAction();
        googleAccountCheckRegistrationAction.setGoogleAuthenticatorInstance(googleAuthenticatorInstance());
        return googleAccountCheckRegistrationAction;
    }

    @PostConstruct
    protected void initializeRootApplicationContext() {
        if (StringUtils.isNotBlank(this.casProperties.getAuthn().getMfa().getGauth().getIssuer())) {
            this.authenticationHandlersResolvers.put(googleAuthenticatorAuthenticationHandler(), null);
            this.authenticationMetadataPopulators.add(0, googleAuthenticatorAuthenticationMetaDataPopulator());
        }
    }
}
