package org.apereo.cas.adaptors.generic.config;

import java.util.Map;
import javax.annotation.PostConstruct;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.adaptors.generic.FileAuthenticationHandler;
import org.apereo.cas.adaptors.generic.RejectUsersAuthenticationHandler;
import org.apereo.cas.adaptors.generic.ShiroAuthenticationHandler;
import org.apereo.cas.adaptors.generic.remote.RemoteAddressAuthenticationHandler;
import org.apereo.cas.adaptors.generic.remote.RemoteAddressNonInteractiveCredentialsAction;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.support.PasswordPolicyConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casGenericConfiguration")
/* loaded from: input_file:org/apereo/cas/adaptors/generic/config/CasGenericConfiguration.class */
public class CasGenericConfiguration {

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired(required = false)
    @Qualifier("shiroPasswordPolicyConfiguration")
    private PasswordPolicyConfiguration shiroPasswordPolicyConfiguration;

    @Autowired(required = false)
    @Qualifier("rejectPasswordPolicyConfiguration")
    private PasswordPolicyConfiguration rejectPasswordPolicyConfiguration;

    @Autowired(required = false)
    @Qualifier("filePasswordPolicyConfiguration")
    private PasswordPolicyConfiguration filePasswordPolicyConfiguration;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("personDirectoryPrincipalResolver")
    private PrincipalResolver personDirectoryPrincipalResolver;

    @Autowired
    @Qualifier("authenticationHandlersResolvers")
    private Map authenticationHandlersResolvers;

    @Autowired
    @Qualifier("adaptiveAuthenticationPolicy")
    private AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy;

    @Autowired
    @Qualifier("serviceTicketRequestWebflowEventResolver")
    private CasWebflowEventResolver serviceTicketRequestWebflowEventResolver;

    @Autowired
    @Qualifier("initialAuthenticationAttemptWebflowEventResolver")
    private CasWebflowEventResolver initialAuthenticationAttemptWebflowEventResolver;

    @RefreshScope
    @Bean
    public AuthenticationHandler remoteAddressAuthenticationHandler() {
        RemoteAddressAuthenticationHandler remoteAddressAuthenticationHandler = new RemoteAddressAuthenticationHandler();
        remoteAddressAuthenticationHandler.setIpNetworkRange(this.casProperties.getAuthn().getRemoteAddress().getIpAddressRange());
        remoteAddressAuthenticationHandler.setPrincipalFactory(remoteAddressPrincipalFactory());
        remoteAddressAuthenticationHandler.setServicesManager(this.servicesManager);
        return remoteAddressAuthenticationHandler;
    }

    @Bean
    public Action remoteAddressCheck() {
        RemoteAddressNonInteractiveCredentialsAction remoteAddressNonInteractiveCredentialsAction = new RemoteAddressNonInteractiveCredentialsAction();
        remoteAddressNonInteractiveCredentialsAction.setAdaptiveAuthenticationPolicy(this.adaptiveAuthenticationPolicy);
        remoteAddressNonInteractiveCredentialsAction.setInitialAuthenticationAttemptWebflowEventResolver(this.initialAuthenticationAttemptWebflowEventResolver);
        remoteAddressNonInteractiveCredentialsAction.setServiceTicketRequestWebflowEventResolver(this.serviceTicketRequestWebflowEventResolver);
        return remoteAddressNonInteractiveCredentialsAction;
    }

    @RefreshScope
    @Bean
    public AuthenticationHandler fileAuthenticationHandler() {
        FileAuthenticationHandler fileAuthenticationHandler = new FileAuthenticationHandler();
        fileAuthenticationHandler.setFileName(this.casProperties.getAuthn().getFile().getFilename());
        fileAuthenticationHandler.setSeparator(this.casProperties.getAuthn().getFile().getSeparator());
        fileAuthenticationHandler.setPrincipalFactory(filePrincipalFactory());
        fileAuthenticationHandler.setServicesManager(this.servicesManager);
        fileAuthenticationHandler.setPasswordEncoder(Beans.newPasswordEncoder(this.casProperties.getAuthn().getFile().getPasswordEncoder()));
        if (this.filePasswordPolicyConfiguration != null) {
            fileAuthenticationHandler.setPasswordPolicyConfiguration(this.filePasswordPolicyConfiguration);
        }
        fileAuthenticationHandler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(this.casProperties.getAuthn().getFile().getPrincipalTransformation()));
        return fileAuthenticationHandler;
    }

    @Bean
    public PrincipalFactory filePrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @Bean
    public PrincipalFactory rejectUsersPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @Bean
    public PrincipalFactory shiroPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @RefreshScope
    @Bean
    public AuthenticationHandler rejectUsersAuthenticationHandler() {
        RejectUsersAuthenticationHandler rejectUsersAuthenticationHandler = new RejectUsersAuthenticationHandler();
        rejectUsersAuthenticationHandler.setPrincipalFactory(rejectUsersPrincipalFactory());
        rejectUsersAuthenticationHandler.setServicesManager(this.servicesManager);
        if (StringUtils.isNotBlank(this.casProperties.getAuthn().getReject().getUsers())) {
            rejectUsersAuthenticationHandler.setUsers(org.springframework.util.StringUtils.commaDelimitedListToSet(this.casProperties.getAuthn().getReject().getUsers()));
        }
        rejectUsersAuthenticationHandler.setPasswordEncoder(Beans.newPasswordEncoder(this.casProperties.getAuthn().getReject().getPasswordEncoder()));
        if (this.rejectPasswordPolicyConfiguration != null) {
            rejectUsersAuthenticationHandler.setPasswordPolicyConfiguration(this.rejectPasswordPolicyConfiguration);
        }
        rejectUsersAuthenticationHandler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(this.casProperties.getAuthn().getReject().getPrincipalTransformation()));
        return rejectUsersAuthenticationHandler;
    }

    @RefreshScope
    @Bean
    public AuthenticationHandler shiroAuthenticationHandler() {
        ShiroAuthenticationHandler shiroAuthenticationHandler = new ShiroAuthenticationHandler();
        shiroAuthenticationHandler.setPrincipalFactory(shiroPrincipalFactory());
        shiroAuthenticationHandler.setServicesManager(this.servicesManager);
        shiroAuthenticationHandler.setRequiredRoles(this.casProperties.getAuthn().getShiro().getRequiredRoles());
        shiroAuthenticationHandler.setRequiredPermissions(this.casProperties.getAuthn().getShiro().getRequiredPermissions());
        shiroAuthenticationHandler.loadShiroConfiguration(this.casProperties.getAuthn().getShiro().getConfig().getLocation());
        shiroAuthenticationHandler.setPasswordEncoder(Beans.newPasswordEncoder(this.casProperties.getAuthn().getShiro().getPasswordEncoder()));
        if (this.shiroPasswordPolicyConfiguration != null) {
            shiroAuthenticationHandler.setPasswordPolicyConfiguration(this.shiroPasswordPolicyConfiguration);
        }
        shiroAuthenticationHandler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(this.casProperties.getAuthn().getShiro().getPrincipalTransformation()));
        return shiroAuthenticationHandler;
    }

    @Bean
    public PrincipalFactory remoteAddressPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @PostConstruct
    public void initializeAuthenticationHandler() {
        if (this.casProperties.getAuthn().getShiro().getConfig().getLocation() != null) {
            this.authenticationHandlersResolvers.put(shiroAuthenticationHandler(), this.personDirectoryPrincipalResolver);
        }
        if (StringUtils.isNotBlank(this.casProperties.getAuthn().getReject().getUsers())) {
            this.authenticationHandlersResolvers.put(rejectUsersAuthenticationHandler(), this.personDirectoryPrincipalResolver);
        }
        if (this.casProperties.getAuthn().getFile().getFilename() != null) {
            this.authenticationHandlersResolvers.put(fileAuthenticationHandler(), this.personDirectoryPrincipalResolver);
        }
    }
}
