package org.apereo.cas.adaptors.generic.config;

import lombok.Generated;
import org.apereo.cas.adaptors.generic.RejectUsersAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalNameTransformerUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.support.password.PasswordEncoderUtils;
import org.apereo.cas.authentication.support.password.PasswordPolicyContext;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.generic.RejectAuthenticationProperties;
import org.apereo.cas.services.ServicesManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("rejectUsersAuthenticationEventExecutionPlanConfiguration")
/* loaded from: input_file:org/apereo/cas/adaptors/generic/config/RejectUsersAuthenticationEventExecutionPlanConfiguration.class */
public class RejectUsersAuthenticationEventExecutionPlanConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(RejectUsersAuthenticationEventExecutionPlanConfiguration.class);

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("defaultPrincipalResolver")
    private ObjectProvider<PrincipalResolver> defaultPrincipalResolver;

    @ConditionalOnMissingBean(name = {"rejectPrincipalFactory"})
    @Bean
    public PrincipalFactory rejectUsersPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @RefreshScope
    @Bean
    public AuthenticationHandler rejectUsersAuthenticationHandler() {
        RejectAuthenticationProperties reject = this.casProperties.getAuthn().getReject();
        RejectUsersAuthenticationHandler rejectUsersAuthenticationHandler = new RejectUsersAuthenticationHandler(reject.getName(), (ServicesManager) this.servicesManager.getIfAvailable(), rejectUsersPrincipalFactory(), StringUtils.commaDelimitedListToSet(reject.getUsers()));
        rejectUsersAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(reject.getPasswordEncoder()));
        rejectUsersAuthenticationHandler.setPasswordPolicyConfiguration(rejectPasswordPolicyConfiguration());
        rejectUsersAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(reject.getPrincipalTransformation()));
        return rejectUsersAuthenticationHandler;
    }

    @ConditionalOnMissingBean(name = {"rejectUsersAuthenticationEventExecutionPlanConfigurer"})
    @Bean
    public AuthenticationEventExecutionPlanConfigurer rejectUsersAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            String users = this.casProperties.getAuthn().getReject().getUsers();
            if (org.apache.commons.lang3.StringUtils.isNotBlank(users)) {
                authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(rejectUsersAuthenticationHandler(), (PrincipalResolver) this.defaultPrincipalResolver.getIfAvailable());
                LOGGER.debug("Added rejecting authentication handler with the following users [{}]", users);
            }
        };
    }

    @ConditionalOnMissingBean(name = {"rejectPasswordPolicyConfiguration"})
    @Bean
    public PasswordPolicyContext rejectPasswordPolicyConfiguration() {
        return new PasswordPolicyContext();
    }
}
