package org.apereo.cas.config;

import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.validator.routines.EmailValidator;
import org.apereo.cas.api.PasswordlessTokenRepository;
import org.apereo.cas.api.PasswordlessUserAccount;
import org.apereo.cas.api.PasswordlessUserAccountStore;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.PasswordlessTokenAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.configuration.model.support.passwordless.PasswordlessAuthenticationAccountsProperties;
import org.apereo.cas.configuration.model.support.passwordless.PasswordlessAuthenticationTokensProperties;
import org.apereo.cas.impl.account.GroovyPasswordlessUserAccountStore;
import org.apereo.cas.impl.account.JsonPasswordlessUserAccountStore;
import org.apereo.cas.impl.account.RestfulPasswordlessUserAccountStore;
import org.apereo.cas.impl.account.SimplePasswordlessUserAccountStore;
import org.apereo.cas.impl.token.InMemoryPasswordlessTokenRepository;
import org.apereo.cas.impl.token.PasswordlessTokenCipherExecutor;
import org.apereo.cas.impl.token.RestfulPasswordlessTokenRepository;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = CasFeatureModule.FeatureCatalog.PasswordlessAuthn)
/* loaded from: input_file:org/apereo/cas/config/PasswordlessAuthenticationConfiguration.class */
public class PasswordlessAuthenticationConfiguration {
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PrincipalFactory passwordlessPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"passwordlessTokenAuthenticationHandler"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthenticationHandler passwordlessTokenAuthenticationHandler(@Qualifier("passwordlessPrincipalFactory") PrincipalFactory principalFactory, @Qualifier("passwordlessTokenRepository") PasswordlessTokenRepository passwordlessTokenRepository, @Qualifier("servicesManager") ServicesManager servicesManager) {
        return new PasswordlessTokenAuthenticationHandler(null, servicesManager, principalFactory, null, passwordlessTokenRepository);
    }

    @ConditionalOnMissingBean(name = {PasswordlessUserAccountStore.BEAN_NAME})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PasswordlessUserAccountStore passwordlessUserAccountStore(CasConfigurationProperties casConfigurationProperties) {
        PasswordlessAuthenticationAccountsProperties accounts = casConfigurationProperties.getAuthn().getPasswordless().getAccounts();
        return accounts.getJson().getLocation() != null ? new JsonPasswordlessUserAccountStore(accounts.getJson().getLocation()) : accounts.getGroovy().getLocation() != null ? new GroovyPasswordlessUserAccountStore(accounts.getGroovy().getLocation()) : StringUtils.isNotBlank(accounts.getRest().getUrl()) ? new RestfulPasswordlessUserAccountStore(accounts.getRest()) : new SimplePasswordlessUserAccountStore((Map) accounts.getSimple().entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            PasswordlessUserAccount passwordlessUserAccount = new PasswordlessUserAccount();
            passwordlessUserAccount.setUsername((String) entry.getKey());
            passwordlessUserAccount.setName((String) entry.getKey());
            if (EmailValidator.getInstance().isValid((String) entry.getValue())) {
                passwordlessUserAccount.setEmail((String) entry.getValue());
            } else {
                passwordlessUserAccount.setPhone((String) entry.getValue());
            }
            return passwordlessUserAccount;
        })));
    }

    @ConditionalOnMissingBean(name = {"passwordlessCipherExecutor"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CipherExecutor passwordlessCipherExecutor(CasConfigurationProperties casConfigurationProperties) {
        EncryptionJwtSigningJwtCryptographyProperties crypto = casConfigurationProperties.getAuthn().getPasswordless().getTokens().getCrypto();
        return crypto.isEnabled() ? CipherExecutorUtils.newStringCipherExecutor(crypto, PasswordlessTokenCipherExecutor.class) : CipherExecutor.noOpOfSerializableToString();
    }

    @ConditionalOnMissingBean(name = {PasswordlessTokenRepository.BEAN_NAME})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PasswordlessTokenRepository passwordlessTokenRepository(CasConfigurationProperties casConfigurationProperties, @Qualifier("passwordlessCipherExecutor") CipherExecutor cipherExecutor) {
        PasswordlessAuthenticationTokensProperties tokens = casConfigurationProperties.getAuthn().getPasswordless().getTokens();
        return StringUtils.isNotBlank(tokens.getRest().getUrl()) ? new RestfulPasswordlessTokenRepository(tokens.getExpireInSeconds(), tokens.getRest(), cipherExecutor) : new InMemoryPasswordlessTokenRepository(tokens.getExpireInSeconds());
    }

    @ConditionalOnMissingBean(name = {"passwordlessAuthenticationEventExecutionPlanConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthenticationEventExecutionPlanConfigurer passwordlessAuthenticationEventExecutionPlanConfigurer(@Qualifier("passwordlessTokenAuthenticationHandler") AuthenticationHandler authenticationHandler, @Qualifier("defaultPrincipalResolver") PrincipalResolver principalResolver) {
        return authenticationEventExecutionPlan -> {
            authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(authenticationHandler, principalResolver);
        };
    }
}
