package org.apereo.cas.config;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.adaptors.radius.JRadiusServerImpl;
import org.apereo.cas.adaptors.radius.RadiusAuthenticationMetaDataPopulator;
import org.apereo.cas.adaptors.radius.RadiusClientFactory;
import org.apereo.cas.adaptors.radius.RadiusProtocol;
import org.apereo.cas.adaptors.radius.authentication.RadiusMultifactorAuthenticationProvider;
import org.apereo.cas.adaptors.radius.authentication.RadiusTokenAuthenticationHandler;
import org.apereo.cas.adaptors.radius.web.flow.RadiusAuthenticationWebflowAction;
import org.apereo.cas.adaptors.radius.web.flow.RadiusAuthenticationWebflowEventResolver;
import org.apereo.cas.adaptors.radius.web.flow.RadiusMultifactorTrustWebflowConfigurer;
import org.apereo.cas.adaptors.radius.web.flow.RadiusMultifactorWebflowConfigurer;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.DefaultMultifactorAuthenticationProviderBypass;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.MultifactorAuthenticationProviderBypass;
import org.apereo.cas.services.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustStorage;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.authentication.FirstMultifactorAuthenticationProviderSelector;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.config.FlowDefinitionRegistryBuilder;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("radiusMfaConfiguration")
/* loaded from: input_file:org/apereo/cas/config/RadiusMultifactorConfiguration.class */
public class RadiusMultifactorConfiguration {

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private ApplicationContext applicationContext;

    @Autowired
    @Qualifier("authenticationHandlersResolvers")
    private Map authenticationHandlersResolvers;

    @Autowired
    @Qualifier("authenticationMetadataPopulators")
    private List authenticationMetadataPopulators;

    @Autowired
    @Qualifier("loginFlowRegistry")
    private FlowDefinitionRegistry loginFlowDefinitionRegistry;

    @Autowired
    private FlowBuilderServices flowBuilderServices;

    @Autowired
    @Qualifier("centralAuthenticationService")
    private CentralAuthenticationService centralAuthenticationService;

    @Autowired
    @Qualifier("defaultAuthenticationSystemSupport")
    private AuthenticationSystemSupport authenticationSystemSupport;

    @Autowired
    @Qualifier("defaultTicketRegistrySupport")
    private TicketRegistrySupport ticketRegistrySupport;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired(required = false)
    @Qualifier("multifactorAuthenticationProviderSelector")
    private MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector = new FirstMultifactorAuthenticationProviderSelector();

    @Autowired
    @Qualifier("warnCookieGenerator")
    private CookieGenerator warnCookieGenerator;

    @ConditionalOnClass({MultifactorAuthenticationTrustStorage.class})
    @ConditionalOnProperty(prefix = "cas.authn.mfa.radius", name = {"trustedDeviceEnabled"}, havingValue = "true", matchIfMissing = true)
    @Configuration("radiusMultifactorTrustConfiguration")
    /* loaded from: input_file:org/apereo/cas/config/RadiusMultifactorConfiguration$RadiusMultifactorTrustConfiguration.class */
    public class RadiusMultifactorTrustConfiguration {
        public RadiusMultifactorTrustConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"radiusMultifactorTrustConfiguration"})
        @Bean
        public CasWebflowConfigurer radiusMultifactorTrustConfiguration() {
            RadiusMultifactorTrustWebflowConfigurer radiusMultifactorTrustWebflowConfigurer = new RadiusMultifactorTrustWebflowConfigurer();
            radiusMultifactorTrustWebflowConfigurer.setFlowDefinitionRegistry(RadiusMultifactorConfiguration.this.radiusFlowRegistry());
            radiusMultifactorTrustWebflowConfigurer.setLoginFlowDefinitionRegistry(RadiusMultifactorConfiguration.this.loginFlowDefinitionRegistry);
            radiusMultifactorTrustWebflowConfigurer.setFlowBuilderServices(RadiusMultifactorConfiguration.this.flowBuilderServices);
            radiusMultifactorTrustWebflowConfigurer.setEnableDeviceRegistration(RadiusMultifactorConfiguration.this.casProperties.getAuthn().getMfa().getTrusted().isDeviceRegistrationEnabled());
            return radiusMultifactorTrustWebflowConfigurer;
        }
    }

    @Bean
    public FlowDefinitionRegistry radiusFlowRegistry() {
        FlowDefinitionRegistryBuilder flowDefinitionRegistryBuilder = new FlowDefinitionRegistryBuilder(this.applicationContext, this.flowBuilderServices);
        flowDefinitionRegistryBuilder.setBasePath("classpath*:/webflow");
        flowDefinitionRegistryBuilder.addFlowLocationPattern("/mfa-radius/*-webflow.xml");
        return flowDefinitionRegistryBuilder.build();
    }

    @RefreshScope
    @Bean
    public List radiusTokenServers() {
        ArrayList arrayList = new ArrayList();
        RadiusClientFactory radiusClientFactory = new RadiusClientFactory();
        radiusClientFactory.setAccountingPort(this.casProperties.getAuthn().getMfa().getRadius().getClient().getAccountingPort());
        radiusClientFactory.setAuthenticationPort(this.casProperties.getAuthn().getMfa().getRadius().getClient().getAuthenticationPort());
        radiusClientFactory.setInetAddress(this.casProperties.getAuthn().getMfa().getRadius().getClient().getInetAddress());
        radiusClientFactory.setSharedSecret(this.casProperties.getAuthn().getMfa().getRadius().getClient().getSharedSecret());
        radiusClientFactory.setSocketTimeout(this.casProperties.getAuthn().getMfa().getRadius().getClient().getSocketTimeout());
        JRadiusServerImpl jRadiusServerImpl = new JRadiusServerImpl(RadiusProtocol.valueOf(this.casProperties.getAuthn().getMfa().getRadius().getServer().getProtocol()), radiusClientFactory);
        jRadiusServerImpl.setRetries(this.casProperties.getAuthn().getMfa().getRadius().getServer().getRetries());
        jRadiusServerImpl.setNasIdentifier(this.casProperties.getAuthn().getMfa().getRadius().getServer().getNasIdentifier());
        jRadiusServerImpl.setNasPort(this.casProperties.getAuthn().getMfa().getRadius().getServer().getNasPort());
        jRadiusServerImpl.setNasPortId(this.casProperties.getAuthn().getMfa().getRadius().getServer().getNasPortId());
        jRadiusServerImpl.setNasRealPort(this.casProperties.getAuthn().getMfa().getRadius().getServer().getNasRealPort());
        jRadiusServerImpl.setNasIpAddress(this.casProperties.getAuthn().getMfa().getRadius().getServer().getNasIpAddress());
        jRadiusServerImpl.setNasIpv6Address(this.casProperties.getAuthn().getMfa().getRadius().getServer().getNasIpv6Address());
        arrayList.add(jRadiusServerImpl);
        return arrayList;
    }

    @RefreshScope
    @Bean
    public MultifactorAuthenticationProvider radiusAuthenticationProvider() {
        RadiusMultifactorAuthenticationProvider radiusMultifactorAuthenticationProvider = new RadiusMultifactorAuthenticationProvider();
        radiusMultifactorAuthenticationProvider.setRadiusAuthenticationHandler(radiusTokenAuthenticationHandler());
        radiusMultifactorAuthenticationProvider.setBypassEvaluator(radiusBypassEvaluator());
        return radiusMultifactorAuthenticationProvider;
    }

    @RefreshScope
    @Bean
    public MultifactorAuthenticationProviderBypass radiusBypassEvaluator() {
        return new DefaultMultifactorAuthenticationProviderBypass(this.casProperties.getAuthn().getMfa().getRadius().getBypass());
    }

    @RefreshScope
    @Bean
    public RadiusAuthenticationMetaDataPopulator radiusAuthenticationMetaDataPopulator() {
        RadiusAuthenticationMetaDataPopulator radiusAuthenticationMetaDataPopulator = new RadiusAuthenticationMetaDataPopulator();
        radiusAuthenticationMetaDataPopulator.setAuthenticationContextAttribute(this.casProperties.getAuthn().getMfa().getAuthenticationContextAttribute());
        radiusAuthenticationMetaDataPopulator.setAuthenticationHandler(radiusTokenAuthenticationHandler());
        radiusAuthenticationMetaDataPopulator.setProvider(radiusAuthenticationProvider());
        return radiusAuthenticationMetaDataPopulator;
    }

    @RefreshScope
    @Bean
    public RadiusTokenAuthenticationHandler radiusTokenAuthenticationHandler() {
        RadiusTokenAuthenticationHandler radiusTokenAuthenticationHandler = new RadiusTokenAuthenticationHandler();
        radiusTokenAuthenticationHandler.setPrincipalFactory(radiusTokenPrincipalFactory());
        radiusTokenAuthenticationHandler.setServicesManager(this.servicesManager);
        radiusTokenAuthenticationHandler.setServers(radiusTokenServers());
        radiusTokenAuthenticationHandler.setFailoverOnAuthenticationFailure(this.casProperties.getAuthn().getMfa().getRadius().isFailoverOnAuthenticationFailure());
        radiusTokenAuthenticationHandler.setFailoverOnException(this.casProperties.getAuthn().getMfa().getRadius().isFailoverOnException());
        return radiusTokenAuthenticationHandler;
    }

    @Bean
    public PrincipalFactory radiusTokenPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @Bean
    public Action radiusAuthenticationWebflowAction() {
        RadiusAuthenticationWebflowAction radiusAuthenticationWebflowAction = new RadiusAuthenticationWebflowAction();
        radiusAuthenticationWebflowAction.setRadiusAuthenticationWebflowEventResolver(radiusAuthenticationWebflowEventResolver());
        return radiusAuthenticationWebflowAction;
    }

    @RefreshScope
    @Bean
    public CasWebflowEventResolver radiusAuthenticationWebflowEventResolver() {
        RadiusAuthenticationWebflowEventResolver radiusAuthenticationWebflowEventResolver = new RadiusAuthenticationWebflowEventResolver();
        radiusAuthenticationWebflowEventResolver.setAuthenticationSystemSupport(this.authenticationSystemSupport);
        radiusAuthenticationWebflowEventResolver.setCentralAuthenticationService(this.centralAuthenticationService);
        radiusAuthenticationWebflowEventResolver.setMultifactorAuthenticationProviderSelector(this.multifactorAuthenticationProviderSelector);
        radiusAuthenticationWebflowEventResolver.setServicesManager(this.servicesManager);
        radiusAuthenticationWebflowEventResolver.setTicketRegistrySupport(this.ticketRegistrySupport);
        radiusAuthenticationWebflowEventResolver.setWarnCookieGenerator(this.warnCookieGenerator);
        return radiusAuthenticationWebflowEventResolver;
    }

    @ConditionalOnMissingBean(name = {"radiusMultifactorWebflowConfigurer"})
    @Bean
    public CasWebflowConfigurer radiusMultifactorWebflowConfigurer() {
        RadiusMultifactorWebflowConfigurer radiusMultifactorWebflowConfigurer = new RadiusMultifactorWebflowConfigurer();
        radiusMultifactorWebflowConfigurer.setRadiusFlowRegistry(radiusFlowRegistry());
        radiusMultifactorWebflowConfigurer.setLoginFlowDefinitionRegistry(this.loginFlowDefinitionRegistry);
        radiusMultifactorWebflowConfigurer.setFlowBuilderServices(this.flowBuilderServices);
        return radiusMultifactorWebflowConfigurer;
    }

    @PostConstruct
    protected void initializeRootApplicationContext() {
        this.authenticationHandlersResolvers.put(radiusTokenAuthenticationHandler(), null);
        this.authenticationMetadataPopulators.add(0, radiusAuthenticationMetaDataPopulator());
    }
}
