package org.apereo.cas.config.support.authentication;

import java.util.ArrayList;
import java.util.List;
import org.apereo.cas.adaptors.radius.RadiusClientFactory;
import org.apereo.cas.adaptors.radius.RadiusProtocol;
import org.apereo.cas.adaptors.radius.RadiusServer;
import org.apereo.cas.adaptors.radius.authentication.RadiusMultifactorAuthenticationProvider;
import org.apereo.cas.adaptors.radius.authentication.RadiusTokenAuthenticationHandler;
import org.apereo.cas.adaptors.radius.authentication.RadiusTokenCredential;
import org.apereo.cas.adaptors.radius.server.NonBlockingRadiusServer;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.bypass.MultifactorAuthenticationProviderBypass;
import org.apereo.cas.authentication.handler.ByCredentialTypeAuthenticationHandlerResolver;
import org.apereo.cas.authentication.metadata.AuthenticationContextAttributeMetaDataPopulator;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.RadiusMultifactorProperties;
import org.apereo.cas.configuration.model.support.radius.RadiusClientProperties;
import org.apereo.cas.configuration.model.support.radius.RadiusServerProperties;
import org.apereo.cas.services.ServicesManager;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("radiusTokenAuthenticationEventExecutionPlanConfiguration")
/* loaded from: input_file:org/apereo/cas/config/support/authentication/RadiusTokenAuthenticationEventExecutionPlanConfiguration.class */
public class RadiusTokenAuthenticationEventExecutionPlanConfiguration {

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    @Qualifier("radiusBypassEvaluator")
    private ObjectProvider<MultifactorAuthenticationProviderBypass> radiusBypassEvaluator;

    @RefreshScope
    @Bean
    public MultifactorAuthenticationProvider radiusMultifactorAuthenticationProvider() {
        RadiusMultifactorProperties radius = this.casProperties.getAuthn().getMfa().getRadius();
        RadiusMultifactorAuthenticationProvider radiusMultifactorAuthenticationProvider = new RadiusMultifactorAuthenticationProvider(radiusTokenServers());
        radiusMultifactorAuthenticationProvider.setBypassEvaluator((MultifactorAuthenticationProviderBypass) this.radiusBypassEvaluator.getIfAvailable());
        radiusMultifactorAuthenticationProvider.setFailureMode(radius.getFailureMode());
        radiusMultifactorAuthenticationProvider.setOrder(radius.getRank());
        radiusMultifactorAuthenticationProvider.setId(radius.getId());
        return radiusMultifactorAuthenticationProvider;
    }

    @RefreshScope
    @Bean
    public List<RadiusServer> radiusTokenServers() {
        ArrayList arrayList = new ArrayList();
        RadiusMultifactorProperties radius = this.casProperties.getAuthn().getMfa().getRadius();
        RadiusClientProperties client = radius.getClient();
        RadiusServerProperties server = radius.getServer();
        arrayList.add(new NonBlockingRadiusServer(RadiusProtocol.valueOf(server.getProtocol()), new RadiusClientFactory(client.getAccountingPort(), client.getAuthenticationPort(), client.getSocketTimeout(), client.getInetAddress(), client.getSharedSecret()), server.getRetries(), server.getNasIpAddress(), server.getNasIpv6Address(), server.getNasPort(), server.getNasPortId(), server.getNasIdentifier(), server.getNasRealPort(), server.getNasPortType()));
        return arrayList;
    }

    @ConditionalOnMissingBean(name = {"radiusTokenPrincipalFactory"})
    @Bean
    public PrincipalFactory radiusTokenPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @RefreshScope
    @Bean
    public RadiusTokenAuthenticationHandler radiusTokenAuthenticationHandler() {
        RadiusMultifactorProperties radius = this.casProperties.getAuthn().getMfa().getRadius();
        return new RadiusTokenAuthenticationHandler(radius.getName(), (ServicesManager) this.servicesManager.getIfAvailable(), radiusTokenPrincipalFactory(), radiusTokenServers(), radius.isFailoverOnException(), radius.isFailoverOnAuthenticationFailure(), Integer.valueOf(radius.getOrder()));
    }

    @RefreshScope
    @Bean
    public AuthenticationMetaDataPopulator radiusAuthenticationMetaDataPopulator() {
        return new AuthenticationContextAttributeMetaDataPopulator(this.casProperties.getAuthn().getMfa().getAuthenticationContextAttribute(), radiusTokenAuthenticationHandler(), radiusMultifactorAuthenticationProvider().getId());
    }

    @ConditionalOnMissingBean(name = {"radiusTokenAuthenticationEventExecutionPlanConfigurer"})
    @Bean
    public AuthenticationEventExecutionPlanConfigurer radiusTokenAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            authenticationEventExecutionPlan.registerAuthenticationHandler(radiusTokenAuthenticationHandler());
            authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(radiusAuthenticationMetaDataPopulator());
            authenticationEventExecutionPlan.registerAuthenticationHandlerResolver(new ByCredentialTypeAuthenticationHandlerResolver(new Class[]{RadiusTokenCredential.class}));
        };
    }
}
