package org.apereo.cas.config;

import java.util.Objects;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.adaptors.radius.authentication.RadiusMultifactorBypassEvaluator;
import org.apereo.cas.authentication.bypass.AuthenticationMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.CredentialMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider;
import org.apereo.cas.authentication.bypass.GroovyMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.HttpRequestMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.MultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.PrincipalMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.RestMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties;
import org.apereo.cas.configuration.model.support.mfa.RadiusMultifactorAuthenticationProperties;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "RadiusTokenAuthenticationMultifactorProviderBypassConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.RadiusMFA})
/* loaded from: input_file:org/apereo/cas/config/RadiusTokenAuthenticationMultifactorProviderBypassConfiguration.class */
class RadiusTokenAuthenticationMultifactorProviderBypassConfiguration {
    RadiusTokenAuthenticationMultifactorProviderBypassConfiguration() {
    }

    @ConditionalOnMissingBean(name = {"radiusBypassEvaluator"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator radiusBypassEvaluator(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        DefaultChainingMultifactorAuthenticationBypassProvider defaultChainingMultifactorAuthenticationBypassProvider = new DefaultChainingMultifactorAuthenticationBypassProvider(configurableApplicationContext);
        RadiusMultifactorAuthenticationProperties radius = casConfigurationProperties.getAuthn().getMfa().getRadius();
        Stream filter = configurableApplicationContext.getBeansWithAnnotation(RadiusMultifactorBypassEvaluator.class).values().stream().filter(BeanSupplier::isNotProxy);
        Class<MultifactorAuthenticationProviderBypassEvaluator> cls = MultifactorAuthenticationProviderBypassEvaluator.class;
        Objects.requireNonNull(MultifactorAuthenticationProviderBypassEvaluator.class);
        Stream sorted = filter.map(cls::cast).filter(multifactorAuthenticationProviderBypassEvaluator -> {
            return !multifactorAuthenticationProviderBypassEvaluator.isEmpty();
        }).map(multifactorAuthenticationProviderBypassEvaluator2 -> {
            return multifactorAuthenticationProviderBypassEvaluator2.belongsToMultifactorAuthenticationProvider(radius.getId());
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).sorted(AnnotationAwareOrderComparator.INSTANCE);
        Objects.requireNonNull(defaultChainingMultifactorAuthenticationBypassProvider);
        sorted.forEach(defaultChainingMultifactorAuthenticationBypassProvider::addMultifactorAuthenticationProviderBypassEvaluator);
        return defaultChainingMultifactorAuthenticationBypassProvider;
    }

    @RadiusMultifactorBypassEvaluator
    @ConditionalOnMissingBean(name = {"radiusRestMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator radiusRestMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        RadiusMultifactorAuthenticationProperties radius = casConfigurationProperties.getAuthn().getMfa().getRadius();
        MultifactorAuthenticationProviderBypassProperties bypass = radius.getBypass();
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(BeanCondition.on("cas.authn.mfa.radius.bypass.rest.url").given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return new RestMultifactorAuthenticationProviderBypassEvaluator(bypass, radius.getId(), configurableApplicationContext);
        }).otherwiseProxy().get();
    }

    @RadiusMultifactorBypassEvaluator
    @ConditionalOnMissingBean(name = {"radiusGroovyMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator radiusGroovyMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(BeanCondition.on("cas.authn.mfa.radius.bypass.groovy.location").exists().given(configurableApplicationContext.getEnvironment())).supply(() -> {
            RadiusMultifactorAuthenticationProperties radius = casConfigurationProperties.getAuthn().getMfa().getRadius();
            return new GroovyMultifactorAuthenticationProviderBypassEvaluator(radius.getBypass(), radius.getId(), configurableApplicationContext);
        }).otherwiseProxy().get();
    }

    @RadiusMultifactorBypassEvaluator
    @ConditionalOnMissingBean(name = {"radiusRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator radiusRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return new RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator(casConfigurationProperties.getAuthn().getMfa().getRadius().getId(), configurableApplicationContext);
    }

    @RadiusMultifactorBypassEvaluator
    @ConditionalOnMissingBean(name = {"radiusHttpRequestMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator radiusHttpRequestMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        RadiusMultifactorAuthenticationProperties radius = casConfigurationProperties.getAuthn().getMfa().getRadius();
        MultifactorAuthenticationProviderBypassProperties bypass = radius.getBypass();
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(StringUtils.isNotBlank(bypass.getHttpRequestHeaders()) || StringUtils.isNotBlank(bypass.getHttpRequestRemoteAddress())).supply(() -> {
            return new HttpRequestMultifactorAuthenticationProviderBypassEvaluator(bypass, radius.getId(), configurableApplicationContext);
        }).otherwiseProxy().get();
    }

    @RadiusMultifactorBypassEvaluator
    @ConditionalOnMissingBean(name = {"radiusCredentialMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator radiusCredentialMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        RadiusMultifactorAuthenticationProperties radius = casConfigurationProperties.getAuthn().getMfa().getRadius();
        MultifactorAuthenticationProviderBypassProperties bypass = radius.getBypass();
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(StringUtils.isNotBlank(bypass.getCredentialClassType())).supply(() -> {
            return new CredentialMultifactorAuthenticationProviderBypassEvaluator(bypass, radius.getId(), configurableApplicationContext);
        }).otherwiseProxy().get();
    }

    @RadiusMultifactorBypassEvaluator
    @ConditionalOnMissingBean(name = {"radiusRegisteredServiceMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator radiusRegisteredServiceMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return new RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator(casConfigurationProperties.getAuthn().getMfa().getRadius().getId(), configurableApplicationContext);
    }

    @RadiusMultifactorBypassEvaluator
    @ConditionalOnMissingBean(name = {"radiusPrincipalMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator radiusPrincipalMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        RadiusMultifactorAuthenticationProperties radius = casConfigurationProperties.getAuthn().getMfa().getRadius();
        MultifactorAuthenticationProviderBypassProperties bypass = radius.getBypass();
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(StringUtils.isNotBlank(bypass.getPrincipalAttributeName())).supply(() -> {
            return new PrincipalMultifactorAuthenticationProviderBypassEvaluator(bypass, radius.getId(), configurableApplicationContext);
        }).otherwiseProxy().get();
    }

    @RadiusMultifactorBypassEvaluator
    @ConditionalOnMissingBean(name = {"radiusAuthenticationMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator radiusAuthenticationMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        RadiusMultifactorAuthenticationProperties radius = casConfigurationProperties.getAuthn().getMfa().getRadius();
        MultifactorAuthenticationProviderBypassProperties bypass = radius.getBypass();
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(StringUtils.isNotBlank(bypass.getAuthenticationAttributeName()) || StringUtils.isNotBlank(bypass.getAuthenticationHandlerName()) || StringUtils.isNotBlank(bypass.getAuthenticationMethodName())).supply(() -> {
            return new AuthenticationMultifactorAuthenticationProviderBypassEvaluator(bypass, radius.getId(), configurableApplicationContext);
        }).otherwiseProxy().get();
    }
}
