package org.apereo.cas.config;

import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apereo.cas.adaptors.radius.JRadiusServerImpl;
import org.apereo.cas.adaptors.radius.RadiusClientFactory;
import org.apereo.cas.adaptors.radius.RadiusProtocol;
import org.apereo.cas.adaptors.radius.RadiusServer;
import org.apereo.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalNameTransformerUtils;
import org.apereo.cas.authentication.support.password.PasswordEncoderUtils;
import org.apereo.cas.authentication.support.password.PasswordPolicyConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.radius.RadiusClientProperties;
import org.apereo.cas.configuration.model.support.radius.RadiusProperties;
import org.apereo.cas.configuration.model.support.radius.RadiusServerProperties;
import org.apereo.cas.services.ServicesManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("radiusConfiguration")
/* loaded from: input_file:org/apereo/cas/config/RadiusConfiguration.class */
public class RadiusConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(RadiusConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired(required = false)
    @Qualifier("radiusPasswordPolicyConfiguration")
    private PasswordPolicyConfiguration passwordPolicyConfiguration;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @ConditionalOnMissingBean(name = {"radiusPrincipalFactory"})
    @Bean
    public PrincipalFactory radiusPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @RefreshScope
    @Bean
    public JRadiusServerImpl radiusServer() {
        RadiusClientProperties client = this.casProperties.getAuthn().getRadius().getClient();
        return getSingleRadiusServer(client, this.casProperties.getAuthn().getRadius().getServer(), getClientIps(client).iterator().next());
    }

    public static Set<String> getClientIps(RadiusClientProperties radiusClientProperties) {
        return StringUtils.commaDelimitedListToSet(StringUtils.trimAllWhitespace(radiusClientProperties.getInetAddress()));
    }

    private JRadiusServerImpl getSingleRadiusServer(RadiusClientProperties radiusClientProperties, RadiusServerProperties radiusServerProperties, String str) {
        return new JRadiusServerImpl(RadiusProtocol.valueOf(radiusServerProperties.getProtocol()), new RadiusClientFactory(radiusClientProperties.getAccountingPort(), radiusClientProperties.getAuthenticationPort(), radiusClientProperties.getSocketTimeout(), str, radiusClientProperties.getSharedSecret()), radiusServerProperties.getRetries(), radiusServerProperties.getNasIpAddress(), radiusServerProperties.getNasIpv6Address(), radiusServerProperties.getNasPort(), radiusServerProperties.getNasPortId(), radiusServerProperties.getNasIdentifier(), radiusServerProperties.getNasRealPort());
    }

    @RefreshScope
    @Bean
    public List<RadiusServer> radiusServers() {
        RadiusClientProperties client = this.casProperties.getAuthn().getRadius().getClient();
        RadiusServerProperties server = this.casProperties.getAuthn().getRadius().getServer();
        return (List) getClientIps(this.casProperties.getAuthn().getRadius().getClient()).stream().map(str -> {
            return getSingleRadiusServer(client, server, str);
        }).collect(Collectors.toList());
    }

    @Bean
    public AuthenticationHandler radiusAuthenticationHandler() {
        RadiusProperties radius = this.casProperties.getAuthn().getRadius();
        RadiusAuthenticationHandler radiusAuthenticationHandler = new RadiusAuthenticationHandler(radius.getName(), this.servicesManager, radiusPrincipalFactory(), radiusServers(), radius.isFailoverOnException(), radius.isFailoverOnAuthenticationFailure());
        radiusAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(radius.getPasswordEncoder()));
        radiusAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(radius.getPrincipalTransformation()));
        if (this.passwordPolicyConfiguration != null) {
            radiusAuthenticationHandler.setPasswordPolicyConfiguration(this.passwordPolicyConfiguration);
        }
        return radiusAuthenticationHandler;
    }

    @ConditionalOnMissingBean(name = {"radiusAuthenticationEventExecutionPlanConfigurer"})
    @Bean
    public AuthenticationEventExecutionPlanConfigurer radiusAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            if (getClientIps(this.casProperties.getAuthn().getRadius().getClient()).isEmpty()) {
                LOGGER.warn("No RADIUS address is defined. RADIUS support will be disabled.");
            } else {
                authenticationEventExecutionPlan.registerAuthenticationHandler(radiusAuthenticationHandler());
            }
        };
    }
}
