package org.apereo.cas.config;

import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.support.spnego.SpnegoProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.RegexUtils;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.flow.SpnegoCredentialsAction;
import org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction;
import org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction;
import org.apereo.cas.web.flow.client.HostNameSpnegoKnownClientSystemsFilterAction;
import org.apereo.cas.web.flow.client.LdapSpnegoKnownClientSystemsFilterAction;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.FilterTemplate;
import org.ldaptive.SearchOperation;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "SpnegoWebflowActionsConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.SPNEGO})
/* loaded from: input_file:org/apereo/cas/config/SpnegoWebflowActionsConfiguration.class */
class SpnegoWebflowActionsConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SpnegoLdapWebflowActionsConfiguration", proxyBeanMethods = false)
    @ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.SPNEGO}, module = "ldap")
    /* loaded from: input_file:org/apereo/cas/config/SpnegoWebflowActionsConfiguration$SpnegoLdapWebflowActionsConfiguration.class */
    static class SpnegoLdapWebflowActionsConfiguration {
        private static final BeanCondition CONDITION = BeanCondition.on("cas.authn.spnego.ldap.ldap-url");

        SpnegoLdapWebflowActionsConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"ldapSpnegoClientAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action ldapSpnegoClientAction(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
            return (Action) BeanSupplier.of(Action.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                SpnegoProperties spnego = casConfigurationProperties.getAuthn().getSpnego();
                ConnectionFactory newLdaptiveConnectionFactory = LdapUtils.newLdaptiveConnectionFactory(spnego.getLdap());
                FilterTemplate newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter(spnego.getLdap().getSearchFilter());
                SearchOperation searchOperation = new SearchOperation(newLdaptiveConnectionFactory, LdapUtils.newLdaptiveSearchRequest(spnego.getLdap().getBaseDn(), newLdaptiveSearchFilter));
                searchOperation.setTemplate(newLdaptiveSearchFilter);
                return new LdapSpnegoKnownClientSystemsFilterAction(RegexUtils.createPattern(spnego.getIpsToCheckPattern()), spnego.getAlternativeRemoteHostAttribute(), Beans.newDuration(spnego.getDnsTimeout()).toMillis(), searchOperation, spnego.getSpnegoAttributeName());
            }).otherwiseProxy().get();
        }
    }

    SpnegoWebflowActionsConfiguration() {
    }

    @ConditionalOnMissingBean(name = {"spnego"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action spnego(CasConfigurationProperties casConfigurationProperties, @Qualifier("adaptiveAuthenticationPolicy") AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy, @Qualifier("serviceTicketRequestWebflowEventResolver") CasWebflowEventResolver casWebflowEventResolver, @Qualifier("initialAuthenticationAttemptWebflowEventResolver") CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver) {
        return new SpnegoCredentialsAction(casDelegatingWebflowEventResolver, casWebflowEventResolver, adaptiveAuthenticationPolicy, casConfigurationProperties.getAuthn().getSpnego().isSend401OnAuthenticationFailure());
    }

    @ConditionalOnMissingBean(name = {"negociateSpnego"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action negociateSpnego(CasConfigurationProperties casConfigurationProperties) {
        SpnegoProperties spnego = casConfigurationProperties.getAuthn().getSpnego();
        return new SpnegoNegotiateCredentialsAction((List) Stream.of((Object[]) spnego.getSupportedBrowsers().split(",")).collect(Collectors.toList()), spnego.isMixedModeAuthentication());
    }

    @ConditionalOnMissingBean(name = {"baseSpnegoClientAction"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action baseSpnegoClientAction(CasConfigurationProperties casConfigurationProperties) {
        SpnegoProperties spnego = casConfigurationProperties.getAuthn().getSpnego();
        return new BaseSpnegoKnownClientSystemsFilterAction(RegexUtils.createPattern(spnego.getIpsToCheckPattern()), spnego.getAlternativeRemoteHostAttribute(), Beans.newDuration(spnego.getDnsTimeout()).toMillis());
    }

    @ConditionalOnMissingBean(name = {"hostnameSpnegoClientAction"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action hostnameSpnegoClientAction(CasConfigurationProperties casConfigurationProperties) {
        SpnegoProperties spnego = casConfigurationProperties.getAuthn().getSpnego();
        return new HostNameSpnegoKnownClientSystemsFilterAction(RegexUtils.createPattern(spnego.getIpsToCheckPattern()), spnego.getAlternativeRemoteHostAttribute(), Beans.newDuration(spnego.getDnsTimeout()).toMillis(), spnego.getHostNamePatternString());
    }
}
