package org.apereo.cas.config;

import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.LoadingCache;
import com.yubico.u2f.U2F;
import java.util.HashMap;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.adaptors.u2f.U2FAuthenticationRegistrationRecordCipherExecutor;
import org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository;
import org.apereo.cas.adaptors.u2f.storage.U2FGroovyResourceDeviceRepository;
import org.apereo.cas.adaptors.u2f.storage.U2FInMemoryDeviceRepository;
import org.apereo.cas.adaptors.u2f.storage.U2FJsonResourceDeviceRepository;
import org.apereo.cas.adaptors.u2f.storage.U2FRestResourceDeviceRepository;
import org.apereo.cas.authentication.PseudoPlatformTransactionManager;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.configuration.model.support.mfa.U2FMultifactorProperties;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.transaction.PlatformTransactionManager;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "u2fConfiguration", proxyBeanMethods = true)
/* loaded from: input_file:org/apereo/cas/config/U2FConfiguration.class */
public class U2FConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(U2FConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    /* loaded from: input_file:org/apereo/cas/config/U2FConfiguration$U2FDeviceRepositoryCleanerScheduler.class */
    public static class U2FDeviceRepositoryCleanerScheduler {
        private final U2FDeviceRepository repository;

        @Scheduled(initialDelayString = "${cas.authn.mfa.u2f.cleaner.schedule.start-delay:PT20S}", fixedDelayString = "${cas.authn.mfa.u2f.cleaner.schedule.repeat-interval:PT15M}")
        public void run() {
            U2FConfiguration.LOGGER.debug("Starting to clean expired U2F devices from repository");
            this.repository.clean();
        }

        @Generated
        public U2FDeviceRepositoryCleanerScheduler(U2FDeviceRepository u2FDeviceRepository) {
            this.repository = u2FDeviceRepository;
        }
    }

    @ConditionalOnMissingBean(name = {"transactionManagerU2f"})
    @Bean
    public PlatformTransactionManager transactionManagerU2f() {
        return new PseudoPlatformTransactionManager();
    }

    @ConditionalOnMissingBean(name = {"u2fDeviceRepositoryCleanerScheduler"})
    @Autowired
    @ConditionalOnProperty(prefix = "authn.mfa.u2f.cleaner", name = {"enabled"}, havingValue = "true", matchIfMissing = true)
    @Bean
    public U2FDeviceRepositoryCleanerScheduler u2fDeviceRepositoryCleanerScheduler(@Qualifier("u2fDeviceRepository") U2FDeviceRepository u2FDeviceRepository) {
        return new U2FDeviceRepositoryCleanerScheduler(u2FDeviceRepository);
    }

    @ConditionalOnMissingBean(name = {"u2fService"})
    @Bean
    public U2F u2fService() {
        return new U2F();
    }

    @ConditionalOnMissingBean(name = {"u2fDeviceRepository"})
    @RefreshScope
    @Bean
    public U2FDeviceRepository u2fDeviceRepository() {
        U2FMultifactorProperties u2f = this.casProperties.getAuthn().getMfa().getU2f();
        LoadingCache build = Caffeine.newBuilder().expireAfterWrite(u2f.getExpireDevices(), u2f.getExpireDevicesTimeUnit()).build(str -> {
            return "";
        });
        return u2f.getJson().getLocation() != null ? new U2FJsonResourceDeviceRepository(build, u2f.getJson().getLocation(), u2f.getExpireDevices(), u2f.getExpireDevicesTimeUnit()) : u2f.getGroovy().getLocation() != null ? new U2FGroovyResourceDeviceRepository(build, u2f.getGroovy().getLocation(), u2f.getExpireDevices(), u2f.getExpireDevicesTimeUnit()) : StringUtils.isNotBlank(u2f.getRest().getUrl()) ? new U2FRestResourceDeviceRepository(build, u2f.getExpireDevices(), u2f.getExpireDevicesTimeUnit(), u2f.getRest()) : new U2FInMemoryDeviceRepository(Caffeine.newBuilder().expireAfterWrite(u2f.getExpireDevices(), u2f.getExpireDevicesTimeUnit()).build(str2 -> {
            return new HashMap(0);
        }), build);
    }

    @ConditionalOnMissingBean(name = {"u2fRegistrationRecordCipherExecutor"})
    @RefreshScope
    @Bean
    public CipherExecutor u2fRegistrationRecordCipherExecutor() {
        EncryptionJwtSigningJwtCryptographyProperties crypto = this.casProperties.getAuthn().getMfa().getU2f().getCrypto();
        if (crypto.isEnabled()) {
            return CipherExecutorUtils.newStringCipherExecutor(crypto, U2FAuthenticationRegistrationRecordCipherExecutor.class);
        }
        LOGGER.info("U2F registration record encryption/signing is turned off and MAY NOT be safe in a production environment. Consider using other choices to handle encryption, signing and verification of U2F registration records for MFA");
        return CipherExecutor.noOp();
    }
}
