package org.apereo.cas.config.support.authentication;

import com.yubico.u2f.U2F;
import org.apereo.cas.adaptors.u2f.U2FAuthenticationHandler;
import org.apereo.cas.adaptors.u2f.U2FMultifactorAuthenticationProvider;
import org.apereo.cas.adaptors.u2f.U2FTokenCredential;
import org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.MultifactorAuthenticationFailureModeEvaluator;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.bypass.MultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.handler.ByCredentialTypeAuthenticationHandlerResolver;
import org.apereo.cas.authentication.metadata.AuthenticationContextAttributeMetaDataPopulator;
import org.apereo.cas.authentication.metadata.MultifactorAuthenticationProviderMetadataPopulator;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.u2f.U2FMultifactorAuthenticationProperties;
import org.apereo.cas.configuration.support.CasFeatureModule;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.spring.boot.ConditionalOnFeature;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@ConditionalOnFeature(feature = CasFeatureModule.FeatureCatalog.U2F)
@AutoConfiguration
/* loaded from: input_file:org/apereo/cas/config/support/authentication/U2FAuthenticationEventExecutionPlanConfiguration.class */
public class U2FAuthenticationEventExecutionPlanConfiguration {
    @ConditionalOnMissingBean(name = {"u2fMultifactorProviderAuthenticationMetadataPopulator"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthenticationMetaDataPopulator u2fMultifactorProviderAuthenticationMetadataPopulator(@Qualifier("servicesManager") ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties, @Qualifier("u2fMultifactorAuthenticationProvider") ObjectProvider<MultifactorAuthenticationProvider> objectProvider) {
        return new MultifactorAuthenticationProviderMetadataPopulator(casConfigurationProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute(), objectProvider, servicesManager);
    }

    @ConditionalOnMissingBean(name = {"u2fAuthenticationMetaDataPopulator"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthenticationMetaDataPopulator u2fAuthenticationMetaDataPopulator(CasConfigurationProperties casConfigurationProperties, @Qualifier("u2fAuthenticationHandler") AuthenticationHandler authenticationHandler, @Qualifier("u2fMultifactorAuthenticationProvider") MultifactorAuthenticationProvider multifactorAuthenticationProvider) {
        return new AuthenticationContextAttributeMetaDataPopulator(casConfigurationProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute(), authenticationHandler, multifactorAuthenticationProvider.getId());
    }

    @ConditionalOnMissingBean(name = {"u2fPrincipalFactory"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PrincipalFactory u2fPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"u2fAuthenticationHandler"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthenticationHandler u2fAuthenticationHandler(CasConfigurationProperties casConfigurationProperties, @Qualifier("u2fMultifactorAuthenticationProvider") ObjectProvider<MultifactorAuthenticationProvider> objectProvider, @Qualifier("u2fPrincipalFactory") PrincipalFactory principalFactory, @Qualifier("u2fService") U2F u2f, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("u2fDeviceRepository") U2FDeviceRepository u2FDeviceRepository) {
        U2FMultifactorAuthenticationProperties u2f2 = casConfigurationProperties.getAuthn().getMfa().getU2f();
        return new U2FAuthenticationHandler(u2f2.getName(), servicesManager, principalFactory, u2FDeviceRepository, u2f, Integer.valueOf(u2f2.getOrder()), objectProvider);
    }

    @ConditionalOnMissingBean(name = {"u2fMultifactorAuthenticationProvider"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProvider u2fMultifactorAuthenticationProvider(CasConfigurationProperties casConfigurationProperties, @Qualifier("u2fBypassEvaluator") MultifactorAuthenticationProviderBypassEvaluator multifactorAuthenticationProviderBypassEvaluator, @Qualifier("failureModeEvaluator") MultifactorAuthenticationFailureModeEvaluator multifactorAuthenticationFailureModeEvaluator) {
        U2FMultifactorAuthenticationProperties u2f = casConfigurationProperties.getAuthn().getMfa().getU2f();
        U2FMultifactorAuthenticationProvider u2FMultifactorAuthenticationProvider = new U2FMultifactorAuthenticationProvider();
        u2FMultifactorAuthenticationProvider.setBypassEvaluator(multifactorAuthenticationProviderBypassEvaluator);
        u2FMultifactorAuthenticationProvider.setFailureMode(u2f.getFailureMode());
        u2FMultifactorAuthenticationProvider.setFailureModeEvaluator(multifactorAuthenticationFailureModeEvaluator);
        u2FMultifactorAuthenticationProvider.setOrder(u2f.getRank());
        u2FMultifactorAuthenticationProvider.setId(u2f.getId());
        return u2FMultifactorAuthenticationProvider;
    }

    @ConditionalOnMissingBean(name = {"u2fAuthenticationEventExecutionPlanConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthenticationEventExecutionPlanConfigurer u2fAuthenticationEventExecutionPlanConfigurer(@Qualifier("u2fMultifactorProviderAuthenticationMetadataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator, @Qualifier("u2fAuthenticationHandler") AuthenticationHandler authenticationHandler, @Qualifier("u2fAuthenticationMetaDataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator2) {
        return authenticationEventExecutionPlan -> {
            authenticationEventExecutionPlan.registerAuthenticationHandler(authenticationHandler);
            authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator2);
            authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator);
            authenticationEventExecutionPlan.registerAuthenticationHandlerResolver(new ByCredentialTypeAuthenticationHandlerResolver(new Class[]{U2FTokenCredential.class}));
        };
    }
}
