package org.apereo.cas.adaptors.x509.config;

import java.net.URI;
import java.time.Duration;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.adaptors.x509.authentication.CRLFetcher;
import org.apereo.cas.adaptors.x509.authentication.ResourceCRLFetcher;
import org.apereo.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler;
import org.apereo.cas.adaptors.x509.authentication.ldap.LdaptiveResourceCRLFetcher;
import org.apereo.cas.adaptors.x509.authentication.principal.DefaultX509AttributeExtractor;
import org.apereo.cas.adaptors.x509.authentication.principal.EDIPIX509AttributeExtractor;
import org.apereo.cas.adaptors.x509.authentication.principal.X509AttributeExtractor;
import org.apereo.cas.adaptors.x509.authentication.principal.X509CommonNameEDIPIPrincipalResolver;
import org.apereo.cas.adaptors.x509.authentication.principal.X509SerialNumberAndIssuerDNPrincipalResolver;
import org.apereo.cas.adaptors.x509.authentication.principal.X509SerialNumberPrincipalResolver;
import org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectAlternativeNameRFC822EmailPrincipalResolver;
import org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectAlternativeNameUPNPrincipalResolver;
import org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectDNPrincipalResolver;
import org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectPrincipalResolver;
import org.apereo.cas.adaptors.x509.authentication.revocation.checker.CRLDistributionPointRevocationChecker;
import org.apereo.cas.adaptors.x509.authentication.revocation.checker.NoOpRevocationChecker;
import org.apereo.cas.adaptors.x509.authentication.revocation.checker.ResourceCRLRevocationChecker;
import org.apereo.cas.adaptors.x509.authentication.revocation.checker.RevocationChecker;
import org.apereo.cas.adaptors.x509.authentication.revocation.policy.AllowRevocationPolicy;
import org.apereo.cas.adaptors.x509.authentication.revocation.policy.DenyRevocationPolicy;
import org.apereo.cas.adaptors.x509.authentication.revocation.policy.RevocationPolicy;
import org.apereo.cas.adaptors.x509.authentication.revocation.policy.ThresholdExpiredCRLRevocationPolicy;
import org.apereo.cas.adaptors.x509.util.X509AuthenticationUtils;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties;
import org.apereo.cas.configuration.model.support.x509.CnEdipiPrincipalResolverProperties;
import org.apereo.cas.configuration.model.support.x509.Rfc822EmailPrincipalResolverProperties;
import org.apereo.cas.configuration.model.support.x509.SerialNoDnPrincipalResolverProperties;
import org.apereo.cas.configuration.model.support.x509.SerialNoPrincipalResolverProperties;
import org.apereo.cas.configuration.model.support.x509.SubjectAltNamePrincipalResolverProperties;
import org.apereo.cas.configuration.model.support.x509.SubjectDnPrincipalResolverProperties;
import org.apereo.cas.configuration.model.support.x509.X509Properties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.RegexUtils;
import org.apereo.cas.util.model.Capacity;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.ehcache.config.builders.ExpiryPolicyBuilder;
import org.ehcache.config.builders.ResourcePoolsBuilder;
import org.ehcache.config.builders.UserManagedCacheBuilder;
import org.ehcache.config.units.EntryUnit;
import org.ehcache.config.units.MemoryUnit;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "X509AuthenticationConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:org/apereo/cas/adaptors/x509/config/X509AuthenticationConfiguration.class */
public class X509AuthenticationConfiguration {
    private static final int HEX = 16;

    private static X509SerialNumberPrincipalResolver getX509SerialNumberPrincipalResolver(CasConfigurationProperties casConfigurationProperties, IPersonAttributeDao iPersonAttributeDao, X509AttributeExtractor x509AttributeExtractor, PrincipalFactory principalFactory) {
        X509Properties x509 = casConfigurationProperties.getAuthn().getX509();
        SerialNoPrincipalResolverProperties serialNo = x509.getSerialNo();
        PersonDirectoryPrincipalResolverProperties personDirectory = casConfigurationProperties.getPersonDirectory();
        int principalSNRadix = serialNo.getPrincipalSNRadix();
        X509SerialNumberPrincipalResolver newPersonDirectoryPrincipalResolver = CoreAuthenticationUtils.newPersonDirectoryPrincipalResolver(principalFactory, iPersonAttributeDao, CoreAuthenticationUtils.getAttributeMerger(casConfigurationProperties.getAuthn().getAttributeRepository().getCore().getMerger()), X509SerialNumberPrincipalResolver.class, new PersonDirectoryPrincipalResolverProperties[]{x509.getPrincipal(), personDirectory});
        newPersonDirectoryPrincipalResolver.setX509AttributeExtractor(x509AttributeExtractor);
        if (2 > principalSNRadix || principalSNRadix > 36) {
            return newPersonDirectoryPrincipalResolver;
        }
        if (principalSNRadix != HEX) {
            newPersonDirectoryPrincipalResolver.setRadix(principalSNRadix);
            return newPersonDirectoryPrincipalResolver;
        }
        newPersonDirectoryPrincipalResolver.setRadix(principalSNRadix);
        newPersonDirectoryPrincipalResolver.setZeroPadding(serialNo.isPrincipalHexSNZeroPadding());
        return newPersonDirectoryPrincipalResolver;
    }

    private static RevocationChecker getRevocationCheckerFrom(X509Properties x509Properties, RevocationChecker revocationChecker, RevocationChecker revocationChecker2, RevocationChecker revocationChecker3) {
        String trim = x509Properties.getRevocationChecker().trim();
        return "resource".equalsIgnoreCase(trim) ? revocationChecker : "crl".equalsIgnoreCase(trim) ? revocationChecker2 : revocationChecker3;
    }

    private static RevocationPolicy getRevocationPolicy(String str, RevocationPolicy revocationPolicy, RevocationPolicy revocationPolicy2, RevocationPolicy revocationPolicy3) {
        String lowerCase = str.trim().toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -1545477013:
                if (lowerCase.equals("threshold")) {
                    z = true;
                    break;
                }
                break;
            case 3079692:
                if (lowerCase.equals("deny")) {
                    z = 2;
                    break;
                }
                break;
            case 92906313:
                if (lowerCase.equals("allow")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return revocationPolicy;
            case true:
                return revocationPolicy2;
            case true:
            default:
                return revocationPolicy3;
        }
    }

    private static PrincipalResolver getPrincipalResolver(CasConfigurationProperties casConfigurationProperties, PrincipalResolver principalResolver, PrincipalResolver principalResolver2, PrincipalResolver principalResolver3, PrincipalResolver principalResolver4, PrincipalResolver principalResolver5, PrincipalResolver principalResolver6, PrincipalResolver principalResolver7) {
        X509Properties.PrincipalTypes principalType = casConfigurationProperties.getAuthn().getX509().getPrincipalType();
        return principalType == X509Properties.PrincipalTypes.SERIAL_NO ? principalResolver : principalType == X509Properties.PrincipalTypes.SERIAL_NO_DN ? principalResolver2 : principalType == X509Properties.PrincipalTypes.SUBJECT ? principalResolver3 : principalType == X509Properties.PrincipalTypes.SUBJECT_ALT_NAME ? principalResolver4 : principalType == X509Properties.PrincipalTypes.RFC822_EMAIL ? principalResolver5 : principalType == X509Properties.PrincipalTypes.CN_EDIPI ? principalResolver7 : principalResolver6;
    }

    @ConditionalOnMissingBean(name = {"allowRevocationPolicy"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public RevocationPolicy allowRevocationPolicy() {
        return new AllowRevocationPolicy();
    }

    @ConditionalOnMissingBean(name = {"thresholdExpiredCRLRevocationPolicy"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public RevocationPolicy thresholdExpiredCRLRevocationPolicy(CasConfigurationProperties casConfigurationProperties) {
        return new ThresholdExpiredCRLRevocationPolicy(casConfigurationProperties.getAuthn().getX509().getRevocationPolicyThreshold());
    }

    @ConditionalOnMissingBean(name = {"denyRevocationPolicy"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public RevocationPolicy denyRevocationPolicy() {
        return new DenyRevocationPolicy();
    }

    @ConditionalOnMissingBean(name = {"crlDistributionPointRevocationChecker"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public RevocationChecker crlDistributionPointRevocationChecker(CasConfigurationProperties casConfigurationProperties, @Qualifier("crlFetcher") CRLFetcher cRLFetcher, @Qualifier("allowRevocationPolicy") RevocationPolicy revocationPolicy, @Qualifier("thresholdExpiredCRLRevocationPolicy") RevocationPolicy revocationPolicy2, @Qualifier("denyRevocationPolicy") RevocationPolicy revocationPolicy3) {
        X509Properties x509 = casConfigurationProperties.getAuthn().getX509();
        UserManagedCacheBuilder newUserManagedCacheBuilder = UserManagedCacheBuilder.newUserManagedCacheBuilder(URI.class, byte[].class);
        if (x509.isCacheDiskOverflow()) {
            Capacity parse = Capacity.parse(x509.getCacheDiskSize());
            newUserManagedCacheBuilder = newUserManagedCacheBuilder.withResourcePools(ResourcePoolsBuilder.newResourcePoolsBuilder().disk(parse.getSize().longValue(), MemoryUnit.valueOf(parse.getUnitOfMeasure().name()), false));
        }
        UserManagedCacheBuilder withResourcePools = newUserManagedCacheBuilder.withResourcePools(ResourcePoolsBuilder.newResourcePoolsBuilder().heap(x509.getCacheMaxElementsInMemory(), EntryUnit.ENTRIES));
        return new CRLDistributionPointRevocationChecker(x509.isCheckAll(), getRevocationPolicy(x509.getCrlUnavailablePolicy(), revocationPolicy, revocationPolicy2, revocationPolicy3), getRevocationPolicy(x509.getCrlExpiredPolicy(), revocationPolicy, revocationPolicy2, revocationPolicy3), (x509.isCacheEternal() ? withResourcePools.withExpiry(ExpiryPolicyBuilder.noExpiration()) : withResourcePools.withExpiry(ExpiryPolicyBuilder.timeToLiveExpiration(Duration.ofSeconds(x509.getCacheTimeToLiveSeconds())))).build(true), cRLFetcher, x509.isThrowOnFetchFailure());
    }

    @ConditionalOnMissingBean(name = {"noOpRevocationChecker"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public RevocationChecker noOpRevocationChecker() {
        return new NoOpRevocationChecker();
    }

    @ConditionalOnMissingBean(name = {"resourceCrlRevocationChecker"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public RevocationChecker resourceCrlRevocationChecker(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("allowRevocationPolicy") RevocationPolicy revocationPolicy, @Qualifier("thresholdExpiredCRLRevocationPolicy") RevocationPolicy revocationPolicy2, @Qualifier("denyRevocationPolicy") RevocationPolicy revocationPolicy3, @Qualifier("crlFetcher") CRLFetcher cRLFetcher) {
        X509Properties x509 = casConfigurationProperties.getAuthn().getX509();
        Stream stream = x509.getCrlResources().stream();
        Objects.requireNonNull(configurableApplicationContext);
        return new ResourceCRLRevocationChecker(x509.isCheckAll(), getRevocationPolicy(x509.getCrlResourceUnavailablePolicy(), revocationPolicy, revocationPolicy2, revocationPolicy3), getRevocationPolicy(x509.getCrlResourceExpiredPolicy(), revocationPolicy, revocationPolicy2, revocationPolicy3), x509.getRefreshIntervalSeconds(), cRLFetcher, (Set) stream.map(configurableApplicationContext::getResource).collect(Collectors.toSet()));
    }

    @ConditionalOnMissingBean(name = {"crlFetcher"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CRLFetcher crlFetcher(CasConfigurationProperties casConfigurationProperties) {
        X509Properties x509 = casConfigurationProperties.getAuthn().getX509();
        String lowerCase = x509.getCrlFetcher().toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -341064690:
                if (lowerCase.equals("resource")) {
                    z = true;
                    break;
                }
                break;
            case 3316647:
                if (lowerCase.equals("ldap")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new LdaptiveResourceCRLFetcher(LdapUtils.newLdaptiveConnectionConfig(x509.getLdap()), LdapUtils.newLdaptiveSearchOperation(x509.getLdap().getBaseDn(), x509.getLdap().getSearchFilter()), x509.getLdap().getCertificateAttribute());
            case true:
            default:
                return new ResourceCRLFetcher();
        }
    }

    @ConditionalOnMissingBean(name = {"x509CredentialsAuthenticationHandler"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthenticationHandler x509CredentialsAuthenticationHandler(CasConfigurationProperties casConfigurationProperties, @Qualifier("resourceCrlRevocationChecker") RevocationChecker revocationChecker, @Qualifier("x509PrincipalFactory") PrincipalFactory principalFactory, @Qualifier("crlDistributionPointRevocationChecker") RevocationChecker revocationChecker2, @Qualifier("noOpRevocationChecker") RevocationChecker revocationChecker3, @Qualifier("servicesManager") ServicesManager servicesManager) {
        X509Properties x509 = casConfigurationProperties.getAuthn().getX509();
        RevocationChecker revocationCheckerFrom = getRevocationCheckerFrom(x509, revocationChecker, revocationChecker2, revocationChecker3);
        Pattern createPattern = StringUtils.isNotBlank(x509.getRegExSubjectDnPattern()) ? RegexUtils.createPattern(x509.getRegExSubjectDnPattern()) : null;
        return new X509CredentialsAuthenticationHandler(x509.getName(), servicesManager, principalFactory, StringUtils.isNotBlank(x509.getRegExTrustedIssuerDnPattern()) ? RegexUtils.createPattern(x509.getRegExTrustedIssuerDnPattern()) : null, x509.getMaxPathLength(), x509.isMaxPathLengthAllowUnspecified(), x509.isCheckKeyUsage(), x509.isRequireKeyUsage(), createPattern, revocationCheckerFrom, Integer.valueOf(x509.getOrder()));
    }

    @ConditionalOnMissingBean(name = {"x509SubjectPrincipalResolver"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PrincipalResolver x509SubjectPrincipalResolver(CasConfigurationProperties casConfigurationProperties, @Qualifier("x509PrincipalFactory") PrincipalFactory principalFactory, @Qualifier("x509AttributeExtractor") X509AttributeExtractor x509AttributeExtractor, @Qualifier("attributeRepository") IPersonAttributeDao iPersonAttributeDao) {
        PersonDirectoryPrincipalResolverProperties personDirectory = casConfigurationProperties.getPersonDirectory();
        X509Properties x509 = casConfigurationProperties.getAuthn().getX509();
        X509SubjectPrincipalResolver newPersonDirectoryPrincipalResolver = CoreAuthenticationUtils.newPersonDirectoryPrincipalResolver(principalFactory, iPersonAttributeDao, CoreAuthenticationUtils.getAttributeMerger(casConfigurationProperties.getAuthn().getAttributeRepository().getCore().getMerger()), X509SubjectPrincipalResolver.class, new PersonDirectoryPrincipalResolverProperties[]{x509.getPrincipal(), personDirectory});
        newPersonDirectoryPrincipalResolver.setPrincipalDescriptor(x509.getPrincipalDescriptor());
        newPersonDirectoryPrincipalResolver.setX509AttributeExtractor(x509AttributeExtractor);
        return newPersonDirectoryPrincipalResolver;
    }

    @ConditionalOnMissingBean(name = {"x509SubjectDNPrincipalResolver"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PrincipalResolver x509SubjectDNPrincipalResolver(CasConfigurationProperties casConfigurationProperties, @Qualifier("x509PrincipalFactory") PrincipalFactory principalFactory, @Qualifier("x509AttributeExtractor") X509AttributeExtractor x509AttributeExtractor, @Qualifier("attributeRepository") IPersonAttributeDao iPersonAttributeDao) {
        X509Properties x509 = casConfigurationProperties.getAuthn().getX509();
        SubjectDnPrincipalResolverProperties subjectDn = x509.getSubjectDn();
        PersonDirectoryPrincipalResolverProperties personDirectory = casConfigurationProperties.getPersonDirectory();
        X509SubjectDNPrincipalResolver newPersonDirectoryPrincipalResolver = CoreAuthenticationUtils.newPersonDirectoryPrincipalResolver(principalFactory, iPersonAttributeDao, CoreAuthenticationUtils.getAttributeMerger(casConfigurationProperties.getAuthn().getAttributeRepository().getCore().getMerger()), X509SubjectDNPrincipalResolver.class, new PersonDirectoryPrincipalResolverProperties[]{x509.getPrincipal(), personDirectory});
        newPersonDirectoryPrincipalResolver.setSubjectDnFormat(X509AuthenticationUtils.getSubjectDnFormat(subjectDn.getFormat()));
        newPersonDirectoryPrincipalResolver.setX509AttributeExtractor(x509AttributeExtractor);
        return newPersonDirectoryPrincipalResolver;
    }

    @ConditionalOnMissingBean(name = {"x509SubjectAlternativeNameUPNPrincipalResolver"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PrincipalResolver x509SubjectAlternativeNameUPNPrincipalResolver(CasConfigurationProperties casConfigurationProperties, @Qualifier("x509PrincipalFactory") PrincipalFactory principalFactory, @Qualifier("x509AttributeExtractor") X509AttributeExtractor x509AttributeExtractor, @Qualifier("attributeRepository") IPersonAttributeDao iPersonAttributeDao) {
        X509Properties x509 = casConfigurationProperties.getAuthn().getX509();
        PersonDirectoryPrincipalResolverProperties personDirectory = casConfigurationProperties.getPersonDirectory();
        SubjectAltNamePrincipalResolverProperties subjectAltName = x509.getSubjectAltName();
        X509SubjectAlternativeNameUPNPrincipalResolver newPersonDirectoryPrincipalResolver = CoreAuthenticationUtils.newPersonDirectoryPrincipalResolver(principalFactory, iPersonAttributeDao, CoreAuthenticationUtils.getAttributeMerger(casConfigurationProperties.getAuthn().getAttributeRepository().getCore().getMerger()), X509SubjectAlternativeNameUPNPrincipalResolver.class, new PersonDirectoryPrincipalResolverProperties[]{x509.getPrincipal(), personDirectory});
        newPersonDirectoryPrincipalResolver.setAlternatePrincipalAttribute(subjectAltName.getAlternatePrincipalAttribute());
        newPersonDirectoryPrincipalResolver.setX509AttributeExtractor(x509AttributeExtractor);
        return newPersonDirectoryPrincipalResolver;
    }

    @ConditionalOnMissingBean(name = {"x509SubjectAlternativeNameRFC822EmailPrincipalResolver"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PrincipalResolver x509SubjectAlternativeNameRFC822EmailPrincipalResolver(CasConfigurationProperties casConfigurationProperties, @Qualifier("x509PrincipalFactory") PrincipalFactory principalFactory, @Qualifier("x509AttributeExtractor") X509AttributeExtractor x509AttributeExtractor, @Qualifier("attributeRepository") IPersonAttributeDao iPersonAttributeDao) {
        X509Properties x509 = casConfigurationProperties.getAuthn().getX509();
        PersonDirectoryPrincipalResolverProperties personDirectory = casConfigurationProperties.getPersonDirectory();
        Rfc822EmailPrincipalResolverProperties rfc822Email = x509.getRfc822Email();
        X509SubjectAlternativeNameRFC822EmailPrincipalResolver newPersonDirectoryPrincipalResolver = CoreAuthenticationUtils.newPersonDirectoryPrincipalResolver(principalFactory, iPersonAttributeDao, CoreAuthenticationUtils.getAttributeMerger(casConfigurationProperties.getAuthn().getAttributeRepository().getCore().getMerger()), X509SubjectAlternativeNameRFC822EmailPrincipalResolver.class, new PersonDirectoryPrincipalResolverProperties[]{x509.getPrincipal(), personDirectory});
        newPersonDirectoryPrincipalResolver.setAlternatePrincipalAttribute(rfc822Email.getAlternatePrincipalAttribute());
        newPersonDirectoryPrincipalResolver.setX509AttributeExtractor(x509AttributeExtractor);
        return newPersonDirectoryPrincipalResolver;
    }

    @ConditionalOnMissingBean(name = {"x509SerialNumberPrincipalResolver"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PrincipalResolver x509SerialNumberPrincipalResolver(CasConfigurationProperties casConfigurationProperties, @Qualifier("x509PrincipalFactory") PrincipalFactory principalFactory, @Qualifier("x509AttributeExtractor") X509AttributeExtractor x509AttributeExtractor, @Qualifier("attributeRepository") IPersonAttributeDao iPersonAttributeDao) {
        return getX509SerialNumberPrincipalResolver(casConfigurationProperties, iPersonAttributeDao, x509AttributeExtractor, principalFactory);
    }

    @ConditionalOnMissingBean(name = {"x509PrincipalFactory"})
    @Bean
    public PrincipalFactory x509PrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"x509SerialNumberAndIssuerDNPrincipalResolver"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PrincipalResolver x509SerialNumberAndIssuerDNPrincipalResolver(CasConfigurationProperties casConfigurationProperties, @Qualifier("x509PrincipalFactory") PrincipalFactory principalFactory, @Qualifier("x509AttributeExtractor") X509AttributeExtractor x509AttributeExtractor, @Qualifier("attributeRepository") IPersonAttributeDao iPersonAttributeDao) {
        X509Properties x509 = casConfigurationProperties.getAuthn().getX509();
        SerialNoDnPrincipalResolverProperties serialNoDn = x509.getSerialNoDn();
        X509SerialNumberAndIssuerDNPrincipalResolver newPersonDirectoryPrincipalResolver = CoreAuthenticationUtils.newPersonDirectoryPrincipalResolver(principalFactory, iPersonAttributeDao, CoreAuthenticationUtils.getAttributeMerger(casConfigurationProperties.getAuthn().getAttributeRepository().getCore().getMerger()), X509SerialNumberAndIssuerDNPrincipalResolver.class, new PersonDirectoryPrincipalResolverProperties[]{x509.getPrincipal(), casConfigurationProperties.getPersonDirectory()});
        newPersonDirectoryPrincipalResolver.setSerialNumberPrefix(serialNoDn.getSerialNumberPrefix());
        newPersonDirectoryPrincipalResolver.setValueDelimiter(serialNoDn.getValueDelimiter());
        newPersonDirectoryPrincipalResolver.setX509AttributeExtractor(x509AttributeExtractor);
        return newPersonDirectoryPrincipalResolver;
    }

    @ConditionalOnMissingBean(name = {"x509CommonNameEDIPIPrincipalResolver"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PrincipalResolver x509CommonNameEDIPIPrincipalResolver(CasConfigurationProperties casConfigurationProperties, @Qualifier("x509PrincipalFactory") PrincipalFactory principalFactory, @Qualifier("x509AttributeExtractor") X509AttributeExtractor x509AttributeExtractor, @Qualifier("attributeRepository") IPersonAttributeDao iPersonAttributeDao) {
        X509Properties x509 = casConfigurationProperties.getAuthn().getX509();
        CnEdipiPrincipalResolverProperties cnEdipi = x509.getCnEdipi();
        X509CommonNameEDIPIPrincipalResolver newPersonDirectoryPrincipalResolver = CoreAuthenticationUtils.newPersonDirectoryPrincipalResolver(principalFactory, iPersonAttributeDao, CoreAuthenticationUtils.getAttributeMerger(casConfigurationProperties.getAuthn().getAttributeRepository().getCore().getMerger()), X509CommonNameEDIPIPrincipalResolver.class, new PersonDirectoryPrincipalResolverProperties[]{x509.getPrincipal(), casConfigurationProperties.getPersonDirectory()});
        newPersonDirectoryPrincipalResolver.setAlternatePrincipalAttribute(cnEdipi.getAlternatePrincipalAttribute());
        newPersonDirectoryPrincipalResolver.setX509AttributeExtractor(x509AttributeExtractor);
        return newPersonDirectoryPrincipalResolver;
    }

    @ConditionalOnMissingBean(name = {"x509AuthenticationEventExecutionPlanConfigurer"})
    @Bean
    public AuthenticationEventExecutionPlanConfigurer x509AuthenticationEventExecutionPlanConfigurer(@Qualifier("x509SerialNumberPrincipalResolver") PrincipalResolver principalResolver, @Qualifier("x509SerialNumberAndIssuerDNPrincipalResolver") PrincipalResolver principalResolver2, @Qualifier("x509SubjectPrincipalResolver") PrincipalResolver principalResolver3, @Qualifier("x509SubjectAlternativeNameUPNPrincipalResolver") PrincipalResolver principalResolver4, @Qualifier("x509SubjectAlternativeNameRFC822EmailPrincipalResolver") PrincipalResolver principalResolver5, @Qualifier("x509SubjectDNPrincipalResolver") PrincipalResolver principalResolver6, @Qualifier("x509CommonNameEDIPIPrincipalResolver") PrincipalResolver principalResolver7, CasConfigurationProperties casConfigurationProperties, @Qualifier("x509CredentialsAuthenticationHandler") AuthenticationHandler authenticationHandler) {
        return authenticationEventExecutionPlan -> {
            authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(authenticationHandler, getPrincipalResolver(casConfigurationProperties, principalResolver, principalResolver2, principalResolver3, principalResolver4, principalResolver5, principalResolver6, principalResolver7));
        };
    }

    @ConditionalOnMissingBean(name = {"x509AttributeExtractor"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public X509AttributeExtractor x509AttributeExtractor(CasConfigurationProperties casConfigurationProperties) {
        return casConfigurationProperties.getAuthn().getX509().getCnEdipi().isExtractEdipiAsAttribute() ? new EDIPIX509AttributeExtractor() : new DefaultX509AttributeExtractor();
    }
}
