package org.apereo.cas.config.support.authentication;

import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.adaptors.yubikey.YubiKeyAccountRegistry;
import org.apereo.cas.adaptors.yubikey.YubiKeyAuthenticationHandler;
import org.apereo.cas.adaptors.yubikey.YubiKeyMultifactorAuthenticationProvider;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.metadata.AuthenticationContextAttributeMetaDataPopulator;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProperties;
import org.apereo.cas.services.DefaultMultifactorAuthenticationProviderBypass;
import org.apereo.cas.services.MultifactorAuthenticationProvider;
import org.apereo.cas.services.MultifactorAuthenticationProviderBypass;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.http.HttpClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration("yubikeyAuthenticationEventExecutionPlanConfiguration")
/* loaded from: input_file:org/apereo/cas/config/support/authentication/YubiKeyAuthenticationEventExecutionPlanConfiguration.class */
public class YubiKeyAuthenticationEventExecutionPlanConfiguration implements AuthenticationEventExecutionPlanConfigurer {

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired(required = false)
    @Qualifier("yubiKeyAccountRegistry")
    private YubiKeyAccountRegistry registry;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("noRedirectHttpClient")
    private HttpClient httpClient;

    @RefreshScope
    @Bean
    public AuthenticationMetaDataPopulator yubikeyAuthenticationMetaDataPopulator() {
        return new AuthenticationContextAttributeMetaDataPopulator(this.casProperties.getAuthn().getMfa().getAuthenticationContextAttribute(), yubikeyAuthenticationHandler(), yubikeyAuthenticationProvider());
    }

    @RefreshScope
    @Bean
    public MultifactorAuthenticationProviderBypass yubikeyBypassEvaluator() {
        return new DefaultMultifactorAuthenticationProviderBypass(this.casProperties.getAuthn().getMfa().getYubikey().getBypass());
    }

    @ConditionalOnMissingBean(name = {"yubikeyPrincipalFactory"})
    @Bean
    public PrincipalFactory yubikeyPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @RefreshScope
    @Bean
    public YubiKeyAuthenticationHandler yubikeyAuthenticationHandler() {
        MultifactorAuthenticationProperties.YubiKey yubikey = this.casProperties.getAuthn().getMfa().getYubikey();
        if (StringUtils.isBlank(yubikey.getSecretKey())) {
            throw new IllegalArgumentException("Yubikey secret key cannot be blank");
        }
        if (yubikey.getClientId().intValue() <= 0) {
            throw new IllegalArgumentException("Yubikey client id is undefined");
        }
        YubiKeyAuthenticationHandler yubiKeyAuthenticationHandler = new YubiKeyAuthenticationHandler(yubikey.getName(), this.servicesManager, yubikeyPrincipalFactory(), yubikey.getClientId(), yubikey.getSecretKey(), this.registry);
        if (!this.casProperties.getAuthn().getMfa().getYubikey().getApiUrls().isEmpty()) {
            yubiKeyAuthenticationHandler.getClient().setWsapiUrls((String[]) this.casProperties.getAuthn().getMfa().getYubikey().getApiUrls().toArray(new String[0]));
        }
        return yubiKeyAuthenticationHandler;
    }

    @RefreshScope
    @Bean
    public MultifactorAuthenticationProvider yubikeyAuthenticationProvider() {
        YubiKeyMultifactorAuthenticationProvider yubiKeyMultifactorAuthenticationProvider = new YubiKeyMultifactorAuthenticationProvider(yubikeyAuthenticationHandler(), this.httpClient);
        yubiKeyMultifactorAuthenticationProvider.setBypassEvaluator(yubikeyBypassEvaluator());
        yubiKeyMultifactorAuthenticationProvider.setGlobalFailureMode(this.casProperties.getAuthn().getMfa().getGlobalFailureMode());
        yubiKeyMultifactorAuthenticationProvider.setOrder(this.casProperties.getAuthn().getMfa().getYubikey().getRank());
        yubiKeyMultifactorAuthenticationProvider.setId(this.casProperties.getAuthn().getMfa().getYubikey().getId());
        return yubiKeyMultifactorAuthenticationProvider;
    }

    public void configureAuthenticationExecutionPlan(AuthenticationEventExecutionPlan authenticationEventExecutionPlan) {
        MultifactorAuthenticationProperties.YubiKey yubikey = this.casProperties.getAuthn().getMfa().getYubikey();
        if (yubikey.getClientId().intValue() <= 0 || !StringUtils.isNotBlank(yubikey.getSecretKey())) {
            return;
        }
        authenticationEventExecutionPlan.registerAuthenticationHandler(yubikeyAuthenticationHandler());
        authenticationEventExecutionPlan.registerMetadataPopulator(yubikeyAuthenticationMetaDataPopulator());
    }
}
