package org.apereo.cas.config;

import lombok.Generated;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.adaptors.yubikey.YubikeyAccountCipherExecutor;
import org.apereo.cas.adaptors.yubikey.web.flow.YubiKeyAuthenticationWebflowAction;
import org.apereo.cas.adaptors.yubikey.web.flow.YubiKeyAuthenticationWebflowEventResolver;
import org.apereo.cas.adaptors.yubikey.web.flow.YubiKeyMultifactorTrustWebflowConfigurer;
import org.apereo.cas.adaptors.yubikey.web.flow.YubiKeyMultifactorWebflowConfigurer;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.impl.CasWebflowEventResolutionConfigurationContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.webflow.config.FlowDefinitionRegistryBuilder;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("yubikeyConfiguration")
/* loaded from: input_file:org/apereo/cas/config/YubiKeyConfiguration.class */
public class YubiKeyConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(YubiKeyConfiguration.class);

    @Autowired
    @Qualifier("loginFlowRegistry")
    private ObjectProvider<FlowDefinitionRegistry> loginFlowDefinitionRegistry;

    @Autowired
    private ObjectProvider<FlowBuilderServices> flowBuilderServices;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Autowired
    @Qualifier("authenticationServiceSelectionPlan")
    private ObjectProvider<AuthenticationServiceSelectionPlan> authenticationRequestServiceSelectionStrategies;

    @Autowired
    @Qualifier("centralAuthenticationService")
    private ObjectProvider<CentralAuthenticationService> centralAuthenticationService;

    @Autowired
    @Qualifier("defaultAuthenticationSystemSupport")
    private ObjectProvider<AuthenticationSystemSupport> authenticationSystemSupport;

    @Autowired
    @Qualifier("ticketRegistry")
    private ObjectProvider<TicketRegistry> ticketRegistry;

    @Autowired
    @Qualifier("defaultTicketRegistrySupport")
    private ObjectProvider<TicketRegistrySupport> ticketRegistrySupport;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    @Qualifier("registeredServiceAccessStrategyEnforcer")
    private ObjectProvider<AuditableExecution> registeredServiceAccessStrategyEnforcer;

    @Autowired
    @Qualifier("warnCookieGenerator")
    private ObjectProvider<CasCookieBuilder> warnCookieGenerator;

    @ConditionalOnBean(name = {"mfaTrustEngine"})
    @ConditionalOnProperty(prefix = "cas.authn.mfa.yubikey", name = {"trustedDeviceEnabled"}, havingValue = "true", matchIfMissing = true)
    @Configuration("yubiMultifactorTrustConfiguration")
    /* loaded from: input_file:org/apereo/cas/config/YubiKeyConfiguration$YubiKeyMultifactorTrustConfiguration.class */
    public class YubiKeyMultifactorTrustConfiguration {
        public YubiKeyMultifactorTrustConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"yubiMultifactorTrustWebflowConfigurer"})
        @DependsOn({"defaultWebflowConfigurer"})
        @Bean
        public CasWebflowConfigurer yubiMultifactorTrustWebflowConfigurer() {
            return new YubiKeyMultifactorTrustWebflowConfigurer((FlowBuilderServices) YubiKeyConfiguration.this.flowBuilderServices.getObject(), YubiKeyConfiguration.this.casProperties.getAuthn().getMfa().getTrusted().isDeviceRegistrationEnabled(), YubiKeyConfiguration.this.yubikeyFlowRegistry(), (FlowDefinitionRegistry) YubiKeyConfiguration.this.loginFlowDefinitionRegistry.getObject(), YubiKeyConfiguration.this.applicationContext, YubiKeyConfiguration.this.casProperties);
        }

        @Bean
        public CasWebflowExecutionPlanConfigurer yubiMultifactorCasWebflowExecutionPlanConfigurer() {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(yubiMultifactorTrustWebflowConfigurer());
            };
        }
    }

    @Bean
    public FlowDefinitionRegistry yubikeyFlowRegistry() {
        FlowDefinitionRegistryBuilder flowDefinitionRegistryBuilder = new FlowDefinitionRegistryBuilder(this.applicationContext, (FlowBuilderServices) this.flowBuilderServices.getObject());
        flowDefinitionRegistryBuilder.setBasePath("classpath*:/webflow");
        flowDefinitionRegistryBuilder.addFlowLocationPattern("/mfa-yubikey/*-webflow.xml");
        return flowDefinitionRegistryBuilder.build();
    }

    @ConditionalOnMissingBean(name = {"yubikeyAuthenticationWebflowAction"})
    @RefreshScope
    @Bean
    public Action yubikeyAuthenticationWebflowAction() {
        return new YubiKeyAuthenticationWebflowAction(yubikeyAuthenticationWebflowEventResolver());
    }

    @ConditionalOnMissingBean(name = {"yubikeyMultifactorWebflowConfigurer"})
    @DependsOn({"defaultWebflowConfigurer"})
    @Bean
    public CasWebflowConfigurer yubikeyMultifactorWebflowConfigurer() {
        return new YubiKeyMultifactorWebflowConfigurer((FlowBuilderServices) this.flowBuilderServices.getObject(), (FlowDefinitionRegistry) this.loginFlowDefinitionRegistry.getObject(), yubikeyFlowRegistry(), this.applicationContext, this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"yubikeyAuthenticationWebflowEventResolver"})
    @Bean
    public CasWebflowEventResolver yubikeyAuthenticationWebflowEventResolver() {
        return new YubiKeyAuthenticationWebflowEventResolver(CasWebflowEventResolutionConfigurationContext.builder().authenticationSystemSupport((AuthenticationSystemSupport) this.authenticationSystemSupport.getObject()).centralAuthenticationService((CentralAuthenticationService) this.centralAuthenticationService.getObject()).servicesManager((ServicesManager) this.servicesManager.getObject()).ticketRegistrySupport((TicketRegistrySupport) this.ticketRegistrySupport.getObject()).warnCookieGenerator((CasCookieBuilder) this.warnCookieGenerator.getObject()).authenticationRequestServiceSelectionStrategies((AuthenticationServiceSelectionPlan) this.authenticationRequestServiceSelectionStrategies.getObject()).registeredServiceAccessStrategyEnforcer((AuditableExecution) this.registeredServiceAccessStrategyEnforcer.getObject()).casProperties(this.casProperties).ticketRegistry((TicketRegistry) this.ticketRegistry.getObject()).eventPublisher(this.applicationContext).applicationContext(this.applicationContext).build());
    }

    @ConditionalOnMissingBean(name = {"yubikeyCasWebflowExecutionPlanConfigurer"})
    @Bean
    public CasWebflowExecutionPlanConfigurer yubikeyCasWebflowExecutionPlanConfigurer() {
        return casWebflowExecutionPlan -> {
            casWebflowExecutionPlan.registerWebflowConfigurer(yubikeyMultifactorWebflowConfigurer());
        };
    }

    @ConditionalOnMissingBean(name = {"yubikeyAccountCipherExecutor"})
    @RefreshScope
    @Bean
    public CipherExecutor yubikeyAccountCipherExecutor() {
        EncryptionJwtSigningJwtCryptographyProperties crypto = this.casProperties.getAuthn().getMfa().getYubikey().getCrypto();
        if (crypto.isEnabled()) {
            return CipherExecutorUtils.newStringCipherExecutor(crypto, YubikeyAccountCipherExecutor.class);
        }
        LOGGER.info("YubiKey account encryption/signing is turned off and MAY NOT be safe in a production environment. Consider using other choices to handle encryption, signing and verification of YubiKey accounts for MFA");
        return CipherExecutor.noOp();
    }
}
