package org.apereo.cas.config;

import java.util.Objects;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.adaptors.yubikey.YubiKeyBypassEvaluator;
import org.apereo.cas.authentication.bypass.AuthenticationMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.CredentialMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider;
import org.apereo.cas.authentication.bypass.GroovyMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.HttpRequestMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.MultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.PrincipalMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.RestMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties;
import org.apereo.cas.configuration.model.support.mfa.yubikey.YubiKeyMultifactorAuthenticationProperties;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "YubiKeyAuthenticationMultifactorProviderBypassConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.YubiKey})
/* loaded from: input_file:org/apereo/cas/config/YubiKeyAuthenticationMultifactorProviderBypassConfiguration.class */
class YubiKeyAuthenticationMultifactorProviderBypassConfiguration {
    YubiKeyAuthenticationMultifactorProviderBypassConfiguration() {
    }

    @ConditionalOnMissingBean(name = {"yubikeyBypassEvaluator"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator yubikeyBypassEvaluator(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        DefaultChainingMultifactorAuthenticationBypassProvider defaultChainingMultifactorAuthenticationBypassProvider = new DefaultChainingMultifactorAuthenticationBypassProvider(configurableApplicationContext);
        YubiKeyMultifactorAuthenticationProperties yubikey = casConfigurationProperties.getAuthn().getMfa().getYubikey();
        Stream filter = configurableApplicationContext.getBeansWithAnnotation(YubiKeyBypassEvaluator.class).values().stream().filter(BeanSupplier::isNotProxy);
        Class<MultifactorAuthenticationProviderBypassEvaluator> cls = MultifactorAuthenticationProviderBypassEvaluator.class;
        Objects.requireNonNull(MultifactorAuthenticationProviderBypassEvaluator.class);
        Stream sorted = filter.map(cls::cast).filter(multifactorAuthenticationProviderBypassEvaluator -> {
            return !multifactorAuthenticationProviderBypassEvaluator.isEmpty();
        }).map(multifactorAuthenticationProviderBypassEvaluator2 -> {
            return multifactorAuthenticationProviderBypassEvaluator2.belongsToMultifactorAuthenticationProvider(yubikey.getId());
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).sorted(AnnotationAwareOrderComparator.INSTANCE);
        Objects.requireNonNull(defaultChainingMultifactorAuthenticationBypassProvider);
        sorted.forEach(defaultChainingMultifactorAuthenticationBypassProvider::addMultifactorAuthenticationProviderBypassEvaluator);
        return defaultChainingMultifactorAuthenticationBypassProvider;
    }

    @YubiKeyBypassEvaluator
    @ConditionalOnMissingBean(name = {"yubikeyRestMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator yubikeyRestMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        YubiKeyMultifactorAuthenticationProperties yubikey = casConfigurationProperties.getAuthn().getMfa().getYubikey();
        MultifactorAuthenticationProviderBypassProperties bypass = yubikey.getBypass();
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(BeanCondition.on("cas.authn.mfa.yubikey.bypass.rest.url").given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return new RestMultifactorAuthenticationProviderBypassEvaluator(bypass, yubikey.getId(), configurableApplicationContext);
        }).otherwiseProxy().get();
    }

    @YubiKeyBypassEvaluator
    @ConditionalOnMissingBean(name = {"yubikeyGroovyMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator yubikeyGroovyMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(BeanCondition.on("cas.authn.mfa.yubikey.bypass.groovy.location").exists().given(configurableApplicationContext.getEnvironment())).supply(() -> {
            YubiKeyMultifactorAuthenticationProperties yubikey = casConfigurationProperties.getAuthn().getMfa().getYubikey();
            return new GroovyMultifactorAuthenticationProviderBypassEvaluator(yubikey.getBypass(), yubikey.getId(), configurableApplicationContext);
        }).otherwiseProxy().get();
    }

    @YubiKeyBypassEvaluator
    @ConditionalOnMissingBean(name = {"yubikeyHttpRequestMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator yubikeyHttpRequestMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        YubiKeyMultifactorAuthenticationProperties yubikey = casConfigurationProperties.getAuthn().getMfa().getYubikey();
        MultifactorAuthenticationProviderBypassProperties bypass = yubikey.getBypass();
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(StringUtils.isNotBlank(bypass.getHttpRequestHeaders()) || StringUtils.isNotBlank(bypass.getHttpRequestRemoteAddress())).supply(() -> {
            return new HttpRequestMultifactorAuthenticationProviderBypassEvaluator(bypass, yubikey.getId(), configurableApplicationContext);
        }).otherwiseProxy().get();
    }

    @YubiKeyBypassEvaluator
    @ConditionalOnMissingBean(name = {"yubikeyRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator yubikeyRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return new RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator(casConfigurationProperties.getAuthn().getMfa().getYubikey().getId(), configurableApplicationContext);
    }

    @YubiKeyBypassEvaluator
    @ConditionalOnMissingBean(name = {"yubikeyCredentialMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator yubikeyCredentialMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        YubiKeyMultifactorAuthenticationProperties yubikey = casConfigurationProperties.getAuthn().getMfa().getYubikey();
        MultifactorAuthenticationProviderBypassProperties bypass = yubikey.getBypass();
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(StringUtils.isNotBlank(bypass.getCredentialClassType())).supply(() -> {
            return new CredentialMultifactorAuthenticationProviderBypassEvaluator(bypass, yubikey.getId(), configurableApplicationContext);
        }).otherwiseProxy().get();
    }

    @YubiKeyBypassEvaluator
    @ConditionalOnMissingBean(name = {"yubikeyRegisteredServiceMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator yubikeyRegisteredServiceMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return new RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator(casConfigurationProperties.getAuthn().getMfa().getYubikey().getId(), configurableApplicationContext);
    }

    @YubiKeyBypassEvaluator
    @ConditionalOnMissingBean(name = {"yubikeyPrincipalMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator yubikeyPrincipalMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        YubiKeyMultifactorAuthenticationProperties yubikey = casConfigurationProperties.getAuthn().getMfa().getYubikey();
        MultifactorAuthenticationProviderBypassProperties bypass = yubikey.getBypass();
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(StringUtils.isNotBlank(bypass.getPrincipalAttributeName())).supply(() -> {
            return new PrincipalMultifactorAuthenticationProviderBypassEvaluator(bypass, yubikey.getId(), configurableApplicationContext);
        }).otherwiseProxy().get();
    }

    @YubiKeyBypassEvaluator
    @ConditionalOnMissingBean(name = {"yubikeyAuthenticationMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator yubikeyAuthenticationMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        YubiKeyMultifactorAuthenticationProperties yubikey = casConfigurationProperties.getAuthn().getMfa().getYubikey();
        MultifactorAuthenticationProviderBypassProperties bypass = yubikey.getBypass();
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(StringUtils.isNotBlank(bypass.getAuthenticationAttributeName()) || StringUtils.isNotBlank(bypass.getAuthenticationHandlerName()) || StringUtils.isNotBlank(bypass.getAuthenticationMethodName())).supply(() -> {
            return new AuthenticationMultifactorAuthenticationProviderBypassEvaluator(bypass, yubikey.getId(), configurableApplicationContext);
        }).otherwiseProxy().get();
    }
}
