package org.apereo.cas.config;

import java.io.File;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AcceptUsersAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler;
import org.apereo.cas.authentication.handler.support.jaas.JaasAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalNameTransformerUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.resolvers.ProxyingPrincipalResolver;
import org.apereo.cas.authentication.support.password.PasswordEncoderUtils;
import org.apereo.cas.authentication.support.password.PasswordPolicyContext;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties;
import org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties;
import org.apereo.cas.configuration.model.support.generic.AcceptAuthenticationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanContainer;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = CasFeatureModule.FeatureCatalog.Authentication)
/* loaded from: input_file:org/apereo/cas/config/CasCoreAuthenticationHandlersConfiguration.class */
public class CasCoreAuthenticationHandlersConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CasCoreAuthenticationHandlersConfiguration.class);

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasCoreAuthenticationHandlersAcceptConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasCoreAuthenticationHandlersConfiguration$CasCoreAuthenticationHandlersAcceptConfiguration.class */
    public static class CasCoreAuthenticationHandlersAcceptConfiguration {
        private static Map<String, String> getParsedUsers(CasConfigurationProperties casConfigurationProperties) {
            AcceptAuthenticationProperties accept = casConfigurationProperties.getAuthn().getAccept();
            String users = accept.getUsers();
            if (!accept.isEnabled() || !StringUtils.isNotBlank(users) || !users.contains("::")) {
                return new HashMap(0);
            }
            Pattern compile = Pattern.compile("::");
            Stream of = Stream.of((Object[]) users.split(","));
            Objects.requireNonNull(compile);
            return (Map) of.map((v1) -> {
                return r1.split(v1);
            }).collect(Collectors.toMap(strArr -> {
                return strArr[0];
            }, strArr2 -> {
                return strArr2[1];
            }));
        }

        @ConditionalOnMissingBean(name = {"acceptPasswordPolicyConfiguration"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PasswordPolicyContext acceptPasswordPolicyConfiguration() {
            return new PasswordPolicyContext();
        }

        @ConditionalOnMissingBean(name = {"acceptUsersAuthenticationHandler"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationHandler acceptUsersAuthenticationHandler(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("acceptUsersPrincipalFactory") PrincipalFactory principalFactory, @Qualifier("acceptPasswordPolicyConfiguration") PasswordPolicyContext passwordPolicyContext) {
            AcceptAuthenticationProperties accept = casConfigurationProperties.getAuthn().getAccept();
            AcceptUsersAuthenticationHandler acceptUsersAuthenticationHandler = new AcceptUsersAuthenticationHandler(accept.getName(), servicesManager, principalFactory, Integer.valueOf(accept.getOrder()), getParsedUsers(casConfigurationProperties));
            acceptUsersAuthenticationHandler.setState(accept.getState());
            acceptUsersAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(accept.getPasswordEncoder(), configurableApplicationContext));
            acceptUsersAuthenticationHandler.setPasswordPolicyConfiguration(passwordPolicyContext);
            acceptUsersAuthenticationHandler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(accept.getCredentialCriteria()));
            acceptUsersAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(accept.getPrincipalTransformation()));
            PasswordPolicyProperties passwordPolicy = accept.getPasswordPolicy();
            acceptUsersAuthenticationHandler.setPasswordPolicyHandlingStrategy(CoreAuthenticationUtils.newPasswordPolicyHandlingStrategy(passwordPolicy, configurableApplicationContext));
            if (passwordPolicy.isEnabled()) {
                PasswordPolicyContext passwordPolicyContext2 = new PasswordPolicyContext(passwordPolicy);
                if (passwordPolicy.isAccountStateHandlingEnabled()) {
                    passwordPolicyContext2.setAccountStateHandler((obj, obj2) -> {
                        return new ArrayList(0);
                    });
                } else {
                    CasCoreAuthenticationHandlersConfiguration.LOGGER.debug("Handling account states is disabled via CAS configuration");
                }
                acceptUsersAuthenticationHandler.setPasswordPolicyConfiguration(passwordPolicyContext2);
            }
            return acceptUsersAuthenticationHandler;
        }

        @ConditionalOnMissingBean(name = {"acceptUsersPrincipalFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PrincipalFactory acceptUsersPrincipalFactory() {
            return PrincipalFactoryUtils.newPrincipalFactory();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasCoreAuthenticationHandlersJaasConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasCoreAuthenticationHandlersConfiguration$CasCoreAuthenticationHandlersJaasConfiguration.class */
    public static class CasCoreAuthenticationHandlersJaasConfiguration {
        @ConditionalOnMissingBean(name = {"jaasPasswordPolicyConfiguration"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PasswordPolicyContext jaasPasswordPolicyConfiguration() {
            return new PasswordPolicyContext();
        }

        @ConditionalOnMissingBean(name = {"jaasPrincipalFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PrincipalFactory jaasPrincipalFactory() {
            return PrincipalFactoryUtils.newPrincipalFactory();
        }

        @ConditionalOnMissingBean(name = {"jaasPersonDirectoryPrincipalResolvers"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public BeanContainer<PrincipalResolver> jaasPersonDirectoryPrincipalResolvers(CasConfigurationProperties casConfigurationProperties, @Qualifier("attributeRepository") IPersonAttributeDao iPersonAttributeDao, @Qualifier("jaasPrincipalFactory") PrincipalFactory principalFactory) {
            PersonDirectoryPrincipalResolverProperties personDirectory = casConfigurationProperties.getPersonDirectory();
            return BeanContainer.of((List) casConfigurationProperties.getAuthn().getJaas().stream().filter(jaasAuthenticationProperties -> {
                return StringUtils.isNotBlank(jaasAuthenticationProperties.getRealm());
            }).map(jaasAuthenticationProperties2 -> {
                return CoreAuthenticationUtils.newPersonDirectoryPrincipalResolver(principalFactory, iPersonAttributeDao, CoreAuthenticationUtils.getAttributeMerger(casConfigurationProperties.getAuthn().getAttributeRepository().getCore().getMerger()), new PersonDirectoryPrincipalResolverProperties[]{jaasAuthenticationProperties2.getPrincipal(), personDirectory});
            }).collect(Collectors.toList()));
        }

        @ConditionalOnMissingBean(name = {"jaasAuthenticationHandlers"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public BeanContainer<AuthenticationHandler> jaasAuthenticationHandlers(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("jaasPrincipalFactory") PrincipalFactory principalFactory) {
            return BeanContainer.of((List) casConfigurationProperties.getAuthn().getJaas().stream().filter(jaasAuthenticationProperties -> {
                return StringUtils.isNotBlank(jaasAuthenticationProperties.getRealm());
            }).map(jaasAuthenticationProperties2 -> {
                JaasAuthenticationHandler jaasAuthenticationHandler = new JaasAuthenticationHandler(jaasAuthenticationProperties2.getName(), servicesManager, principalFactory, Integer.valueOf(jaasAuthenticationProperties2.getOrder()));
                jaasAuthenticationHandler.setState(jaasAuthenticationProperties2.getState());
                jaasAuthenticationHandler.setKerberosKdcSystemProperty(jaasAuthenticationProperties2.getKerberosKdcSystemProperty());
                jaasAuthenticationHandler.setKerberosRealmSystemProperty(jaasAuthenticationProperties2.getKerberosRealmSystemProperty());
                jaasAuthenticationHandler.setRealm(jaasAuthenticationProperties2.getRealm());
                jaasAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(jaasAuthenticationProperties2.getPasswordEncoder(), configurableApplicationContext));
                if (StringUtils.isNotBlank(jaasAuthenticationProperties2.getLoginConfigType())) {
                    jaasAuthenticationHandler.setLoginConfigType(jaasAuthenticationProperties2.getLoginConfigType());
                }
                if (StringUtils.isNotBlank(jaasAuthenticationProperties2.getLoginConfigurationFile())) {
                    jaasAuthenticationHandler.setLoginConfigurationFile(new File(jaasAuthenticationProperties2.getLoginConfigurationFile()));
                }
                PasswordPolicyProperties passwordPolicy = jaasAuthenticationProperties2.getPasswordPolicy();
                jaasAuthenticationHandler.setPasswordPolicyHandlingStrategy(CoreAuthenticationUtils.newPasswordPolicyHandlingStrategy(passwordPolicy, configurableApplicationContext));
                if (passwordPolicy.isEnabled()) {
                    CasCoreAuthenticationHandlersConfiguration.LOGGER.debug("Password policy is enabled for JAAS. Constructing password policy configuration for [{}]", jaasAuthenticationProperties2.getRealm());
                    PasswordPolicyContext passwordPolicyContext = new PasswordPolicyContext(passwordPolicy);
                    if (passwordPolicy.isAccountStateHandlingEnabled()) {
                        passwordPolicyContext.setAccountStateHandler((obj, obj2) -> {
                            return new ArrayList(0);
                        });
                    } else {
                        CasCoreAuthenticationHandlersConfiguration.LOGGER.debug("Handling account states is disabled via CAS configuration");
                    }
                    jaasAuthenticationHandler.setPasswordPolicyConfiguration(passwordPolicyContext);
                }
                jaasAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(jaasAuthenticationProperties2.getPrincipalTransformation()));
                jaasAuthenticationHandler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(jaasAuthenticationProperties2.getCredentialCriteria()));
                return jaasAuthenticationHandler;
            }).collect(Collectors.toList()));
        }

        @ConditionalOnMissingBean(name = {"jaasAuthenticationEventExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationEventExecutionPlanConfigurer jaasAuthenticationEventExecutionPlanConfigurer(@Qualifier("jaasAuthenticationHandlers") BeanContainer<AuthenticationHandler> beanContainer, @Qualifier("jaasPersonDirectoryPrincipalResolvers") BeanContainer<PrincipalResolver> beanContainer2) {
            return authenticationEventExecutionPlan -> {
                authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolvers(beanContainer.toList(), beanContainer2.toList());
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasCoreAuthenticationHandlersProxyConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasCoreAuthenticationHandlersConfiguration$CasCoreAuthenticationHandlersProxyConfiguration.class */
    public static class CasCoreAuthenticationHandlersProxyConfiguration {
        private static final BeanCondition CONDITION = BeanCondition.on("cas.sso.proxy-authn-enabled").isTrue().evenIfMissing();

        @ConditionalOnMissingBean(name = {"proxyAuthenticationHandler"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationHandler proxyAuthenticationHandler(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("proxyPrincipalFactory") PrincipalFactory principalFactory, @Qualifier("supportsTrustStoreSslSocketFactoryHttpClient") HttpClient httpClient) throws Exception {
            return (AuthenticationHandler) BeanSupplier.of(AuthenticationHandler.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new HttpBasedServiceCredentialsAuthenticationHandler((String) null, servicesManager, principalFactory, Integer.MIN_VALUE, httpClient);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"proxyPrincipalFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PrincipalFactory proxyPrincipalFactory(ConfigurableApplicationContext configurableApplicationContext) throws Exception {
            return (PrincipalFactory) BeanSupplier.of(PrincipalFactory.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(PrincipalFactoryUtils::newPrincipalFactory).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"proxyPrincipalResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PrincipalResolver proxyPrincipalResolver(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("proxyPrincipalFactory") PrincipalFactory principalFactory) throws Exception {
            return (PrincipalResolver) BeanSupplier.of(PrincipalResolver.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new ProxyingPrincipalResolver(principalFactory);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"proxyAuthenticationEventExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationEventExecutionPlanConfigurer proxyAuthenticationEventExecutionPlanConfigurer(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("proxyAuthenticationHandler") AuthenticationHandler authenticationHandler, @Qualifier("proxyPrincipalResolver") PrincipalResolver principalResolver) throws Exception {
            return (AuthenticationEventExecutionPlanConfigurer) BeanSupplier.of(AuthenticationEventExecutionPlanConfigurer.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return authenticationEventExecutionPlan -> {
                    authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(authenticationHandler, principalResolver);
                };
            }).otherwiseProxy().get();
        }
    }
}
