package org.apereo.cas.config;

import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.support.gua.GraphicalUserAuthenticationProperties;
import org.apereo.cas.configuration.model.support.gua.LdapGraphicalUserAuthenticationProperties;
import org.apereo.cas.gua.api.UserGraphicalAuthenticationRepository;
import org.apereo.cas.gua.impl.LdapUserGraphicalAuthenticationRepository;
import org.apereo.cas.gua.impl.StaticUserGraphicalAuthenticationRepository;
import org.apereo.cas.util.LdapConnectionFactory;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.flow.AcceptUserGraphicsForAuthenticationAction;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.DisplayUserGraphicsBeforeAuthenticationAction;
import org.apereo.cas.web.flow.GraphicalUserAuthenticationWebflowConfigurer;
import org.apereo.cas.web.flow.PrepareForGraphicalAuthenticationAction;
import org.apereo.cas.web.flow.actions.WebflowActionBeanSupplier;
import org.jooq.lambda.Unchecked;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.Authentication}, module = "gua")
/* loaded from: input_file:org/apereo/cas/config/GraphicalUserAuthenticationConfiguration.class */
public class GraphicalUserAuthenticationConfiguration {
    @ConditionalOnMissingBean(name = {"graphicalUserAuthenticationWebflowConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasWebflowConfigurer graphicalUserAuthenticationWebflowConfigurer(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices) {
        return new GraphicalUserAuthenticationWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
    }

    @ConditionalOnMissingBean(name = {"userGraphicalAuthenticationRepository"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public UserGraphicalAuthenticationRepository userGraphicalAuthenticationRepository(CasConfigurationProperties casConfigurationProperties) {
        GraphicalUserAuthenticationProperties gua = casConfigurationProperties.getAuthn().getGua();
        if (!gua.getSimple().isEmpty()) {
            return new StaticUserGraphicalAuthenticationRepository((Map) gua.getSimple().entrySet().stream().map(Unchecked.function(entry -> {
                return Pair.of((String) entry.getKey(), ResourceUtils.getResourceFrom((String) entry.getValue()));
            })).collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, (v0) -> {
                return v0.getValue();
            })));
        }
        LdapGraphicalUserAuthenticationProperties ldap = gua.getLdap();
        if (StringUtils.isNotBlank(ldap.getLdapUrl()) && StringUtils.isNotBlank(ldap.getSearchFilter()) && StringUtils.isNotBlank(ldap.getBaseDn()) && StringUtils.isNotBlank(ldap.getImageAttribute())) {
            return new LdapUserGraphicalAuthenticationRepository(casConfigurationProperties, new LdapConnectionFactory(LdapUtils.newLdaptiveConnectionFactory(gua.getLdap())));
        }
        throw new BeanCreationException("A repository instance must be configured to locate user-defined graphics");
    }

    @ConditionalOnMissingBean(name = {"acceptUserGraphicsForAuthenticationAction"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action acceptUserGraphicsForAuthenticationAction(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(AcceptUserGraphicsForAuthenticationAction::new).withId("acceptUserGraphicsForAuthenticationAction").build().get();
    }

    @ConditionalOnMissingBean(name = {"displayUserGraphicsBeforeAuthenticationAction"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action displayUserGraphicsBeforeAuthenticationAction(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("userGraphicalAuthenticationRepository") UserGraphicalAuthenticationRepository userGraphicalAuthenticationRepository) {
        return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
            return new DisplayUserGraphicsBeforeAuthenticationAction(userGraphicalAuthenticationRepository);
        }).withId("displayUserGraphicsBeforeAuthenticationAction").build().get();
    }

    @ConditionalOnMissingBean(name = {"prepareForGraphicalAuthenticationAction"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action prepareForGraphicalAuthenticationAction(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(PrepareForGraphicalAuthenticationAction::new).withId("prepareForGraphicalAuthenticationAction").build().get();
    }

    @ConditionalOnMissingBean(name = {"graphicalUserAuthenticationCasWebflowExecutionPlanConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasWebflowExecutionPlanConfigurer graphicalUserAuthenticationCasWebflowExecutionPlanConfigurer(@Qualifier("graphicalUserAuthenticationWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
        return casWebflowExecutionPlan -> {
            casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
        };
    }
}
