package org.apereo.cas.config;

import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.validator.routines.EmailValidator;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.api.PasswordlessTokenRepository;
import org.apereo.cas.api.PasswordlessUserAccount;
import org.apereo.cas.api.PasswordlessUserAccountStore;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.PasswordlessTokenAuthenticationHandler;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.configuration.model.support.passwordless.PasswordlessAuthenticationProperties;
import org.apereo.cas.impl.account.GroovyPasswordlessUserAccountStore;
import org.apereo.cas.impl.account.RestfulPasswordlessUserAccountStore;
import org.apereo.cas.impl.account.SimplePasswordlessUserAccountStore;
import org.apereo.cas.impl.token.InMemoryPasswordlessTokenRepository;
import org.apereo.cas.impl.token.PasswordlessTokenCipherExecutor;
import org.apereo.cas.impl.token.RestfulPasswordlessTokenRepository;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.io.CommunicationsManager;
import org.apereo.cas.web.flow.AcceptPasswordlessAuthenticationAction;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlan;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.DisplayBeforePasswordlessAuthenticationAction;
import org.apereo.cas.web.flow.PasswordlessAuthenticationWebflowConfigurer;
import org.apereo.cas.web.flow.PrepareForPasswordlessAuthenticationAction;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("passwordlessAuthenticationConfiguration")
/* loaded from: input_file:org/apereo/cas/config/PasswordlessAuthenticationConfiguration.class */
public class PasswordlessAuthenticationConfiguration implements CasWebflowExecutionPlanConfigurer {

    @Autowired
    @Qualifier("communicationsManager")
    private CommunicationsManager communicationsManager;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("loginFlowRegistry")
    private FlowDefinitionRegistry loginFlowDefinitionRegistry;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    private ApplicationContext applicationContext;

    @Autowired
    private FlowBuilderServices flowBuilderServices;

    @Autowired
    @Qualifier("adaptiveAuthenticationPolicy")
    private ObjectProvider<AdaptiveAuthenticationPolicy> adaptiveAuthenticationPolicy;

    @Autowired
    @Qualifier("defaultAuthenticationSystemSupport")
    private ObjectProvider<AuthenticationSystemSupport> authenticationSystemSupport;

    @Autowired
    @Qualifier("serviceTicketRequestWebflowEventResolver")
    private CasWebflowEventResolver serviceTicketRequestWebflowEventResolver;

    @Autowired
    @Qualifier("initialAuthenticationAttemptWebflowEventResolver")
    private CasDelegatingWebflowEventResolver initialAuthenticationAttemptWebflowEventResolver;

    @Bean
    public PrincipalFactory passwordlessPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"passwordlessTokenAuthenticationHandler"})
    @RefreshScope
    @Bean
    public AuthenticationHandler passwordlessTokenAuthenticationHandler() {
        return new PasswordlessTokenAuthenticationHandler(null, this.servicesManager, passwordlessPrincipalFactory(), null, passwordlessTokenRepository());
    }

    @ConditionalOnMissingBean(name = {"passwordlessUserAccountStore"})
    @RefreshScope
    @Bean
    public PasswordlessUserAccountStore passwordlessUserAccountStore() {
        PasswordlessAuthenticationProperties.Accounts accounts = this.casProperties.getAuthn().getPasswordless().getAccounts();
        return accounts.getGroovy().getLocation() != null ? new GroovyPasswordlessUserAccountStore(accounts.getGroovy().getLocation()) : StringUtils.isNotBlank(accounts.getRest().getUrl()) ? new RestfulPasswordlessUserAccountStore(accounts.getRest()) : new SimplePasswordlessUserAccountStore((Map) accounts.getSimple().entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            PasswordlessUserAccount passwordlessUserAccount = new PasswordlessUserAccount();
            passwordlessUserAccount.setUsername((String) entry.getKey());
            passwordlessUserAccount.setName((String) entry.getKey());
            if (EmailValidator.getInstance().isValid((String) entry.getValue())) {
                passwordlessUserAccount.setEmail((String) entry.getValue());
            } else {
                passwordlessUserAccount.setPhone((String) entry.getValue());
            }
            return passwordlessUserAccount;
        })));
    }

    @ConditionalOnMissingBean(name = {"passwordlessCipherExecutor"})
    @RefreshScope
    @Bean
    public CipherExecutor passwordlessCipherExecutor() {
        EncryptionJwtSigningJwtCryptographyProperties crypto = this.casProperties.getAuthn().getPasswordless().getTokens().getRest().getCrypto();
        return crypto.isEnabled() ? new PasswordlessTokenCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey(), crypto.getAlg()) : CipherExecutor.noOpOfSerializableToString();
    }

    @ConditionalOnMissingBean(name = {"passwordlessTokenRepository"})
    @RefreshScope
    @Bean
    public PasswordlessTokenRepository passwordlessTokenRepository() {
        PasswordlessAuthenticationProperties.Tokens tokens = this.casProperties.getAuthn().getPasswordless().getTokens();
        return StringUtils.isNotBlank(tokens.getRest().getUrl()) ? new RestfulPasswordlessTokenRepository(tokens.getExpireInSeconds(), tokens.getRest(), passwordlessCipherExecutor()) : new InMemoryPasswordlessTokenRepository(tokens.getExpireInSeconds());
    }

    @ConditionalOnMissingBean(name = {"acceptPasswordlessAuthenticationAction"})
    @Bean
    public Action acceptPasswordlessAuthenticationAction() {
        return new AcceptPasswordlessAuthenticationAction(this.initialAuthenticationAttemptWebflowEventResolver, this.serviceTicketRequestWebflowEventResolver, (AdaptiveAuthenticationPolicy) this.adaptiveAuthenticationPolicy.getIfAvailable(), passwordlessTokenRepository(), (AuthenticationSystemSupport) this.authenticationSystemSupport.getIfAvailable(), passwordlessUserAccountStore());
    }

    @ConditionalOnMissingBean(name = {"displayBeforePasswordlessAuthenticationAction"})
    @Bean
    public Action displayBeforePasswordlessAuthenticationAction() {
        return new DisplayBeforePasswordlessAuthenticationAction(passwordlessTokenRepository(), passwordlessUserAccountStore(), this.communicationsManager, this.casProperties.getAuthn().getPasswordless());
    }

    @Bean
    public Action initializeLoginAction() {
        return new PrepareForPasswordlessAuthenticationAction(this.servicesManager);
    }

    @ConditionalOnMissingBean(name = {"passwordlessAuthenticationWebflowConfigurer"})
    @DependsOn({"defaultWebflowConfigurer"})
    @Bean
    public CasWebflowConfigurer passwordlessAuthenticationWebflowConfigurer() {
        return new PasswordlessAuthenticationWebflowConfigurer(this.flowBuilderServices, this.loginFlowDefinitionRegistry, this.applicationContext, this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"passwordlessAuthenticationEventExecutionPlanConfigurer"})
    @Bean
    public AuthenticationEventExecutionPlanConfigurer passwordlessAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            authenticationEventExecutionPlan.registerAuthenticationHandler(passwordlessTokenAuthenticationHandler());
        };
    }

    public void configureWebflowExecutionPlan(CasWebflowExecutionPlan casWebflowExecutionPlan) {
        casWebflowExecutionPlan.registerWebflowConfigurer(passwordlessAuthenticationWebflowConfigurer());
    }
}
