package org.apereo.cas.config;

import org.apereo.cas.adaptors.yubikey.YubiKeyAccountRegistry;
import org.apereo.cas.adaptors.yubikey.YubiKeyAccountValidator;
import org.apereo.cas.adaptors.yubikey.dao.RedisYubiKeyAccountRegistry;
import org.apereo.cas.authentication.CasSSLContext;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.support.CasFeatureModule;
import org.apereo.cas.redis.core.CasRedisTemplate;
import org.apereo.cas.redis.core.RedisObjectFactory;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeature;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.data.redis.connection.RedisConnectionFactory;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "RedisYubiKeyConfiguration", proxyBeanMethods = false)
@ConditionalOnFeature(feature = CasFeatureModule.FeatureCatalog.YubiKey, module = "redis")
/* loaded from: input_file:org/apereo/cas/config/RedisYubiKeyConfiguration.class */
public class RedisYubiKeyConfiguration {
    private static final BeanCondition CONDITION = BeanCondition.on("cas.authn.mfa.yubikey.redis.enabled").isTrue().evenIfMissing();

    @ConditionalOnMissingBean(name = {"redisYubiKeyTemplate"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasRedisTemplate redisYubiKeyTemplate(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("redisYubiKeyConnectionFactory") RedisConnectionFactory redisConnectionFactory) throws Exception {
        return (CasRedisTemplate) BeanSupplier.of(CasRedisTemplate.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return RedisObjectFactory.newRedisTemplate(redisConnectionFactory);
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"redisYubiKeyConnectionFactory"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public RedisConnectionFactory redisYubiKeyConnectionFactory(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("casSslContext") CasSSLContext casSSLContext, CasConfigurationProperties casConfigurationProperties) throws Exception {
        return (RedisConnectionFactory) BeanSupplier.of(RedisConnectionFactory.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return RedisObjectFactory.newRedisConnectionFactory(casConfigurationProperties.getAuthn().getMfa().getYubikey().getRedis(), casSSLContext);
        }).otherwiseProxy().get();
    }

    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public YubiKeyAccountRegistry yubiKeyAccountRegistry(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("redisYubiKeyTemplate") CasRedisTemplate casRedisTemplate, @Qualifier("yubiKeyAccountValidator") YubiKeyAccountValidator yubiKeyAccountValidator, @Qualifier("yubikeyAccountCipherExecutor") CipherExecutor cipherExecutor, CasConfigurationProperties casConfigurationProperties) throws Exception {
        return (YubiKeyAccountRegistry) BeanSupplier.of(YubiKeyAccountRegistry.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            RedisYubiKeyAccountRegistry redisYubiKeyAccountRegistry = new RedisYubiKeyAccountRegistry(yubiKeyAccountValidator, casRedisTemplate, casConfigurationProperties.getAuthn().getMfa().getYubikey().getRedis().getScanCount());
            redisYubiKeyAccountRegistry.setCipherExecutor(cipherExecutor);
            return redisYubiKeyAccountRegistry;
        }).otherwiseProxy().get();
    }
}
