package org.apereo.cas.mgmt.config;

import java.util.ArrayList;
import java.util.List;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.CasManagementConfigurationProperties;
import org.apereo.cas.mgmt.CasManagementUtils;
import org.apereo.cas.mgmt.authentication.CasUserProfileFactory;
import org.pac4j.cas.client.direct.DirectCasClient;
import org.pac4j.cas.config.CasConfiguration;
import org.pac4j.core.authorization.authorizer.Authorizer;
import org.pac4j.core.authorization.generator.AuthorizationGenerator;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.direct.AnonymousClient;
import org.pac4j.core.config.Config;
import org.pac4j.http.client.direct.IpClient;
import org.pac4j.http.credentials.authenticator.IpRegexpAuthenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties({CasConfigurationProperties.class, CasManagementConfigurationProperties.class})
@Configuration("casManagementAuthenticationConfiguration")
/* loaded from: input_file:WEB-INF/lib/cas-management-webapp-support-5.3.4.jar:org/apereo/cas/mgmt/config/CasManagementAuthenticationConfiguration.class */
public class CasManagementAuthenticationConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CasManagementAuthenticationConfiguration.class);

    @Autowired
    private ServerProperties serverProperties;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private CasManagementConfigurationProperties managementProperties;

    @Autowired
    @Qualifier("managementWebappAuthorizer")
    private Authorizer managementWebappAuthorizer;

    @Autowired
    @Qualifier("authorizationGenerator")
    private AuthorizationGenerator authorizationGenerator;

    @Autowired
    @Qualifier("staticAdminRolesAuthorizationGenerator")
    private AuthorizationGenerator staticAdminRolesAuthorizationGenerator;

    @ConditionalOnMissingBean(name = {"authenticationClients"})
    @RefreshScope
    @Bean
    public List<Client> authenticationClients() {
        ArrayList arrayList = new ArrayList();
        if (StringUtils.hasText(this.casProperties.getServer().getName())) {
            LOGGER.debug("Configuring an authentication strategy based on CAS running at [{}]", this.casProperties.getServer().getName());
            DirectCasClient directCasClient = new DirectCasClient(new CasConfiguration(this.casProperties.getServer().getLoginUrl()));
            directCasClient.setAuthorizationGenerator(this.authorizationGenerator);
            directCasClient.setName("CasClient");
            arrayList.add(directCasClient);
        } else {
            LOGGER.debug("Skipping CAS authentication strategy configuration; no CAS server name is defined");
        }
        if (StringUtils.hasText(this.managementProperties.getAuthzIpRegex())) {
            LOGGER.info("Configuring an authentication strategy based on authorized IP addresses matching [{}]", this.managementProperties.getAuthzIpRegex());
            IpClient ipClient = new IpClient(new IpRegexpAuthenticator(this.managementProperties.getAuthzIpRegex()));
            ipClient.setName("IpClient");
            ipClient.setAuthorizationGenerator(this.staticAdminRolesAuthorizationGenerator);
            arrayList.add(ipClient);
        } else {
            LOGGER.debug("Skipping IP address authentication strategy configuration; no pattern is defined");
        }
        if (arrayList.isEmpty()) {
            LOGGER.warn("No authentication strategy is defined, CAS will establish an anonymous authentication mode whereby access is immediately granted. This may NOT be relevant for production purposes. Consider configuring alternative authentication strategies for maximum security.");
            AnonymousClient anonymousClient = new AnonymousClient();
            anonymousClient.setAuthorizationGenerator(this.staticAdminRolesAuthorizationGenerator);
            arrayList.add(anonymousClient);
        }
        return arrayList;
    }

    @ConditionalOnMissingBean(name = {"casManagementSecurityConfiguration"})
    @RefreshScope
    @Bean
    public Config casManagementSecurityConfiguration() {
        Config config = new Config(CasManagementUtils.getDefaultCallbackUrl(this.casProperties, this.serverProperties), authenticationClients());
        config.setAuthorizer(this.managementWebappAuthorizer);
        return config;
    }

    @ConditionalOnMissingBean(name = {"casUserProfileFactory"})
    @RefreshScope
    @Bean
    public CasUserProfileFactory casUserProfileFactory() {
        return new CasUserProfileFactory(this.managementProperties);
    }
}
