package org.apereo.cas.web.flow.config;

import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.authentication.AuthenticationContextValidator;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationService;
import org.apereo.cas.authentication.principal.ResponseBuilderLocator;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.webapp.WebflowProperties;
import org.apereo.cas.services.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.cipher.WebflowConversationStateCipherExecutor;
import org.apereo.cas.web.flow.AuthenticationExceptionHandlerAction;
import org.apereo.cas.web.flow.CheckWebAuthenticationRequestAction;
import org.apereo.cas.web.flow.ClearWebflowCredentialAction;
import org.apereo.cas.web.flow.RedirectToServiceAction;
import org.apereo.cas.web.flow.authentication.GroovyScriptMultifactorAuthenticationProviderSelector;
import org.apereo.cas.web.flow.authentication.RankedMultifactorAuthenticationProviderSelector;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.impl.AdaptiveMultifactorAuthenticationPolicyEventResolver;
import org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.impl.RankedAuthenticationProviderWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.impl.SelectiveAuthenticationProviderWebflowEventEventResolver;
import org.apereo.cas.web.flow.resolver.impl.ServiceTicketRequestWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.impl.mfa.AuthenticationAttributeMultifactorAuthenticationPolicyEventResolver;
import org.apereo.cas.web.flow.resolver.impl.mfa.GlobalMultifactorAuthenticationPolicyEventResolver;
import org.apereo.cas.web.flow.resolver.impl.mfa.GroovyScriptMultifactorAuthenticationPolicyEventResolver;
import org.apereo.cas.web.flow.resolver.impl.mfa.PredicatedPrincipalAttributeMultifactorAuthenticationPolicyEventResolver;
import org.apereo.cas.web.flow.resolver.impl.mfa.PrincipalAttributeMultifactorAuthenticationPolicyEventResolver;
import org.apereo.cas.web.flow.resolver.impl.mfa.RegisteredServiceMultifactorAuthenticationPolicyEventResolver;
import org.apereo.cas.web.flow.resolver.impl.mfa.RegisteredServicePrincipalAttributeMultifactorAuthenticationPolicyEventResolver;
import org.apereo.cas.web.flow.resolver.impl.mfa.RequestParameterMultifactorAuthenticationPolicyEventResolver;
import org.apereo.cas.web.flow.resolver.impl.mfa.RestEndpointMultifactorAuthenticationPolicyEventResolver;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.web.util.CookieGenerator;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casCoreWebflowConfiguration")
/* loaded from: input_file:WEB-INF/lib/cas-server-core-webflow-5.1.7.jar:org/apereo/cas/web/flow/config/CasCoreWebflowConfiguration.class */
public class CasCoreWebflowConfiguration {

    @Autowired(required = false)
    @Qualifier("geoLocationService")
    private GeoLocationService geoLocationService;

    @Autowired
    @Qualifier("authenticationContextValidator")
    private AuthenticationContextValidator authenticationContextValidator;

    @Autowired
    @Qualifier("centralAuthenticationService")
    private CentralAuthenticationService centralAuthenticationService;

    @Autowired
    @Qualifier("defaultAuthenticationSystemSupport")
    private AuthenticationSystemSupport authenticationSystemSupport;

    @Autowired
    @Qualifier("defaultTicketRegistrySupport")
    private TicketRegistrySupport ticketRegistrySupport;

    @Autowired
    @Qualifier("webApplicationResponseBuilderLocator")
    private ResponseBuilderLocator responseBuilderLocator;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("warnCookieGenerator")
    private CookieGenerator warnCookieGenerator;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("multifactorAuthenticationProviderSelector")
    private MultifactorAuthenticationProviderSelector selector;

    @Autowired
    @Qualifier("authenticationServiceSelectionPlan")
    private AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies;

    @ConditionalOnMissingBean(name = {"adaptiveAuthenticationPolicyWebflowEventResolver"})
    @RefreshScope
    @Bean
    public CasWebflowEventResolver adaptiveAuthenticationPolicyWebflowEventResolver() {
        return new AdaptiveMultifactorAuthenticationPolicyEventResolver(this.authenticationSystemSupport, this.centralAuthenticationService, this.servicesManager, this.ticketRegistrySupport, this.warnCookieGenerator, this.authenticationRequestServiceSelectionStrategies, this.selector, this.casProperties, this.geoLocationService);
    }

    @ConditionalOnMissingBean(name = {"principalAttributeAuthenticationPolicyWebflowEventResolver"})
    @RefreshScope
    @Bean
    public CasWebflowEventResolver principalAttributeAuthenticationPolicyWebflowEventResolver() {
        return new PrincipalAttributeMultifactorAuthenticationPolicyEventResolver(this.authenticationSystemSupport, this.centralAuthenticationService, this.servicesManager, this.ticketRegistrySupport, this.warnCookieGenerator, this.authenticationRequestServiceSelectionStrategies, this.selector, this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"predicatedPrincipalAttributeMultifactorAuthenticationPolicyEventResolver"})
    @RefreshScope
    @Bean
    public CasWebflowEventResolver predicatedPrincipalAttributeMultifactorAuthenticationPolicyEventResolver() {
        return new PredicatedPrincipalAttributeMultifactorAuthenticationPolicyEventResolver(this.authenticationSystemSupport, this.centralAuthenticationService, this.servicesManager, this.ticketRegistrySupport, this.warnCookieGenerator, this.authenticationRequestServiceSelectionStrategies, this.selector, this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"authenticationAttributeAuthenticationPolicyWebflowEventResolver"})
    @RefreshScope
    @Bean
    public CasWebflowEventResolver authenticationAttributeAuthenticationPolicyWebflowEventResolver() {
        return new AuthenticationAttributeMultifactorAuthenticationPolicyEventResolver(this.authenticationSystemSupport, this.centralAuthenticationService, this.servicesManager, this.ticketRegistrySupport, this.warnCookieGenerator, this.authenticationRequestServiceSelectionStrategies, this.selector, this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"authenticationExceptionHandler"})
    @Bean
    public Action authenticationExceptionHandler() {
        AuthenticationExceptionHandlerAction authenticationExceptionHandlerAction = new AuthenticationExceptionHandlerAction();
        authenticationExceptionHandlerAction.setErrors(this.casProperties.getAuthn().getExceptions().getExceptions());
        return authenticationExceptionHandlerAction;
    }

    @ConditionalOnMissingBean(name = {"multifactorAuthenticationProviderSelector"})
    @RefreshScope
    @Bean
    public MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector() {
        Resource providerSelectorGroovyScript = this.casProperties.getAuthn().getMfa().getProviderSelectorGroovyScript();
        return providerSelectorGroovyScript != null ? new GroovyScriptMultifactorAuthenticationProviderSelector(providerSelectorGroovyScript) : new RankedMultifactorAuthenticationProviderSelector();
    }

    @ConditionalOnMissingBean(name = {"initialAuthenticationAttemptWebflowEventResolver"})
    @RefreshScope
    @Bean
    public CasDelegatingWebflowEventResolver initialAuthenticationAttemptWebflowEventResolver() {
        InitialAuthenticationAttemptWebflowEventResolver initialAuthenticationAttemptWebflowEventResolver = new InitialAuthenticationAttemptWebflowEventResolver(this.authenticationSystemSupport, this.centralAuthenticationService, this.servicesManager, this.ticketRegistrySupport, this.warnCookieGenerator, this.authenticationRequestServiceSelectionStrategies, this.selector);
        initialAuthenticationAttemptWebflowEventResolver.addDelegate(adaptiveAuthenticationPolicyWebflowEventResolver());
        initialAuthenticationAttemptWebflowEventResolver.addDelegate(globalAuthenticationPolicyWebflowEventResolver());
        initialAuthenticationAttemptWebflowEventResolver.addDelegate(requestParameterAuthenticationPolicyWebflowEventResolver());
        initialAuthenticationAttemptWebflowEventResolver.addDelegate(restEndpointAuthenticationPolicyWebflowEventResolver());
        initialAuthenticationAttemptWebflowEventResolver.addDelegate(groovyScriptAuthenticationPolicyWebflowEventResolver());
        initialAuthenticationAttemptWebflowEventResolver.addDelegate(registeredServicePrincipalAttributeAuthenticationPolicyWebflowEventResolver());
        initialAuthenticationAttemptWebflowEventResolver.addDelegate(predicatedPrincipalAttributeMultifactorAuthenticationPolicyEventResolver());
        initialAuthenticationAttemptWebflowEventResolver.addDelegate(principalAttributeAuthenticationPolicyWebflowEventResolver());
        initialAuthenticationAttemptWebflowEventResolver.addDelegate(authenticationAttributeAuthenticationPolicyWebflowEventResolver());
        initialAuthenticationAttemptWebflowEventResolver.addDelegate(registeredServiceAuthenticationPolicyWebflowEventResolver());
        initialAuthenticationAttemptWebflowEventResolver.setSelectiveResolver(selectiveAuthenticationProviderWebflowEventResolver());
        return initialAuthenticationAttemptWebflowEventResolver;
    }

    @ConditionalOnMissingBean(name = {"restEndpointAuthenticationPolicyWebflowEventResolver"})
    @RefreshScope
    @Bean
    public CasWebflowEventResolver restEndpointAuthenticationPolicyWebflowEventResolver() {
        return new RestEndpointMultifactorAuthenticationPolicyEventResolver(this.authenticationSystemSupport, this.centralAuthenticationService, this.servicesManager, this.ticketRegistrySupport, this.warnCookieGenerator, this.authenticationRequestServiceSelectionStrategies, this.selector, this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"serviceTicketRequestWebflowEventResolver"})
    @RefreshScope
    @Bean
    public CasWebflowEventResolver serviceTicketRequestWebflowEventResolver() {
        return new ServiceTicketRequestWebflowEventResolver(this.authenticationSystemSupport, this.centralAuthenticationService, this.servicesManager, this.ticketRegistrySupport, this.warnCookieGenerator, this.authenticationRequestServiceSelectionStrategies, this.selector);
    }

    @ConditionalOnMissingBean(name = {"globalAuthenticationPolicyWebflowEventResolver"})
    @RefreshScope
    @Bean
    public CasWebflowEventResolver globalAuthenticationPolicyWebflowEventResolver() {
        return new GlobalMultifactorAuthenticationPolicyEventResolver(this.authenticationSystemSupport, this.centralAuthenticationService, this.servicesManager, this.ticketRegistrySupport, this.warnCookieGenerator, this.authenticationRequestServiceSelectionStrategies, this.selector, this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"groovyScriptAuthenticationPolicyWebflowEventResolver"})
    @RefreshScope
    @Bean
    public CasWebflowEventResolver groovyScriptAuthenticationPolicyWebflowEventResolver() {
        return new GroovyScriptMultifactorAuthenticationPolicyEventResolver(this.authenticationSystemSupport, this.centralAuthenticationService, this.servicesManager, this.ticketRegistrySupport, this.warnCookieGenerator, this.authenticationRequestServiceSelectionStrategies, this.selector, this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"selectiveAuthenticationProviderWebflowEventResolver"})
    @RefreshScope
    @Bean
    public CasWebflowEventResolver selectiveAuthenticationProviderWebflowEventResolver() {
        return new SelectiveAuthenticationProviderWebflowEventEventResolver(this.authenticationSystemSupport, this.centralAuthenticationService, this.servicesManager, this.ticketRegistrySupport, this.warnCookieGenerator, this.authenticationRequestServiceSelectionStrategies, this.selector);
    }

    @ConditionalOnMissingBean(name = {"requestParameterAuthenticationPolicyWebflowEventResolver"})
    @RefreshScope
    @Bean
    public CasWebflowEventResolver requestParameterAuthenticationPolicyWebflowEventResolver() {
        return new RequestParameterMultifactorAuthenticationPolicyEventResolver(this.authenticationSystemSupport, this.centralAuthenticationService, this.servicesManager, this.ticketRegistrySupport, this.warnCookieGenerator, this.authenticationRequestServiceSelectionStrategies, this.selector, this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"registeredServicePrincipalAttributeAuthenticationPolicyWebflowEventResolver"})
    @RefreshScope
    @Bean
    public CasWebflowEventResolver registeredServicePrincipalAttributeAuthenticationPolicyWebflowEventResolver() {
        return new RegisteredServicePrincipalAttributeMultifactorAuthenticationPolicyEventResolver(this.authenticationSystemSupport, this.centralAuthenticationService, this.servicesManager, this.ticketRegistrySupport, this.warnCookieGenerator, this.authenticationRequestServiceSelectionStrategies, this.selector);
    }

    @ConditionalOnMissingBean(name = {"registeredServiceAuthenticationPolicyWebflowEventResolver"})
    @RefreshScope
    @Bean
    public CasWebflowEventResolver registeredServiceAuthenticationPolicyWebflowEventResolver() {
        return new RegisteredServiceMultifactorAuthenticationPolicyEventResolver(this.authenticationSystemSupport, this.centralAuthenticationService, this.servicesManager, this.ticketRegistrySupport, this.warnCookieGenerator, this.authenticationRequestServiceSelectionStrategies, this.selector);
    }

    @ConditionalOnMissingBean(name = {"rankedAuthenticationProviderWebflowEventResolver"})
    @RefreshScope
    @Bean
    public CasWebflowEventResolver rankedAuthenticationProviderWebflowEventResolver() {
        return new RankedAuthenticationProviderWebflowEventResolver(this.authenticationSystemSupport, this.centralAuthenticationService, this.servicesManager, this.ticketRegistrySupport, this.warnCookieGenerator, this.authenticationRequestServiceSelectionStrategies, this.selector, this.authenticationContextValidator, initialAuthenticationAttemptWebflowEventResolver());
    }

    @RefreshScope
    @Bean
    public CipherExecutor<byte[], byte[]> webflowCipherExecutor() {
        WebflowProperties webflow = this.casProperties.getWebflow();
        return new WebflowConversationStateCipherExecutor(webflow.getEncryption().getKey(), webflow.getSigning().getKey(), webflow.getAlg(), webflow.getSigning().getKeySize(), webflow.getEncryption().getKeySize());
    }

    @ConditionalOnMissingBean(name = {"clearWebflowCredentialsAction"})
    @RefreshScope
    @Bean
    public Action clearWebflowCredentialsAction() {
        return new ClearWebflowCredentialAction();
    }

    @ConditionalOnMissingBean(name = {"checkWebAuthenticationRequestAction"})
    @RefreshScope
    @Bean
    public Action checkWebAuthenticationRequestAction() {
        return new CheckWebAuthenticationRequestAction(this.casProperties.getAuthn().getMfa().getContentType());
    }

    @ConditionalOnMissingBean(name = {"redirectToServiceAction"})
    @RefreshScope
    @Bean
    public Action redirectToServiceAction() {
        return new RedirectToServiceAction(this.responseBuilderLocator);
    }
}
