package org.apereo.cas.config;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apereo.cas.authentication.AcceptUsersAuthenticationHandler;
import org.apereo.cas.authentication.AllAuthenticationPolicy;
import org.apereo.cas.authentication.AnyAuthenticationPolicy;
import org.apereo.cas.authentication.AuthenticationContextValidator;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationHandlerResolver;
import org.apereo.cas.authentication.AuthenticationManager;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.AuthenticationPolicy;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.AuthenticationTransactionManager;
import org.apereo.cas.authentication.CacheCredentialsMetaDataPopulator;
import org.apereo.cas.authentication.ContextualAuthenticationPolicyFactory;
import org.apereo.cas.authentication.DefaultAuthenticationSystemSupport;
import org.apereo.cas.authentication.DefaultAuthenticationTransactionManager;
import org.apereo.cas.authentication.DefaultPrincipalElectionStrategy;
import org.apereo.cas.authentication.FileTrustStoreSslSocketFactory;
import org.apereo.cas.authentication.NotPreventedAuthenticationPolicy;
import org.apereo.cas.authentication.PolicyBasedAuthenticationManager;
import org.apereo.cas.authentication.PrincipalElectionStrategy;
import org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver;
import org.apereo.cas.authentication.RequiredHandlerAuthenticationPolicy;
import org.apereo.cas.authentication.RequiredHandlerAuthenticationPolicyFactory;
import org.apereo.cas.authentication.SuccessfulHandlerMetaDataPopulator;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationService;
import org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler;
import org.apereo.cas.authentication.handler.support.JaasAuthenticationHandler;
import org.apereo.cas.authentication.principal.BasicPrincipalResolver;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.authentication.principal.PersonDirectoryPrincipalResolver;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.RememberMeAuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.support.PasswordPolicyConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.util.http.SimpleHttpClientFactoryBean;
import org.apereo.cas.web.flow.AuthenticationExceptionHandler;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casCoreAuthenticationConfiguration")
@Order(Integer.MIN_VALUE)
/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-5.0.5.jar:org/apereo/cas/config/CasCoreAuthenticationConfiguration.class */
public class CasCoreAuthenticationConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CasCoreAuthenticationConfiguration.class);
    private static final String BEAN_NAME_HTTP_CLIENT = "supportsTrustStoreSslSocketFactoryHttpClient";

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired(required = false)
    @Qualifier("geoLocationService")
    private GeoLocationService geoLocationService;

    @Autowired(required = false)
    @Qualifier("acceptPasswordPolicyConfiguration")
    private PasswordPolicyConfiguration acceptPasswordPolicyConfiguration;

    @Autowired(required = false)
    @Qualifier("jaasPasswordPolicyConfiguration")
    private PasswordPolicyConfiguration passwordPolicyConfiguration;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("attributeRepository")
    private IPersonAttributeDao attributeRepository;

    @Bean
    public PrincipalFactory jaasPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @Bean
    public AuthenticationExceptionHandler authenticationExceptionHandler() {
        AuthenticationExceptionHandler authenticationExceptionHandler = new AuthenticationExceptionHandler();
        authenticationExceptionHandler.setErrors(this.casProperties.getAuthn().getExceptions().getExceptions());
        return authenticationExceptionHandler;
    }

    @Bean(name = {"authenticationPolicy", "defaultAuthenticationPolicy"})
    public AuthenticationPolicy defaultAuthenticationPolicy() {
        if (!this.casProperties.getAuthn().getPolicy().getReq().isEnabled()) {
            return this.casProperties.getAuthn().getPolicy().getAll().isEnabled() ? new AllAuthenticationPolicy() : this.casProperties.getAuthn().getPolicy().getNotPrevented().isEnabled() ? new NotPreventedAuthenticationPolicy() : new AnyAuthenticationPolicy(this.casProperties.getAuthn().getPolicy().getAny().isTryAll());
        }
        RequiredHandlerAuthenticationPolicy requiredHandlerAuthenticationPolicy = new RequiredHandlerAuthenticationPolicy(this.casProperties.getAuthn().getPolicy().getReq().getHandlerName());
        requiredHandlerAuthenticationPolicy.setTryAll(this.casProperties.getAuthn().getPolicy().getReq().isTryAll());
        return requiredHandlerAuthenticationPolicy;
    }

    @RefreshScope
    @Bean
    public AuthenticationHandler acceptUsersAuthenticationHandler() {
        Pattern compile = Pattern.compile("::");
        AcceptUsersAuthenticationHandler acceptUsersAuthenticationHandler = new AcceptUsersAuthenticationHandler();
        if (StringUtils.isNotBlank(this.casProperties.getAuthn().getAccept().getUsers()) && this.casProperties.getAuthn().getAccept().getUsers().contains(compile.pattern())) {
            Set<String> commaDelimitedListToSet = org.springframework.util.StringUtils.commaDelimitedListToSet(this.casProperties.getAuthn().getAccept().getUsers());
            HashMap hashMap = new HashMap();
            commaDelimitedListToSet.stream().forEach(str -> {
                String[] split = compile.split(str);
                hashMap.put(split[0], split[1]);
            });
            acceptUsersAuthenticationHandler.setUsers(hashMap);
        }
        acceptUsersAuthenticationHandler.setPasswordEncoder(Beans.newPasswordEncoder(this.casProperties.getAuthn().getAccept().getPasswordEncoder()));
        if (this.acceptPasswordPolicyConfiguration != null) {
            acceptUsersAuthenticationHandler.setPasswordPolicyConfiguration(this.acceptPasswordPolicyConfiguration);
        }
        acceptUsersAuthenticationHandler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(this.casProperties.getAuthn().getAccept().getPrincipalTransformation()));
        acceptUsersAuthenticationHandler.setPrincipalFactory(acceptUsersPrincipalFactory());
        acceptUsersAuthenticationHandler.setServicesManager(this.servicesManager);
        return acceptUsersAuthenticationHandler;
    }

    @Bean
    public PrincipalFactory acceptUsersPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @RefreshScope
    @Bean
    public AuthenticationContextValidator authenticationContextValidator() {
        AuthenticationContextValidator authenticationContextValidator = new AuthenticationContextValidator();
        authenticationContextValidator.setAuthenticationContextAttribute(this.casProperties.getAuthn().getMfa().getAuthenticationContextAttribute());
        authenticationContextValidator.setGlobalFailureMode(this.casProperties.getAuthn().getMfa().getGlobalFailureMode());
        return authenticationContextValidator;
    }

    @Bean
    public AuthenticationSystemSupport defaultAuthenticationSystemSupport(@Qualifier("supportsTrustStoreSslSocketFactoryHttpClient") HttpClient httpClient) {
        DefaultAuthenticationSystemSupport defaultAuthenticationSystemSupport = new DefaultAuthenticationSystemSupport();
        defaultAuthenticationSystemSupport.setAuthenticationTransactionManager(defaultAuthenticationTransactionManager(httpClient));
        defaultAuthenticationSystemSupport.setPrincipalElectionStrategy(defaultPrincipalElectionStrategy());
        return defaultAuthenticationSystemSupport;
    }

    @Bean(name = {"defaultAuthenticationTransactionManager", "authenticationTransactionManager"})
    public AuthenticationTransactionManager defaultAuthenticationTransactionManager(@Qualifier("supportsTrustStoreSslSocketFactoryHttpClient") HttpClient httpClient) {
        DefaultAuthenticationTransactionManager defaultAuthenticationTransactionManager = new DefaultAuthenticationTransactionManager();
        defaultAuthenticationTransactionManager.setAuthenticationManager(authenticationManager(httpClient));
        return defaultAuthenticationTransactionManager;
    }

    @Bean(name = {"defaultPrincipalElectionStrategy", "principalElectionStrategy"})
    public PrincipalElectionStrategy defaultPrincipalElectionStrategy() {
        DefaultPrincipalElectionStrategy defaultPrincipalElectionStrategy = new DefaultPrincipalElectionStrategy();
        defaultPrincipalElectionStrategy.setPrincipalFactory(defaultPrincipalFactory());
        return defaultPrincipalElectionStrategy;
    }

    @RefreshScope
    @Bean
    public SSLConnectionSocketFactory trustStoreSslSocketFactory() {
        return new FileTrustStoreSslSocketFactory(this.casProperties.getHttpClient().getTruststore().getFile(), this.casProperties.getHttpClient().getTruststore().getPsw());
    }

    @Bean
    public AuthenticationPolicy notPreventedAuthenticationPolicy() {
        return new NotPreventedAuthenticationPolicy();
    }

    @Bean
    public List authenticationMetadataPopulators() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(successfulHandlerMetaDataPopulator());
        arrayList.add(rememberMeAuthenticationMetaDataPopulator());
        if (this.casProperties.getClearpass().isCacheCredential()) {
            arrayList.add(new CacheCredentialsMetaDataPopulator());
        }
        return arrayList;
    }

    @Bean
    public AuthenticationManager authenticationManager(@Qualifier("supportsTrustStoreSslSocketFactoryHttpClient") HttpClient httpClient) {
        PolicyBasedAuthenticationManager policyBasedAuthenticationManager = new PolicyBasedAuthenticationManager();
        policyBasedAuthenticationManager.setAuthenticationMetaDataPopulators(authenticationMetadataPopulators());
        policyBasedAuthenticationManager.setHandlerResolverMap(authenticationHandlersResolvers(httpClient));
        policyBasedAuthenticationManager.setAuthenticationHandlerResolver(registeredServiceAuthenticationHandlerResolver());
        policyBasedAuthenticationManager.setAuthenticationPolicy(defaultAuthenticationPolicy());
        return policyBasedAuthenticationManager;
    }

    @Bean
    public AuthenticationHandlerResolver registeredServiceAuthenticationHandlerResolver() {
        RegisteredServiceAuthenticationHandlerResolver registeredServiceAuthenticationHandlerResolver = new RegisteredServiceAuthenticationHandlerResolver();
        registeredServiceAuthenticationHandlerResolver.setServicesManager(this.servicesManager);
        return registeredServiceAuthenticationHandlerResolver;
    }

    @Bean
    public ContextualAuthenticationPolicyFactory requiredHandlerAuthenticationPolicyFactory() {
        return new RequiredHandlerAuthenticationPolicyFactory();
    }

    @Bean
    public AuthenticationMetaDataPopulator successfulHandlerMetaDataPopulator() {
        return new SuccessfulHandlerMetaDataPopulator();
    }

    @Bean
    public AuthenticationMetaDataPopulator rememberMeAuthenticationMetaDataPopulator() {
        return new RememberMeAuthenticationMetaDataPopulator();
    }

    @RefreshScope
    @Bean
    public PrincipalResolver personDirectoryPrincipalResolver() {
        PersonDirectoryPrincipalResolver personDirectoryPrincipalResolver = new PersonDirectoryPrincipalResolver();
        personDirectoryPrincipalResolver.setAttributeRepository(this.attributeRepository);
        personDirectoryPrincipalResolver.setPrincipalAttributeName(this.casProperties.getPersonDirectory().getPrincipalAttribute());
        personDirectoryPrincipalResolver.setReturnNullIfNoAttributes(this.casProperties.getPersonDirectory().isReturnNull());
        personDirectoryPrincipalResolver.setPrincipalFactory(defaultPrincipalFactory());
        return personDirectoryPrincipalResolver;
    }

    @ConditionalOnMissingBean(name = {"principalFactory"})
    @Bean(name = {"defaultPrincipalFactory", "principalFactory"})
    public PrincipalFactory defaultPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @Bean
    public PrincipalFactory proxyPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @Bean
    public PrincipalResolver proxyPrincipalResolver() {
        BasicPrincipalResolver basicPrincipalResolver = new BasicPrincipalResolver();
        basicPrincipalResolver.setPrincipalFactory(proxyPrincipalFactory());
        return basicPrincipalResolver;
    }

    @RefreshScope
    @Bean
    public AuthenticationHandler jaasAuthenticationHandler() {
        JaasAuthenticationHandler jaasAuthenticationHandler = new JaasAuthenticationHandler();
        jaasAuthenticationHandler.setKerberosKdcSystemProperty(this.casProperties.getAuthn().getJaas().getKerberosKdcSystemProperty());
        jaasAuthenticationHandler.setKerberosRealmSystemProperty(this.casProperties.getAuthn().getJaas().getKerberosRealmSystemProperty());
        jaasAuthenticationHandler.setRealm(this.casProperties.getAuthn().getJaas().getRealm());
        jaasAuthenticationHandler.setPasswordEncoder(Beans.newPasswordEncoder(this.casProperties.getAuthn().getJaas().getPasswordEncoder()));
        if (this.passwordPolicyConfiguration != null) {
            jaasAuthenticationHandler.setPasswordPolicyConfiguration(this.passwordPolicyConfiguration);
        }
        jaasAuthenticationHandler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(this.casProperties.getAuthn().getJaas().getPrincipalTransformation()));
        jaasAuthenticationHandler.setPrincipalFactory(jaasPrincipalFactory());
        jaasAuthenticationHandler.setServicesManager(this.servicesManager);
        return jaasAuthenticationHandler;
    }

    @Autowired
    @Bean
    public AuthenticationHandler proxyAuthenticationHandler(@Qualifier("supportsTrustStoreSslSocketFactoryHttpClient") HttpClient httpClient) {
        HttpBasedServiceCredentialsAuthenticationHandler httpBasedServiceCredentialsAuthenticationHandler = new HttpBasedServiceCredentialsAuthenticationHandler();
        httpBasedServiceCredentialsAuthenticationHandler.setHttpClient(httpClient);
        httpBasedServiceCredentialsAuthenticationHandler.setPrincipalFactory(proxyPrincipalFactory());
        httpBasedServiceCredentialsAuthenticationHandler.setServicesManager(this.servicesManager);
        return httpBasedServiceCredentialsAuthenticationHandler;
    }

    @ConditionalOnMissingBean(name = {"authenticationHandlersResolvers"})
    @Bean
    public Map authenticationHandlersResolvers(@Qualifier("supportsTrustStoreSslSocketFactoryHttpClient") HttpClient httpClient) {
        HashMap hashMap = new HashMap();
        hashMap.put(proxyAuthenticationHandler(httpClient), proxyPrincipalResolver());
        if (StringUtils.isNotBlank(this.casProperties.getAuthn().getJaas().getRealm())) {
            hashMap.put(jaasAuthenticationHandler(), personDirectoryPrincipalResolver());
        }
        return hashMap;
    }

    @Bean
    public SimpleHttpClientFactoryBean.DefaultHttpClient httpClient() {
        SimpleHttpClientFactoryBean.DefaultHttpClient defaultHttpClient = new SimpleHttpClientFactoryBean.DefaultHttpClient();
        defaultHttpClient.setConnectionTimeout(this.casProperties.getHttpClient().getConnectionTimeout());
        defaultHttpClient.setReadTimeout(this.casProperties.getHttpClient().getReadTimeout());
        return defaultHttpClient;
    }

    @Bean
    public HttpClient noRedirectHttpClient() throws Exception {
        SimpleHttpClientFactoryBean.DefaultHttpClient defaultHttpClient = new SimpleHttpClientFactoryBean.DefaultHttpClient();
        defaultHttpClient.setConnectionTimeout(this.casProperties.getHttpClient().getConnectionTimeout());
        defaultHttpClient.setReadTimeout(this.casProperties.getHttpClient().getReadTimeout());
        defaultHttpClient.setRedirectsEnabled(false);
        defaultHttpClient.setCircularRedirectsAllowed(false);
        defaultHttpClient.setSslSocketFactory(trustStoreSslSocketFactory());
        return defaultHttpClient.getObject2();
    }

    @Bean
    public HttpClient supportsTrustStoreSslSocketFactoryHttpClient() throws Exception {
        SimpleHttpClientFactoryBean.DefaultHttpClient defaultHttpClient = new SimpleHttpClientFactoryBean.DefaultHttpClient();
        defaultHttpClient.setConnectionTimeout(this.casProperties.getHttpClient().getConnectionTimeout());
        defaultHttpClient.setReadTimeout(this.casProperties.getHttpClient().getReadTimeout());
        defaultHttpClient.setSslSocketFactory(trustStoreSslSocketFactory());
        return defaultHttpClient.getObject2();
    }

    @Bean
    public AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy() {
        DefaultAdaptiveAuthenticationPolicy defaultAdaptiveAuthenticationPolicy = new DefaultAdaptiveAuthenticationPolicy();
        defaultAdaptiveAuthenticationPolicy.setGeoLocationService(this.geoLocationService);
        defaultAdaptiveAuthenticationPolicy.setAdaptiveAuthenticationProperties(this.casProperties.getAuthn().getAdaptive());
        return defaultAdaptiveAuthenticationPolicy;
    }
}
