package org.apereo.cas.config;

import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationService;
import org.apereo.cas.authentication.bypass.AuthenticationMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.ChainingMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.CredentialMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider;
import org.apereo.cas.authentication.bypass.GroovyMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.HttpRequestMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.MultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.NeverAllowMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.PrincipalMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.RestMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.MultifactorAuthentication}, module = "duo")
/* loaded from: input_file:org/apereo/cas/config/DuoSecurityMultifactorProviderBypassConfiguration.class */
public class DuoSecurityMultifactorProviderBypassConfiguration {
    @ConditionalOnMissingBean(name = {"duoSecurityBypassEvaluator"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public ChainingMultifactorAuthenticationProviderBypassEvaluator duoSecurityBypassEvaluator(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("duoSecurityRegisteredServiceMultifactorAuthenticationProviderBypass") MultifactorAuthenticationProviderBypassEvaluator multifactorAuthenticationProviderBypassEvaluator, @Qualifier("duoSecurityRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator") MultifactorAuthenticationProviderBypassEvaluator multifactorAuthenticationProviderBypassEvaluator2, @Qualifier("duoSecurityPrincipalMultifactorAuthenticationProviderBypass") MultifactorAuthenticationProviderBypassEvaluator multifactorAuthenticationProviderBypassEvaluator3, @Qualifier("duoSecurityAuthenticationMultifactorAuthenticationProviderBypass") MultifactorAuthenticationProviderBypassEvaluator multifactorAuthenticationProviderBypassEvaluator4, @Qualifier("duoSecurityCredentialMultifactorAuthenticationProviderBypass") MultifactorAuthenticationProviderBypassEvaluator multifactorAuthenticationProviderBypassEvaluator5, @Qualifier("duoSecurityHttpRequestMultifactorAuthenticationProviderBypass") MultifactorAuthenticationProviderBypassEvaluator multifactorAuthenticationProviderBypassEvaluator6, @Qualifier("duoSecurityGroovyMultifactorAuthenticationProviderBypass") MultifactorAuthenticationProviderBypassEvaluator multifactorAuthenticationProviderBypassEvaluator7, @Qualifier("duoSecurityRestMultifactorAuthenticationProviderBypass") MultifactorAuthenticationProviderBypassEvaluator multifactorAuthenticationProviderBypassEvaluator8) {
        return (ChainingMultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(ChainingMultifactorAuthenticationProviderBypassEvaluator.class).when(DuoSecurityAuthenticationService.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            DefaultChainingMultifactorAuthenticationBypassProvider defaultChainingMultifactorAuthenticationBypassProvider = new DefaultChainingMultifactorAuthenticationBypassProvider();
            defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassEvaluator);
            defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassEvaluator2);
            defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassEvaluator3);
            defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassEvaluator4);
            defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassEvaluator5);
            defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassEvaluator6);
            defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassEvaluator7);
            defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassEvaluator8);
            return defaultChainingMultifactorAuthenticationBypassProvider;
        }).otherwise(DefaultChainingMultifactorAuthenticationBypassProvider::new).get();
    }

    @ConditionalOnMissingBean(name = {"duoSecurityRestMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator duoSecurityRestMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(DuoSecurityAuthenticationService.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            List duo = casConfigurationProperties.getAuthn().getMfa().getDuo();
            DefaultChainingMultifactorAuthenticationBypassProvider defaultChainingMultifactorAuthenticationBypassProvider = new DefaultChainingMultifactorAuthenticationBypassProvider();
            duo.stream().filter(duoSecurityMultifactorAuthenticationProperties -> {
                return StringUtils.isNotBlank(duoSecurityMultifactorAuthenticationProperties.getBypass().getRest().getUrl());
            }).forEach(duoSecurityMultifactorAuthenticationProperties2 -> {
                defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(new RestMultifactorAuthenticationProviderBypassEvaluator(duoSecurityMultifactorAuthenticationProperties2.getBypass(), duoSecurityMultifactorAuthenticationProperties2.getId()));
            });
            return defaultChainingMultifactorAuthenticationBypassProvider.isEmpty() ? NeverAllowMultifactorAuthenticationProviderBypassEvaluator.getInstance() : defaultChainingMultifactorAuthenticationBypassProvider;
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"duoSecurityGroovyMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator duoSecurityGroovyMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(DuoSecurityAuthenticationService.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            List duo = casConfigurationProperties.getAuthn().getMfa().getDuo();
            DefaultChainingMultifactorAuthenticationBypassProvider defaultChainingMultifactorAuthenticationBypassProvider = new DefaultChainingMultifactorAuthenticationBypassProvider();
            duo.stream().filter(duoSecurityMultifactorAuthenticationProperties -> {
                return duoSecurityMultifactorAuthenticationProperties.getBypass().getGroovy().getLocation() != null;
            }).forEach(duoSecurityMultifactorAuthenticationProperties2 -> {
                defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(new GroovyMultifactorAuthenticationProviderBypassEvaluator(duoSecurityMultifactorAuthenticationProperties2.getBypass(), duoSecurityMultifactorAuthenticationProperties2.getId()));
            });
            return defaultChainingMultifactorAuthenticationBypassProvider.isEmpty() ? NeverAllowMultifactorAuthenticationProviderBypassEvaluator.getInstance() : defaultChainingMultifactorAuthenticationBypassProvider;
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"duoSecurityHttpRequestMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator duoSecurityHttpRequestMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(DuoSecurityAuthenticationService.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            List duo = casConfigurationProperties.getAuthn().getMfa().getDuo();
            DefaultChainingMultifactorAuthenticationBypassProvider defaultChainingMultifactorAuthenticationBypassProvider = new DefaultChainingMultifactorAuthenticationBypassProvider();
            duo.stream().filter(duoSecurityMultifactorAuthenticationProperties -> {
                MultifactorAuthenticationProviderBypassProperties bypass = duoSecurityMultifactorAuthenticationProperties.getBypass();
                return StringUtils.isNotBlank(bypass.getHttpRequestHeaders()) || StringUtils.isNotBlank(bypass.getHttpRequestRemoteAddress());
            }).forEach(duoSecurityMultifactorAuthenticationProperties2 -> {
                defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(new HttpRequestMultifactorAuthenticationProviderBypassEvaluator(duoSecurityMultifactorAuthenticationProperties2.getBypass(), duoSecurityMultifactorAuthenticationProperties2.getId()));
            });
            return defaultChainingMultifactorAuthenticationBypassProvider.isEmpty() ? NeverAllowMultifactorAuthenticationProviderBypassEvaluator.getInstance() : defaultChainingMultifactorAuthenticationBypassProvider;
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"duoSecurityCredentialMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator duoSecurityCredentialMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(DuoSecurityAuthenticationService.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            List duo = casConfigurationProperties.getAuthn().getMfa().getDuo();
            DefaultChainingMultifactorAuthenticationBypassProvider defaultChainingMultifactorAuthenticationBypassProvider = new DefaultChainingMultifactorAuthenticationBypassProvider();
            duo.stream().filter(duoSecurityMultifactorAuthenticationProperties -> {
                return StringUtils.isNotBlank(duoSecurityMultifactorAuthenticationProperties.getBypass().getCredentialClassType());
            }).forEach(duoSecurityMultifactorAuthenticationProperties2 -> {
                defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(new CredentialMultifactorAuthenticationProviderBypassEvaluator(duoSecurityMultifactorAuthenticationProperties2.getBypass(), duoSecurityMultifactorAuthenticationProperties2.getId()));
            });
            return defaultChainingMultifactorAuthenticationBypassProvider.isEmpty() ? NeverAllowMultifactorAuthenticationProviderBypassEvaluator.getInstance() : defaultChainingMultifactorAuthenticationBypassProvider;
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"duoSecurityRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator duoSecurityRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(DuoSecurityAuthenticationService.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            List duo = casConfigurationProperties.getAuthn().getMfa().getDuo();
            DefaultChainingMultifactorAuthenticationBypassProvider defaultChainingMultifactorAuthenticationBypassProvider = new DefaultChainingMultifactorAuthenticationBypassProvider();
            duo.forEach(duoSecurityMultifactorAuthenticationProperties -> {
                defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(new RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator(duoSecurityMultifactorAuthenticationProperties.getId()));
            });
            return defaultChainingMultifactorAuthenticationBypassProvider.isEmpty() ? NeverAllowMultifactorAuthenticationProviderBypassEvaluator.getInstance() : defaultChainingMultifactorAuthenticationBypassProvider;
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"duoSecurityRegisteredServiceMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator duoSecurityRegisteredServiceMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(DuoSecurityAuthenticationService.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            List duo = casConfigurationProperties.getAuthn().getMfa().getDuo();
            DefaultChainingMultifactorAuthenticationBypassProvider defaultChainingMultifactorAuthenticationBypassProvider = new DefaultChainingMultifactorAuthenticationBypassProvider();
            duo.forEach(duoSecurityMultifactorAuthenticationProperties -> {
                defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(new RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator(duoSecurityMultifactorAuthenticationProperties.getId()));
            });
            return defaultChainingMultifactorAuthenticationBypassProvider;
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"duoSecurityPrincipalMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator duoSecurityPrincipalMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(DuoSecurityAuthenticationService.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            List duo = casConfigurationProperties.getAuthn().getMfa().getDuo();
            DefaultChainingMultifactorAuthenticationBypassProvider defaultChainingMultifactorAuthenticationBypassProvider = new DefaultChainingMultifactorAuthenticationBypassProvider();
            duo.stream().filter(duoSecurityMultifactorAuthenticationProperties -> {
                return StringUtils.isNotBlank(duoSecurityMultifactorAuthenticationProperties.getBypass().getPrincipalAttributeName());
            }).forEach(duoSecurityMultifactorAuthenticationProperties2 -> {
                defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(new PrincipalMultifactorAuthenticationProviderBypassEvaluator(duoSecurityMultifactorAuthenticationProperties2.getBypass(), duoSecurityMultifactorAuthenticationProperties2.getId()));
            });
            return defaultChainingMultifactorAuthenticationBypassProvider.isEmpty() ? NeverAllowMultifactorAuthenticationProviderBypassEvaluator.getInstance() : defaultChainingMultifactorAuthenticationBypassProvider;
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"duoSecurityAuthenticationMultifactorAuthenticationProviderBypass"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MultifactorAuthenticationProviderBypassEvaluator duoSecurityAuthenticationMultifactorAuthenticationProviderBypass(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (MultifactorAuthenticationProviderBypassEvaluator) BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(DuoSecurityAuthenticationService.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            List duo = casConfigurationProperties.getAuthn().getMfa().getDuo();
            DefaultChainingMultifactorAuthenticationBypassProvider defaultChainingMultifactorAuthenticationBypassProvider = new DefaultChainingMultifactorAuthenticationBypassProvider();
            duo.stream().filter(duoSecurityMultifactorAuthenticationProperties -> {
                MultifactorAuthenticationProviderBypassProperties bypass = duoSecurityMultifactorAuthenticationProperties.getBypass();
                return StringUtils.isNotBlank(bypass.getAuthenticationAttributeName()) || StringUtils.isNotBlank(bypass.getAuthenticationHandlerName()) || StringUtils.isNotBlank(bypass.getAuthenticationMethodName());
            }).forEach(duoSecurityMultifactorAuthenticationProperties2 -> {
                defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(new AuthenticationMultifactorAuthenticationProviderBypassEvaluator(duoSecurityMultifactorAuthenticationProperties2.getBypass(), duoSecurityMultifactorAuthenticationProperties2.getId()));
            });
            return defaultChainingMultifactorAuthenticationBypassProvider.isEmpty() ? NeverAllowMultifactorAuthenticationProviderBypassEvaluator.getInstance() : defaultChainingMultifactorAuthenticationBypassProvider;
        }).otherwiseProxy().get();
    }
}
