package org.apereo.cas.config;

import java.util.HashSet;
import lombok.Generated;
import org.apereo.cas.api.AuthenticationRequestRiskCalculator;
import org.apereo.cas.api.AuthenticationRiskContingencyPlan;
import org.apereo.cas.api.AuthenticationRiskEvaluator;
import org.apereo.cas.api.AuthenticationRiskMitigator;
import org.apereo.cas.api.AuthenticationRiskNotifier;
import org.apereo.cas.audit.AuditTrailRecordResolutionPlanConfigurer;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.authentication.RiskBasedAuthenticationProperties;
import org.apereo.cas.impl.calcs.DateTimeAuthenticationRequestRiskCalculator;
import org.apereo.cas.impl.calcs.GeoLocationAuthenticationRequestRiskCalculator;
import org.apereo.cas.impl.calcs.IpAddressAuthenticationRequestRiskCalculator;
import org.apereo.cas.impl.calcs.UserAgentAuthenticationRequestRiskCalculator;
import org.apereo.cas.impl.engine.DefaultAuthenticationRiskEvaluator;
import org.apereo.cas.impl.engine.DefaultAuthenticationRiskMitigator;
import org.apereo.cas.impl.notify.AuthenticationRiskEmailNotifier;
import org.apereo.cas.impl.notify.AuthenticationRiskSmsNotifier;
import org.apereo.cas.impl.plans.BaseAuthenticationRiskContingencyPlan;
import org.apereo.cas.impl.plans.BlockAuthenticationContingencyPlan;
import org.apereo.cas.impl.plans.MultifactorAuthenticationContingencyPlan;
import org.apereo.cas.notifications.CommunicationsManager;
import org.apereo.cas.support.events.CasEventRepository;
import org.apereo.inspektr.audit.spi.AuditResourceResolver;
import org.apereo.inspektr.audit.spi.support.DefaultAuditActionResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.scheduling.annotation.EnableScheduling;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@EnableScheduling
@Configuration("electronicFenceConfiguration")
/* loaded from: input_file:org/apereo/cas/config/ElectronicFenceConfiguration.class */
public class ElectronicFenceConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(ElectronicFenceConfiguration.class);

    @Autowired
    @Qualifier("geoLocationService")
    private ObjectProvider<GeoLocationService> geoLocationService;

    @Autowired
    @Qualifier("returnValueResourceResolver")
    private ObjectProvider<AuditResourceResolver> returnValueResourceResolver;

    @Autowired
    @Qualifier("communicationsManager")
    private ObjectProvider<CommunicationsManager> communicationsManager;

    @Autowired
    @Qualifier("casEventRepository")
    private ObjectProvider<CasEventRepository> casEventRepository;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Autowired
    private CasConfigurationProperties casProperties;

    @ConditionalOnMissingBean(name = {"authenticationRiskEmailNotifier"})
    @RefreshScope
    @Bean
    public AuthenticationRiskNotifier authenticationRiskEmailNotifier() {
        return new AuthenticationRiskEmailNotifier(this.casProperties, (CommunicationsManager) this.communicationsManager.getObject());
    }

    @ConditionalOnMissingBean(name = {"authenticationRiskSmsNotifier"})
    @RefreshScope
    @Bean
    public AuthenticationRiskNotifier authenticationRiskSmsNotifier() {
        return new AuthenticationRiskSmsNotifier(this.casProperties, (CommunicationsManager) this.communicationsManager.getObject());
    }

    @ConditionalOnMissingBean(name = {"blockAuthenticationContingencyPlan"})
    @RefreshScope
    @Bean
    public AuthenticationRiskContingencyPlan blockAuthenticationContingencyPlan() {
        BlockAuthenticationContingencyPlan blockAuthenticationContingencyPlan = new BlockAuthenticationContingencyPlan(this.casProperties, this.applicationContext);
        configureContingencyPlan(blockAuthenticationContingencyPlan);
        return blockAuthenticationContingencyPlan;
    }

    @ConditionalOnMissingBean(name = {"multifactorAuthenticationContingencyPlan"})
    @RefreshScope
    @Bean
    public AuthenticationRiskContingencyPlan multifactorAuthenticationContingencyPlan() {
        MultifactorAuthenticationContingencyPlan multifactorAuthenticationContingencyPlan = new MultifactorAuthenticationContingencyPlan(this.casProperties, this.applicationContext);
        configureContingencyPlan(multifactorAuthenticationContingencyPlan);
        return multifactorAuthenticationContingencyPlan;
    }

    @ConditionalOnMissingBean(name = {"authenticationRiskMitigator"})
    @RefreshScope
    @Bean
    public AuthenticationRiskMitigator authenticationRiskMitigator() {
        return this.casProperties.getAuthn().getAdaptive().getRisk().getResponse().isBlockAttempt() ? new DefaultAuthenticationRiskMitigator(blockAuthenticationContingencyPlan()) : new DefaultAuthenticationRiskMitigator(multifactorAuthenticationContingencyPlan());
    }

    @ConditionalOnMissingBean(name = {"ipAddressAuthenticationRequestRiskCalculator"})
    @RefreshScope
    @Bean
    public AuthenticationRequestRiskCalculator ipAddressAuthenticationRequestRiskCalculator() {
        return new IpAddressAuthenticationRequestRiskCalculator((CasEventRepository) this.casEventRepository.getObject(), this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"userAgentAuthenticationRequestRiskCalculator"})
    @RefreshScope
    @Bean
    public AuthenticationRequestRiskCalculator userAgentAuthenticationRequestRiskCalculator() {
        return new UserAgentAuthenticationRequestRiskCalculator((CasEventRepository) this.casEventRepository.getObject(), this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"dateTimeAuthenticationRequestRiskCalculator"})
    @RefreshScope
    @Bean
    public AuthenticationRequestRiskCalculator dateTimeAuthenticationRequestRiskCalculator() {
        return new DateTimeAuthenticationRequestRiskCalculator((CasEventRepository) this.casEventRepository.getObject(), this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"geoLocationAuthenticationRequestRiskCalculator"})
    @RefreshScope
    @Bean
    public AuthenticationRequestRiskCalculator geoLocationAuthenticationRequestRiskCalculator() {
        return new GeoLocationAuthenticationRequestRiskCalculator((CasEventRepository) this.casEventRepository.getObject(), this.casProperties, (GeoLocationService) this.geoLocationService.getIfAvailable());
    }

    @ConditionalOnMissingBean(name = {"authenticationRiskEvaluator"})
    @RefreshScope
    @Bean
    public AuthenticationRiskEvaluator authenticationRiskEvaluator() {
        RiskBasedAuthenticationProperties risk = this.casProperties.getAuthn().getAdaptive().getRisk();
        HashSet hashSet = new HashSet();
        if (risk.getIp().isEnabled()) {
            hashSet.add(ipAddressAuthenticationRequestRiskCalculator());
        }
        if (risk.getAgent().isEnabled()) {
            hashSet.add(userAgentAuthenticationRequestRiskCalculator());
        }
        if (risk.getDateTime().isEnabled()) {
            hashSet.add(dateTimeAuthenticationRequestRiskCalculator());
        }
        if (risk.getGeoLocation().isEnabled()) {
            hashSet.add(geoLocationAuthenticationRequestRiskCalculator());
        }
        if (hashSet.isEmpty()) {
            LOGGER.warn("No risk calculators are defined to examine authentication requests");
        }
        return new DefaultAuthenticationRiskEvaluator(hashSet);
    }

    @ConditionalOnMissingBean(name = {"casElectrofenceAuditTrailRecordResolutionPlanConfigurer"})
    @Bean
    public AuditTrailRecordResolutionPlanConfigurer casElectrofenceAuditTrailRecordResolutionPlanConfigurer() {
        return auditTrailRecordResolutionPlan -> {
            auditTrailRecordResolutionPlan.registerAuditActionResolver("ADAPTIVE_RISKY_AUTHENTICATION_ACTION_RESOLVER", new DefaultAuditActionResolver());
            auditTrailRecordResolutionPlan.registerAuditResourceResolver("ADAPTIVE_RISKY_AUTHENTICATION_RESOURCE_RESOLVER", (AuditResourceResolver) this.returnValueResourceResolver.getObject());
        };
    }

    private void configureContingencyPlan(BaseAuthenticationRiskContingencyPlan baseAuthenticationRiskContingencyPlan) {
        RiskBasedAuthenticationProperties.Response response = this.casProperties.getAuthn().getAdaptive().getRisk().getResponse();
        if (response.getMail().isDefined()) {
            baseAuthenticationRiskContingencyPlan.getNotifiers().add(authenticationRiskEmailNotifier());
        }
        if (response.getSms().isDefined()) {
            baseAuthenticationRiskContingencyPlan.getNotifiers().add(authenticationRiskSmsNotifier());
        }
    }
}
