package org.apereo.cas.config;

import org.apereo.cas.adaptors.generic.remote.RemoteAddressAuthenticationHandler;
import org.apereo.cas.adaptors.generic.remote.RemoteAddressNonInteractiveCredentialsAction;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.support.generic.RemoteAddressAuthenticationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.RemoteAddressWebflowConfigurer;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = CasFeatureModule.FeatureCatalog.Authentication, module = "remote")
/* loaded from: input_file:org/apereo/cas/config/CasRemoteAuthenticationConfiguration.class */
public class CasRemoteAuthenticationConfiguration {
    @ConditionalOnMissingBean(name = {"remoteAddressWebflowConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasWebflowConfigurer remoteAddressWebflowConfigurer(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices) {
        return new RemoteAddressWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
    }

    @ConditionalOnMissingBean(name = {"remoteAddressAuthenticationHandler"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthenticationHandler remoteAddressAuthenticationHandler(CasConfigurationProperties casConfigurationProperties, @Qualifier("remoteAddressPrincipalFactory") PrincipalFactory principalFactory, @Qualifier("servicesManager") ServicesManager servicesManager) {
        RemoteAddressAuthenticationProperties remoteAddress = casConfigurationProperties.getAuthn().getRemoteAddress();
        RemoteAddressAuthenticationHandler remoteAddressAuthenticationHandler = new RemoteAddressAuthenticationHandler(remoteAddress.getName(), servicesManager, principalFactory, remoteAddress.getOrder());
        remoteAddressAuthenticationHandler.configureIpNetworkRange(remoteAddress.getIpAddressRange());
        return remoteAddressAuthenticationHandler;
    }

    @ConditionalOnMissingBean(name = {"remoteAddressCheck"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action remoteAddressCheck(@Qualifier("adaptiveAuthenticationPolicy") AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy, @Qualifier("serviceTicketRequestWebflowEventResolver") CasWebflowEventResolver casWebflowEventResolver, @Qualifier("initialAuthenticationAttemptWebflowEventResolver") CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver) {
        return new RemoteAddressNonInteractiveCredentialsAction(casDelegatingWebflowEventResolver, casWebflowEventResolver, adaptiveAuthenticationPolicy);
    }

    @ConditionalOnMissingBean(name = {"remoteAddressPrincipalFactory"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PrincipalFactory remoteAddressPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"remoteAddressAuthenticationEventExecutionPlanConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthenticationEventExecutionPlanConfigurer remoteAddressAuthenticationEventExecutionPlanConfigurer(@Qualifier("remoteAddressAuthenticationHandler") AuthenticationHandler authenticationHandler, @Qualifier("defaultPrincipalResolver") PrincipalResolver principalResolver) {
        return authenticationEventExecutionPlan -> {
            authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(authenticationHandler, principalResolver);
        };
    }

    @ConditionalOnMissingBean(name = {"remoteCasWebflowExecutionPlanConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasWebflowExecutionPlanConfigurer remoteCasWebflowExecutionPlanConfigurer(@Qualifier("remoteAddressWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
        return casWebflowExecutionPlan -> {
            casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
        };
    }
}
