package org.apereo.cas.adaptors.jdbc.config;

import com.google.common.collect.Multimap;
import java.util.Collection;
import java.util.HashSet;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.adaptors.jdbc.AbstractJdbcUsernamePasswordAuthenticationHandler;
import org.apereo.cas.adaptors.jdbc.BindModeSearchDatabaseAuthenticationHandler;
import org.apereo.cas.adaptors.jdbc.QueryAndEncodeDatabaseAuthenticationHandler;
import org.apereo.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler;
import org.apereo.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalNameTransformerUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.support.password.PasswordEncoderUtils;
import org.apereo.cas.authentication.support.password.PasswordPolicyContext;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.jdbc.JdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.authn.BaseJdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.authn.BindJdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.authn.QueryEncodeJdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.authn.QueryJdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.authn.SearchJdbcAuthenticationProperties;
import org.apereo.cas.configuration.support.JpaBeans;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "CasJdbcAuthenticationConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:org/apereo/cas/adaptors/jdbc/config/CasJdbcAuthenticationConfiguration.class */
public class CasJdbcAuthenticationConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CasJdbcAuthenticationConfiguration.class);

    private static AuthenticationHandler searchModeSearchDatabaseAuthenticationHandler(SearchJdbcAuthenticationProperties searchJdbcAuthenticationProperties, PasswordPolicyContext passwordPolicyContext, ConfigurableApplicationContext configurableApplicationContext, PrincipalFactory principalFactory, ServicesManager servicesManager) {
        SearchModeSearchDatabaseAuthenticationHandler searchModeSearchDatabaseAuthenticationHandler = new SearchModeSearchDatabaseAuthenticationHandler(searchJdbcAuthenticationProperties, servicesManager, principalFactory, JpaBeans.newDataSource(searchJdbcAuthenticationProperties));
        configureJdbcAuthenticationHandler(searchModeSearchDatabaseAuthenticationHandler, passwordPolicyContext, searchJdbcAuthenticationProperties, configurableApplicationContext);
        return searchModeSearchDatabaseAuthenticationHandler;
    }

    private static void configureJdbcAuthenticationHandler(AbstractJdbcUsernamePasswordAuthenticationHandler abstractJdbcUsernamePasswordAuthenticationHandler, PasswordPolicyContext passwordPolicyContext, BaseJdbcAuthenticationProperties baseJdbcAuthenticationProperties, ConfigurableApplicationContext configurableApplicationContext) {
        abstractJdbcUsernamePasswordAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(baseJdbcAuthenticationProperties.getPasswordEncoder(), configurableApplicationContext));
        abstractJdbcUsernamePasswordAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(baseJdbcAuthenticationProperties.getPrincipalTransformation()));
        abstractJdbcUsernamePasswordAuthenticationHandler.setPasswordPolicyConfiguration(passwordPolicyContext);
        abstractJdbcUsernamePasswordAuthenticationHandler.setState(baseJdbcAuthenticationProperties.getState());
        if (StringUtils.isNotBlank(baseJdbcAuthenticationProperties.getCredentialCriteria())) {
            abstractJdbcUsernamePasswordAuthenticationHandler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(baseJdbcAuthenticationProperties.getCredentialCriteria()));
        }
        LOGGER.trace("Configured authentication handler [{}] to handle database url at [{}]", abstractJdbcUsernamePasswordAuthenticationHandler.getName(), baseJdbcAuthenticationProperties.getName());
    }

    private static AuthenticationHandler queryAndEncodeDatabaseAuthenticationHandler(QueryEncodeJdbcAuthenticationProperties queryEncodeJdbcAuthenticationProperties, PasswordPolicyContext passwordPolicyContext, ConfigurableApplicationContext configurableApplicationContext, PrincipalFactory principalFactory, ServicesManager servicesManager) {
        QueryAndEncodeDatabaseAuthenticationHandler queryAndEncodeDatabaseAuthenticationHandler = new QueryAndEncodeDatabaseAuthenticationHandler(queryEncodeJdbcAuthenticationProperties, servicesManager, principalFactory, JpaBeans.newDataSource(queryEncodeJdbcAuthenticationProperties));
        configureJdbcAuthenticationHandler(queryAndEncodeDatabaseAuthenticationHandler, passwordPolicyContext, queryEncodeJdbcAuthenticationProperties, configurableApplicationContext);
        return queryAndEncodeDatabaseAuthenticationHandler;
    }

    private static AuthenticationHandler queryDatabaseAuthenticationHandler(QueryJdbcAuthenticationProperties queryJdbcAuthenticationProperties, PasswordPolicyContext passwordPolicyContext, ConfigurableApplicationContext configurableApplicationContext, PrincipalFactory principalFactory, ServicesManager servicesManager) {
        Multimap transformPrincipalAttributesListIntoMultiMap = CoreAuthenticationUtils.transformPrincipalAttributesListIntoMultiMap(queryJdbcAuthenticationProperties.getPrincipalAttributeList());
        LOGGER.trace("Created and mapped principal attributes [{}] for [{}]...", transformPrincipalAttributesListIntoMultiMap, queryJdbcAuthenticationProperties.getName());
        QueryDatabaseAuthenticationHandler queryDatabaseAuthenticationHandler = new QueryDatabaseAuthenticationHandler(queryJdbcAuthenticationProperties, servicesManager, principalFactory, JpaBeans.newDataSource(queryJdbcAuthenticationProperties), CollectionUtils.wrap(transformPrincipalAttributesListIntoMultiMap));
        configureJdbcAuthenticationHandler(queryDatabaseAuthenticationHandler, passwordPolicyContext, queryJdbcAuthenticationProperties, configurableApplicationContext);
        return queryDatabaseAuthenticationHandler;
    }

    private static AuthenticationHandler bindModeSearchDatabaseAuthenticationHandler(BindJdbcAuthenticationProperties bindJdbcAuthenticationProperties, PasswordPolicyContext passwordPolicyContext, ConfigurableApplicationContext configurableApplicationContext, PrincipalFactory principalFactory, ServicesManager servicesManager) {
        BindModeSearchDatabaseAuthenticationHandler bindModeSearchDatabaseAuthenticationHandler = new BindModeSearchDatabaseAuthenticationHandler(bindJdbcAuthenticationProperties.getName(), servicesManager, principalFactory, Integer.valueOf(bindJdbcAuthenticationProperties.getOrder()), JpaBeans.newDataSource(bindJdbcAuthenticationProperties));
        configureJdbcAuthenticationHandler(bindModeSearchDatabaseAuthenticationHandler, passwordPolicyContext, bindJdbcAuthenticationProperties, configurableApplicationContext);
        return bindModeSearchDatabaseAuthenticationHandler;
    }

    @ConditionalOnMissingBean(name = {"jdbcAuthenticationHandlers"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Collection<AuthenticationHandler> jdbcAuthenticationHandlers(@Qualifier("queryPasswordPolicyConfiguration") PasswordPolicyContext passwordPolicyContext, @Qualifier("searchModePasswordPolicyConfiguration") PasswordPolicyContext passwordPolicyContext2, @Qualifier("bindSearchPasswordPolicyConfiguration") PasswordPolicyContext passwordPolicyContext3, @Qualifier("queryAndEncodePasswordPolicyConfiguration") PasswordPolicyContext passwordPolicyContext4, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("jdbcPrincipalFactory") PrincipalFactory principalFactory, CasConfigurationProperties casConfigurationProperties) {
        HashSet hashSet = new HashSet();
        JdbcAuthenticationProperties jdbc = casConfigurationProperties.getAuthn().getJdbc();
        jdbc.getBind().forEach(bindJdbcAuthenticationProperties -> {
            hashSet.add(bindModeSearchDatabaseAuthenticationHandler(bindJdbcAuthenticationProperties, passwordPolicyContext3, configurableApplicationContext, principalFactory, servicesManager));
        });
        jdbc.getEncode().forEach(queryEncodeJdbcAuthenticationProperties -> {
            hashSet.add(queryAndEncodeDatabaseAuthenticationHandler(queryEncodeJdbcAuthenticationProperties, passwordPolicyContext4, configurableApplicationContext, principalFactory, servicesManager));
        });
        jdbc.getQuery().forEach(queryJdbcAuthenticationProperties -> {
            hashSet.add(queryDatabaseAuthenticationHandler(queryJdbcAuthenticationProperties, passwordPolicyContext, configurableApplicationContext, principalFactory, servicesManager));
        });
        jdbc.getSearch().forEach(searchJdbcAuthenticationProperties -> {
            hashSet.add(searchModeSearchDatabaseAuthenticationHandler(searchJdbcAuthenticationProperties, passwordPolicyContext2, configurableApplicationContext, principalFactory, servicesManager));
        });
        return hashSet;
    }

    @ConditionalOnMissingBean(name = {"jdbcPrincipalFactory"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PrincipalFactory jdbcPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"queryAndEncodePasswordPolicyConfiguration"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PasswordPolicyContext queryAndEncodePasswordPolicyConfiguration() {
        return new PasswordPolicyContext();
    }

    @ConditionalOnMissingBean(name = {"searchModePasswordPolicyConfiguration"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PasswordPolicyContext searchModePasswordPolicyConfiguration() {
        return new PasswordPolicyContext();
    }

    @ConditionalOnMissingBean(name = {"queryPasswordPolicyConfiguration"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PasswordPolicyContext queryPasswordPolicyConfiguration() {
        return new PasswordPolicyContext();
    }

    @ConditionalOnMissingBean(name = {"bindSearchPasswordPolicyConfiguration"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PasswordPolicyContext bindSearchPasswordPolicyConfiguration() {
        return new PasswordPolicyContext();
    }

    @ConditionalOnMissingBean(name = {"jdbcAuthenticationEventExecutionPlanConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AuthenticationEventExecutionPlanConfigurer jdbcAuthenticationEventExecutionPlanConfigurer(@Qualifier("jdbcAuthenticationHandlers") Collection<AuthenticationHandler> collection, @Qualifier("defaultPrincipalResolver") PrincipalResolver principalResolver) {
        return authenticationEventExecutionPlan -> {
            collection.forEach(authenticationHandler -> {
                authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(authenticationHandler, principalResolver);
            });
        };
    }
}
