package org.apereo.cas.config;

import java.util.List;
import org.apereo.cas.api.PasswordlessRequestParser;
import org.apereo.cas.api.PasswordlessTokenRepository;
import org.apereo.cas.api.PasswordlessUserAccount;
import org.apereo.cas.api.PasswordlessUserAccountStore;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.MultifactorAuthenticationTriggerSelectionStrategy;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.notifications.CommunicationsManager;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.nativex.CasRuntimeHintsRegistrar;
import org.apereo.cas.util.scripting.WatchableGroovyScriptResource;
import org.apereo.cas.util.serialization.ComponentSerializationPlanConfigurer;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.flow.AcceptPasswordlessAuthenticationAction;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.CasWebflowLoginContextProvider;
import org.apereo.cas.web.flow.CreatePasswordlessAuthenticationTokenAction;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationWebflowStateContributor;
import org.apereo.cas.web.flow.DelegatedClientIdentityProviderAuthorizer;
import org.apereo.cas.web.flow.DelegatedClientIdentityProviderConfigurationProducer;
import org.apereo.cas.web.flow.DelegatedClientWebflowCustomizer;
import org.apereo.cas.web.flow.DetermineMultifactorPasswordlessAuthenticationAction;
import org.apereo.cas.web.flow.DisplayBeforePasswordlessAuthenticationAction;
import org.apereo.cas.web.flow.PasswordlessAuthenticationWebflowConfigurer;
import org.apereo.cas.web.flow.PasswordlessCasWebflowLoginContextProvider;
import org.apereo.cas.web.flow.PasswordlessWebflowUtils;
import org.apereo.cas.web.flow.PrepareForPasswordlessAuthenticationAction;
import org.apereo.cas.web.flow.VerifyPasswordlessAccountAuthenticationAction;
import org.apereo.cas.web.flow.actions.StaticEventExecutionAction;
import org.apereo.cas.web.flow.actions.WebflowActionBeanSupplier;
import org.apereo.cas.web.flow.delegation.PasswordlessDelegatedClientAuthenticationWebflowStateContributor;
import org.apereo.cas.web.flow.delegation.PasswordlessDelegatedClientIdentityProviderAuthorizer;
import org.apereo.cas.web.flow.delegation.PasswordlessDetermineDelegatedAuthenticationAction;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.PasswordlessAuthn})
/* loaded from: input_file:org/apereo/cas/config/CasPasswordlessAuthenticationWebflowAutoConfiguration.class */
public class CasPasswordlessAuthenticationWebflowAutoConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "PasswordlessDelegatedAuthenticationConfiguration", proxyBeanMethods = false)
    @ConditionalOnClass({DelegatedAuthenticationWebflowConfiguration.class})
    @ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.DelegatedAuthentication})
    /* loaded from: input_file:org/apereo/cas/config/CasPasswordlessAuthenticationWebflowAutoConfiguration$PasswordlessDelegatedAuthenticationConfiguration.class */
    static class PasswordlessDelegatedAuthenticationConfiguration {
        PasswordlessDelegatedAuthenticationConfiguration() {
        }

        @ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.DelegatedAuthentication})
        @ConditionalOnMissingBean(name = {"passwordlessDelegatedClientAuthenticationWebflowStateContributor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientAuthenticationWebflowStateContributor passwordlessDelegatedClientAuthenticationWebflowStateContributor() {
            return new PasswordlessDelegatedClientAuthenticationWebflowStateContributor();
        }

        @ConditionalOnMissingBean(name = {"passwordlessDelegatedClientIdentityProviderAuthorizer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientIdentityProviderAuthorizer passwordlessDelegatedClientIdentityProviderAuthorizer(@Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("registeredServiceDelegatedAuthenticationPolicyAuditableEnforcer") AuditableExecution auditableExecution) {
            return new PasswordlessDelegatedClientIdentityProviderAuthorizer(servicesManager, auditableExecution);
        }

        @ConditionalOnMissingBean(name = {"determineDelegatedAuthenticationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action determineDelegatedAuthenticationAction(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("delegatedClientIdentityProviderConfigurationProducer") ObjectProvider<DelegatedClientIdentityProviderConfigurationProducer> objectProvider, CasConfigurationProperties casConfigurationProperties) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                if (objectProvider.getIfAvailable() == null || !CasRuntimeHintsRegistrar.notInNativeImage()) {
                    return new StaticEventExecutionAction("success");
                }
                return new PasswordlessDetermineDelegatedAuthenticationAction(casConfigurationProperties, (DelegatedClientIdentityProviderConfigurationProducer) objectProvider.getObject(), new WatchableGroovyScriptResource(casConfigurationProperties.getAuthn().getPasswordless().getCore().getDelegatedAuthenticationSelectorScript().getLocation()));
            }).withId("determineDelegatedAuthenticationAction").build().get();
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientWebflowCustomizer passwordlessMultifactorWebflowCustomizer() {
            return new DelegatedClientWebflowCustomizer(this) { // from class: org.apereo.cas.config.CasPasswordlessAuthenticationWebflowAutoConfiguration.PasswordlessDelegatedAuthenticationConfiguration.1
                public List<String> getWebflowAttributeMappings() {
                    return PasswordlessWebflowUtils.WEBFLOW_ATTRIBUTE_MAPPINGS;
                }
            };
        }
    }

    @ConditionalOnMissingBean(name = {"passwordlessRequestParser"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PasswordlessRequestParser passwordlessRequestParser() {
        return PasswordlessRequestParser.defaultParser();
    }

    @ConditionalOnMissingBean(name = {"verifyPasswordlessAccountAuthenticationAction"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action verifyPasswordlessAccountAuthenticationAction(@Qualifier("passwordlessRequestParser") PasswordlessRequestParser passwordlessRequestParser, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("passwordlessUserAccountStore") PasswordlessUserAccountStore passwordlessUserAccountStore) {
        return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
            return new VerifyPasswordlessAccountAuthenticationAction(casConfigurationProperties, passwordlessUserAccountStore, passwordlessRequestParser);
        }).withId("verifyPasswordlessAccountAuthenticationAction").build().get();
    }

    @ConditionalOnMissingBean(name = {"determineMultifactorPasswordlessAuthenticationAction"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action determineMultifactorPasswordlessAuthenticationAction(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("passwordlessPrincipalFactory") PrincipalFactory principalFactory, @Qualifier("defaultAuthenticationSystemSupport") AuthenticationSystemSupport authenticationSystemSupport, @Qualifier("defaultMultifactorTriggerSelectionStrategy") MultifactorAuthenticationTriggerSelectionStrategy multifactorAuthenticationTriggerSelectionStrategy) {
        return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
            return new DetermineMultifactorPasswordlessAuthenticationAction(casConfigurationProperties, multifactorAuthenticationTriggerSelectionStrategy, principalFactory, authenticationSystemSupport);
        }).withId("determineMultifactorPasswordlessAuthenticationAction").build().get();
    }

    @ConditionalOnMissingBean(name = {"acceptPasswordlessAuthenticationAction"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action acceptPasswordlessAuthenticationAction(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("passwordlessUserAccountStore") PasswordlessUserAccountStore passwordlessUserAccountStore, @Qualifier("passwordlessTokenRepository") PasswordlessTokenRepository passwordlessTokenRepository, @Qualifier("adaptiveAuthenticationPolicy") AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy, @Qualifier("defaultAuthenticationSystemSupport") AuthenticationSystemSupport authenticationSystemSupport, @Qualifier("serviceTicketRequestWebflowEventResolver") CasWebflowEventResolver casWebflowEventResolver, @Qualifier("initialAuthenticationAttemptWebflowEventResolver") CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver) {
        return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
            return new AcceptPasswordlessAuthenticationAction(casDelegatingWebflowEventResolver, casWebflowEventResolver, adaptiveAuthenticationPolicy, passwordlessTokenRepository, authenticationSystemSupport, passwordlessUserAccountStore, configurableApplicationContext);
        }).withId("acceptPasswordlessAuthenticationAction").build().get();
    }

    @ConditionalOnMissingBean(name = {"displayBeforePasswordlessAuthenticationAction"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action displayBeforePasswordlessAuthenticationAction(@Qualifier("passwordlessRequestParser") PasswordlessRequestParser passwordlessRequestParser, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("passwordlessUserAccountStore") PasswordlessUserAccountStore passwordlessUserAccountStore) {
        return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
            return new DisplayBeforePasswordlessAuthenticationAction(casConfigurationProperties, passwordlessUserAccountStore, passwordlessRequestParser);
        }).withId("displayBeforePasswordlessAuthenticationAction").build().get();
    }

    @ConditionalOnMissingBean(name = {"createPasswordlessAuthenticationTokenAction"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action createPasswordlessAuthenticationTokenAction(@Qualifier("passwordlessRequestParser") ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("communicationsManager") CommunicationsManager communicationsManager, @Qualifier("passwordlessTokenRepository") PasswordlessTokenRepository passwordlessTokenRepository) {
        return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
            return new CreatePasswordlessAuthenticationTokenAction(casConfigurationProperties, passwordlessTokenRepository, communicationsManager);
        }).withId("createPasswordlessAuthenticationTokenAction").build().get();
    }

    @ConditionalOnMissingBean(name = {"passwordlessPrepareLoginAction"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action passwordlessPrepareLoginAction(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
            return new PrepareForPasswordlessAuthenticationAction(casConfigurationProperties);
        }).withId("passwordlessPrepareLoginAction").build().get();
    }

    @ConditionalOnMissingBean(name = {"passwordlessAuthenticationWebflowConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasWebflowConfigurer passwordlessAuthenticationWebflowConfigurer(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices) {
        return new PasswordlessAuthenticationWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
    }

    @ConditionalOnMissingBean(name = {"passwordlessCasWebflowExecutionPlanConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasWebflowExecutionPlanConfigurer passwordlessCasWebflowExecutionPlanConfigurer(@Qualifier("passwordlessAuthenticationWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer, @Qualifier("passwordlessCasWebflowLoginContextProvider") CasWebflowLoginContextProvider casWebflowLoginContextProvider) {
        return casWebflowExecutionPlan -> {
            casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
            casWebflowExecutionPlan.registerWebflowLoginContextProvider(casWebflowLoginContextProvider);
        };
    }

    @ConditionalOnMissingBean(name = {"passwordlessCasWebflowLoginContextProvider"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasWebflowLoginContextProvider passwordlessCasWebflowLoginContextProvider() {
        return new PasswordlessCasWebflowLoginContextProvider();
    }

    @ConditionalOnMissingBean(name = {"passwordlessComponentSerializationPlanConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public ComponentSerializationPlanConfigurer passwordlessComponentSerializationPlanConfigurer() {
        return componentSerializationPlan -> {
            componentSerializationPlan.registerSerializableClass(PasswordlessUserAccount.class);
        };
    }
}
