package org.apereo.cas.config;

import java.util.List;
import java.util.stream.Collectors;
import jcifs.spnego.Authentication;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties;
import org.apereo.cas.configuration.model.support.ntlm.NtlmProperties;
import org.apereo.cas.configuration.model.support.spnego.SpnegoProperties;
import org.apereo.cas.configuration.model.support.spnego.SpnegoSystemProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.spnego.authentication.handler.support.JcifsConfig;
import org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler;
import org.apereo.cas.support.spnego.authentication.handler.support.NtlmAuthenticationHandler;
import org.apereo.cas.support.spnego.authentication.principal.SpnegoPrincipalResolver;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("spnegoConfiguration")
/* loaded from: input_file:org/apereo/cas/config/SpnegoConfiguration.class */
public class SpnegoConfiguration {

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    @Qualifier("attributeRepository")
    private ObjectProvider<IPersonAttributeDao> attributeRepository;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @ConditionalOnMissingBean(name = {"spnegoAuthentications"})
    @RefreshScope
    @Bean
    public List<Authentication> spnegoAuthentications() {
        SpnegoSystemProperties system = this.casProperties.getAuthn().getSpnego().getSystem();
        JcifsConfig.SystemSettings.initialize(this.applicationContext, system.getLoginConf());
        Resource resource = this.applicationContext.getResource(system.getKerberosConf());
        FunctionUtils.doAndIgnore(obj -> {
            JcifsConfig.SystemSettings.setKerberosConf(resource.getFile().getCanonicalPath());
        }, new Object[0]);
        JcifsConfig.SystemSettings.setKerberosDebug(system.getKerberosDebug());
        JcifsConfig.SystemSettings.setKerberosKdc(system.getKerberosKdc());
        JcifsConfig.SystemSettings.setKerberosRealm(system.getKerberosRealm());
        JcifsConfig.SystemSettings.setUseSubjectCredsOnly(system.isUseSubjectCredsOnly());
        return (List) this.casProperties.getAuthn().getSpnego().getProperties().stream().map(spnegoAuthenticationProperties -> {
            JcifsConfig.JcifsSettings jcifsSettings = new JcifsConfig().getJcifsSettings();
            jcifsSettings.setJcifsDomain(spnegoAuthenticationProperties.getJcifsDomain());
            jcifsSettings.setJcifsDomainController(spnegoAuthenticationProperties.getJcifsDomainController());
            jcifsSettings.setJcifsNetbiosCachePolicy(spnegoAuthenticationProperties.getCachePolicy());
            jcifsSettings.setJcifsNetbiosWins(spnegoAuthenticationProperties.getJcifsNetbiosWins());
            jcifsSettings.setJcifsPassword(spnegoAuthenticationProperties.getJcifsPassword());
            jcifsSettings.setJcifsServicePassword(spnegoAuthenticationProperties.getJcifsServicePassword());
            jcifsSettings.setJcifsServicePrincipal(spnegoAuthenticationProperties.getJcifsServicePrincipal());
            jcifsSettings.setJcifsSocketTimeout(Beans.newDuration(spnegoAuthenticationProperties.getTimeout()).toMillis());
            jcifsSettings.setJcifsUsername(spnegoAuthenticationProperties.getJcifsUsername());
            return new Authentication(jcifsSettings.getProperties());
        }).collect(Collectors.toList());
    }

    @ConditionalOnMissingBean(name = {"spnegoHandler"})
    @RefreshScope
    @Bean
    public AuthenticationHandler spnegoHandler() {
        SpnegoProperties spnego = this.casProperties.getAuthn().getSpnego();
        return new JcifsSpnegoAuthenticationHandler(spnego.getName(), (ServicesManager) this.servicesManager.getObject(), spnegoPrincipalFactory(), spnegoAuthentications(), spnego.isPrincipalWithDomainName(), spnego.isNtlmAllowed(), Integer.valueOf(spnego.getOrder()));
    }

    @RefreshScope
    @ConditionalOnProperty(prefix = "cas.authn.ntlm", name = {"enabled"}, havingValue = "true")
    @Bean
    public AuthenticationHandler ntlmAuthenticationHandler() {
        NtlmProperties ntlm = this.casProperties.getAuthn().getNtlm();
        return new NtlmAuthenticationHandler(ntlm.getName(), (ServicesManager) this.servicesManager.getObject(), ntlmPrincipalFactory(), ntlm.isLoadBalance(), ntlm.getDomainController(), ntlm.getIncludePattern(), Integer.valueOf(ntlm.getOrder()));
    }

    @ConditionalOnMissingBean(name = {"ntlmPrincipalFactory"})
    @Bean
    public PrincipalFactory ntlmPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"spnegoPrincipalResolver"})
    @RefreshScope
    @Bean
    public PrincipalResolver spnegoPrincipalResolver() {
        PersonDirectoryPrincipalResolverProperties personDirectory = this.casProperties.getPersonDirectory();
        return CoreAuthenticationUtils.newPersonDirectoryPrincipalResolver(spnegoPrincipalFactory(), (IPersonAttributeDao) this.attributeRepository.getObject(), CoreAuthenticationUtils.getAttributeMerger(this.casProperties.getAuthn().getAttributeRepository().getCore().getMerger()), SpnegoPrincipalResolver.class, new PersonDirectoryPrincipalResolverProperties[]{this.casProperties.getAuthn().getSpnego().getPrincipal(), personDirectory});
    }

    @ConditionalOnMissingBean(name = {"spnegoPrincipalFactory"})
    @Bean
    public PrincipalFactory spnegoPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"spnegoAuthenticationEventExecutionPlanConfigurer"})
    @Bean
    public AuthenticationEventExecutionPlanConfigurer spnegoAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(spnegoHandler(), spnegoPrincipalResolver());
            if (this.casProperties.getAuthn().getNtlm().isEnabled()) {
                authenticationEventExecutionPlan.registerAuthenticationHandler(ntlmAuthenticationHandler());
            }
        };
    }
}
