package org.apereo.cas.config;

import java.util.LinkedHashMap;
import org.apereo.cas.audit.spi.PrincipalIdProvider;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.SurrogateAuthenticationAspect;
import org.apereo.cas.authentication.SurrogatePrincipalResolver;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.audit.SurrogatePrincipalIdProvider;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.surrogate.JsonResourceSurrogateAuthenticationService;
import org.apereo.cas.authentication.surrogate.LdapSurrogateUsernamePasswordService;
import org.apereo.cas.authentication.surrogate.SimpleSurrogateAuthenticationService;
import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.SurrogateInitialAuthenticationAction;
import org.apereo.cas.web.flow.SurrogateSelectionAction;
import org.apereo.cas.web.flow.SurrogateWebflowConfigurer;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.util.StringUtils;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@EnableAspectJAutoProxy
@Configuration("surrogateAuthenticationConfiguration")
/* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration.class */
public class SurrogateAuthenticationConfiguration implements AuthenticationEventExecutionPlanConfigurer {
    private static final Logger LOGGER = LoggerFactory.getLogger(SurrogateAuthenticationConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("adaptiveAuthenticationPolicy")
    private AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy;

    @Autowired
    @Qualifier("serviceTicketRequestWebflowEventResolver")
    private CasWebflowEventResolver serviceTicketRequestWebflowEventResolver;

    @Autowired
    @Qualifier("initialAuthenticationAttemptWebflowEventResolver")
    private CasDelegatingWebflowEventResolver initialAuthenticationAttemptWebflowEventResolver;

    @Autowired
    @Qualifier("loginFlowRegistry")
    private FlowDefinitionRegistry loginFlowDefinitionRegistry;

    @Autowired
    private FlowBuilderServices flowBuilderServices;

    @ConditionalOnMissingBean(name = {"surrogateWebflowConfigurer"})
    @Bean
    public CasWebflowConfigurer surrogateWebflowConfigurer() {
        return new SurrogateWebflowConfigurer(this.flowBuilderServices, this.loginFlowDefinitionRegistry, selectSurrogateAction());
    }

    @ConditionalOnMissingBean(name = {"selectSurrogateAction"})
    @Bean
    public Action selectSurrogateAction() {
        return new SurrogateSelectionAction(this.casProperties.getAuthn().getSurrogate().getSeparator());
    }

    @Bean
    public Action authenticationViaFormAction() {
        return new SurrogateInitialAuthenticationAction(this.initialAuthenticationAttemptWebflowEventResolver, this.serviceTicketRequestWebflowEventResolver, this.adaptiveAuthenticationPolicy, this.casProperties.getAuthn().getSurrogate().getSeparator(), surrogateAuthenticationService());
    }

    @ConditionalOnMissingBean(name = {"surrogateAuthenticationService"})
    @RefreshScope
    @Bean
    public SurrogateAuthenticationService surrogateAuthenticationService() {
        try {
            SurrogateAuthenticationProperties surrogate = this.casProperties.getAuthn().getSurrogate();
            if (surrogate.getJson().getConfig().getLocation() != null) {
                LOGGER.debug("Using JSON resource [{}] to locate surrogate accounts", surrogate.getJson().getConfig().getLocation());
                return new JsonResourceSurrogateAuthenticationService(surrogate.getJson().getConfig().getLocation());
            }
            if (StringUtils.hasText(surrogate.getLdap().getLdapUrl()) && StringUtils.hasText(surrogate.getLdap().getSearchFilter()) && StringUtils.hasText(surrogate.getLdap().getBaseDn()) && StringUtils.hasText(surrogate.getLdap().getMemberAttributeName())) {
                LOGGER.debug("Using LDAP [{}] with baseDn [{}] to locate surrogate accounts", surrogate.getLdap().getLdapUrl(), surrogate.getLdap().getBaseDn());
                return new LdapSurrogateUsernamePasswordService(Beans.newLdaptivePooledConnectionFactory(surrogate.getLdap()), surrogate.getLdap());
            }
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            surrogate.getSimple().getSurrogates().forEach((str, str2) -> {
            });
            LOGGER.debug("Using accounts [{}] for surrogate authentication", linkedHashMap);
            return new SimpleSurrogateAuthenticationService(linkedHashMap);
        } catch (Exception e) {
            throw new BeanCreationException(e.getMessage(), e);
        }
    }

    @Bean
    public SurrogateAuthenticationAspect surrogateAuthenticationAspect() {
        return new SurrogateAuthenticationAspect(new DefaultPrincipalFactory(), surrogateAuthenticationService());
    }

    @Autowired
    @RefreshScope
    @Bean
    public PrincipalResolver personDirectoryPrincipalResolver(@Qualifier("attributeRepository") IPersonAttributeDao iPersonAttributeDao, @Qualifier("principalFactory") PrincipalFactory principalFactory) {
        SurrogatePrincipalResolver surrogatePrincipalResolver = new SurrogatePrincipalResolver();
        surrogatePrincipalResolver.setAttributeRepository(iPersonAttributeDao);
        surrogatePrincipalResolver.setPrincipalAttributeName(this.casProperties.getPersonDirectory().getPrincipalAttribute());
        surrogatePrincipalResolver.setReturnNullIfNoAttributes(this.casProperties.getPersonDirectory().isReturnNull());
        surrogatePrincipalResolver.setPrincipalFactory(principalFactory);
        return surrogatePrincipalResolver;
    }

    @Bean
    public PrincipalIdProvider principalIdProvider() {
        return new SurrogatePrincipalIdProvider();
    }
}
