package org.apereo.cas.config;

import java.util.ArrayList;
import java.util.HashMap;
import lombok.Generated;
import org.apereo.cas.audit.AuditPrincipalIdProvider;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationPostProcessor;
import org.apereo.cas.authentication.MultifactorAuthenticationPrincipalResolver;
import org.apereo.cas.authentication.SurrogateAuthenticationExpirationPolicyBuilder;
import org.apereo.cas.authentication.SurrogateAuthenticationPostProcessor;
import org.apereo.cas.authentication.SurrogateMultifactorAuthenticationPrincipalResolver;
import org.apereo.cas.authentication.SurrogatePrincipalBuilder;
import org.apereo.cas.authentication.SurrogatePrincipalElectionStrategy;
import org.apereo.cas.authentication.SurrogatePrincipalResolver;
import org.apereo.cas.authentication.audit.SurrogateAuditPrincipalIdProvider;
import org.apereo.cas.authentication.event.SurrogateAuthenticationEventListener;
import org.apereo.cas.authentication.principal.PrincipalElectionStrategyConfigurer;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolutionExecutionPlanConfigurer;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.surrogate.JsonResourceSurrogateAuthenticationService;
import org.apereo.cas.authentication.surrogate.SimpleSurrogateAuthenticationService;
import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties;
import org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationProperties;
import org.apereo.cas.notifications.CommunicationsManager;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.expiration.builder.TicketGrantingTicketExpirationPolicyBuilder;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("surrogateAuthenticationConfiguration")
/* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration.class */
public class SurrogateAuthenticationConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SurrogateAuthenticationConfiguration.class);

    @Autowired
    @Qualifier("attributeRepository")
    private ObjectProvider<IPersonAttributeDao> attributeRepository;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("communicationsManager")
    private ObjectProvider<CommunicationsManager> communicationsManager;

    @Autowired
    @Qualifier("registeredServiceAccessStrategyEnforcer")
    private ObjectProvider<AuditableExecution> registeredServiceAccessStrategyEnforcer;

    @Autowired
    @Qualifier("surrogateEligibilityAuditableExecution")
    private ObjectProvider<AuditableExecution> surrogateEligibilityAuditableExecution;

    @RefreshScope
    @Bean
    public ExpirationPolicyBuilder grantingTicketExpirationPolicy() {
        return new SurrogateAuthenticationExpirationPolicyBuilder(new TicketGrantingTicketExpirationPolicyBuilder(this.casProperties), this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"surrogatePrincipalFactory"})
    @RefreshScope
    @Bean
    public PrincipalFactory surrogatePrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"surrogateAuthenticationService"})
    @RefreshScope
    @Bean
    public SurrogateAuthenticationService surrogateAuthenticationService() {
        SurrogateAuthenticationProperties surrogate = this.casProperties.getAuthn().getSurrogate();
        if (surrogate.getJson().getLocation() != null) {
            LOGGER.debug("Using JSON resource [{}] to locate surrogate accounts", surrogate.getJson().getLocation());
            return new JsonResourceSurrogateAuthenticationService(surrogate.getJson().getLocation(), (ServicesManager) this.servicesManager.getObject());
        }
        HashMap hashMap = new HashMap();
        surrogate.getSimple().getSurrogates().forEach((str, str2) -> {
            hashMap.put(str, new ArrayList(StringUtils.commaDelimitedListToSet(str2)));
        });
        LOGGER.debug("Using accounts [{}] for surrogate authentication", hashMap);
        return new SimpleSurrogateAuthenticationService(hashMap, (ServicesManager) this.servicesManager.getObject());
    }

    @ConditionalOnMissingBean(name = {"surrogateAuthenticationPostProcessor"})
    @RefreshScope
    @Bean
    public AuthenticationPostProcessor surrogateAuthenticationPostProcessor() {
        return new SurrogateAuthenticationPostProcessor(surrogateAuthenticationService(), (ServicesManager) this.servicesManager.getObject(), this.applicationContext, (AuditableExecution) this.registeredServiceAccessStrategyEnforcer.getObject(), (AuditableExecution) this.surrogateEligibilityAuditableExecution.getObject());
    }

    @ConditionalOnMissingBean(name = {"surrogatePrincipalBuilder"})
    @Bean
    public SurrogatePrincipalBuilder surrogatePrincipalBuilder() {
        return new SurrogatePrincipalBuilder(surrogatePrincipalFactory(), (IPersonAttributeDao) this.attributeRepository.getObject(), surrogateAuthenticationService());
    }

    @ConditionalOnMissingBean(name = {"surrogateMultifactorAuthenticationPrincipalResolver"})
    @Bean
    public MultifactorAuthenticationPrincipalResolver surrogateMultifactorAuthenticationPrincipalResolver() {
        return new SurrogateMultifactorAuthenticationPrincipalResolver();
    }

    @ConditionalOnMissingBean(name = {"surrogatePrincipalElectionStrategyConfigurer"})
    @Bean
    public PrincipalElectionStrategyConfigurer surrogatePrincipalElectionStrategyConfigurer() {
        return chainingPrincipalElectionStrategy -> {
            chainingPrincipalElectionStrategy.registerElectionStrategy(new SurrogatePrincipalElectionStrategy());
        };
    }

    @ConditionalOnMissingBean(name = {"surrogateAuditPrincipalIdProvider"})
    @Bean
    public AuditPrincipalIdProvider surrogateAuditPrincipalIdProvider() {
        return new SurrogateAuditPrincipalIdProvider();
    }

    @ConditionalOnMissingBean(name = {"surrogateAuthenticationEventExecutionPlanConfigurer"})
    @RefreshScope
    @Bean
    public AuthenticationEventExecutionPlanConfigurer surrogateAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            authenticationEventExecutionPlan.registerAuthenticationPostProcessor(surrogateAuthenticationPostProcessor());
        };
    }

    @ConditionalOnMissingBean(name = {"surrogateAuthenticationEventListener"})
    @Bean
    public SurrogateAuthenticationEventListener surrogateAuthenticationEventListener() {
        return new SurrogateAuthenticationEventListener((CommunicationsManager) this.communicationsManager.getObject(), this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"surrogatePrincipalResolver"})
    @RefreshScope
    @Bean
    public PrincipalResolver surrogatePrincipalResolver() {
        PersonDirectoryPrincipalResolverProperties principal = this.casProperties.getAuthn().getSurrogate().getPrincipal();
        PersonDirectoryPrincipalResolverProperties personDirectory = this.casProperties.getPersonDirectory();
        return new SurrogatePrincipalResolver((IPersonAttributeDao) this.attributeRepository.getObject(), surrogatePrincipalFactory(), principal.isReturnNull() || personDirectory.isReturnNull(), (String) org.apache.commons.lang3.StringUtils.defaultIfBlank(principal.getPrincipalAttribute(), personDirectory.getPrincipalAttribute()), personDirectory.isUseExistingPrincipalId() || principal.isUseExistingPrincipalId(), principal.isAttributeResolutionEnabled(), StringUtils.commaDelimitedListToSet(principal.getActiveAttributeRepositoryIds()), surrogatePrincipalBuilder());
    }

    @ConditionalOnMissingBean(name = {"surrogatePrincipalResolutionExecutionPlanConfigurer"})
    @Bean
    public PrincipalResolutionExecutionPlanConfigurer surrogatePrincipalResolutionExecutionPlanConfigurer() {
        return principalResolutionExecutionPlan -> {
            principalResolutionExecutionPlan.registerPrincipalResolver(surrogatePrincipalResolver());
        };
    }
}
