package org.apereo.cas.config;

import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.audit.AuditTrailExecutionPlan;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.throttle.ThrottleProperties;
import org.apereo.cas.throttle.AuthenticationThrottlingExecutionPlan;
import org.apereo.cas.throttle.AuthenticationThrottlingExecutionPlanConfigurer;
import org.apereo.cas.throttle.DefaultAuthenticationThrottlingExecutionPlan;
import org.apereo.cas.throttle.DefaultThrottledRequestResponseHandler;
import org.apereo.cas.throttle.ThrottledRequestExecutor;
import org.apereo.cas.throttle.ThrottledRequestResponseHandler;
import org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter;
import org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressHandlerInterceptorAdapter;
import org.apereo.cas.web.support.InMemoryThrottledSubmissionCleaner;
import org.apereo.cas.web.support.ThrottledSubmissionHandlerConfigurationContext;
import org.apereo.cas.web.support.ThrottledSubmissionHandlerEndpoint;
import org.apereo.cas.web.support.ThrottledSubmissionHandlerInterceptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnAvailableEndpoint;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casThrottlingConfiguration")
@AutoConfigureAfter({CasCoreUtilConfiguration.class})
/* loaded from: input_file:org/apereo/cas/config/CasThrottlingConfiguration.class */
public class CasThrottlingConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CasThrottlingConfiguration.class);

    @Autowired
    @Qualifier("auditTrailExecutionPlan")
    private ObjectProvider<AuditTrailExecutionPlan> auditTrailExecutionPlan;

    @Autowired
    private CasConfigurationProperties casProperties;

    @ConditionalOnMissingBean(name = {"throttledRequestResponseHandler"})
    @RefreshScope
    @Bean
    public ThrottledRequestResponseHandler throttledRequestResponseHandler() {
        return new DefaultThrottledRequestResponseHandler(this.casProperties.getAuthn().getThrottle().getUsernameParameter());
    }

    @ConditionalOnMissingBean(name = {"throttledRequestExecutor"})
    @RefreshScope
    @Bean
    public ThrottledRequestExecutor throttledRequestExecutor() {
        return ThrottledRequestExecutor.noOp();
    }

    @ConditionalOnMissingBean(name = {"throttleSubmissionMap"})
    @RefreshScope
    @Bean
    public ConcurrentMap throttleSubmissionMap() {
        return new ConcurrentHashMap();
    }

    @ConditionalOnMissingBean(name = {"authenticationThrottle"})
    @RefreshScope
    @Bean
    public ThrottledSubmissionHandlerInterceptor authenticationThrottle() {
        ThrottleProperties throttle = this.casProperties.getAuthn().getThrottle();
        if (throttle.getFailure().getRangeSeconds() <= 0 && throttle.getFailure().getThreshold() <= 0) {
            LOGGER.trace("Authentication throttling is disabled since no range-seconds or failure-threshold is defined");
            return ThrottledSubmissionHandlerInterceptor.noOp();
        }
        ThrottledSubmissionHandlerConfigurationContext build = ThrottledSubmissionHandlerConfigurationContext.builder().failureThreshold(throttle.getFailure().getThreshold()).failureRangeInSeconds(throttle.getFailure().getRangeSeconds()).usernameParameter(throttle.getUsernameParameter()).authenticationFailureCode(throttle.getFailure().getCode()).auditTrailExecutionPlan((AuditTrailExecutionPlan) this.auditTrailExecutionPlan.getObject()).applicationCode(throttle.getAppCode()).throttledRequestResponseHandler(throttledRequestResponseHandler()).throttledRequestExecutor(throttledRequestExecutor()).build();
        if (StringUtils.isNotBlank(throttle.getUsernameParameter())) {
            LOGGER.trace("Activating authentication throttling based on IP address and username...");
            return new InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter(build, throttleSubmissionMap());
        }
        LOGGER.trace("Activating authentication throttling based on IP address...");
        return new InMemoryThrottledSubmissionByIpAddressHandlerInterceptorAdapter(build, throttleSubmissionMap());
    }

    @ConditionalOnMissingBean(name = {"authenticationThrottlingExecutionPlan"})
    @Autowired
    @Bean
    public AuthenticationThrottlingExecutionPlan authenticationThrottlingExecutionPlan(List<AuthenticationThrottlingExecutionPlanConfigurer> list) {
        DefaultAuthenticationThrottlingExecutionPlan defaultAuthenticationThrottlingExecutionPlan = new DefaultAuthenticationThrottlingExecutionPlan();
        list.forEach(authenticationThrottlingExecutionPlanConfigurer -> {
            LOGGER.trace("Registering authentication throttler [{}]", authenticationThrottlingExecutionPlanConfigurer.getName());
            authenticationThrottlingExecutionPlanConfigurer.configureAuthenticationThrottlingExecutionPlan(defaultAuthenticationThrottlingExecutionPlan);
        });
        return defaultAuthenticationThrottlingExecutionPlan;
    }

    @Autowired
    @Bean
    public Runnable throttleSubmissionCleaner(@Qualifier("authenticationThrottlingExecutionPlan") AuthenticationThrottlingExecutionPlan authenticationThrottlingExecutionPlan) {
        return new InMemoryThrottledSubmissionCleaner(authenticationThrottlingExecutionPlan);
    }

    @ConditionalOnMissingBean(name = {"authenticationThrottlingExecutionPlanConfigurer"})
    @Bean
    @Order(0)
    public AuthenticationThrottlingExecutionPlanConfigurer authenticationThrottlingExecutionPlanConfigurer() {
        return authenticationThrottlingExecutionPlan -> {
            authenticationThrottlingExecutionPlan.registerAuthenticationThrottleInterceptor(authenticationThrottle());
        };
    }

    @ConditionalOnAvailableEndpoint
    @Bean
    public ThrottledSubmissionHandlerEndpoint throttledSubmissionHandlerEndpoint(@Qualifier("authenticationThrottlingExecutionPlan") AuthenticationThrottlingExecutionPlan authenticationThrottlingExecutionPlan) {
        return new ThrottledSubmissionHandlerEndpoint(this.casProperties, authenticationThrottlingExecutionPlan);
    }
}
