package org.apereo.cas.config;

import java.util.List;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.configuration.model.support.mfa.trusteddevice.DeviceFingerprintProperties;
import org.apereo.cas.trusted.util.cipher.CookieDeviceFingerprintComponentCipherExecutor;
import org.apereo.cas.trusted.web.flow.fingerprint.ClientIpDeviceFingerprintComponentManager;
import org.apereo.cas.trusted.web.flow.fingerprint.CookieDeviceFingerprintComponentManager;
import org.apereo.cas.trusted.web.flow.fingerprint.DefaultDeviceFingerprintStrategy;
import org.apereo.cas.trusted.web.flow.fingerprint.DeviceFingerprintComponentManager;
import org.apereo.cas.trusted.web.flow.fingerprint.DeviceFingerprintStrategy;
import org.apereo.cas.trusted.web.flow.fingerprint.GeoLocationDeviceFingerprintComponentManager;
import org.apereo.cas.trusted.web.flow.fingerprint.UserAgentDeviceFingerprintComponentManager;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.gen.Base64RandomStringGenerator;
import org.apereo.cas.util.gen.RandomStringGenerator;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.cookie.CookieValueManager;
import org.apereo.cas.web.support.CookieUtils;
import org.apereo.cas.web.support.gen.CookieRetrievingCookieGenerator;
import org.apereo.cas.web.support.mgmr.DefaultCookieSameSitePolicy;
import org.apereo.cas.web.support.mgmr.EncryptedCookieValueManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfigureOrder;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "MultifactorAuthnTrustedDeviceFingerprintConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.MultifactorAuthenticationTrustedDevices})
/* loaded from: input_file:org/apereo/cas/config/MultifactorAuthnTrustedDeviceFingerprintConfiguration.class */
class MultifactorAuthnTrustedDeviceFingerprintConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(MultifactorAuthnTrustedDeviceFingerprintConfiguration.class);

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "MultifactorAuthnTrustedDeviceFingerprintComponentConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/MultifactorAuthnTrustedDeviceFingerprintConfiguration$MultifactorAuthnTrustedDeviceFingerprintComponentConfiguration.class */
    static class MultifactorAuthnTrustedDeviceFingerprintComponentConfiguration {
        MultifactorAuthnTrustedDeviceFingerprintComponentConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"deviceFingerprintUserAgentComponentExtractor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DeviceFingerprintComponentManager deviceFingerprintUserAgentComponentExtractor(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
            return (DeviceFingerprintComponentManager) BeanSupplier.of(DeviceFingerprintComponentManager.class).when(BeanCondition.on("cas.authn.mfa.trusted.device-fingerprint.user-agent.enabled").isTrue().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                DeviceFingerprintProperties.UserAgent userAgent = casConfigurationProperties.getAuthn().getMfa().getTrusted().getDeviceFingerprint().getUserAgent();
                UserAgentDeviceFingerprintComponentManager userAgentDeviceFingerprintComponentManager = new UserAgentDeviceFingerprintComponentManager();
                userAgentDeviceFingerprintComponentManager.setOrder(userAgent.getOrder());
                return userAgentDeviceFingerprintComponentManager;
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"deviceFingerprintClientIpComponentExtractor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DeviceFingerprintComponentManager deviceFingerprintClientIpComponentExtractor(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
            return (DeviceFingerprintComponentManager) BeanSupplier.of(DeviceFingerprintComponentManager.class).when(BeanCondition.on("cas.authn.mfa.trusted.device-fingerprint.client-ip.enabled").isTrue().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                DeviceFingerprintProperties.ClientIp clientIp = casConfigurationProperties.getAuthn().getMfa().getTrusted().getDeviceFingerprint().getClientIp();
                ClientIpDeviceFingerprintComponentManager clientIpDeviceFingerprintComponentManager = new ClientIpDeviceFingerprintComponentManager();
                clientIpDeviceFingerprintComponentManager.setOrder(clientIp.getOrder());
                return clientIpDeviceFingerprintComponentManager;
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"deviceFingerprintCookieComponentExtractor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DeviceFingerprintComponentManager deviceFingerprintCookieComponentExtractor(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("deviceFingerprintCookieGenerator") CasCookieBuilder casCookieBuilder, @Qualifier("deviceFingerprintCookieRandomStringGenerator") RandomStringGenerator randomStringGenerator) {
            return (DeviceFingerprintComponentManager) BeanSupplier.of(DeviceFingerprintComponentManager.class).when(BeanCondition.on("cas.authn.mfa.trusted.device-fingerprint.cookie.enabled").isTrue().evenIfMissing().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                DeviceFingerprintProperties.Cookie cookie = casConfigurationProperties.getAuthn().getMfa().getTrusted().getDeviceFingerprint().getCookie();
                CookieDeviceFingerprintComponentManager cookieDeviceFingerprintComponentManager = new CookieDeviceFingerprintComponentManager(casCookieBuilder, randomStringGenerator);
                cookieDeviceFingerprintComponentManager.setOrder(cookie.getOrder());
                return cookieDeviceFingerprintComponentManager;
            }).otherwiseProxy().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "MultifactorAuthnTrustedDeviceFingerprintCookieConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/MultifactorAuthnTrustedDeviceFingerprintConfiguration$MultifactorAuthnTrustedDeviceFingerprintCookieConfiguration.class */
    static class MultifactorAuthnTrustedDeviceFingerprintCookieConfiguration {
        MultifactorAuthnTrustedDeviceFingerprintCookieConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"deviceFingerprintCookieGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasCookieBuilder deviceFingerprintCookieGenerator(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("deviceFingerprintCookieValueManager") CookieValueManager cookieValueManager) {
            return (CasCookieBuilder) BeanSupplier.of(CasCookieBuilder.class).when(BeanCondition.on("cas.authn.mfa.trusted.device-fingerprint.cookie.enabled").isTrue().evenIfMissing().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new CookieRetrievingCookieGenerator(CookieUtils.buildCookieGenerationContext(casConfigurationProperties.getAuthn().getMfa().getTrusted().getDeviceFingerprint().getCookie()), cookieValueManager);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"deviceFingerprintCookieRandomStringGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public RandomStringGenerator deviceFingerprintCookieRandomStringGenerator() {
            return new Base64RandomStringGenerator();
        }

        @ConditionalOnMissingBean(name = {"deviceFingerprintCookieValueManager"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CookieValueManager deviceFingerprintCookieValueManager(@Qualifier("deviceFingerprintCookieCipherExecutor") CipherExecutor cipherExecutor) {
            return new EncryptedCookieValueManager(cipherExecutor, DefaultCookieSameSitePolicy.INSTANCE);
        }

        @ConditionalOnMissingBean(name = {"deviceFingerprintCookieCipherExecutor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CipherExecutor deviceFingerprintCookieCipherExecutor(CasConfigurationProperties casConfigurationProperties) {
            DeviceFingerprintProperties.Cookie cookie = casConfigurationProperties.getAuthn().getMfa().getTrusted().getDeviceFingerprint().getCookie();
            EncryptionJwtSigningJwtCryptographyProperties crypto = cookie.getCrypto();
            boolean isEnabled = crypto.isEnabled();
            if (!isEnabled && StringUtils.isNotBlank(crypto.getEncryption().getKey()) && StringUtils.isNotBlank(crypto.getSigning().getKey())) {
                MultifactorAuthnTrustedDeviceFingerprintConfiguration.LOGGER.warn("Token encryption/signing is not enabled explicitly in the configuration for cookie [{}], yet signing/encryption keys are defined for operations. CAS will proceed to enable the cookie encryption/signing functionality.", cookie.getName());
                isEnabled = true;
            }
            return isEnabled ? CipherExecutorUtils.newStringCipherExecutor(crypto, CookieDeviceFingerprintComponentCipherExecutor.class) : CipherExecutor.noOp();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "MultifactorAuthnTrustedDeviceFingerprintStrategyConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/MultifactorAuthnTrustedDeviceFingerprintConfiguration$MultifactorAuthnTrustedDeviceFingerprintStrategyConfiguration.class */
    static class MultifactorAuthnTrustedDeviceFingerprintStrategyConfiguration {
        MultifactorAuthnTrustedDeviceFingerprintStrategyConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"deviceFingerprintStrategy"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean({"deviceFingerprintStrategy"})
        public DeviceFingerprintStrategy deviceFingerprintStrategy(List<DeviceFingerprintComponentManager> list, CasConfigurationProperties casConfigurationProperties) {
            return new DefaultDeviceFingerprintStrategy((List) list.stream().filter((v0) -> {
                return BeanSupplier.isNotProxy(v0);
            }).collect(Collectors.toList()), casConfigurationProperties.getAuthn().getMfa().getTrusted().getDeviceFingerprint().getComponentSeparator());
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "MultifactorAuthnTrustedDeviceGeoLocationConfiguration", proxyBeanMethods = false)
    @AutoConfigureOrder(Integer.MAX_VALUE)
    @ConditionalOnBean(name = {"geoLocationService"})
    /* loaded from: input_file:org/apereo/cas/config/MultifactorAuthnTrustedDeviceFingerprintConfiguration$MultifactorAuthnTrustedDeviceGeoLocationConfiguration.class */
    static class MultifactorAuthnTrustedDeviceGeoLocationConfiguration {
        MultifactorAuthnTrustedDeviceGeoLocationConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"deviceFingerprintGeoLocationComponentExtractor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DeviceFingerprintComponentManager deviceFingerprintGeoLocationComponentExtractor(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("geoLocationService") ObjectProvider<GeoLocationService> objectProvider) {
            return (DeviceFingerprintComponentManager) BeanSupplier.of(DeviceFingerprintComponentManager.class).when(BeanCondition.on("cas.authn.mfa.trusted.device-fingerprint.geolocation.enabled").isTrue().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                DeviceFingerprintProperties.GeoLocation geolocation = casConfigurationProperties.getAuthn().getMfa().getTrusted().getDeviceFingerprint().getGeolocation();
                GeoLocationDeviceFingerprintComponentManager geoLocationDeviceFingerprintComponentManager = new GeoLocationDeviceFingerprintComponentManager((GeoLocationService) objectProvider.getObject());
                geoLocationDeviceFingerprintComponentManager.setOrder(geolocation.getOrder());
                return geoLocationDeviceFingerprintComponentManager;
            }).otherwiseProxy().get();
        }
    }

    MultifactorAuthnTrustedDeviceFingerprintConfiguration() {
    }
}
