package org.apereo.cas.config;

import java.io.File;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AcceptUsersAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler;
import org.apereo.cas.authentication.handler.support.jaas.JaasAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalNameTransformerUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver;
import org.apereo.cas.authentication.principal.resolvers.ProxyingPrincipalResolver;
import org.apereo.cas.authentication.support.password.PasswordEncoderUtils;
import org.apereo.cas.authentication.support.password.PasswordPolicyConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties;
import org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties;
import org.apereo.cas.configuration.model.support.generic.AcceptAuthenticationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casCoreAuthenticationHandlersConfiguration")
/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-6.0.5.jar:org/apereo/cas/config/CasCoreAuthenticationHandlersConfiguration.class */
public class CasCoreAuthenticationHandlersConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CasCoreAuthenticationHandlersConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("supportsTrustStoreSslSocketFactoryHttpClient")
    private ObjectProvider<HttpClient> supportsTrustStoreSslSocketFactoryHttpClient;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration("jaasAuthenticationConfiguration")
    /* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-6.0.5.jar:org/apereo/cas/config/CasCoreAuthenticationHandlersConfiguration$JaasAuthenticationConfiguration.class */
    public class JaasAuthenticationConfiguration {

        @Autowired
        @Qualifier("attributeRepository")
        private ObjectProvider<IPersonAttributeDao> attributeRepository;

        public JaasAuthenticationConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"jaasPrincipalFactory"})
        @Bean
        public PrincipalFactory jaasPrincipalFactory() {
            return PrincipalFactoryUtils.newPrincipalFactory();
        }

        @ConditionalOnMissingBean(name = {"jaasPersonDirectoryPrincipalResolvers"})
        @Bean
        public List<PrincipalResolver> jaasPersonDirectoryPrincipalResolvers() {
            PersonDirectoryPrincipalResolverProperties personDirectory = CasCoreAuthenticationHandlersConfiguration.this.casProperties.getPersonDirectory();
            return (List) CasCoreAuthenticationHandlersConfiguration.this.casProperties.getAuthn().getJaas().stream().filter(jaasAuthenticationProperties -> {
                return StringUtils.isNotBlank(jaasAuthenticationProperties.getRealm());
            }).map(jaasAuthenticationProperties2 -> {
                PersonDirectoryPrincipalResolverProperties principal = jaasAuthenticationProperties2.getPrincipal();
                return new PersonDirectoryPrincipalResolver(this.attributeRepository.getIfAvailable(), jaasPrincipalFactory(), principal.isReturnNull() || personDirectory.isReturnNull(), (String) StringUtils.defaultIfBlank(principal.getPrincipalAttribute(), personDirectory.getPrincipalAttribute()), principal.isUseExistingPrincipalId() || personDirectory.isUseExistingPrincipalId());
            }).collect(Collectors.toList());
        }

        @ConditionalOnMissingBean(name = {"jaasAuthenticationHandlers"})
        @RefreshScope
        @Bean
        public List<AuthenticationHandler> jaasAuthenticationHandlers() {
            return (List) CasCoreAuthenticationHandlersConfiguration.this.casProperties.getAuthn().getJaas().stream().filter(jaasAuthenticationProperties -> {
                return StringUtils.isNotBlank(jaasAuthenticationProperties.getRealm());
            }).map(jaasAuthenticationProperties2 -> {
                JaasAuthenticationHandler jaasAuthenticationHandler = new JaasAuthenticationHandler(jaasAuthenticationProperties2.getName(), CasCoreAuthenticationHandlersConfiguration.this.servicesManager.getIfAvailable(), jaasPrincipalFactory(), Integer.valueOf(jaasAuthenticationProperties2.getOrder()));
                jaasAuthenticationHandler.setKerberosKdcSystemProperty(jaasAuthenticationProperties2.getKerberosKdcSystemProperty());
                jaasAuthenticationHandler.setKerberosRealmSystemProperty(jaasAuthenticationProperties2.getKerberosRealmSystemProperty());
                jaasAuthenticationHandler.setRealm(jaasAuthenticationProperties2.getRealm());
                jaasAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(jaasAuthenticationProperties2.getPasswordEncoder()));
                if (StringUtils.isNotBlank(jaasAuthenticationProperties2.getLoginConfigType())) {
                    jaasAuthenticationHandler.setLoginConfigType(jaasAuthenticationProperties2.getLoginConfigType());
                }
                if (StringUtils.isNotBlank(jaasAuthenticationProperties2.getLoginConfigurationFile())) {
                    jaasAuthenticationHandler.setLoginConfigurationFile(new File(jaasAuthenticationProperties2.getLoginConfigurationFile()));
                }
                PasswordPolicyProperties passwordPolicy = jaasAuthenticationProperties2.getPasswordPolicy();
                jaasAuthenticationHandler.setPasswordPolicyHandlingStrategy(CoreAuthenticationUtils.newPasswordPolicyHandlingStrategy(passwordPolicy));
                if (passwordPolicy.isEnabled()) {
                    CasCoreAuthenticationHandlersConfiguration.LOGGER.debug("Password policy is enabled for JAAS. Constructing password policy configuration for [{}]", jaasAuthenticationProperties2.getRealm());
                    PasswordPolicyConfiguration passwordPolicyConfiguration = new PasswordPolicyConfiguration(passwordPolicy);
                    if (passwordPolicy.isAccountStateHandlingEnabled()) {
                        passwordPolicyConfiguration.setAccountStateHandler((obj, obj2) -> {
                            return new ArrayList(0);
                        });
                    } else {
                        CasCoreAuthenticationHandlersConfiguration.LOGGER.debug("Handling account states is disabled via CAS configuration");
                    }
                    jaasAuthenticationHandler.setPasswordPolicyConfiguration(passwordPolicyConfiguration);
                }
                jaasAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(jaasAuthenticationProperties2.getPrincipalTransformation()));
                jaasAuthenticationHandler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(jaasAuthenticationProperties2.getCredentialCriteria()));
                return jaasAuthenticationHandler;
            }).collect(Collectors.toList());
        }

        @ConditionalOnMissingBean(name = {"jaasAuthenticationEventExecutionPlanConfigurer"})
        @Bean
        public AuthenticationEventExecutionPlanConfigurer jaasAuthenticationEventExecutionPlanConfigurer() {
            return authenticationEventExecutionPlan -> {
                authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolvers(jaasAuthenticationHandlers(), jaasPersonDirectoryPrincipalResolvers());
            };
        }
    }

    @ConditionalOnProperty(prefix = "cas.sso", name = {"proxyAuthnEnabled"}, havingValue = "true", matchIfMissing = true)
    @Bean
    public AuthenticationHandler proxyAuthenticationHandler() {
        return new HttpBasedServiceCredentialsAuthenticationHandler(null, this.servicesManager.getIfAvailable(), proxyPrincipalFactory(), Integer.MIN_VALUE, this.supportsTrustStoreSslSocketFactoryHttpClient.getIfAvailable());
    }

    @ConditionalOnMissingBean(name = {"proxyPrincipalFactory"})
    @Bean
    public PrincipalFactory proxyPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"proxyPrincipalResolver"})
    @Bean
    public PrincipalResolver proxyPrincipalResolver() {
        return new ProxyingPrincipalResolver(proxyPrincipalFactory());
    }

    @RefreshScope
    @Bean
    public AuthenticationHandler acceptUsersAuthenticationHandler() {
        AcceptAuthenticationProperties accept = this.casProperties.getAuthn().getAccept();
        AcceptUsersAuthenticationHandler acceptUsersAuthenticationHandler = new AcceptUsersAuthenticationHandler(accept.getName(), this.servicesManager.getIfAvailable(), acceptUsersPrincipalFactory(), null, getParsedUsers());
        acceptUsersAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(accept.getPasswordEncoder()));
        acceptUsersAuthenticationHandler.setPasswordPolicyConfiguration(acceptPasswordPolicyConfiguration());
        acceptUsersAuthenticationHandler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(accept.getCredentialCriteria()));
        acceptUsersAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(accept.getPrincipalTransformation()));
        PasswordPolicyProperties passwordPolicy = accept.getPasswordPolicy();
        acceptUsersAuthenticationHandler.setPasswordPolicyHandlingStrategy(CoreAuthenticationUtils.newPasswordPolicyHandlingStrategy(passwordPolicy));
        if (passwordPolicy.isEnabled()) {
            PasswordPolicyConfiguration passwordPolicyConfiguration = new PasswordPolicyConfiguration(passwordPolicy);
            if (passwordPolicy.isAccountStateHandlingEnabled()) {
                passwordPolicyConfiguration.setAccountStateHandler((obj, obj2) -> {
                    return new ArrayList(0);
                });
            } else {
                LOGGER.debug("Handling account states is disabled via CAS configuration");
            }
            acceptUsersAuthenticationHandler.setPasswordPolicyConfiguration(passwordPolicyConfiguration);
        }
        return acceptUsersAuthenticationHandler;
    }

    @ConditionalOnMissingBean(name = {"acceptUsersPrincipalFactory"})
    @Bean
    public PrincipalFactory acceptUsersPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    private Map<String, String> getParsedUsers() {
        Pattern compile = Pattern.compile("::");
        String users = this.casProperties.getAuthn().getAccept().getUsers();
        if (!StringUtils.isNotBlank(users) || !users.contains(compile.pattern())) {
            return new HashMap(0);
        }
        Stream of = Stream.of((Object[]) users.split(","));
        Objects.requireNonNull(compile);
        return (Map) of.map((v1) -> {
            return r1.split(v1);
        }).collect(Collectors.toMap(strArr -> {
            return strArr[0];
        }, strArr2 -> {
            return strArr2[1];
        }));
    }

    @ConditionalOnMissingBean(name = {"proxyAuthenticationEventExecutionPlanConfigurer"})
    @ConditionalOnProperty(prefix = "cas.sso", name = {"proxyAuthnEnabled"}, havingValue = "true", matchIfMissing = true)
    @Bean
    public AuthenticationEventExecutionPlanConfigurer proxyAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(proxyAuthenticationHandler(), proxyPrincipalResolver());
        };
    }

    @ConditionalOnMissingBean(name = {"acceptPasswordPolicyConfiguration"})
    @Bean
    public PasswordPolicyConfiguration acceptPasswordPolicyConfiguration() {
        return new PasswordPolicyConfiguration();
    }

    @ConditionalOnMissingBean(name = {"jaasPasswordPolicyConfiguration"})
    @Bean
    public PasswordPolicyConfiguration jaasPasswordPolicyConfiguration() {
        return new PasswordPolicyConfiguration();
    }
}
