package org.apereo.cas.config;

import java.util.Objects;
import lombok.Generated;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.metadata.AuthenticationCredentialTypeMetaDataPopulator;
import org.apereo.cas.authentication.metadata.AuthenticationDateAttributeMetaDataPopulator;
import org.apereo.cas.authentication.metadata.CacheCredentialsCipherExecutor;
import org.apereo.cas.authentication.metadata.CacheCredentialsMetaDataPopulator;
import org.apereo.cas.authentication.metadata.ClientInfoAuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.metadata.CredentialCustomFieldsAttributeMetaDataPopulator;
import org.apereo.cas.authentication.metadata.RememberMeAuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.metadata.SuccessfulHandlerMetaDataPopulator;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.configuration.model.support.clearpass.ClearpassProperties;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "CasCoreAuthenticationMetadataConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-6.5.5.jar:org/apereo/cas/config/CasCoreAuthenticationMetadataConfiguration.class */
public class CasCoreAuthenticationMetadataConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CasCoreAuthenticationMetadataConfiguration.class);

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasCoreAuthenticationMetadataCipherConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-6.5.5.jar:org/apereo/cas/config/CasCoreAuthenticationMetadataConfiguration$CasCoreAuthenticationMetadataCipherConfiguration.class */
    public static class CasCoreAuthenticationMetadataCipherConfiguration {
        @ConditionalOnMissingBean(name = {"cacheCredentialsCipherExecutor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CipherExecutor cacheCredentialsCipherExecutor(CasConfigurationProperties casConfigurationProperties) {
            ClearpassProperties clearpass = casConfigurationProperties.getClearpass();
            if (clearpass.isCacheCredential()) {
                EncryptionJwtSigningJwtCryptographyProperties crypto = clearpass.getCrypto();
                if (crypto.isEnabled()) {
                    return CipherExecutorUtils.newStringCipherExecutor(crypto, CacheCredentialsCipherExecutor.class);
                }
                CasCoreAuthenticationMetadataConfiguration.LOGGER.warn("CAS is configured to capture and cache credentials via Clearpass yet crypto operations for the cached password are turned off. Consider enabling the crypto configuration in CAS settings that allow the system to sign & encrypt the captured credential.");
            }
            return CipherExecutor.noOp();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasCoreAuthenticationMetadataClearPassConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-6.5.5.jar:org/apereo/cas/config/CasCoreAuthenticationMetadataConfiguration$CasCoreAuthenticationMetadataClearPassConfiguration.class */
    public static class CasCoreAuthenticationMetadataClearPassConfiguration {
        @ConditionalOnMissingBean(name = {"cacheCredentialsMetaDataPopulator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @ConditionalOnProperty(prefix = "cas.clearpass", name = {"cache-credential"}, havingValue = "true")
        @Bean
        public AuthenticationMetaDataPopulator cacheCredentialsMetaDataPopulator(@Qualifier("cacheCredentialsCipherExecutor") CipherExecutor cipherExecutor) {
            CasCoreAuthenticationMetadataConfiguration.LOGGER.warn("CAS is configured to capture and cache credentials via Clearpass. Sharing the user credential with other applications is generally NOT recommended, may lead to security vulnerabilities and MUST only be used as a last resort .");
            return new CacheCredentialsMetaDataPopulator(cipherExecutor);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasCoreAuthenticationMetadataExecutionPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-6.5.5.jar:org/apereo/cas/config/CasCoreAuthenticationMetadataConfiguration$CasCoreAuthenticationMetadataExecutionPlanConfiguration.class */
    public static class CasCoreAuthenticationMetadataExecutionPlanConfiguration {
        @ConditionalOnMissingBean(name = {"casCoreAuthenticationMetadataAuthenticationEventExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationEventExecutionPlanConfigurer casCoreAuthenticationMetadataAuthenticationEventExecutionPlanConfigurer(@Qualifier("authenticationCredentialTypeMetaDataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator, @Qualifier("credentialCustomFieldsAttributeMetaDataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator2, @Qualifier("authenticationDateMetaDataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator3, @Qualifier("clientInfoAuthenticationMetaDataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator4, @Qualifier("rememberMeAuthenticationMetaDataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator5, @Qualifier("successfulHandlerMetaDataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator6, @Qualifier("cacheCredentialsMetaDataPopulator") ObjectProvider<AuthenticationMetaDataPopulator> objectProvider) {
            return authenticationEventExecutionPlan -> {
                authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator6);
                authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator5);
                authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator);
                authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator3);
                authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator2);
                authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator4);
                Objects.requireNonNull(authenticationEventExecutionPlan);
                objectProvider.ifAvailable(authenticationEventExecutionPlan::registerAuthenticationMetadataPopulator);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasCoreAuthenticationMetadataPopulatorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-6.5.5.jar:org/apereo/cas/config/CasCoreAuthenticationMetadataConfiguration$CasCoreAuthenticationMetadataPopulatorConfiguration.class */
    public static class CasCoreAuthenticationMetadataPopulatorConfiguration {
        @ConditionalOnMissingBean(name = {"authenticationCredentialTypeMetaDataPopulator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationMetaDataPopulator authenticationCredentialTypeMetaDataPopulator() {
            return new AuthenticationCredentialTypeMetaDataPopulator();
        }

        @ConditionalOnMissingBean(name = {"credentialCustomFieldsAttributeMetaDataPopulator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationMetaDataPopulator credentialCustomFieldsAttributeMetaDataPopulator() {
            return new CredentialCustomFieldsAttributeMetaDataPopulator();
        }

        @ConditionalOnMissingBean(name = {"authenticationDateMetaDataPopulator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationMetaDataPopulator authenticationDateMetaDataPopulator() {
            return new AuthenticationDateAttributeMetaDataPopulator();
        }

        @ConditionalOnMissingBean(name = {"clientInfoAuthenticationMetaDataPopulator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationMetaDataPopulator clientInfoAuthenticationMetaDataPopulator() {
            return new ClientInfoAuthenticationMetaDataPopulator();
        }

        @ConditionalOnMissingBean(name = {"successfulHandlerMetaDataPopulator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationMetaDataPopulator successfulHandlerMetaDataPopulator() {
            return new SuccessfulHandlerMetaDataPopulator();
        }

        @ConditionalOnMissingBean(name = {"rememberMeAuthenticationMetaDataPopulator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationMetaDataPopulator rememberMeAuthenticationMetaDataPopulator(CasConfigurationProperties casConfigurationProperties) {
            return new RememberMeAuthenticationMetaDataPopulator(casConfigurationProperties.getTicket().getTgt().getRememberMe());
        }
    }
}
