package org.apereo.cas.config;

import java.util.Collection;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationPolicy;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationService;
import org.apereo.cas.authentication.adaptive.intel.BlackDotIPAddressIntelligenceService;
import org.apereo.cas.authentication.adaptive.intel.DefaultIPAddressIntelligenceService;
import org.apereo.cas.authentication.adaptive.intel.GroovyIPAddressIntelligenceService;
import org.apereo.cas.authentication.adaptive.intel.IPAddressIntelligenceService;
import org.apereo.cas.authentication.adaptive.intel.RestfulIPAddressIntelligenceService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationIPIntelligenceProperties;
import org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties;
import org.apereo.cas.multitenancy.TenantExtractor;
import org.apereo.cas.util.nativex.CasRuntimeHintsRegistrar;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;

/* JADX INFO: Access modifiers changed from: package-private */
@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "CasCoreAuthenticationPolicyConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.Authentication})
/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-7.3.0-RC2.jar:org/apereo/cas/config/CasCoreAuthenticationPolicyConfiguration.class */
public class CasCoreAuthenticationPolicyConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CasCoreAuthenticationPolicyConfiguration.class);

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasCoreAuthenticationPolicyPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-7.3.0-RC2.jar:org/apereo/cas/config/CasCoreAuthenticationPolicyConfiguration$CasCoreAuthenticationPolicyPlanConfiguration.class */
    static class CasCoreAuthenticationPolicyPlanConfiguration {
        CasCoreAuthenticationPolicyPlanConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"authenticationPolicyExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationEventExecutionPlanConfigurer authenticationPolicyExecutionPlanConfigurer(CasConfigurationProperties casConfigurationProperties) {
            return authenticationEventExecutionPlan -> {
                Collection<AuthenticationPolicy> newAuthenticationPolicy = CoreAuthenticationUtils.newAuthenticationPolicy(casConfigurationProperties.getAuthn().getPolicy());
                if (newAuthenticationPolicy != null) {
                    CasCoreAuthenticationPolicyConfiguration.LOGGER.debug("Activated authentication policies are [{}]", newAuthenticationPolicy);
                    authenticationEventExecutionPlan.registerAuthenticationPolicies(newAuthenticationPolicy);
                }
            };
        }

        @ConditionalOnMissingBean(name = {AdaptiveAuthenticationPolicy.BEAN_NAME})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy(CasConfigurationProperties casConfigurationProperties, @Qualifier("ipAddressIntelligenceService") IPAddressIntelligenceService iPAddressIntelligenceService, @Qualifier("geoLocationService") ObjectProvider<GeoLocationService> objectProvider) {
            return new DefaultAdaptiveAuthenticationPolicy(objectProvider.getIfAvailable(), iPAddressIntelligenceService, casConfigurationProperties.getAuthn().getAdaptive());
        }
    }

    CasCoreAuthenticationPolicyConfiguration() {
    }

    @ConditionalOnMissingBean(name = {IPAddressIntelligenceService.BEAN_NAME})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public IPAddressIntelligenceService ipAddressIntelligenceService(@Qualifier("tenantExtractor") TenantExtractor tenantExtractor, CasConfigurationProperties casConfigurationProperties) {
        AdaptiveAuthenticationProperties adaptive = casConfigurationProperties.getAuthn().getAdaptive();
        AdaptiveAuthenticationIPIntelligenceProperties ipIntel = adaptive.getIpIntel();
        return StringUtils.isNotBlank(ipIntel.getRest().getUrl()) ? new RestfulIPAddressIntelligenceService(tenantExtractor, adaptive) : (ipIntel.getGroovy().getLocation() == null || !CasRuntimeHintsRegistrar.notInNativeImage()) ? StringUtils.isNotBlank(ipIntel.getBlackDot().getEmailAddress()) ? new BlackDotIPAddressIntelligenceService(tenantExtractor, adaptive) : new DefaultIPAddressIntelligenceService(tenantExtractor, adaptive) : new GroovyIPAddressIntelligenceService(tenantExtractor, adaptive);
    }
}
