package org.apereo.cas.adaptors.jdbc.config;

import com.google.common.collect.Multimap;
import java.util.Collection;
import java.util.HashSet;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.adaptors.jdbc.AbstractJdbcUsernamePasswordAuthenticationHandler;
import org.apereo.cas.adaptors.jdbc.BindModeSearchDatabaseAuthenticationHandler;
import org.apereo.cas.adaptors.jdbc.QueryAndEncodeDatabaseAuthenticationHandler;
import org.apereo.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler;
import org.apereo.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalNameTransformerUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.support.password.PasswordEncoderUtils;
import org.apereo.cas.authentication.support.password.PasswordPolicyContext;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.jdbc.JdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.authn.BaseJdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.authn.BindJdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.authn.QueryEncodeJdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.authn.QueryJdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.authn.SearchJdbcAuthenticationProperties;
import org.apereo.cas.configuration.support.JpaBeans;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("CasJdbcAuthenticationConfiguration")
/* loaded from: input_file:org/apereo/cas/adaptors/jdbc/config/CasJdbcAuthenticationConfiguration.class */
public class CasJdbcAuthenticationConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CasJdbcAuthenticationConfiguration.class);

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("defaultPrincipalResolver")
    private ObjectProvider<PrincipalResolver> defaultPrincipalResolver;

    @ConditionalOnMissingBean(name = {"jdbcAuthenticationHandlers"})
    @RefreshScope
    @Bean
    public Collection<AuthenticationHandler> jdbcAuthenticationHandlers() {
        HashSet hashSet = new HashSet();
        JdbcAuthenticationProperties jdbc = this.casProperties.getAuthn().getJdbc();
        jdbc.getBind().forEach(bindJdbcAuthenticationProperties -> {
            hashSet.add(bindModeSearchDatabaseAuthenticationHandler(bindJdbcAuthenticationProperties));
        });
        jdbc.getEncode().forEach(queryEncodeJdbcAuthenticationProperties -> {
            hashSet.add(queryAndEncodeDatabaseAuthenticationHandler(queryEncodeJdbcAuthenticationProperties));
        });
        jdbc.getQuery().forEach(queryJdbcAuthenticationProperties -> {
            hashSet.add(queryDatabaseAuthenticationHandler(queryJdbcAuthenticationProperties));
        });
        jdbc.getSearch().forEach(searchJdbcAuthenticationProperties -> {
            hashSet.add(searchModeSearchDatabaseAuthenticationHandler(searchJdbcAuthenticationProperties));
        });
        return hashSet;
    }

    @ConditionalOnMissingBean(name = {"jdbcPrincipalFactory"})
    @RefreshScope
    @Bean
    public PrincipalFactory jdbcPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"queryAndEncodePasswordPolicyConfiguration"})
    @RefreshScope
    @Bean
    public PasswordPolicyContext queryAndEncodePasswordPolicyConfiguration() {
        return new PasswordPolicyContext();
    }

    @ConditionalOnMissingBean(name = {"searchModePasswordPolicyConfiguration"})
    @RefreshScope
    @Bean
    public PasswordPolicyContext searchModePasswordPolicyConfiguration() {
        return new PasswordPolicyContext();
    }

    @ConditionalOnMissingBean(name = {"queryPasswordPolicyConfiguration"})
    @RefreshScope
    @Bean
    public PasswordPolicyContext queryPasswordPolicyConfiguration() {
        return new PasswordPolicyContext();
    }

    @ConditionalOnMissingBean(name = {"bindSearchPasswordPolicyConfiguration"})
    @RefreshScope
    @Bean
    public PasswordPolicyContext bindSearchPasswordPolicyConfiguration() {
        return new PasswordPolicyContext();
    }

    @ConditionalOnMissingBean(name = {"jdbcAuthenticationEventExecutionPlanConfigurer"})
    @RefreshScope
    @Bean
    public AuthenticationEventExecutionPlanConfigurer jdbcAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            jdbcAuthenticationHandlers().forEach(authenticationHandler -> {
                authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(authenticationHandler, (PrincipalResolver) this.defaultPrincipalResolver.getObject());
            });
        };
    }

    private AuthenticationHandler bindModeSearchDatabaseAuthenticationHandler(BindJdbcAuthenticationProperties bindJdbcAuthenticationProperties) {
        BindModeSearchDatabaseAuthenticationHandler bindModeSearchDatabaseAuthenticationHandler = new BindModeSearchDatabaseAuthenticationHandler(bindJdbcAuthenticationProperties.getName(), (ServicesManager) this.servicesManager.getObject(), jdbcPrincipalFactory(), Integer.valueOf(bindJdbcAuthenticationProperties.getOrder()), JpaBeans.newDataSource(bindJdbcAuthenticationProperties));
        configureJdbcAuthenticationHandler(bindModeSearchDatabaseAuthenticationHandler, bindJdbcAuthenticationProperties);
        return bindModeSearchDatabaseAuthenticationHandler;
    }

    private AuthenticationHandler queryAndEncodeDatabaseAuthenticationHandler(QueryEncodeJdbcAuthenticationProperties queryEncodeJdbcAuthenticationProperties) {
        QueryAndEncodeDatabaseAuthenticationHandler queryAndEncodeDatabaseAuthenticationHandler = new QueryAndEncodeDatabaseAuthenticationHandler(queryEncodeJdbcAuthenticationProperties.getName(), (ServicesManager) this.servicesManager.getObject(), jdbcPrincipalFactory(), Integer.valueOf(queryEncodeJdbcAuthenticationProperties.getOrder()), JpaBeans.newDataSource(queryEncodeJdbcAuthenticationProperties), queryEncodeJdbcAuthenticationProperties.getAlgorithmName(), queryEncodeJdbcAuthenticationProperties.getSql(), queryEncodeJdbcAuthenticationProperties.getPasswordFieldName(), queryEncodeJdbcAuthenticationProperties.getSaltFieldName(), queryEncodeJdbcAuthenticationProperties.getExpiredFieldName(), queryEncodeJdbcAuthenticationProperties.getDisabledFieldName(), queryEncodeJdbcAuthenticationProperties.getNumberOfIterationsFieldName(), queryEncodeJdbcAuthenticationProperties.getNumberOfIterations(), queryEncodeJdbcAuthenticationProperties.getStaticSalt());
        configureJdbcAuthenticationHandler(queryAndEncodeDatabaseAuthenticationHandler, queryEncodeJdbcAuthenticationProperties);
        return queryAndEncodeDatabaseAuthenticationHandler;
    }

    private AuthenticationHandler queryDatabaseAuthenticationHandler(QueryJdbcAuthenticationProperties queryJdbcAuthenticationProperties) {
        Multimap transformPrincipalAttributesListIntoMultiMap = CoreAuthenticationUtils.transformPrincipalAttributesListIntoMultiMap(queryJdbcAuthenticationProperties.getPrincipalAttributeList());
        LOGGER.trace("Created and mapped principal attributes [{}] for [{}]...", transformPrincipalAttributesListIntoMultiMap, queryJdbcAuthenticationProperties.getUrl());
        QueryDatabaseAuthenticationHandler queryDatabaseAuthenticationHandler = new QueryDatabaseAuthenticationHandler(queryJdbcAuthenticationProperties.getName(), (ServicesManager) this.servicesManager.getObject(), jdbcPrincipalFactory(), Integer.valueOf(queryJdbcAuthenticationProperties.getOrder()), JpaBeans.newDataSource(queryJdbcAuthenticationProperties), queryJdbcAuthenticationProperties.getSql(), queryJdbcAuthenticationProperties.getFieldPassword(), queryJdbcAuthenticationProperties.getFieldExpired(), queryJdbcAuthenticationProperties.getFieldDisabled(), CollectionUtils.wrap(transformPrincipalAttributesListIntoMultiMap));
        configureJdbcAuthenticationHandler(queryDatabaseAuthenticationHandler, queryJdbcAuthenticationProperties);
        queryDatabaseAuthenticationHandler.setPasswordPolicyConfiguration(queryPasswordPolicyConfiguration());
        return queryDatabaseAuthenticationHandler;
    }

    private AuthenticationHandler searchModeSearchDatabaseAuthenticationHandler(SearchJdbcAuthenticationProperties searchJdbcAuthenticationProperties) {
        SearchModeSearchDatabaseAuthenticationHandler searchModeSearchDatabaseAuthenticationHandler = new SearchModeSearchDatabaseAuthenticationHandler(searchJdbcAuthenticationProperties.getName(), (ServicesManager) this.servicesManager.getObject(), jdbcPrincipalFactory(), Integer.valueOf(searchJdbcAuthenticationProperties.getOrder()), JpaBeans.newDataSource(searchJdbcAuthenticationProperties), searchJdbcAuthenticationProperties.getFieldUser(), searchJdbcAuthenticationProperties.getFieldPassword(), searchJdbcAuthenticationProperties.getTableUsers());
        configureJdbcAuthenticationHandler(searchModeSearchDatabaseAuthenticationHandler, searchJdbcAuthenticationProperties);
        return searchModeSearchDatabaseAuthenticationHandler;
    }

    private void configureJdbcAuthenticationHandler(AbstractJdbcUsernamePasswordAuthenticationHandler abstractJdbcUsernamePasswordAuthenticationHandler, BaseJdbcAuthenticationProperties baseJdbcAuthenticationProperties) {
        abstractJdbcUsernamePasswordAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(baseJdbcAuthenticationProperties.getPasswordEncoder(), this.applicationContext));
        abstractJdbcUsernamePasswordAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(baseJdbcAuthenticationProperties.getPrincipalTransformation()));
        abstractJdbcUsernamePasswordAuthenticationHandler.setPasswordPolicyConfiguration(bindSearchPasswordPolicyConfiguration());
        if (StringUtils.isNotBlank(baseJdbcAuthenticationProperties.getCredentialCriteria())) {
            abstractJdbcUsernamePasswordAuthenticationHandler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(baseJdbcAuthenticationProperties.getCredentialCriteria()));
        }
        LOGGER.trace("Configured authentication handler [{}] to handle database url at [{}]", abstractJdbcUsernamePasswordAuthenticationHandler.getName(), baseJdbcAuthenticationProperties.getUrl());
    }
}
