package org.apereo.cas.config;

import java.util.LinkedHashMap;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.audit.AuditPrincipalIdProvider;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationPostProcessor;
import org.apereo.cas.authentication.PrincipalElectionStrategy;
import org.apereo.cas.authentication.SurrogateAuthenticationPostProcessor;
import org.apereo.cas.authentication.SurrogatePrincipalBuilder;
import org.apereo.cas.authentication.SurrogatePrincipalElectionStrategy;
import org.apereo.cas.authentication.SurrogatePrincipalResolver;
import org.apereo.cas.authentication.audit.SurrogateAuditPrincipalIdProvider;
import org.apereo.cas.authentication.event.SurrogateAuthenticationEventListener;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.surrogate.JsonResourceSurrogateAuthenticationService;
import org.apereo.cas.authentication.surrogate.SimpleSurrogateAuthenticationService;
import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties;
import org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.ticket.support.HardTimeoutExpirationPolicy;
import org.apereo.cas.ticket.support.SurrogateSessionExpirationPolicy;
import org.apereo.cas.util.io.CommunicationsManager;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("surrogateAuthenticationConfiguration")
/* loaded from: input_file:org/apereo/cas/config/SurrogateAuthenticationConfiguration.class */
public class SurrogateAuthenticationConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SurrogateAuthenticationConfiguration.class);

    @Autowired
    @Qualifier("attributeRepository")
    private ObjectProvider<IPersonAttributeDao> attributeRepository;

    @Autowired
    private ApplicationEventPublisher eventPublisher;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("communicationsManager")
    private CommunicationsManager communicationsManager;

    @Autowired
    @Qualifier("registeredServiceAccessStrategyEnforcer")
    private AuditableExecution registeredServiceAccessStrategyEnforcer;

    @Autowired
    @Qualifier("surrogateEligibilityAuditableExecution")
    private AuditableExecution surrogateEligibilityAuditableExecution;

    @Bean
    public ExpirationPolicy grantingTicketExpirationPolicy(@Qualifier("ticketGrantingTicketExpirationPolicy") ExpirationPolicy expirationPolicy) {
        ExpirationPolicy hardTimeoutExpirationPolicy = new HardTimeoutExpirationPolicy(this.casProperties.getAuthn().getSurrogate().getTgt().getTimeToKillInSeconds());
        SurrogateSessionExpirationPolicy surrogateSessionExpirationPolicy = new SurrogateSessionExpirationPolicy(hardTimeoutExpirationPolicy);
        surrogateSessionExpirationPolicy.addPolicy(SurrogateSessionExpirationPolicy.PolicyTypes.SURROGATE, hardTimeoutExpirationPolicy);
        surrogateSessionExpirationPolicy.addPolicy(SurrogateSessionExpirationPolicy.PolicyTypes.DEFAULT, expirationPolicy);
        return surrogateSessionExpirationPolicy;
    }

    @ConditionalOnMissingBean(name = {"surrogatePrincipalFactory"})
    @Bean
    public PrincipalFactory surrogatePrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"surrogateAuthenticationService"})
    @RefreshScope
    @Bean
    public SurrogateAuthenticationService surrogateAuthenticationService() {
        SurrogateAuthenticationProperties surrogate = this.casProperties.getAuthn().getSurrogate();
        if (surrogate.getJson().getLocation() != null) {
            LOGGER.debug("Using JSON resource [{}] to locate surrogate accounts", surrogate.getJson().getLocation());
            return new JsonResourceSurrogateAuthenticationService(surrogate.getJson().getLocation(), this.servicesManager);
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        surrogate.getSimple().getSurrogates().forEach((str, str2) -> {
        });
        LOGGER.debug("Using accounts [{}] for surrogate authentication", linkedHashMap);
        return new SimpleSurrogateAuthenticationService(linkedHashMap, this.servicesManager);
    }

    @RefreshScope
    @Bean
    public PrincipalResolver personDirectoryPrincipalResolver() {
        LOGGER.debug("Building principal resolver for surrogate authentication");
        PersonDirectoryPrincipalResolverProperties principal = this.casProperties.getAuthn().getSurrogate().getPrincipal();
        PersonDirectoryPrincipalResolverProperties personDirectory = this.casProperties.getPersonDirectory();
        SurrogatePrincipalResolver surrogatePrincipalResolver = new SurrogatePrincipalResolver((IPersonAttributeDao) this.attributeRepository.getIfAvailable(), surrogatePrincipalFactory(), principal.isReturnNull(), (String) StringUtils.defaultIfBlank(principal.getPrincipalAttribute(), personDirectory.getPrincipalAttribute()));
        surrogatePrincipalResolver.setUseCurrentPrincipalId(personDirectory.isUseExistingPrincipalId() || principal.isUseExistingPrincipalId());
        return surrogatePrincipalResolver;
    }

    @ConditionalOnMissingBean(name = {"surrogateAuthenticationPostProcessor"})
    @Bean
    public AuthenticationPostProcessor surrogateAuthenticationPostProcessor() {
        return new SurrogateAuthenticationPostProcessor(surrogateAuthenticationService(), this.servicesManager, this.eventPublisher, this.registeredServiceAccessStrategyEnforcer, this.surrogateEligibilityAuditableExecution, surrogatePrincipalBuilder());
    }

    @ConditionalOnMissingBean(name = {"surrogatePrincipalBuilder"})
    @Bean
    public SurrogatePrincipalBuilder surrogatePrincipalBuilder() {
        return new SurrogatePrincipalBuilder(surrogatePrincipalFactory(), (IPersonAttributeDao) this.attributeRepository.getIfAvailable());
    }

    @Bean
    public PrincipalElectionStrategy principalElectionStrategy() {
        return new SurrogatePrincipalElectionStrategy();
    }

    @Bean
    public AuditPrincipalIdProvider surrogateAuditPrincipalIdProvider() {
        return new SurrogateAuditPrincipalIdProvider();
    }

    @ConditionalOnMissingBean(name = {"surrogateAuthenticationEventExecutionPlanConfigurer"})
    @Bean
    public AuthenticationEventExecutionPlanConfigurer surrogateAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            authenticationEventExecutionPlan.registerAuthenticationPostProcessor(surrogateAuthenticationPostProcessor());
        };
    }

    @ConditionalOnMissingBean(name = {"surrogateAuthenticationEventListener"})
    @Bean
    public SurrogateAuthenticationEventListener surrogateAuthenticationEventListener() {
        return new SurrogateAuthenticationEventListener(this.communicationsManager, this.casProperties);
    }
}
