package org.apache.syncope.wa.starter.config;

import com.github.benmanes.caffeine.cache.Caffeine;
import com.warrenstrange.googleauth.IGoogleAuthenticator;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.info.Contact;
import io.swagger.v3.oas.models.info.Info;
import io.swagger.v3.oas.models.security.SecurityScheme;
import java.time.OffsetDateTime;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.common.keymaster.client.api.model.NetworkService;
import org.apache.syncope.common.keymaster.client.api.startstop.KeymasterStart;
import org.apache.syncope.common.keymaster.client.api.startstop.KeymasterStop;
import org.apache.syncope.wa.bootstrap.WAProperties;
import org.apache.syncope.wa.bootstrap.WARestClient;
import org.apache.syncope.wa.starter.actuate.SyncopeCoreHealthIndicator;
import org.apache.syncope.wa.starter.actuate.SyncopeWAInfoContributor;
import org.apache.syncope.wa.starter.audit.WAAuditTrailManager;
import org.apache.syncope.wa.starter.events.WAEventRepository;
import org.apache.syncope.wa.starter.gauth.WAGoogleMfaAuthCredentialRepository;
import org.apache.syncope.wa.starter.gauth.WAGoogleMfaAuthTokenRepository;
import org.apache.syncope.wa.starter.mapping.AccessMapFor;
import org.apache.syncope.wa.starter.mapping.AccessMapper;
import org.apache.syncope.wa.starter.mapping.AttrReleaseMapFor;
import org.apache.syncope.wa.starter.mapping.AttrReleaseMapper;
import org.apache.syncope.wa.starter.mapping.AuthMapFor;
import org.apache.syncope.wa.starter.mapping.AuthMapper;
import org.apache.syncope.wa.starter.mapping.CASSPClientAppTOMapper;
import org.apache.syncope.wa.starter.mapping.ClientAppMapFor;
import org.apache.syncope.wa.starter.mapping.ClientAppMapper;
import org.apache.syncope.wa.starter.mapping.DefaultAccessMapper;
import org.apache.syncope.wa.starter.mapping.DefaultAttrReleaseMapper;
import org.apache.syncope.wa.starter.mapping.DefaultAuthMapper;
import org.apache.syncope.wa.starter.mapping.OIDCRPClientAppTOMapper;
import org.apache.syncope.wa.starter.mapping.RegisteredServiceMapper;
import org.apache.syncope.wa.starter.mapping.SAML2SPClientAppTOMapper;
import org.apache.syncope.wa.starter.oidc.WAOIDCJWKSGeneratorService;
import org.apache.syncope.wa.starter.pac4j.saml.WASAML2ClientCustomizer;
import org.apache.syncope.wa.starter.saml.idp.metadata.RestfulSamlIdPMetadataGenerator;
import org.apache.syncope.wa.starter.saml.idp.metadata.RestfulSamlIdPMetadataLocator;
import org.apache.syncope.wa.starter.services.WAServiceRegistry;
import org.apache.syncope.wa.starter.surrogate.WASurrogateAuthenticationService;
import org.apache.syncope.wa.starter.u2f.WAU2FDeviceRepository;
import org.apache.syncope.wa.starter.webauthn.WAWebAuthnCredentialRepository;
import org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository;
import org.apereo.cas.audit.AuditTrailExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.gauth.LdapGoogleAuthenticatorMultifactorProperties;
import org.apereo.cas.configuration.model.support.mfa.u2f.U2FCoreMultifactorAuthenticationProperties;
import org.apereo.cas.gauth.credential.LdapGoogleAuthenticatorTokenCredentialRepository;
import org.apereo.cas.oidc.jwks.generator.OidcJsonWebKeystoreGeneratorService;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialRepository;
import org.apereo.cas.services.ServiceRegistryExecutionPlanConfigurer;
import org.apereo.cas.services.ServiceRegistryListener;
import org.apereo.cas.support.events.CasEventRepository;
import org.apereo.cas.support.events.CasEventRepositoryFilter;
import org.apereo.cas.support.pac4j.authentication.clients.DelegatedClientFactoryCustomizer;
import org.apereo.cas.support.pac4j.authentication.handler.support.DelegatedClientAuthenticationHandler;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGeneratorConfigurationContext;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.webauthn.storage.WebAuthnCredentialRepository;
import org.pac4j.core.client.Client;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;

@Configuration(proxyBeanMethods = false)
/* loaded from: input_file:org/apache/syncope/wa/starter/config/WAContext.class */
public class WAContext {
    public static final String CUSTOM_GOOGLE_AUTHENTICATOR_ACCOUNT_REGISTRY = "customGoogleAuthenticatorAccountRegistry";

    private static String version(ConfigurableApplicationContext configurableApplicationContext) {
        return configurableApplicationContext.getEnvironment().getProperty("version");
    }

    @ConditionalOnMissingBean
    @Bean
    public OpenAPI casSwaggerOpenApi(ConfigurableApplicationContext configurableApplicationContext) {
        return new OpenAPI().info(new Info().title("Apache Syncope").description("Apache Syncope " + version(configurableApplicationContext)).contact(new Contact().name("The Apache Syncope community").email("dev@syncope.apache.org").url("https://syncope.apache.org")).version(version(configurableApplicationContext))).schemaRequirement("BasicAuthentication", new SecurityScheme().type(SecurityScheme.Type.HTTP).scheme("basic")).schemaRequirement("Bearer", new SecurityScheme().type(SecurityScheme.Type.HTTP).scheme("bearer").bearerFormat("JWT"));
    }

    @ConditionalOnMissingBean(name = {"accessMapper"})
    @Bean
    public AccessMapper accessMapper() {
        return new DefaultAccessMapper();
    }

    @ConditionalOnMissingBean(name = {"attrReleaseMapper"})
    @Bean
    public AttrReleaseMapper attrReleaseMapper() {
        return new DefaultAttrReleaseMapper();
    }

    @ConditionalOnMissingBean(name = {"authMapper"})
    @Bean
    public AuthMapper authMapper() {
        return new DefaultAuthMapper();
    }

    @ConditionalOnMissingBean(name = {"casSPClientAppTOMapper"})
    @Bean
    public ClientAppMapper casSPClientAppTOMapper() {
        return new CASSPClientAppTOMapper();
    }

    @ConditionalOnMissingBean(name = {"oidcRPClientAppTOMapper"})
    @Bean
    public ClientAppMapper oidcRPClientAppTOMapper() {
        return new OIDCRPClientAppTOMapper();
    }

    @ConditionalOnMissingBean(name = {"saml2SPClientAppTOMapper"})
    @Bean
    public ClientAppMapper saml2SPClientAppTOMapper() {
        return new SAML2SPClientAppTOMapper();
    }

    @ConditionalOnMissingBean
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public RegisteredServiceMapper registeredServiceMapper(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, ObjectProvider<AuthenticationEventExecutionPlan> objectProvider) {
        HashMap hashMap = new HashMap();
        configurableApplicationContext.getBeansOfType(AuthMapper.class).forEach((str, authMapper) -> {
            AuthMapFor authMapFor = (AuthMapFor) configurableApplicationContext.findAnnotationOnBean(str, AuthMapFor.class);
            if (authMapFor != null) {
                hashMap.put(authMapFor.authPolicyConfClass().getName(), authMapper);
            }
        });
        HashMap hashMap2 = new HashMap();
        configurableApplicationContext.getBeansOfType(AccessMapper.class).forEach((str2, accessMapper) -> {
            AccessMapFor accessMapFor = (AccessMapFor) configurableApplicationContext.findAnnotationOnBean(str2, AccessMapFor.class);
            if (accessMapFor != null) {
                hashMap2.put(accessMapFor.accessPolicyConfClass().getName(), accessMapper);
            }
        });
        HashMap hashMap3 = new HashMap();
        configurableApplicationContext.getBeansOfType(AttrReleaseMapper.class).forEach((str3, attrReleaseMapper) -> {
            AttrReleaseMapFor attrReleaseMapFor = (AttrReleaseMapFor) configurableApplicationContext.findAnnotationOnBean(str3, AttrReleaseMapFor.class);
            if (attrReleaseMapFor != null) {
                hashMap3.put(attrReleaseMapFor.attrReleasePolicyConfClass().getName(), attrReleaseMapper);
            }
        });
        HashMap hashMap4 = new HashMap();
        configurableApplicationContext.getBeansOfType(ClientAppMapper.class).forEach((str4, clientAppMapper) -> {
            ClientAppMapFor clientAppMapFor = (ClientAppMapFor) configurableApplicationContext.findAnnotationOnBean(str4, ClientAppMapFor.class);
            if (clientAppMapFor != null) {
                hashMap4.put(clientAppMapFor.clientAppClass().getName(), clientAppMapper);
            }
        });
        return new RegisteredServiceMapper(configurableApplicationContext, (String) Optional.ofNullable(casConfigurationProperties.getAuthn().getPac4j().getCore().getName()).orElse(DelegatedClientAuthenticationHandler.class.getSimpleName()), objectProvider, hashMap, hashMap2, hashMap3, hashMap4);
    }

    @ConditionalOnMissingBean
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public ServiceRegistryExecutionPlanConfigurer syncopeServiceRegistryConfigurer(ConfigurableApplicationContext configurableApplicationContext, WARestClient wARestClient, RegisteredServiceMapper registeredServiceMapper, @Qualifier("serviceRegistryListeners") ObjectProvider<List<ServiceRegistryListener>> objectProvider) {
        WAServiceRegistry wAServiceRegistry = new WAServiceRegistry(wARestClient, registeredServiceMapper, configurableApplicationContext, (Collection) Optional.ofNullable((List) objectProvider.getIfAvailable()).orElseGet(ArrayList::new));
        return serviceRegistryExecutionPlan -> {
            serviceRegistryExecutionPlan.registerServiceRegistry(wAServiceRegistry);
        };
    }

    @Bean
    public SamlIdPMetadataGenerator samlIdPMetadataGenerator(WARestClient wARestClient, SamlIdPMetadataGeneratorConfigurationContext samlIdPMetadataGeneratorConfigurationContext) {
        return new RestfulSamlIdPMetadataGenerator(samlIdPMetadataGeneratorConfigurationContext, wARestClient);
    }

    @Bean
    public SamlIdPMetadataLocator samlIdPMetadataLocator(WARestClient wARestClient) {
        return new RestfulSamlIdPMetadataLocator(CipherExecutor.noOpOfStringToString(), Caffeine.newBuilder().build(), wARestClient);
    }

    @Bean
    public AuditTrailExecutionPlanConfigurer auditConfigurer(WARestClient wARestClient) {
        return auditTrailExecutionPlan -> {
            auditTrailExecutionPlan.registerAuditTrailManager(new WAAuditTrailManager(wARestClient));
        };
    }

    @ConditionalOnMissingBean(name = {"syncopeWAEventRepositoryFilter"})
    @Bean
    public CasEventRepositoryFilter syncopeWAEventRepositoryFilter() {
        return CasEventRepositoryFilter.noOp();
    }

    @Bean
    public CasEventRepository casEventRepository(WARestClient wARestClient, @Qualifier("syncopeWAEventRepositoryFilter") CasEventRepositoryFilter casEventRepositoryFilter) {
        return new WAEventRepository(casEventRepositoryFilter, wARestClient);
    }

    @Bean
    public DelegatedClientFactoryCustomizer<Client> delegatedClientCustomizer(WARestClient wARestClient) {
        return new WASAML2ClientCustomizer(wARestClient);
    }

    @Bean
    public WAGoogleMfaAuthTokenRepository oneTimeTokenAuthenticatorTokenRepository(CasConfigurationProperties casConfigurationProperties, WARestClient wARestClient) {
        return new WAGoogleMfaAuthTokenRepository(wARestClient, casConfigurationProperties.getAuthn().getMfa().getGauth().getCore().getTimeStepSize());
    }

    @ConditionalOnMissingBean(name = {CUSTOM_GOOGLE_AUTHENTICATOR_ACCOUNT_REGISTRY})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public OneTimeTokenCredentialRepository googleAuthenticatorAccountRegistry(CasConfigurationProperties casConfigurationProperties, @Qualifier("googleAuthenticatorAccountCipherExecutor") CipherExecutor<String, String> cipherExecutor, @Qualifier("googleAuthenticatorScratchCodesCipherExecutor") CipherExecutor<Number, Number> cipherExecutor2, IGoogleAuthenticator iGoogleAuthenticator, WARestClient wARestClient) {
        LdapGoogleAuthenticatorMultifactorProperties ldap = casConfigurationProperties.getAuthn().getMfa().getGauth().getLdap();
        return (StringUtils.isNotBlank(ldap.getBaseDn()) && StringUtils.isNotBlank(ldap.getLdapUrl()) && StringUtils.isNotBlank(ldap.getSearchFilter())) ? new LdapGoogleAuthenticatorTokenCredentialRepository(cipherExecutor, cipherExecutor2, iGoogleAuthenticator, LdapUtils.newLdaptiveConnectionFactory(ldap), ldap) : new WAGoogleMfaAuthCredentialRepository(wARestClient, iGoogleAuthenticator);
    }

    @Bean
    public OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService(CasConfigurationProperties casConfigurationProperties, WARestClient wARestClient) {
        return new WAOIDCJWKSGeneratorService(wARestClient, casConfigurationProperties.getAuthn().getOidc().getJwks().getCore().getJwksKeyId(), casConfigurationProperties.getAuthn().getOidc().getJwks().getCore().getJwksType(), casConfigurationProperties.getAuthn().getOidc().getJwks().getCore().getJwksKeySize());
    }

    @Bean
    public WebAuthnCredentialRepository webAuthnCredentialRepository(CasConfigurationProperties casConfigurationProperties, WARestClient wARestClient) {
        return new WAWebAuthnCredentialRepository(casConfigurationProperties, wARestClient);
    }

    @Bean
    public U2FDeviceRepository u2fDeviceRepository(CasConfigurationProperties casConfigurationProperties, WARestClient wARestClient) {
        U2FCoreMultifactorAuthenticationProperties core = casConfigurationProperties.getAuthn().getMfa().getU2f().getCore();
        return new WAU2FDeviceRepository(casConfigurationProperties, Caffeine.newBuilder().expireAfterWrite(core.getExpireRegistrations(), core.getExpireRegistrationsTimeUnit()).build(str -> {
            return "";
        }), wARestClient, OffsetDateTime.now().minus(core.getExpireDevices(), (TemporalUnit) DateTimeUtils.toChronoUnit(core.getExpireDevicesTimeUnit())));
    }

    @Bean
    public SurrogateAuthenticationService surrogateAuthenticationService(WARestClient wARestClient) {
        return new WASurrogateAuthenticationService(wARestClient);
    }

    @ConditionalOnMissingBean
    @Bean
    public SyncopeCoreHealthIndicator syncopeCoreHealthIndicator(WARestClient wARestClient) {
        return new SyncopeCoreHealthIndicator(wARestClient);
    }

    @ConditionalOnMissingBean
    @Bean
    public SyncopeWAInfoContributor syncopeWAInfoContributor(WAProperties wAProperties) {
        return new SyncopeWAInfoContributor(wAProperties);
    }

    @Bean
    public KeymasterStart keymasterStart() {
        return new KeymasterStart(NetworkService.Type.WA);
    }

    @Bean
    public KeymasterStop keymasterStop() {
        return new KeymasterStop(NetworkService.Type.WA);
    }
}
