package org.apereo.cas.config;

import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalNameTransformerUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.attribute.PersonAttributeDao;
import org.apereo.cas.authentication.support.password.PasswordEncoderUtils;
import org.apereo.cas.azure.ad.authentication.AzureActiveDirectoryAuthenticationHandler;
import org.apereo.cas.azure.ad.authentication.MicrosoftGraphPersonAttributeDao;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.support.azuread.AzureActiveDirectoryAuthenticationProperties;
import org.apereo.cas.persondir.PersonDirectoryAttributeRepositoryPlanConfigurer;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.Authentication}, module = "azuread")
/* loaded from: input_file:org/apereo/cas/config/CasAzureActiveDirectoryAuthenticationAutoConfiguration.class */
public class CasAzureActiveDirectoryAuthenticationAutoConfiguration {

    @Configuration(value = "AzureActiveDirectoryAttributeConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasAzureActiveDirectoryAuthenticationAutoConfiguration$AzureActiveDirectoryAttributeConfiguration.class */
    static class AzureActiveDirectoryAttributeConfiguration {
        AzureActiveDirectoryAttributeConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"microsoftAzureActiveDirectoryAttributeRepositories"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public List<PersonAttributeDao> microsoftAzureActiveDirectoryAttributeRepositories(CasConfigurationProperties casConfigurationProperties) {
            SpringExpressionLanguageValueResolver springExpressionLanguageValueResolver = SpringExpressionLanguageValueResolver.getInstance();
            ArrayList arrayList = new ArrayList();
            casConfigurationProperties.getAuthn().getAttributeRepository().getAzureActiveDirectory().stream().filter(azureActiveDirectoryAttributesProperties -> {
                return StringUtils.isNotBlank(azureActiveDirectoryAttributesProperties.getClientId()) && StringUtils.isNotBlank(azureActiveDirectoryAttributesProperties.getClientSecret());
            }).forEach(azureActiveDirectoryAttributesProperties2 -> {
                MicrosoftGraphPersonAttributeDao microsoftGraphPersonAttributeDao = new MicrosoftGraphPersonAttributeDao();
                FunctionUtils.doIfNotNull(azureActiveDirectoryAttributesProperties2.getId(), str -> {
                    microsoftGraphPersonAttributeDao.setId(new String[]{str});
                });
                String apiBaseUrl = azureActiveDirectoryAttributesProperties2.getApiBaseUrl();
                Objects.requireNonNull(microsoftGraphPersonAttributeDao);
                FunctionUtils.doIfNotNull(apiBaseUrl, microsoftGraphPersonAttributeDao::setApiBaseUrl);
                String grantType = azureActiveDirectoryAttributesProperties2.getGrantType();
                Objects.requireNonNull(microsoftGraphPersonAttributeDao);
                FunctionUtils.doIfNotNull(grantType, microsoftGraphPersonAttributeDao::setGrantType);
                String loginBaseUrl = azureActiveDirectoryAttributesProperties2.getLoginBaseUrl();
                Objects.requireNonNull(microsoftGraphPersonAttributeDao);
                FunctionUtils.doIfNotNull(loginBaseUrl, microsoftGraphPersonAttributeDao::setLoginBaseUrl);
                String loggingLevel = azureActiveDirectoryAttributesProperties2.getLoggingLevel();
                Objects.requireNonNull(microsoftGraphPersonAttributeDao);
                FunctionUtils.doIfNotNull(loggingLevel, microsoftGraphPersonAttributeDao::setLoggingLevel);
                String attributes = azureActiveDirectoryAttributesProperties2.getAttributes();
                Objects.requireNonNull(microsoftGraphPersonAttributeDao);
                FunctionUtils.doIfNotNull(attributes, microsoftGraphPersonAttributeDao::setProperties);
                String resource = azureActiveDirectoryAttributesProperties2.getResource();
                Objects.requireNonNull(microsoftGraphPersonAttributeDao);
                FunctionUtils.doIfNotNull(resource, microsoftGraphPersonAttributeDao::setResource);
                String scope = azureActiveDirectoryAttributesProperties2.getScope();
                Objects.requireNonNull(microsoftGraphPersonAttributeDao);
                FunctionUtils.doIfNotNull(scope, microsoftGraphPersonAttributeDao::setScope);
                microsoftGraphPersonAttributeDao.setTenant(springExpressionLanguageValueResolver.resolve(azureActiveDirectoryAttributesProperties2.getTenant()));
                microsoftGraphPersonAttributeDao.setDomain(springExpressionLanguageValueResolver.resolve(azureActiveDirectoryAttributesProperties2.getDomain()));
                microsoftGraphPersonAttributeDao.setClientSecret(springExpressionLanguageValueResolver.resolve(azureActiveDirectoryAttributesProperties2.getClientSecret()));
                microsoftGraphPersonAttributeDao.setClientId(springExpressionLanguageValueResolver.resolve(azureActiveDirectoryAttributesProperties2.getClientId()));
                microsoftGraphPersonAttributeDao.setOrder(azureActiveDirectoryAttributesProperties2.getOrder());
                arrayList.add(microsoftGraphPersonAttributeDao);
            });
            return arrayList;
        }

        @ConditionalOnMissingBean(name = {"microsoftAzureActiveDirectoryAttributeRepositoryPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PersonDirectoryAttributeRepositoryPlanConfigurer microsoftAzureActiveDirectoryAttributeRepositoryPlanConfigurer(@Qualifier("microsoftAzureActiveDirectoryAttributeRepositories") List<PersonAttributeDao> list) {
            return personDirectoryAttributeRepositoryPlan -> {
                Stream filter = list.stream().filter((v0) -> {
                    return v0.isEnabled();
                });
                Objects.requireNonNull(personDirectoryAttributeRepositoryPlan);
                filter.forEach(personDirectoryAttributeRepositoryPlan::registerAttributeRepository);
            };
        }
    }

    @Configuration(value = "AzureActiveDirectoryAuthenticationHandlerConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasAzureActiveDirectoryAuthenticationAutoConfiguration$AzureActiveDirectoryAuthenticationHandlerConfiguration.class */
    static class AzureActiveDirectoryAuthenticationHandlerConfiguration {
        private static final BeanCondition CONDITION = BeanCondition.on("cas.authn.azure-active-directory.client-id").and("cas.authn.azure-active-directory.enabled").isTrue().evenIfMissing();

        AzureActiveDirectoryAuthenticationHandlerConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"microsoftAzureActiveDirectoryPrincipalFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PrincipalFactory microsoftAzureActiveDirectoryPrincipalFactory() {
            return PrincipalFactoryUtils.newPrincipalFactory();
        }

        @ConditionalOnMissingBean(name = {"microsoftAzureActiveDirectoryAuthenticationHandler"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationHandler microsoftAzureActiveDirectoryAuthenticationHandler(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("servicesManager") ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties, @Qualifier("microsoftAzureActiveDirectoryPrincipalFactory") PrincipalFactory principalFactory) {
            return (AuthenticationHandler) BeanSupplier.of(AuthenticationHandler.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                AzureActiveDirectoryAuthenticationProperties azureActiveDirectory = casConfigurationProperties.getAuthn().getAzureActiveDirectory();
                AzureActiveDirectoryAuthenticationHandler azureActiveDirectoryAuthenticationHandler = new AzureActiveDirectoryAuthenticationHandler(servicesManager, principalFactory, azureActiveDirectory);
                azureActiveDirectoryAuthenticationHandler.setState(azureActiveDirectory.getState());
                azureActiveDirectoryAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(azureActiveDirectory.getPrincipalTransformation()));
                azureActiveDirectoryAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(azureActiveDirectory.getPasswordEncoder(), configurableApplicationContext));
                azureActiveDirectoryAuthenticationHandler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(azureActiveDirectory.getCredentialCriteria()));
                return azureActiveDirectoryAuthenticationHandler;
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"microsoftAzureActiveDirectoryAuthenticationEventExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationEventExecutionPlanConfigurer microsoftAzureActiveDirectoryAuthenticationEventExecutionPlanConfigurer(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("microsoftAzureActiveDirectoryAuthenticationHandler") AuthenticationHandler authenticationHandler, @Qualifier("defaultPrincipalResolver") PrincipalResolver principalResolver) {
            return (AuthenticationEventExecutionPlanConfigurer) BeanSupplier.of(AuthenticationEventExecutionPlanConfigurer.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return authenticationEventExecutionPlan -> {
                    authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(authenticationHandler, principalResolver);
                };
            }).otherwiseProxy().get();
        }
    }
}
