package org.apereo.cas.config;

import com.yubico.core.RegistrationStorage;
import com.yubico.core.SessionManager;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.device.MultifactorAuthenticationDeviceManager;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.actions.ConsumerExecutionAction;
import org.apereo.cas.web.flow.actions.DefaultMultifactorAuthenticationDeviceProviderAction;
import org.apereo.cas.web.flow.actions.MultifactorAuthenticationDeviceProviderAction;
import org.apereo.cas.web.flow.authentication.FinalMultifactorAuthenticationTransactionWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.impl.CasWebflowEventResolutionConfigurationContext;
import org.apereo.cas.web.flow.util.MultifactorAuthenticationWebflowUtils;
import org.apereo.cas.webauthn.web.flow.WebAuthnAccountCheckRegistrationAction;
import org.apereo.cas.webauthn.web.flow.WebAuthnAccountSaveRegistrationAction;
import org.apereo.cas.webauthn.web.flow.WebAuthnAuthenticationWebflowAction;
import org.apereo.cas.webauthn.web.flow.WebAuthnMultifactorTrustWebflowConfigurer;
import org.apereo.cas.webauthn.web.flow.WebAuthnMultifactorWebflowConfigurer;
import org.apereo.cas.webauthn.web.flow.WebAuthnPopulateCsrfTokenAction;
import org.apereo.cas.webauthn.web.flow.WebAuthnStartAuthenticationAction;
import org.apereo.cas.webauthn.web.flow.WebAuthnStartRegistrationAction;
import org.apereo.cas.webauthn.web.flow.WebAuthnValidateSessionCredentialTokenAction;
import org.apereo.cas.webauthn.web.flow.account.WebAuthnMultifactorAccountProfilePrepareAction;
import org.apereo.cas.webauthn.web.flow.account.WebAuthnMultifactorAccountProfileRegistrationAction;
import org.apereo.cas.webauthn.web.flow.account.WebAuthnMultifactorAccountProfileWebflowConfigurer;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfigureOrder;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.webflow.config.FlowDefinitionRegistryBuilder;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.FlowBuilder;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "WebAuthnWebflowConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.WebAuthn})
/* loaded from: input_file:org/apereo/cas/config/WebAuthnWebflowConfiguration.class */
class WebAuthnWebflowConfiguration {
    private static final int WEBFLOW_CONFIGURER_ORDER = 100;
    private static final BeanCondition CONDITION = BeanCondition.on("cas.authn.mfa.web-authn.core.enabled").isTrue().evenIfMissing();

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "WebAuthnAccountProfileWebflowConfiguration", proxyBeanMethods = false)
    @ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.AccountManagement}, enabledByDefault = false)
    @AutoConfigureOrder(Integer.MAX_VALUE)
    /* loaded from: input_file:org/apereo/cas/config/WebAuthnWebflowConfiguration$WebAuthnAccountProfileWebflowConfiguration.class */
    static class WebAuthnAccountProfileWebflowConfiguration {
        WebAuthnAccountProfileWebflowConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"webAuthnAccountProfileWebflowConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowConfigurer webAuthnAccountProfileWebflowConfigurer(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices) {
            return (CasWebflowConfigurer) BeanSupplier.of(CasWebflowConfigurer.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new WebAuthnMultifactorAccountProfileWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"webAuthnAccountCasWebflowExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowExecutionPlanConfigurer webAuthnAccountCasWebflowExecutionPlanConfigurer(@Qualifier("webAuthnAccountProfileWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
            };
        }

        @ConditionalOnMissingBean(name = {"webAuthnDeviceProviderAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public MultifactorAuthenticationDeviceProviderAction webAuthnDeviceProviderAction(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("webAuthnMultifactorAuthenticationDeviceManager") MultifactorAuthenticationDeviceManager multifactorAuthenticationDeviceManager) {
            return (MultifactorAuthenticationDeviceProviderAction) BeanSupplier.of(MultifactorAuthenticationDeviceProviderAction.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new DefaultMultifactorAuthenticationDeviceProviderAction(multifactorAuthenticationDeviceManager);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"webAuthnAccountProfilePrepareAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action webAuthnAccountProfilePrepareAction(@Qualifier("webAuthnMultifactorAuthenticationProvider") MultifactorAuthenticationProvider multifactorAuthenticationProvider, CasConfigurationProperties casConfigurationProperties, @Qualifier("webAuthnCredentialRepository") RegistrationStorage registrationStorage) {
            return new WebAuthnMultifactorAccountProfilePrepareAction(registrationStorage, multifactorAuthenticationProvider, casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"webAuthnAccountProfileRegistrationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action webAuthnAccountProfileRegistrationAction(@Qualifier("webAuthnMultifactorAuthenticationProvider") MultifactorAuthenticationProvider multifactorAuthenticationProvider) {
            return new WebAuthnMultifactorAccountProfileRegistrationAction(multifactorAuthenticationProvider);
        }
    }

    @DependsOn({"webAuthnMultifactorWebflowConfigurer"})
    @ConditionalOnClass({MultifactorAuthnTrustConfiguration.class})
    @Configuration(value = "WebAuthnMultifactorTrustConfiguration", proxyBeanMethods = false)
    @ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.MultifactorAuthenticationTrustedDevices}, module = "webauthn")
    /* loaded from: input_file:org/apereo/cas/config/WebAuthnWebflowConfiguration$WebAuthnMultifactorTrustConfiguration.class */
    static class WebAuthnMultifactorTrustConfiguration {
        private static final BeanCondition CONDITION = BeanCondition.on("cas.authn.mfa.web-authn.trusted-device-enabled").isTrue().evenIfMissing();

        WebAuthnMultifactorTrustConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"webAuthnMultifactorTrustWebflowConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowConfigurer webAuthnMultifactorTrustWebflowConfigurer(@Qualifier("webAuthnFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry2, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
            return (CasWebflowConfigurer) BeanSupplier.of(CasWebflowConfigurer.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).and(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                WebAuthnMultifactorTrustWebflowConfigurer webAuthnMultifactorTrustWebflowConfigurer = new WebAuthnMultifactorTrustWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry2, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties, MultifactorAuthenticationWebflowUtils.getMultifactorAuthenticationWebflowCustomizers(configurableApplicationContext));
                webAuthnMultifactorTrustWebflowConfigurer.setOrder(101);
                return webAuthnMultifactorTrustWebflowConfigurer;
            }).otherwiseProxy().get();
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowExecutionPlanConfigurer webAuthnMultifactorTrustCasWebflowExecutionPlanConfigurer(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("webAuthnMultifactorTrustWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return (CasWebflowExecutionPlanConfigurer) BeanSupplier.of(CasWebflowExecutionPlanConfigurer.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).and(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return casWebflowExecutionPlan -> {
                    casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
                };
            }).otherwiseProxy().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "WebAuthnWebflowActionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/WebAuthnWebflowConfiguration$WebAuthnWebflowActionConfiguration.class */
    static class WebAuthnWebflowActionConfiguration {
        WebAuthnWebflowActionConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"webAuthnPopulateCsrfTokenAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action webAuthnPopulateCsrfTokenAction(@Qualifier("webAuthnCsrfTokenRepository") CsrfTokenRepository csrfTokenRepository, ConfigurableApplicationContext configurableApplicationContext) {
            return (Action) BeanSupplier.of(Action.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new WebAuthnPopulateCsrfTokenAction(csrfTokenRepository);
            }).otherwise(() -> {
                return ConsumerExecutionAction.NONE;
            }).get();
        }

        @ConditionalOnMissingBean(name = {"webAuthnStartAuthenticationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action webAuthnStartAuthenticationAction(CasConfigurationProperties casConfigurationProperties, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("webAuthnCredentialRepository") RegistrationStorage registrationStorage) {
            return (Action) BeanSupplier.of(Action.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new WebAuthnStartAuthenticationAction(casConfigurationProperties, ticketRegistry, ticketFactory, registrationStorage);
            }).otherwise(() -> {
                return ConsumerExecutionAction.NONE;
            }).get();
        }

        @ConditionalOnMissingBean(name = {"webAuthnStartRegistrationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action webAuthnStartRegistrationAction(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
            return (Action) BeanSupplier.of(Action.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new WebAuthnStartRegistrationAction(casConfigurationProperties);
            }).otherwise(() -> {
                return ConsumerExecutionAction.NONE;
            }).get();
        }

        @ConditionalOnMissingBean(name = {"webAuthnCheckAccountRegistrationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action webAuthnCheckAccountRegistrationAction(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("webAuthnCredentialRepository") RegistrationStorage registrationStorage) {
            return (Action) BeanSupplier.of(Action.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new WebAuthnAccountCheckRegistrationAction(registrationStorage);
            }).otherwise(() -> {
                return ConsumerExecutionAction.NONE;
            }).get();
        }

        @ConditionalOnMissingBean(name = {"webAuthnSaveAccountRegistrationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action webAuthnSaveAccountRegistrationAction(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("webAuthnSessionManager") SessionManager sessionManager, @Qualifier("webAuthnCredentialRepository") RegistrationStorage registrationStorage) {
            return (Action) BeanSupplier.of(Action.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new WebAuthnAccountSaveRegistrationAction(registrationStorage, sessionManager);
            }).otherwise(() -> {
                return ConsumerExecutionAction.NONE;
            }).get();
        }

        @ConditionalOnMissingBean(name = {"webAuthnAuthenticationWebflowAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action webAuthnAuthenticationWebflowAction(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("webAuthnAuthenticationWebflowEventResolver") CasWebflowEventResolver casWebflowEventResolver) {
            return (Action) BeanSupplier.of(Action.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new WebAuthnAuthenticationWebflowAction(casWebflowEventResolver);
            }).otherwise(() -> {
                return ConsumerExecutionAction.NONE;
            }).get();
        }

        @ConditionalOnMissingBean(name = {"webAuthnValidateSessionCredentialTokenAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action webAuthnValidateSessionCredentialTokenAction(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("webAuthnSessionManager") SessionManager sessionManager, @Qualifier("webAuthnPrincipalFactory") PrincipalFactory principalFactory, @Qualifier("webAuthnCredentialRepository") RegistrationStorage registrationStorage) {
            return (Action) BeanSupplier.of(Action.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new WebAuthnValidateSessionCredentialTokenAction(registrationStorage, sessionManager, principalFactory);
            }).otherwise(() -> {
                return ConsumerExecutionAction.NONE;
            }).get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "WebAuthnWebflowBaseConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/WebAuthnWebflowConfiguration$WebAuthnWebflowBaseConfiguration.class */
    static class WebAuthnWebflowBaseConfiguration {
        WebAuthnWebflowBaseConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"webAuthnMultifactorWebflowConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowConfigurer webAuthnMultifactorWebflowConfigurer(@Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices, @Qualifier("webAuthnFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry2, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
            return (CasWebflowConfigurer) BeanSupplier.of(CasWebflowConfigurer.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                WebAuthnMultifactorWebflowConfigurer webAuthnMultifactorWebflowConfigurer = new WebAuthnMultifactorWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, flowDefinitionRegistry2, configurableApplicationContext, casConfigurationProperties, MultifactorAuthenticationWebflowUtils.getMultifactorAuthenticationWebflowCustomizers(configurableApplicationContext));
                webAuthnMultifactorWebflowConfigurer.setOrder(WebAuthnWebflowConfiguration.WEBFLOW_CONFIGURER_ORDER);
                return webAuthnMultifactorWebflowConfigurer;
            }).otherwiseProxy().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "WebAuthnWebflowEventResolutionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/WebAuthnWebflowConfiguration$WebAuthnWebflowEventResolutionConfiguration.class */
    static class WebAuthnWebflowEventResolutionConfiguration {
        WebAuthnWebflowEventResolutionConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"webAuthnAuthenticationWebflowEventResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowEventResolver webAuthnAuthenticationWebflowEventResolver(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("casWebflowConfigurationContext") CasWebflowEventResolutionConfigurationContext casWebflowEventResolutionConfigurationContext) {
            return (CasWebflowEventResolver) BeanSupplier.of(CasWebflowEventResolver.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new FinalMultifactorAuthenticationTransactionWebflowEventResolver(casWebflowEventResolutionConfigurationContext);
            }).otherwiseProxy().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "WebAuthnWebflowExecutionPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/WebAuthnWebflowConfiguration$WebAuthnWebflowExecutionPlanConfiguration.class */
    static class WebAuthnWebflowExecutionPlanConfiguration {
        WebAuthnWebflowExecutionPlanConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"webAuthnCasWebflowExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowExecutionPlanConfigurer webAuthnCasWebflowExecutionPlanConfigurer(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("webAuthnMultifactorWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return (CasWebflowExecutionPlanConfigurer) BeanSupplier.of(CasWebflowExecutionPlanConfigurer.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return casWebflowExecutionPlan -> {
                    casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
                };
            }).otherwiseProxy().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "WebAuthnWebflowRegistryConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/WebAuthnWebflowConfiguration$WebAuthnWebflowRegistryConfiguration.class */
    static class WebAuthnWebflowRegistryConfiguration {
        WebAuthnWebflowRegistryConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"webAuthnFlowRegistry"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public FlowDefinitionRegistry webAuthnFlowRegistry(@Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices, @Qualifier("flowBuilder") FlowBuilder flowBuilder, ConfigurableApplicationContext configurableApplicationContext) {
            return (FlowDefinitionRegistry) BeanSupplier.of(FlowDefinitionRegistry.class).when(WebAuthnWebflowConfiguration.CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                FlowDefinitionRegistryBuilder flowDefinitionRegistryBuilder = new FlowDefinitionRegistryBuilder(configurableApplicationContext, flowBuilderServices);
                flowDefinitionRegistryBuilder.addFlowBuilder(flowBuilder, "mfa-webauthn");
                return flowDefinitionRegistryBuilder.build();
            }).otherwiseProxy().get();
        }
    }

    WebAuthnWebflowConfiguration() {
    }
}
