package org.apereo.cas.config;

import com.warrenstrange.googleauth.GoogleAuthenticator;
import com.warrenstrange.googleauth.GoogleAuthenticatorConfig;
import com.warrenstrange.googleauth.IGoogleAuthenticator;
import com.warrenstrange.googleauth.KeyRepresentation;
import java.util.concurrent.TimeUnit;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.MultifactorAuthenticationFailureModeEvaluator;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.bypass.MultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.device.MultifactorAuthenticationDeviceManager;
import org.apereo.cas.authentication.handler.ByCredentialTypeAuthenticationHandlerResolver;
import org.apereo.cas.authentication.metadata.AuthenticationContextAttributeMetaDataPopulator;
import org.apereo.cas.authentication.metadata.MultifactorAuthenticationProviderMetadataPopulator;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.configuration.model.support.mfa.gauth.CoreGoogleAuthenticatorMultifactorProperties;
import org.apereo.cas.configuration.model.support.mfa.gauth.GoogleAuthenticatorMultifactorProperties;
import org.apereo.cas.gauth.GoogleAuthenticatorAuthenticationHandler;
import org.apereo.cas.gauth.GoogleAuthenticatorMultifactorAuthenticationProvider;
import org.apereo.cas.gauth.GoogleAuthenticatorService;
import org.apereo.cas.gauth.credential.GoogleAuthenticatorOneTimeTokenCredentialValidator;
import org.apereo.cas.gauth.credential.GoogleAuthenticatorTokenCredential;
import org.apereo.cas.gauth.credential.GoogleAuthenticatorTokenCredentialRepositoryEndpoint;
import org.apereo.cas.gauth.credential.InMemoryGoogleAuthenticatorTokenCredentialRepository;
import org.apereo.cas.gauth.credential.JsonGoogleAuthenticatorTokenCredentialRepository;
import org.apereo.cas.gauth.credential.RestGoogleAuthenticatorTokenCredentialRepository;
import org.apereo.cas.gauth.token.GoogleAuthenticatorToken;
import org.apereo.cas.gauth.token.GoogleAuthenticatorTokenRepositoryCleaner;
import org.apereo.cas.gauth.web.flow.GoogleAuthenticatorDeleteAccountAction;
import org.apereo.cas.gauth.web.flow.GoogleAuthenticatorPrepareLoginAction;
import org.apereo.cas.gauth.web.flow.GoogleAuthenticatorSaveRegistrationAction;
import org.apereo.cas.gauth.web.flow.GoogleAuthenticatorValidateSelectedRegistrationAction;
import org.apereo.cas.gauth.web.flow.GoogleAuthenticatorValidateTokenAction;
import org.apereo.cas.gauth.web.flow.account.GoogleMultifactorAuthenticationAccountProfilePrepareAction;
import org.apereo.cas.gauth.web.flow.account.GoogleMultifactorAuthenticationAccountProfileRegistrationAction;
import org.apereo.cas.gauth.web.flow.account.GoogleMultifactorAuthenticationAccountProfileWebflowConfigurer;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenAccountCipherExecutor;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenAccountSerializer;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialDeviceManager;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialRepository;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialValidator;
import org.apereo.cas.otp.repository.token.OneTimeTokenRepository;
import org.apereo.cas.otp.web.flow.OneTimeTokenAccountCheckRegistrationAction;
import org.apereo.cas.otp.web.flow.OneTimeTokenAccountConfirmSelectionRegistrationAction;
import org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.cipher.JasyptNumberCipherExecutor;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.util.thread.Cleanable;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.actions.DefaultMultifactorAuthenticationDeviceProviderAction;
import org.apereo.cas.web.flow.actions.MultifactorAuthenticationDeviceProviderAction;
import org.apereo.cas.web.flow.actions.WebflowActionBeanSupplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnAvailableEndpoint;
import org.springframework.boot.autoconfigure.AutoConfigureOrder;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

/* JADX INFO: Access modifiers changed from: package-private */
@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.GoogleAuthenticator})
/* loaded from: input_file:org/apereo/cas/config/GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration.class */
public class GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration.class);

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "GoogleAuthenticatorAccountProfileWebflowConfiguration", proxyBeanMethods = false)
    @ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.AccountManagement}, enabledByDefault = false)
    @AutoConfigureOrder(Integer.MAX_VALUE)
    /* loaded from: input_file:org/apereo/cas/config/GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration$GoogleAuthenticatorAccountProfileWebflowConfiguration.class */
    static class GoogleAuthenticatorAccountProfileWebflowConfiguration {
        GoogleAuthenticatorAccountProfileWebflowConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"googleAccountProfileWebflowConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowConfigurer googleAccountProfileWebflowConfigurer(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices) {
            return new GoogleMultifactorAuthenticationAccountProfileWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"googleAccountCasWebflowExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowExecutionPlanConfigurer googleAccountCasWebflowExecutionPlanConfigurer(@Qualifier("googleAccountProfileWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
            };
        }

        @ConditionalOnMissingBean(name = {"googleAccountDeviceProviderAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public MultifactorAuthenticationDeviceProviderAction googleAccountDeviceProviderAction(@Qualifier("googleAuthenticatorDeviceManager") MultifactorAuthenticationDeviceManager multifactorAuthenticationDeviceManager) {
            return new DefaultMultifactorAuthenticationDeviceProviderAction(multifactorAuthenticationDeviceManager);
        }

        @ConditionalOnMissingBean(name = {"googleAccountProfilePrepareAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action googleAccountProfilePrepareAction(@Qualifier("googleAuthenticatorMultifactorAuthenticationProvider") MultifactorAuthenticationProvider multifactorAuthenticationProvider, CasConfigurationProperties casConfigurationProperties, @Qualifier("googleAuthenticatorAccountRegistry") OneTimeTokenCredentialRepository oneTimeTokenCredentialRepository) {
            return new GoogleMultifactorAuthenticationAccountProfilePrepareAction(oneTimeTokenCredentialRepository, multifactorAuthenticationProvider, casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"googleAccountProfileRegistrationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action googleAccountProfileRegistrationAction(@Qualifier("googleAuthenticatorMultifactorAuthenticationProvider") MultifactorAuthenticationProvider multifactorAuthenticationProvider) {
            return new GoogleMultifactorAuthenticationAccountProfileRegistrationAction(multifactorAuthenticationProvider);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "GoogleAuthenticatorAuthenticationEventExecutionPlaHandlerConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration$GoogleAuthenticatorAuthenticationEventExecutionPlaHandlerConfiguration.class */
    static class GoogleAuthenticatorAuthenticationEventExecutionPlaHandlerConfiguration {
        GoogleAuthenticatorAuthenticationEventExecutionPlaHandlerConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"googleAuthenticatorAuthenticationHandler"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationHandler googleAuthenticatorAuthenticationHandler(@Qualifier("googleAuthenticatorMultifactorAuthenticationProvider") ObjectProvider<MultifactorAuthenticationProvider> objectProvider, CasConfigurationProperties casConfigurationProperties, @Qualifier("googlePrincipalFactory") PrincipalFactory principalFactory, @Qualifier("googleAuthenticatorOneTimeTokenCredentialValidator") OneTimeTokenCredentialValidator<GoogleAuthenticatorTokenCredential, GoogleAuthenticatorToken> oneTimeTokenCredentialValidator, @Qualifier("servicesManager") ServicesManager servicesManager) {
            GoogleAuthenticatorMultifactorProperties gauth = casConfigurationProperties.getAuthn().getMfa().getGauth();
            return new GoogleAuthenticatorAuthenticationHandler(gauth.getName(), servicesManager, principalFactory, oneTimeTokenCredentialValidator, Integer.valueOf(gauth.getOrder()), objectProvider);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "GoogleAuthenticatorAuthenticationEventExecutionPlanMetadataConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration$GoogleAuthenticatorAuthenticationEventExecutionPlanMetadataConfiguration.class */
    static class GoogleAuthenticatorAuthenticationEventExecutionPlanMetadataConfiguration {
        GoogleAuthenticatorAuthenticationEventExecutionPlanMetadataConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"googleAuthenticatorAuthenticationMetaDataPopulator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationMetaDataPopulator googleAuthenticatorAuthenticationMetaDataPopulator(CasConfigurationProperties casConfigurationProperties, @Qualifier("googleAuthenticatorAuthenticationHandler") AuthenticationHandler authenticationHandler, @Qualifier("googleAuthenticatorMultifactorAuthenticationProvider") MultifactorAuthenticationProvider multifactorAuthenticationProvider) {
            return new AuthenticationContextAttributeMetaDataPopulator(casConfigurationProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute(), authenticationHandler, multifactorAuthenticationProvider.getId());
        }

        @ConditionalOnMissingBean(name = {"googleAuthenticatorMultifactorProviderAuthenticationMetadataPopulator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationMetaDataPopulator googleAuthenticatorMultifactorProviderAuthenticationMetadataPopulator(@Qualifier("servicesManager") ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties, @Qualifier("googleAuthenticatorMultifactorAuthenticationProvider") ObjectProvider<MultifactorAuthenticationProvider> objectProvider) {
            return new MultifactorAuthenticationProviderMetadataPopulator(casConfigurationProperties.getAuthn().getMfa().getCore().getAuthenticationContextAttribute(), objectProvider, servicesManager);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "GoogleAuthenticatorMultifactorAuthenticationCoreConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration$GoogleAuthenticatorMultifactorAuthenticationCoreConfiguration.class */
    static class GoogleAuthenticatorMultifactorAuthenticationCoreConfiguration {
        private static final BeanCondition CONDITION_SCRATCH_CODE = BeanCondition.on("cas.authn.mfa.gauth.core.scratch-codes.encryption.key");

        GoogleAuthenticatorMultifactorAuthenticationCoreConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"googleAuthenticatorInstance"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public IGoogleAuthenticator googleAuthenticatorInstance(CasConfigurationProperties casConfigurationProperties) {
            CoreGoogleAuthenticatorMultifactorProperties core = casConfigurationProperties.getAuthn().getMfa().getGauth().getCore();
            GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder googleAuthenticatorConfigBuilder = new GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder();
            googleAuthenticatorConfigBuilder.setCodeDigits(core.getCodeDigits());
            googleAuthenticatorConfigBuilder.setTimeStepSizeInMillis(TimeUnit.SECONDS.toMillis(core.getTimeStepSize()));
            googleAuthenticatorConfigBuilder.setWindowSize(core.getWindowSize());
            googleAuthenticatorConfigBuilder.setKeyRepresentation(KeyRepresentation.BASE32);
            return new GoogleAuthenticatorService(new GoogleAuthenticator(googleAuthenticatorConfigBuilder.build()));
        }

        @ConditionalOnMissingBean(name = {"googleAuthenticatorAccountCipherExecutor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CipherExecutor googleAuthenticatorAccountCipherExecutor(CasConfigurationProperties casConfigurationProperties) {
            EncryptionJwtSigningJwtCryptographyProperties crypto = casConfigurationProperties.getAuthn().getMfa().getGauth().getCrypto();
            if (crypto.isEnabled()) {
                return CipherExecutorUtils.newStringCipherExecutor(crypto, OneTimeTokenAccountCipherExecutor.class);
            }
            GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration.LOGGER.warn("Google Authenticator one-time token account encryption/signing is turned off. Consider turning on encryption, signing to securely and safely store one-time token accounts.");
            return CipherExecutor.noOp();
        }

        @ConditionalOnMissingBean(name = {"googleAuthenticatorScratchCodesCipherExecutor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CipherExecutor googleAuthenticatorScratchCodesCipherExecutor(ApplicationContext applicationContext, CasConfigurationProperties casConfigurationProperties) {
            return (CipherExecutor) BeanSupplier.of(CipherExecutor.class).when(CONDITION_SCRATCH_CODE.given(applicationContext.getEnvironment())).supply(() -> {
                return new JasyptNumberCipherExecutor(casConfigurationProperties.getAuthn().getMfa().getGauth().getCore().getScratchCodes().getEncryption().getKey(), "googleAuthenticatorScratchCodesCipherExecutor");
            }).otherwise(() -> {
                GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration.LOGGER.warn("Google Authenticator scratch codes encryption key is not defined. Consider defining the encryption key to securely and safely store scratch codes.");
                return CipherExecutor.noOp();
            }).get();
        }

        @ConditionalOnMissingBean(name = {"googlePrincipalFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PrincipalFactory googlePrincipalFactory() {
            return PrincipalFactoryUtils.newPrincipalFactory();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "GoogleAuthenticatorMultifactorAuthenticationPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration$GoogleAuthenticatorMultifactorAuthenticationPlanConfiguration.class */
    static class GoogleAuthenticatorMultifactorAuthenticationPlanConfiguration {
        GoogleAuthenticatorMultifactorAuthenticationPlanConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"googleAuthenticatorAuthenticationEventExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationEventExecutionPlanConfigurer googleAuthenticatorAuthenticationEventExecutionPlanConfigurer(@Qualifier("googleAuthenticatorMultifactorProviderAuthenticationMetadataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator, CasConfigurationProperties casConfigurationProperties, @Qualifier("googleAuthenticatorAuthenticationHandler") AuthenticationHandler authenticationHandler, @Qualifier("googleAuthenticatorAuthenticationMetaDataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator2) {
            return authenticationEventExecutionPlan -> {
                if (StringUtils.isNotBlank(casConfigurationProperties.getAuthn().getMfa().getGauth().getCore().getIssuer())) {
                    authenticationEventExecutionPlan.registerAuthenticationHandler(authenticationHandler);
                    authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator2);
                    authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator);
                    authenticationEventExecutionPlan.registerAuthenticationHandlerResolver(new ByCredentialTypeAuthenticationHandlerResolver(new Class[]{GoogleAuthenticatorTokenCredential.class}));
                }
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "GoogleAuthenticatorMultifactorAuthenticationProviderConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration$GoogleAuthenticatorMultifactorAuthenticationProviderConfiguration.class */
    static class GoogleAuthenticatorMultifactorAuthenticationProviderConfiguration {
        GoogleAuthenticatorMultifactorAuthenticationProviderConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"googleAuthenticatorMultifactorAuthenticationProvider"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public MultifactorAuthenticationProvider googleAuthenticatorMultifactorAuthenticationProvider(CasConfigurationProperties casConfigurationProperties, @Qualifier("googleAuthenticatorBypassEvaluator") MultifactorAuthenticationProviderBypassEvaluator multifactorAuthenticationProviderBypassEvaluator, @Qualifier("failureModeEvaluator") MultifactorAuthenticationFailureModeEvaluator multifactorAuthenticationFailureModeEvaluator, @Qualifier("googleAuthenticatorDeviceManager") MultifactorAuthenticationDeviceManager multifactorAuthenticationDeviceManager) {
            GoogleAuthenticatorMultifactorProperties gauth = casConfigurationProperties.getAuthn().getMfa().getGauth();
            GoogleAuthenticatorMultifactorAuthenticationProvider googleAuthenticatorMultifactorAuthenticationProvider = new GoogleAuthenticatorMultifactorAuthenticationProvider();
            googleAuthenticatorMultifactorAuthenticationProvider.setBypassEvaluator(multifactorAuthenticationProviderBypassEvaluator);
            googleAuthenticatorMultifactorAuthenticationProvider.setFailureMode(gauth.getFailureMode());
            googleAuthenticatorMultifactorAuthenticationProvider.setFailureModeEvaluator(multifactorAuthenticationFailureModeEvaluator);
            googleAuthenticatorMultifactorAuthenticationProvider.setOrder(gauth.getRank());
            googleAuthenticatorMultifactorAuthenticationProvider.setId(gauth.getId());
            googleAuthenticatorMultifactorAuthenticationProvider.setDeviceManager(multifactorAuthenticationDeviceManager);
            return googleAuthenticatorMultifactorAuthenticationProvider;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "GoogleAuthenticatorMultifactorAuthenticationTokenConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration$GoogleAuthenticatorMultifactorAuthenticationTokenConfiguration.class */
    static class GoogleAuthenticatorMultifactorAuthenticationTokenConfiguration {
        GoogleAuthenticatorMultifactorAuthenticationTokenConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"googleAuthenticatorOneTimeTokenCredentialValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OneTimeTokenCredentialValidator<GoogleAuthenticatorTokenCredential, GoogleAuthenticatorToken> googleAuthenticatorOneTimeTokenCredentialValidator(@Qualifier("googleAuthenticatorInstance") IGoogleAuthenticator iGoogleAuthenticator, @Qualifier("googleAuthenticatorAccountRegistry") OneTimeTokenCredentialRepository oneTimeTokenCredentialRepository, @Qualifier("oneTimeTokenAuthenticatorTokenRepository") OneTimeTokenRepository oneTimeTokenRepository) {
            return new GoogleAuthenticatorOneTimeTokenCredentialValidator(iGoogleAuthenticator, oneTimeTokenRepository, oneTimeTokenCredentialRepository);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        @Lazy(false)
        public Cleanable googleAuthenticatorTokenRepositoryCleaner(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("oneTimeTokenAuthenticatorTokenRepository") OneTimeTokenRepository oneTimeTokenRepository) {
            return (Cleanable) BeanSupplier.of(Cleanable.class).when(BeanCondition.on("cas.authn.mfa.gauth.cleaner.schedule.enabled").isTrue().evenIfMissing().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new GoogleAuthenticatorTokenRepositoryCleaner(oneTimeTokenRepository);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"googleAuthenticatorDeviceManager"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public MultifactorAuthenticationDeviceManager googleAuthenticatorDeviceManager(@Qualifier("googleAuthenticatorMultifactorAuthenticationProvider") ObjectProvider<MultifactorAuthenticationProvider> objectProvider, @Qualifier("googleAuthenticatorAccountRegistry") OneTimeTokenCredentialRepository oneTimeTokenCredentialRepository) {
            return new OneTimeTokenCredentialDeviceManager(oneTimeTokenCredentialRepository, objectProvider);
        }

        @ConditionalOnMissingBean(name = {"googleAuthenticatorAccountRegistry"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OneTimeTokenCredentialRepository googleAuthenticatorAccountRegistry(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("googleAuthenticatorInstance") IGoogleAuthenticator iGoogleAuthenticator, @Qualifier("googleAuthenticatorAccountCipherExecutor") CipherExecutor cipherExecutor, @Qualifier("googleAuthenticatorScratchCodesCipherExecutor") CipherExecutor cipherExecutor2) {
            GoogleAuthenticatorMultifactorProperties gauth = casConfigurationProperties.getAuthn().getMfa().getGauth();
            return gauth.getJson().getLocation() != null ? new JsonGoogleAuthenticatorTokenCredentialRepository(gauth.getJson().getLocation(), iGoogleAuthenticator, cipherExecutor, cipherExecutor2, new OneTimeTokenAccountSerializer(configurableApplicationContext)) : StringUtils.isNotBlank(gauth.getRest().getUrl()) ? new RestGoogleAuthenticatorTokenCredentialRepository(iGoogleAuthenticator, gauth, cipherExecutor, cipherExecutor2) : new InMemoryGoogleAuthenticatorTokenCredentialRepository(cipherExecutor, cipherExecutor2, iGoogleAuthenticator);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "GoogleAuthenticatorMultifactorAuthenticationWebConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration$GoogleAuthenticatorMultifactorAuthenticationWebConfiguration.class */
    static class GoogleAuthenticatorMultifactorAuthenticationWebConfiguration {
        GoogleAuthenticatorMultifactorAuthenticationWebConfiguration() {
        }

        @ConditionalOnAvailableEndpoint
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public GoogleAuthenticatorTokenCredentialRepositoryEndpoint googleAuthenticatorTokenCredentialRepositoryEndpoint(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("googleAuthenticatorAccountRegistry") ObjectProvider<OneTimeTokenCredentialRepository> objectProvider) {
            return new GoogleAuthenticatorTokenCredentialRepositoryEndpoint(casConfigurationProperties, configurableApplicationContext, objectProvider);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "GoogleAuthenticatorMultifactorAuthenticationWebflowConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration$GoogleAuthenticatorMultifactorAuthenticationWebflowConfiguration.class */
    static class GoogleAuthenticatorMultifactorAuthenticationWebflowConfiguration {
        GoogleAuthenticatorMultifactorAuthenticationWebflowConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"googleValidateSelectedRegistrationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action googleValidateSelectedRegistrationAction(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(GoogleAuthenticatorValidateSelectedRegistrationAction::new).withId("googleValidateSelectedRegistrationAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"googleSaveAccountRegistrationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action googleSaveAccountRegistrationAction(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("googleAuthenticatorAccountRegistry") OneTimeTokenCredentialRepository oneTimeTokenCredentialRepository, @Qualifier("googleAuthenticatorOneTimeTokenCredentialValidator") OneTimeTokenCredentialValidator<GoogleAuthenticatorTokenCredential, GoogleAuthenticatorToken> oneTimeTokenCredentialValidator) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new GoogleAuthenticatorSaveRegistrationAction(oneTimeTokenCredentialRepository, casConfigurationProperties, oneTimeTokenCredentialValidator);
            }).withId("googleSaveAccountRegistrationAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"googleValidateTokenAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action googleValidateTokenAction(@Qualifier("googleAuthenticatorOneTimeTokenCredentialValidator") OneTimeTokenCredentialValidator<GoogleAuthenticatorTokenCredential, GoogleAuthenticatorToken> oneTimeTokenCredentialValidator, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("googleAuthenticatorAccountRegistry") OneTimeTokenCredentialRepository oneTimeTokenCredentialRepository, CasConfigurationProperties casConfigurationProperties) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new GoogleAuthenticatorValidateTokenAction(casConfigurationProperties, oneTimeTokenCredentialRepository, oneTimeTokenCredentialValidator);
            }).withId("googleValidateTokenAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"prepareGoogleAuthenticatorLoginAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action prepareGoogleAuthenticatorLoginAction(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("googleAuthenticatorAccountRegistry") OneTimeTokenCredentialRepository oneTimeTokenCredentialRepository, CasConfigurationProperties casConfigurationProperties) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new GoogleAuthenticatorPrepareLoginAction(casConfigurationProperties, oneTimeTokenCredentialRepository);
            }).withId("prepareGoogleAuthenticatorLoginAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"googleAccountCheckRegistrationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action googleAccountCheckRegistrationAction(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("googleAuthenticatorAccountRegistry") OneTimeTokenCredentialRepository oneTimeTokenCredentialRepository) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new OneTimeTokenAccountCheckRegistrationAction(oneTimeTokenCredentialRepository);
            }).withId("googleAccountCheckRegistrationAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"googleAccountConfirmSelectionAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action googleAccountConfirmSelectionAction(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("googleAuthenticatorAccountRegistry") OneTimeTokenCredentialRepository oneTimeTokenCredentialRepository) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new OneTimeTokenAccountConfirmSelectionRegistrationAction(oneTimeTokenCredentialRepository);
            }).withId("googleAccountConfirmSelectionAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"googleAccountDeleteDeviceAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action googleAccountDeleteDeviceAction(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("googleAuthenticatorAccountRegistry") OneTimeTokenCredentialRepository oneTimeTokenCredentialRepository) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new GoogleAuthenticatorDeleteAccountAction(oneTimeTokenCredentialRepository);
            }).withId("googleAccountDeleteDeviceAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"googleAccountCreateRegistrationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action googleAccountCreateRegistrationAction(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("googleAuthenticatorAccountRegistry") OneTimeTokenCredentialRepository oneTimeTokenCredentialRepository) {
            CoreGoogleAuthenticatorMultifactorProperties core = casConfigurationProperties.getAuthn().getMfa().getGauth().getCore();
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new OneTimeTokenAccountCreateRegistrationAction(oneTimeTokenCredentialRepository, core.getLabel(), core.getIssuer());
            }).withId("googleAccountCreateRegistrationAction").build().get();
        }
    }

    GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration() {
    }
}
