package org.apereo.cas.config;

import com.okta.sdk.client.Client;
import org.apereo.cas.authentication.principal.PrincipalProvisioner;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.okta.OktaConfigurationFactory;
import org.apereo.cas.okta.OktaPrincipalProvisioner;
import org.apereo.cas.okta.web.flow.OktaWebflowConfigurer;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.PrincipalProvisionerAction;
import org.apereo.cas.web.flow.actions.ConsumerExecutionAction;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "OktaProvisioningConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.Provisioning}, module = "okta")
/* loaded from: input_file:org/apereo/cas/config/OktaProvisioningConfiguration.class */
class OktaProvisioningConfiguration {
    private static final BeanCondition CONDITION = BeanCondition.on("cas.authn.okta.provisioning.enabled").isTrue().and("cas.authn.okta.provisioning.organization-url");

    OktaProvisioningConfiguration() {
    }

    @ConditionalOnMissingBean(name = {"oktaProvisioningClient"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Client oktaProvisioningClient(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (Client) BeanSupplier.of(Client.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return OktaConfigurationFactory.buildClient(casConfigurationProperties.getAuthn().getOkta().getProvisioning());
        }).otherwiseProxy().get();
    }

    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public PrincipalProvisioner principalProvisioner(@Qualifier("oktaProvisioningClient") Client client, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
        return (PrincipalProvisioner) BeanSupplier.of(PrincipalProvisioner.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return new OktaPrincipalProvisioner(client, casConfigurationProperties.getAuthn().getOkta().getProvisioning());
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"oktaPrincipalProvisionerAction"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action oktaPrincipalProvisionerAction(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("principalProvisioner") PrincipalProvisioner principalProvisioner) {
        return (Action) BeanSupplier.of(Action.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return new PrincipalProvisionerAction(principalProvisioner);
        }).otherwise(() -> {
            return ConsumerExecutionAction.NONE;
        }).get();
    }

    @ConditionalOnMissingBean(name = {"oktaCasWebflowExecutionPlanConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasWebflowExecutionPlanConfigurer oktaCasWebflowExecutionPlanConfigurer(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("oktaWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
        return (CasWebflowExecutionPlanConfigurer) BeanSupplier.of(CasWebflowExecutionPlanConfigurer.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
            };
        }).otherwiseProxy().get();
    }

    @ConditionalOnMissingBean(name = {"oktaWebflowConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasWebflowConfigurer oktaWebflowConfigurer(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices) {
        return (CasWebflowConfigurer) BeanSupplier.of(CasWebflowConfigurer.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return new OktaWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
        }).otherwiseProxy().get();
    }
}
