package org.apereo.cas.config;

import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.LoadingCache;
import lombok.Generated;
import org.apereo.cas.audit.AuditTrailRecordResolutionPlanConfigurer;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.configuration.model.support.mfa.trusteddevice.TrustedDevicesMultifactorProperties;
import org.apereo.cas.trusted.authentication.MultifactorAuthenticationTrustCipherExecutor;
import org.apereo.cas.trusted.authentication.MultifactorAuthenticationTrustedDeviceNamingStrategy;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustRecordKeyGenerator;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustStorage;
import org.apereo.cas.trusted.authentication.keys.DefaultMultifactorAuthenticationTrustRecordKeyGenerator;
import org.apereo.cas.trusted.authentication.storage.InMemoryMultifactorAuthenticationTrustStorage;
import org.apereo.cas.trusted.authentication.storage.JsonMultifactorAuthenticationTrustStorage;
import org.apereo.cas.trusted.authentication.storage.MultifactorAuthenticationTrustRecordExpiry;
import org.apereo.cas.trusted.authentication.storage.MultifactorAuthenticationTrustStorageCleaner;
import org.apereo.cas.trusted.web.MultifactorAuthenticationTrustedDevicesReportEndpoint;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.util.spring.boot.ConditionalOnMatchingHostname;
import org.apereo.cas.util.thread.Cleanable;
import org.apereo.inspektr.audit.spi.AuditActionResolver;
import org.apereo.inspektr.audit.spi.AuditResourceResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnAvailableEndpoint;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.integration.transaction.PseudoTransactionManager;
import org.springframework.transaction.PlatformTransactionManager;

/* JADX INFO: Access modifiers changed from: package-private */
@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "MultifactorAuthnTrustConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.MultifactorAuthenticationTrustedDevices})
/* loaded from: input_file:org/apereo/cas/config/MultifactorAuthnTrustConfiguration.class */
public class MultifactorAuthnTrustConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(MultifactorAuthnTrustConfiguration.class);
    private static final int INITIAL_CACHE_SIZE = 50;
    private static final long MAX_CACHE_SIZE = 1000000;

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "MultifactorAuthnTrustAuditConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/MultifactorAuthnTrustConfiguration$MultifactorAuthnTrustAuditConfiguration.class */
    static class MultifactorAuthnTrustAuditConfiguration {
        MultifactorAuthnTrustAuditConfiguration() {
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditTrailRecordResolutionPlanConfigurer casMfaTrustAuditTrailRecordResolutionPlanConfigurer(@Qualifier("ticketCreationActionResolver") AuditActionResolver auditActionResolver, @Qualifier("returnValueResourceResolver") AuditResourceResolver auditResourceResolver) {
            return auditTrailRecordResolutionPlan -> {
                auditTrailRecordResolutionPlan.registerAuditResourceResolver("TRUSTED_AUTHENTICATION_RESOURCE_RESOLVER", auditResourceResolver);
                auditTrailRecordResolutionPlan.registerAuditActionResolver("TRUSTED_AUTHENTICATION_ACTION_RESOLVER", auditActionResolver);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "MultifactorAuthnTrustCoreConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/MultifactorAuthnTrustConfiguration$MultifactorAuthnTrustCoreConfiguration.class */
    static class MultifactorAuthnTrustCoreConfiguration {
        MultifactorAuthnTrustCoreConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"mfaTrustDeviceNamingStrategy"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public MultifactorAuthenticationTrustedDeviceNamingStrategy mfaTrustDeviceNamingStrategy() {
            return MultifactorAuthenticationTrustedDeviceNamingStrategy.random();
        }

        @ConditionalOnMissingBean(name = {"mfaTrustEngine"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public MultifactorAuthenticationTrustStorage mfaTrustEngine(CasConfigurationProperties casConfigurationProperties, @Qualifier("mfaTrustCipherExecutor") CipherExecutor cipherExecutor, @Qualifier("mfaTrustRecordKeyGenerator") MultifactorAuthenticationTrustRecordKeyGenerator multifactorAuthenticationTrustRecordKeyGenerator) {
            TrustedDevicesMultifactorProperties trusted = casConfigurationProperties.getAuthn().getMfa().getTrusted();
            LoadingCache build = Caffeine.newBuilder().initialCapacity(MultifactorAuthnTrustConfiguration.INITIAL_CACHE_SIZE).maximumSize(MultifactorAuthnTrustConfiguration.MAX_CACHE_SIZE).expireAfter(new MultifactorAuthenticationTrustRecordExpiry()).build(str -> {
                MultifactorAuthnTrustConfiguration.LOGGER.error("Load operation of the cache is not supported.");
                return null;
            });
            return (MultifactorAuthenticationTrustStorage) FunctionUtils.doIf(trusted.getJson().getLocation() != null, () -> {
                MultifactorAuthnTrustConfiguration.LOGGER.debug("Storing trusted device records inside the JSON resource [{}]", trusted.getJson().getLocation());
                return new JsonMultifactorAuthenticationTrustStorage(casConfigurationProperties.getAuthn().getMfa().getTrusted(), cipherExecutor, trusted.getJson().getLocation(), multifactorAuthenticationTrustRecordKeyGenerator);
            }, () -> {
                MultifactorAuthnTrustConfiguration.LOGGER.warn("Storing trusted device records in runtime memory. Changes and records will be lost upon CAS restarts");
                return new InMemoryMultifactorAuthenticationTrustStorage(casConfigurationProperties.getAuthn().getMfa().getTrusted(), cipherExecutor, build, multifactorAuthenticationTrustRecordKeyGenerator);
            }).get();
        }

        @ConditionalOnMissingBean(name = {"transactionManagerMfaAuthnTrust"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PlatformTransactionManager transactionManagerMfaAuthnTrust() {
            return new PseudoTransactionManager();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "MultifactorAuthnTrustCryptoConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/MultifactorAuthnTrustConfiguration$MultifactorAuthnTrustCryptoConfiguration.class */
    static class MultifactorAuthnTrustCryptoConfiguration {
        MultifactorAuthnTrustCryptoConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"mfaTrustCipherExecutor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CipherExecutor mfaTrustCipherExecutor(CasConfigurationProperties casConfigurationProperties) {
            EncryptionJwtSigningJwtCryptographyProperties crypto = casConfigurationProperties.getAuthn().getMfa().getTrusted().getCrypto();
            if (crypto.isEnabled()) {
                return CipherExecutorUtils.newStringCipherExecutor(crypto, MultifactorAuthenticationTrustCipherExecutor.class);
            }
            MultifactorAuthnTrustConfiguration.LOGGER.info("Multifactor trusted authentication record encryption/signing is turned off and MAY NOT be safe in a production environment. Consider using other choices to handle encryption, signing and verification of trusted authentication records for MFA");
            return CipherExecutor.noOp();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "MultifactorAuthnTrustGeneratorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/MultifactorAuthnTrustConfiguration$MultifactorAuthnTrustGeneratorConfiguration.class */
    static class MultifactorAuthnTrustGeneratorConfiguration {
        MultifactorAuthnTrustGeneratorConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"mfaTrustRecordKeyGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public MultifactorAuthenticationTrustRecordKeyGenerator mfaTrustRecordKeyGenerator() {
            return new DefaultMultifactorAuthenticationTrustRecordKeyGenerator();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "MultifactorAuthnTrustSchedulerConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/MultifactorAuthnTrustConfiguration$MultifactorAuthnTrustSchedulerConfiguration.class */
    static class MultifactorAuthnTrustSchedulerConfiguration {
        MultifactorAuthnTrustSchedulerConfiguration() {
        }

        @ConditionalOnMatchingHostname(name = "cas.authn.mfa.trusted.cleaner.schedule.enabled-on-host")
        @ConditionalOnMissingBean(name = {"mfaTrustStorageCleaner"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        @Lazy(false)
        public Cleanable mfaTrustStorageCleaner(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("mfaTrustEngine") MultifactorAuthenticationTrustStorage multifactorAuthenticationTrustStorage) {
            return (Cleanable) BeanSupplier.of(Cleanable.class).when(BeanCondition.on("cas.authn.mfa.trusted.cleaner.schedule.enabled").isTrue().evenIfMissing().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new MultifactorAuthenticationTrustStorageCleaner(multifactorAuthenticationTrustStorage);
            }).otherwiseProxy().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "MultifactorAuthnTrustWebConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/MultifactorAuthnTrustConfiguration$MultifactorAuthnTrustWebConfiguration.class */
    static class MultifactorAuthnTrustWebConfiguration {
        MultifactorAuthnTrustWebConfiguration() {
        }

        @ConditionalOnAvailableEndpoint
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public MultifactorAuthenticationTrustedDevicesReportEndpoint mfaTrustedDevicesReportEndpoint(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("mfaTrustEngine") ObjectProvider<MultifactorAuthenticationTrustStorage> objectProvider) {
            return new MultifactorAuthenticationTrustedDevicesReportEndpoint(casConfigurationProperties, configurableApplicationContext, objectProvider);
        }
    }

    MultifactorAuthnTrustConfiguration() {
    }
}
