package org.apereo.cas.adaptors.jdbc.config;

import com.google.common.collect.Multimap;
import java.util.Collection;
import java.util.HashSet;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.adaptors.jdbc.BindModeSearchDatabaseAuthenticationHandler;
import org.apereo.cas.adaptors.jdbc.QueryAndEncodeDatabaseAuthenticationHandler;
import org.apereo.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler;
import org.apereo.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalNameTransformerUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.support.password.PasswordEncoderUtils;
import org.apereo.cas.authentication.support.password.PasswordPolicyConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.jdbc.BindJdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.JdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.QueryEncodeJdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.QueryJdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.SearchJdbcAuthenticationProperties;
import org.apereo.cas.configuration.support.JpaBeans;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("CasJdbcAuthenticationConfiguration")
/* loaded from: input_file:org/apereo/cas/adaptors/jdbc/config/CasJdbcAuthenticationConfiguration.class */
public class CasJdbcAuthenticationConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CasJdbcAuthenticationConfiguration.class);

    @Autowired(required = false)
    @Qualifier("queryAndEncodePasswordPolicyConfiguration")
    private PasswordPolicyConfiguration queryAndEncodePasswordPolicyConfiguration;

    @Autowired(required = false)
    @Qualifier("searchModePasswordPolicyConfiguration")
    private PasswordPolicyConfiguration searchModePasswordPolicyConfiguration;

    @Autowired(required = false)
    @Qualifier("queryPasswordPolicyConfiguration")
    private PasswordPolicyConfiguration queryPasswordPolicyConfiguration;

    @Autowired(required = false)
    @Qualifier("bindSearchPasswordPolicyConfiguration")
    private PasswordPolicyConfiguration bindSearchPasswordPolicyConfiguration;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("personDirectoryPrincipalResolver")
    private PrincipalResolver personDirectoryPrincipalResolver;

    @ConditionalOnMissingBean(name = {"jdbcAuthenticationHandlers"})
    @RefreshScope
    @Bean
    public Collection<AuthenticationHandler> jdbcAuthenticationHandlers() {
        HashSet hashSet = new HashSet();
        JdbcAuthenticationProperties jdbc = this.casProperties.getAuthn().getJdbc();
        jdbc.getBind().forEach(bindJdbcAuthenticationProperties -> {
            hashSet.add(bindModeSearchDatabaseAuthenticationHandler(bindJdbcAuthenticationProperties));
        });
        jdbc.getEncode().forEach(queryEncodeJdbcAuthenticationProperties -> {
            hashSet.add(queryAndEncodeDatabaseAuthenticationHandler(queryEncodeJdbcAuthenticationProperties));
        });
        jdbc.getQuery().forEach(queryJdbcAuthenticationProperties -> {
            hashSet.add(queryDatabaseAuthenticationHandler(queryJdbcAuthenticationProperties));
        });
        jdbc.getSearch().forEach(searchJdbcAuthenticationProperties -> {
            hashSet.add(searchModeSearchDatabaseAuthenticationHandler(searchJdbcAuthenticationProperties));
        });
        return hashSet;
    }

    private AuthenticationHandler bindModeSearchDatabaseAuthenticationHandler(BindJdbcAuthenticationProperties bindJdbcAuthenticationProperties) {
        BindModeSearchDatabaseAuthenticationHandler bindModeSearchDatabaseAuthenticationHandler = new BindModeSearchDatabaseAuthenticationHandler(bindJdbcAuthenticationProperties.getName(), this.servicesManager, jdbcPrincipalFactory(), Integer.valueOf(bindJdbcAuthenticationProperties.getOrder()), JpaBeans.newDataSource(bindJdbcAuthenticationProperties));
        bindModeSearchDatabaseAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(bindJdbcAuthenticationProperties.getPasswordEncoder()));
        bindModeSearchDatabaseAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(bindJdbcAuthenticationProperties.getPrincipalTransformation()));
        if (this.bindSearchPasswordPolicyConfiguration != null) {
            bindModeSearchDatabaseAuthenticationHandler.setPasswordPolicyConfiguration(this.bindSearchPasswordPolicyConfiguration);
        }
        bindModeSearchDatabaseAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(bindJdbcAuthenticationProperties.getPrincipalTransformation()));
        if (StringUtils.isNotBlank(bindJdbcAuthenticationProperties.getCredentialCriteria())) {
            bindModeSearchDatabaseAuthenticationHandler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(bindJdbcAuthenticationProperties.getCredentialCriteria()));
        }
        LOGGER.debug("Created authentication handler [{}] to handle database url at [{}]", bindModeSearchDatabaseAuthenticationHandler.getName(), bindJdbcAuthenticationProperties.getUrl());
        return bindModeSearchDatabaseAuthenticationHandler;
    }

    private AuthenticationHandler queryAndEncodeDatabaseAuthenticationHandler(QueryEncodeJdbcAuthenticationProperties queryEncodeJdbcAuthenticationProperties) {
        QueryAndEncodeDatabaseAuthenticationHandler queryAndEncodeDatabaseAuthenticationHandler = new QueryAndEncodeDatabaseAuthenticationHandler(queryEncodeJdbcAuthenticationProperties.getName(), this.servicesManager, jdbcPrincipalFactory(), Integer.valueOf(queryEncodeJdbcAuthenticationProperties.getOrder()), JpaBeans.newDataSource(queryEncodeJdbcAuthenticationProperties), queryEncodeJdbcAuthenticationProperties.getAlgorithmName(), queryEncodeJdbcAuthenticationProperties.getSql(), queryEncodeJdbcAuthenticationProperties.getPasswordFieldName(), queryEncodeJdbcAuthenticationProperties.getSaltFieldName(), queryEncodeJdbcAuthenticationProperties.getExpiredFieldName(), queryEncodeJdbcAuthenticationProperties.getDisabledFieldName(), queryEncodeJdbcAuthenticationProperties.getNumberOfIterationsFieldName(), queryEncodeJdbcAuthenticationProperties.getNumberOfIterations(), queryEncodeJdbcAuthenticationProperties.getStaticSalt());
        queryAndEncodeDatabaseAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(queryEncodeJdbcAuthenticationProperties.getPasswordEncoder()));
        queryAndEncodeDatabaseAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(queryEncodeJdbcAuthenticationProperties.getPrincipalTransformation()));
        if (this.queryAndEncodePasswordPolicyConfiguration != null) {
            queryAndEncodeDatabaseAuthenticationHandler.setPasswordPolicyConfiguration(this.queryAndEncodePasswordPolicyConfiguration);
        }
        queryAndEncodeDatabaseAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(queryEncodeJdbcAuthenticationProperties.getPrincipalTransformation()));
        if (StringUtils.isNotBlank(queryEncodeJdbcAuthenticationProperties.getCredentialCriteria())) {
            queryAndEncodeDatabaseAuthenticationHandler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(queryEncodeJdbcAuthenticationProperties.getCredentialCriteria()));
        }
        LOGGER.debug("Created authentication handler [{}] to handle database url at [{}]", queryAndEncodeDatabaseAuthenticationHandler.getName(), queryEncodeJdbcAuthenticationProperties.getUrl());
        return queryAndEncodeDatabaseAuthenticationHandler;
    }

    private AuthenticationHandler queryDatabaseAuthenticationHandler(QueryJdbcAuthenticationProperties queryJdbcAuthenticationProperties) {
        Multimap transformPrincipalAttributesListIntoMultiMap = CoreAuthenticationUtils.transformPrincipalAttributesListIntoMultiMap(queryJdbcAuthenticationProperties.getPrincipalAttributeList());
        LOGGER.debug("Created and mapped principal attributes [{}] for [{}]...", transformPrincipalAttributesListIntoMultiMap, queryJdbcAuthenticationProperties.getUrl());
        QueryDatabaseAuthenticationHandler queryDatabaseAuthenticationHandler = new QueryDatabaseAuthenticationHandler(queryJdbcAuthenticationProperties.getName(), this.servicesManager, jdbcPrincipalFactory(), Integer.valueOf(queryJdbcAuthenticationProperties.getOrder()), JpaBeans.newDataSource(queryJdbcAuthenticationProperties), queryJdbcAuthenticationProperties.getSql(), queryJdbcAuthenticationProperties.getFieldPassword(), queryJdbcAuthenticationProperties.getFieldExpired(), queryJdbcAuthenticationProperties.getFieldDisabled(), CollectionUtils.wrap(transformPrincipalAttributesListIntoMultiMap));
        queryDatabaseAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(queryJdbcAuthenticationProperties.getPasswordEncoder()));
        queryDatabaseAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(queryJdbcAuthenticationProperties.getPrincipalTransformation()));
        if (this.queryPasswordPolicyConfiguration != null) {
            queryDatabaseAuthenticationHandler.setPasswordPolicyConfiguration(this.queryPasswordPolicyConfiguration);
        }
        queryDatabaseAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(queryJdbcAuthenticationProperties.getPrincipalTransformation()));
        if (StringUtils.isNotBlank(queryJdbcAuthenticationProperties.getCredentialCriteria())) {
            queryDatabaseAuthenticationHandler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(queryJdbcAuthenticationProperties.getCredentialCriteria()));
        }
        LOGGER.debug("Created authentication handler [{}] to handle database url at [{}]", queryDatabaseAuthenticationHandler.getName(), queryJdbcAuthenticationProperties.getUrl());
        return queryDatabaseAuthenticationHandler;
    }

    private AuthenticationHandler searchModeSearchDatabaseAuthenticationHandler(SearchJdbcAuthenticationProperties searchJdbcAuthenticationProperties) {
        SearchModeSearchDatabaseAuthenticationHandler searchModeSearchDatabaseAuthenticationHandler = new SearchModeSearchDatabaseAuthenticationHandler(searchJdbcAuthenticationProperties.getName(), this.servicesManager, jdbcPrincipalFactory(), Integer.valueOf(searchJdbcAuthenticationProperties.getOrder()), JpaBeans.newDataSource(searchJdbcAuthenticationProperties), searchJdbcAuthenticationProperties.getFieldUser(), searchJdbcAuthenticationProperties.getFieldPassword(), searchJdbcAuthenticationProperties.getTableUsers());
        searchModeSearchDatabaseAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(searchJdbcAuthenticationProperties.getPasswordEncoder()));
        searchModeSearchDatabaseAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(searchJdbcAuthenticationProperties.getPrincipalTransformation()));
        searchModeSearchDatabaseAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(searchJdbcAuthenticationProperties.getPrincipalTransformation()));
        if (this.searchModePasswordPolicyConfiguration != null) {
            searchModeSearchDatabaseAuthenticationHandler.setPasswordPolicyConfiguration(this.searchModePasswordPolicyConfiguration);
        }
        if (StringUtils.isNotBlank(searchJdbcAuthenticationProperties.getCredentialCriteria())) {
            searchModeSearchDatabaseAuthenticationHandler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(searchJdbcAuthenticationProperties.getCredentialCriteria()));
        }
        LOGGER.debug("Created authentication handler [{}] to handle database url at [{}]", searchModeSearchDatabaseAuthenticationHandler.getName(), searchJdbcAuthenticationProperties.getUrl());
        return searchModeSearchDatabaseAuthenticationHandler;
    }

    @ConditionalOnMissingBean(name = {"jdbcPrincipalFactory"})
    @RefreshScope
    @Bean
    public PrincipalFactory jdbcPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"jdbcAuthenticationEventExecutionPlanConfigurer"})
    @Bean
    public AuthenticationEventExecutionPlanConfigurer jdbcAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            jdbcAuthenticationHandlers().forEach(authenticationHandler -> {
                authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(authenticationHandler, this.personDirectoryPrincipalResolver);
            });
        };
    }
}
