package org.apereo.cas.config;

import lombok.Generated;
import org.apereo.cas.adaptors.generic.ShiroAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalNameTransformerUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.support.password.PasswordEncoderUtils;
import org.apereo.cas.authentication.support.password.PasswordPolicyConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.generic.ShiroAuthenticationProperties;
import org.apereo.cas.services.ServicesManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("shiroAuthenticationConfiguration")
/* loaded from: input_file:org/apereo/cas/config/ShiroAuthenticationConfiguration.class */
public class ShiroAuthenticationConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(ShiroAuthenticationConfiguration.class);

    @Autowired(required = false)
    @Qualifier("shiroPasswordPolicyConfiguration")
    private PasswordPolicyConfiguration shiroPasswordPolicyConfiguration;

    @Autowired
    @Qualifier("personDirectoryPrincipalResolver")
    private PrincipalResolver personDirectoryPrincipalResolver;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    private CasConfigurationProperties casProperties;

    @ConditionalOnMissingBean(name = {"shiroPrincipalFactory"})
    @Bean
    public PrincipalFactory shiroPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @RefreshScope
    @Bean
    public AuthenticationHandler shiroAuthenticationHandler() {
        ShiroAuthenticationProperties shiro = this.casProperties.getAuthn().getShiro();
        ShiroAuthenticationHandler shiroAuthenticationHandler = new ShiroAuthenticationHandler(shiro.getName(), this.servicesManager, shiroPrincipalFactory(), shiro.getRequiredRoles(), shiro.getRequiredPermissions());
        shiroAuthenticationHandler.loadShiroConfiguration(shiro.getLocation());
        shiroAuthenticationHandler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(shiro.getPasswordEncoder()));
        if (this.shiroPasswordPolicyConfiguration != null) {
            shiroAuthenticationHandler.setPasswordPolicyConfiguration(this.shiroPasswordPolicyConfiguration);
        }
        shiroAuthenticationHandler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(shiro.getPrincipalTransformation()));
        return shiroAuthenticationHandler;
    }

    @ConditionalOnMissingBean(name = {"shiroAuthenticationEventExecutionPlanConfigurer"})
    @Bean
    public AuthenticationEventExecutionPlanConfigurer shiroAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            Resource location = this.casProperties.getAuthn().getShiro().getLocation();
            if (location != null) {
                LOGGER.debug("Injecting shiro authentication handler configured at [{}]", location.getDescription());
                authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(shiroAuthenticationHandler(), this.personDirectoryPrincipalResolver);
            }
        };
    }
}
