package org.apereo.cas.adaptors.jdbc.config;

import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.adaptors.jdbc.BindModeSearchDatabaseAuthenticationHandler;
import org.apereo.cas.adaptors.jdbc.QueryAndEncodeDatabaseAuthenticationHandler;
import org.apereo.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler;
import org.apereo.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.support.password.PasswordPolicyConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.jdbc.JdbcAuthenticationProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.services.ServicesManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("CasJdbcAuthenticationConfiguration")
/* loaded from: input_file:org/apereo/cas/adaptors/jdbc/config/CasJdbcAuthenticationConfiguration.class */
public class CasJdbcAuthenticationConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger(CasJdbcAuthenticationConfiguration.class);

    @Autowired(required = false)
    @Qualifier("queryAndEncodePasswordPolicyConfiguration")
    private PasswordPolicyConfiguration queryAndEncodePasswordPolicyConfiguration;

    @Autowired(required = false)
    @Qualifier("searchModePasswordPolicyConfiguration")
    private PasswordPolicyConfiguration searchModePasswordPolicyConfiguration;

    @Autowired(required = false)
    @Qualifier("queryPasswordPolicyConfiguration")
    private PasswordPolicyConfiguration queryPasswordPolicyConfiguration;

    @Autowired(required = false)
    @Qualifier("bindSearchPasswordPolicyConfiguration")
    private PasswordPolicyConfiguration bindSearchPasswordPolicyConfiguration;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    private CasConfigurationProperties casProperties;

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration("jdbcAuthenticationEventExecutionPlanConfiguration")
    /* loaded from: input_file:org/apereo/cas/adaptors/jdbc/config/CasJdbcAuthenticationConfiguration$JdbcAuthenticationEventExecutionPlanConfiguration.class */
    public class JdbcAuthenticationEventExecutionPlanConfiguration implements AuthenticationEventExecutionPlanConfigurer {

        @Autowired
        @Qualifier("personDirectoryPrincipalResolver")
        private PrincipalResolver personDirectoryPrincipalResolver;

        public JdbcAuthenticationEventExecutionPlanConfiguration() {
        }

        public void configureAuthenticationExecutionPlan(AuthenticationEventExecutionPlan authenticationEventExecutionPlan) {
            CasJdbcAuthenticationConfiguration.this.jdbcAuthenticationHandlers().forEach(authenticationHandler -> {
                authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(authenticationHandler, this.personDirectoryPrincipalResolver);
            });
        }
    }

    @ConditionalOnMissingBean(name = {"jdbcAuthenticationHandlers"})
    @RefreshScope
    @Bean
    public Collection<AuthenticationHandler> jdbcAuthenticationHandlers() {
        HashSet hashSet = new HashSet();
        JdbcAuthenticationProperties jdbc = this.casProperties.getAuthn().getJdbc();
        jdbc.getBind().forEach(bind -> {
            hashSet.add(bindModeSearchDatabaseAuthenticationHandler(bind));
        });
        jdbc.getEncode().forEach(encode -> {
            hashSet.add(queryAndEncodeDatabaseAuthenticationHandler(encode));
        });
        jdbc.getQuery().forEach(query -> {
            hashSet.add(queryDatabaseAuthenticationHandler(query));
        });
        jdbc.getSearch().forEach(search -> {
            hashSet.add(searchModeSearchDatabaseAuthenticationHandler(search));
        });
        return hashSet;
    }

    private AuthenticationHandler bindModeSearchDatabaseAuthenticationHandler(JdbcAuthenticationProperties.Bind bind) {
        BindModeSearchDatabaseAuthenticationHandler bindModeSearchDatabaseAuthenticationHandler = new BindModeSearchDatabaseAuthenticationHandler(bind.getName(), this.servicesManager, jdbcPrincipalFactory(), bind.getOrder(), Beans.newDataSource(bind));
        bindModeSearchDatabaseAuthenticationHandler.setPasswordEncoder(Beans.newPasswordEncoder(bind.getPasswordEncoder()));
        bindModeSearchDatabaseAuthenticationHandler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(bind.getPrincipalTransformation()));
        if (this.bindSearchPasswordPolicyConfiguration != null) {
            bindModeSearchDatabaseAuthenticationHandler.setPasswordPolicyConfiguration(this.bindSearchPasswordPolicyConfiguration);
        }
        bindModeSearchDatabaseAuthenticationHandler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(bind.getPrincipalTransformation()));
        if (StringUtils.isNotBlank(bind.getCredentialCriteria())) {
            bindModeSearchDatabaseAuthenticationHandler.setCredentialSelectionPredicate(Beans.newCredentialSelectionPredicate(bind.getCredentialCriteria()));
        }
        LOGGER.debug("Created authentication handler [{}] to handle database url at [{}]", bindModeSearchDatabaseAuthenticationHandler.getName(), bind.getUrl());
        return bindModeSearchDatabaseAuthenticationHandler;
    }

    private AuthenticationHandler queryAndEncodeDatabaseAuthenticationHandler(JdbcAuthenticationProperties.Encode encode) {
        QueryAndEncodeDatabaseAuthenticationHandler queryAndEncodeDatabaseAuthenticationHandler = new QueryAndEncodeDatabaseAuthenticationHandler(encode.getName(), this.servicesManager, jdbcPrincipalFactory(), Integer.valueOf(encode.getOrder()), Beans.newDataSource(encode), encode.getAlgorithmName(), encode.getSql(), encode.getPasswordFieldName(), encode.getSaltFieldName(), encode.getExpiredFieldName(), encode.getDisabledFieldName(), encode.getNumberOfIterationsFieldName(), encode.getNumberOfIterations(), encode.getStaticSalt());
        queryAndEncodeDatabaseAuthenticationHandler.setPasswordEncoder(Beans.newPasswordEncoder(encode.getPasswordEncoder()));
        queryAndEncodeDatabaseAuthenticationHandler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(encode.getPrincipalTransformation()));
        if (this.queryAndEncodePasswordPolicyConfiguration != null) {
            queryAndEncodeDatabaseAuthenticationHandler.setPasswordPolicyConfiguration(this.queryAndEncodePasswordPolicyConfiguration);
        }
        queryAndEncodeDatabaseAuthenticationHandler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(encode.getPrincipalTransformation()));
        if (StringUtils.isNotBlank(encode.getCredentialCriteria())) {
            queryAndEncodeDatabaseAuthenticationHandler.setCredentialSelectionPredicate(Beans.newCredentialSelectionPredicate(encode.getCredentialCriteria()));
        }
        LOGGER.debug("Created authentication handler [{}] to handle database url at [{}]", queryAndEncodeDatabaseAuthenticationHandler.getName(), encode.getUrl());
        return queryAndEncodeDatabaseAuthenticationHandler;
    }

    private AuthenticationHandler queryDatabaseAuthenticationHandler(JdbcAuthenticationProperties.Query query) {
        Map transformPrincipalAttributesListIntoMap = Beans.transformPrincipalAttributesListIntoMap(query.getPrincipalAttributeList());
        LOGGER.debug("Created and mapped principal attributes [{}] for [{}]...", transformPrincipalAttributesListIntoMap, query.getUrl());
        QueryDatabaseAuthenticationHandler queryDatabaseAuthenticationHandler = new QueryDatabaseAuthenticationHandler(query.getName(), this.servicesManager, jdbcPrincipalFactory(), Integer.valueOf(query.getOrder()), Beans.newDataSource(query), query.getSql(), query.getFieldPassword(), query.getFieldExpired(), query.getFieldDisabled(), transformPrincipalAttributesListIntoMap);
        queryDatabaseAuthenticationHandler.setPasswordEncoder(Beans.newPasswordEncoder(query.getPasswordEncoder()));
        queryDatabaseAuthenticationHandler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(query.getPrincipalTransformation()));
        if (this.queryPasswordPolicyConfiguration != null) {
            queryDatabaseAuthenticationHandler.setPasswordPolicyConfiguration(this.queryPasswordPolicyConfiguration);
        }
        queryDatabaseAuthenticationHandler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(query.getPrincipalTransformation()));
        if (StringUtils.isNotBlank(query.getCredentialCriteria())) {
            queryDatabaseAuthenticationHandler.setCredentialSelectionPredicate(Beans.newCredentialSelectionPredicate(query.getCredentialCriteria()));
        }
        LOGGER.debug("Created authentication handler [{}] to handle database url at [{}]", queryDatabaseAuthenticationHandler.getName(), query.getUrl());
        return queryDatabaseAuthenticationHandler;
    }

    private AuthenticationHandler searchModeSearchDatabaseAuthenticationHandler(JdbcAuthenticationProperties.Search search) {
        SearchModeSearchDatabaseAuthenticationHandler searchModeSearchDatabaseAuthenticationHandler = new SearchModeSearchDatabaseAuthenticationHandler(search.getName(), this.servicesManager, jdbcPrincipalFactory(), Integer.valueOf(search.getOrder()), Beans.newDataSource(search), search.getFieldUser(), search.getFieldPassword(), search.getTableUsers());
        searchModeSearchDatabaseAuthenticationHandler.setPasswordEncoder(Beans.newPasswordEncoder(search.getPasswordEncoder()));
        searchModeSearchDatabaseAuthenticationHandler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(search.getPrincipalTransformation()));
        searchModeSearchDatabaseAuthenticationHandler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(search.getPrincipalTransformation()));
        if (this.searchModePasswordPolicyConfiguration != null) {
            searchModeSearchDatabaseAuthenticationHandler.setPasswordPolicyConfiguration(this.searchModePasswordPolicyConfiguration);
        }
        if (StringUtils.isNotBlank(search.getCredentialCriteria())) {
            searchModeSearchDatabaseAuthenticationHandler.setCredentialSelectionPredicate(Beans.newCredentialSelectionPredicate(search.getCredentialCriteria()));
        }
        LOGGER.debug("Created authentication handler [{}] to handle database url at [{}]", searchModeSearchDatabaseAuthenticationHandler.getName(), search.getUrl());
        return searchModeSearchDatabaseAuthenticationHandler;
    }

    @ConditionalOnMissingBean(name = {"jdbcPrincipalFactory"})
    @RefreshScope
    @Bean
    public PrincipalFactory jdbcPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }
}
