package com.appiancorp.security.auth;

import com.appiancorp.ag.AgSpringConfig;
import com.appiancorp.ag.ExtendedUserService;
import com.appiancorp.ag.RemoteUserSyncer;
import com.appiancorp.ag.security.AuthenticatorProvider;
import com.appiancorp.ag.security.DefaultAuthenticator;
import com.appiancorp.ag.security.DefaultAuthenticatorWrapper;
import com.appiancorp.ag.security.MfaUtils;
import com.appiancorp.ag.security.PasswordConfig;
import com.appiancorp.ag.security.SaltCreator;
import com.appiancorp.common.config.AppianAdminServicesSpringConfig;
import com.appiancorp.common.config.AppianServicesSpringConfig;
import com.appiancorp.common.config.ConfigObjectSpringConfig;
import com.appiancorp.security.LogoutSuccessHandlerDelegate;
import com.appiancorp.security.auth.ldap.LdapAuthenticatorFactory;
import com.appiancorp.security.auth.ldap.LdapAuthenticatorWrapper;
import com.appiancorp.security.auth.ldap.LdapSpringConfig;
import com.appiancorp.security.auth.mobile.InAppBrowserClientRequestMatcher;
import com.appiancorp.security.auth.mobile.MobileAuthConstants;
import com.appiancorp.security.auth.mobile.MobileAuthSpringConfig;
import com.appiancorp.security.auth.oidc.OidcConfiguration;
import com.appiancorp.security.auth.oidc.OidcConfigurationSpringConfig;
import com.appiancorp.security.auth.oidc.OidcSettingsSelector;
import com.appiancorp.security.auth.oidc.persistence.service.OidcSettingsService;
import com.appiancorp.security.auth.phpmyadmin.PhpMyAdminLogoutHandler;
import com.appiancorp.security.auth.phpmyadmin.PhpMyAdminSessionListener;
import com.appiancorp.security.auth.piee.PieeAuthenticator;
import com.appiancorp.security.auth.piee.PieeAuthenticatorWrapper;
import com.appiancorp.security.auth.piee.PieeSettingsSelector;
import com.appiancorp.security.auth.piee.PieeSpringConfig;
import com.appiancorp.security.auth.piee.persistence.PieeSettingsDaoService;
import com.appiancorp.security.auth.rememberme.AppianPersistentTokenBasedRememberMeServices;
import com.appiancorp.security.auth.saml.IdentityProviderManager;
import com.appiancorp.security.auth.saml.SamlAuthenticator;
import com.appiancorp.security.auth.saml.SamlAuthenticatorWrapper;
import com.appiancorp.security.auth.saml.SamlLogoutHandler;
import com.appiancorp.security.auth.saml.SamlSessionTracker;
import com.appiancorp.security.auth.saml.SamlSettingsSelector;
import com.appiancorp.security.auth.saml.SamlSharedSpringConfig;
import com.appiancorp.security.auth.saml.SamlSpringConfig;
import com.appiancorp.security.auth.saml.oauth.SamlAssertionRetriever;
import com.appiancorp.security.auth.saml.oauth.SamlAssertionRetrieverSpringConfig;
import com.appiancorp.security.auth.saml.redirecter.AppianLogoutRedirecter;
import com.appiancorp.security.auth.saml.redirecter.SamlAuthProviderQueryStringGenerator;
import com.appiancorp.security.auth.saml.service.SamlSettingsService;
import com.appiancorp.security.external.ExternalSystemSpringConfig;
import com.appiancorp.security.external.service.ExternalSystemService;
import com.appiancorp.security.user.SecurityUserSpringConfig;
import com.appiancorp.security.user.service.UserService;
import com.appiancorp.services.ServiceContextFactory;
import com.appiancorp.suite.SuiteSpringConfig;
import com.appiancorp.suite.cfg.AdminSecurityConfiguration;
import com.appiancorp.suite.cfg.LdapConfiguration;
import com.appiancorp.suite.cfg.PieeConfiguration;
import com.appiancorp.suite.cfg.SamlConfiguration;
import com.appiancorp.suiteapi.common.ServiceLocator;
import com.appiancorp.suiteapi.security.auth.AppianUserDetailsService;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Maps;
import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.config.MapFactoryBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;

@Configuration
@Lazy
@Import({AppianAdminServicesSpringConfig.class, AppianServicesSpringConfig.class, ConfigObjectSpringConfig.class, BaseAuthenticationSpringConfig.class, LdapSpringConfig.class, MobileAuthSpringConfig.class, PieeSpringConfig.class, SamlSharedSpringConfig.class, SamlSpringConfig.class, ExternalSystemSpringConfig.class, SecurityUserSpringConfig.class, SuiteSpringConfig.class, AppianAuthenticationUtilitiesSpringConfig.class, AgSpringConfig.class, SamlAssertionRetrieverSpringConfig.class, OidcConfigurationSpringConfig.class})
/* loaded from: input_file:com/appiancorp/security/auth/AppianAuthenticationSpringConfig.class */
public class AppianAuthenticationSpringConfig {

    @Autowired
    @Lazy
    OidcSettingsSelector oidcSettingsSelector;

    @Autowired
    @Lazy
    @Qualifier("oidcSettingsServiceAdminContextDecorator")
    OidcSettingsService oidcSettingsServiceAdminContextDecorator;

    @Autowired
    @Lazy
    LogoutSuccessHandlerDelegate oidcLogoutSuccessHandlerDelegate;

    @Bean
    public PasswordConfig passwordConfig() {
        return new PasswordConfig();
    }

    @Bean
    public AuthenticatorProvider authenticatorProvider(PasswordConfig passwordConfig, MfaUtils mfaUtils) {
        return new AuthenticatorProvider(passwordConfig, mfaUtils);
    }

    @Bean
    public MapFactoryBean pageUrls() {
        MapFactoryBean mapFactoryBean = new MapFactoryBean();
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(MobileAuthConstants.LOGIN_RESULT, "/portal/loginPage");
        newHashMap.put("logout", "/logout");
        mapFactoryBean.setSourceMap(newHashMap);
        return mapFactoryBean;
    }

    @Bean
    @Lazy
    public DefaultAuthenticator defaultAuthenticator(PasswordConfig passwordConfig, AdminSecurityConfiguration adminSecurityConfiguration, MfaUtils mfaUtils) {
        return new DefaultAuthenticator(ServiceLocator.getUserService(ServiceContextFactory.getAdministratorServiceContext()), passwordConfig, adminSecurityConfiguration, mfaUtils);
    }

    @Bean
    public ConditionalAuthenticatorWrapper defaultAuthenticatorWrapper(AppianUserDetailsService appianUserDetailsService, DefaultAuthenticator defaultAuthenticator, SamlConfiguration samlConfiguration, GroupServiceHelper groupServiceHelper) {
        return new DefaultAuthenticatorWrapper(appianUserDetailsService, defaultAuthenticator, samlConfiguration, groupServiceHelper);
    }

    @Bean
    public ImmutableList<AuthenticationFilter> authenticationFilters(AuthenticationFilter authenticationFilter) {
        return ImmutableList.of(authenticationFilter);
    }

    @Bean
    public ImmutableList<ConditionalAuthenticatorWrapper> authenticators(List<ConditionalAuthenticatorWrapper> list) {
        return ImmutableList.copyOf((List) list.stream().sorted(new Comparator<ConditionalAuthenticatorWrapper>() { // from class: com.appiancorp.security.auth.AppianAuthenticationSpringConfig.1
            @Override // java.util.Comparator
            public int compare(ConditionalAuthenticatorWrapper conditionalAuthenticatorWrapper, ConditionalAuthenticatorWrapper conditionalAuthenticatorWrapper2) {
                if (conditionalAuthenticatorWrapper.getPriority() == conditionalAuthenticatorWrapper2.getPriority()) {
                    throw new IllegalStateException(String.format("Two authenticator wrappers namely %s and %s have the same priority value: %s", conditionalAuthenticatorWrapper.getClass().getName(), conditionalAuthenticatorWrapper2.getClass().getName(), Integer.valueOf(conditionalAuthenticatorWrapper.getPriority())));
                }
                return Integer.compare(conditionalAuthenticatorWrapper.getPriority(), conditionalAuthenticatorWrapper2.getPriority());
            }
        }).collect(Collectors.toList()));
    }

    @Bean
    public CompositeAuthenticator compositeAuthenticator(ImmutableList<ConditionalAuthenticatorWrapper> immutableList) {
        return new CompositeAuthenticator(immutableList);
    }

    @Bean
    public CompositeAuthenticationFilter compositeAuthenticationFilter(ImmutableList<AuthenticationFilter> immutableList) {
        return new CompositeAuthenticationFilter(immutableList);
    }

    @Bean
    public static DefaultRolesPrefixPostProcessor defaultRolesPrefixPostProcessor() {
        return new DefaultRolesPrefixPostProcessor();
    }

    @Bean
    public static AppTokenLogoutHandler appTokenLogoutHandler(ExtendedUserService extendedUserService) {
        return new AppTokenLogoutHandler(extendedUserService);
    }

    @Bean
    public RpaLogoutHandler rpaLogoutHandler(RemoteUserSyncer remoteUserSyncer) {
        return new RpaLogoutHandler(remoteUserSyncer);
    }

    @Bean
    public PhpMyAdminSessionListener phpMyAdminSessionListener() {
        return new PhpMyAdminSessionListener();
    }

    @Bean
    public PhpMyAdminLogoutHandler phpMyAdminLogoutHandler() {
        return new PhpMyAdminLogoutHandler();
    }

    @Bean
    public LogoutReasonLogoutHandler logoutReasonLogoutHandler() {
        return new LogoutReasonLogoutHandler();
    }

    @Bean
    public ImmutableList<LogoutHandler> logoutHandlers(SamlLogoutHandler samlLogoutHandler, AppTokenLogoutHandler appTokenLogoutHandler, SecurityContextLogoutHandler securityContextLogoutHandler, AppianPersistentTokenBasedRememberMeServices appianPersistentTokenBasedRememberMeServices, RpaLogoutHandler rpaLogoutHandler, PhpMyAdminLogoutHandler phpMyAdminLogoutHandler, LogoutReasonLogoutHandler logoutReasonLogoutHandler) {
        return ImmutableList.of(logoutReasonLogoutHandler, samlLogoutHandler, appTokenLogoutHandler, securityContextLogoutHandler, appianPersistentTokenBasedRememberMeServices, rpaLogoutHandler, phpMyAdminLogoutHandler);
    }

    @Bean
    @Lazy
    public LogoutFilter logoutFilter(LogoutSuccessHandler logoutSuccessHandler, ImmutableList<LogoutHandler> immutableList, MapFactoryBean mapFactoryBean) throws Exception {
        LogoutFilter logoutFilter = new LogoutFilter(logoutSuccessHandler, (LogoutHandler[]) immutableList.toArray(new LogoutHandler[0]));
        Map map = (Map) mapFactoryBean.getObject();
        if (map == null) {
            throw new IllegalStateException("Page URLs object cannot be null");
        }
        logoutFilter.setFilterProcessesUrl((String) map.get("logout"));
        return logoutFilter;
    }

    @Bean
    public ForgotPasswordRequestManager forgotPasswordRequestManager() {
        return new ForgotPasswordRequestManager();
    }

    @Bean
    public AuthenticationFilter serviceAccountExclusionFilter(GroupServiceHelper groupServiceHelper) {
        return new ServiceAccountExclusionFilter(groupServiceHelper);
    }

    @Bean
    public ConditionalAuthenticatorWrapper ldapAuthenticatorWrapper(AppianUserDetailsService appianUserDetailsService, LdapConfiguration ldapConfiguration, LdapAuthenticatorFactory ldapAuthenticatorFactory, GroupServiceHelper groupServiceHelper) {
        return new LdapAuthenticatorWrapper(appianUserDetailsService, ldapConfiguration, ldapAuthenticatorFactory, groupServiceHelper);
    }

    @Bean
    public ConditionalAuthenticatorWrapper pieeAuthenticatorWrapper(AppianUserDetailsService appianUserDetailsService, PieeConfiguration pieeConfiguration, PieeAuthenticator pieeAuthenticator, PieeSettingsSelector pieeSettingsSelector, @Qualifier("pieeSettingsDaoServiceAdminContextDecorator") PieeSettingsDaoService pieeSettingsDaoService) {
        return new PieeAuthenticatorWrapper(appianUserDetailsService, pieeConfiguration, pieeAuthenticator, pieeSettingsSelector, pieeSettingsDaoService);
    }

    @Bean
    @Lazy
    public ConditionalAuthenticatorWrapper samlAuthenticatorWrapper(AppianUserDetailsService appianUserDetailsService, SamlConfiguration samlConfiguration, SamlAuthenticator samlAuthenticator, SamlSettingsService samlSettingsService, SamlSettingsSelector samlSettingsSelector, SamlAssertionRetriever samlAssertionRetriever) {
        return new SamlAuthenticatorWrapper(appianUserDetailsService, samlConfiguration, samlAuthenticator, samlSettingsService, samlSettingsSelector, samlAssertionRetriever);
    }

    @Bean
    public UserStatusService userStatusService(SamlConfiguration samlConfiguration, SamlSettingsSelector samlSettingsSelector, PieeConfiguration pieeConfiguration, PieeSettingsSelector pieeSettingsSelector, OidcConfiguration oidcConfiguration) {
        return new UserStatusService(samlConfiguration, samlSettingsSelector, pieeConfiguration, pieeSettingsSelector, oidcConfiguration, this.oidcSettingsServiceAdminContextDecorator, this.oidcSettingsSelector);
    }

    @Bean
    @Lazy
    public LogoutSuccessHandler logoutSuccessHandler(SamlConfiguration samlConfiguration, IdentityProviderManager identityProviderManager, AppianLogoutRedirecter appianLogoutRedirecter, SamlSessionTracker samlSessionTracker, SamlAuthProviderQueryStringGenerator samlAuthProviderQueryStringGenerator, UserStatusService userStatusService, InAppBrowserClientRequestMatcher inAppBrowserClientRequestMatcher) {
        LogoutSuccessHandler logoutSuccessHandler = new LogoutSuccessHandler(samlConfiguration, identityProviderManager, appianLogoutRedirecter, samlAuthProviderQueryStringGenerator, userStatusService, inAppBrowserClientRequestMatcher, this.oidcLogoutSuccessHandlerDelegate);
        logoutSuccessHandler.setDefaultTargetUrl("/");
        logoutSuccessHandler.setAlwaysUseDefaultTargetUrl(true);
        return logoutSuccessHandler;
    }

    @Bean(name = {"scsKeyChangeHandler"})
    public ScsKeyChangeHandler scsKeyChangeHandler(ExternalSystemService externalSystemService, UserService userService, SaltCreator saltCreator) {
        return new ScsKeyChangeHandlerImpl(externalSystemService, userService, saltCreator);
    }
}
