package org.apereo.cas.audit.spi.config;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import lombok.Generated;
import org.apache.commons.lang3.RegExUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.audit.AuditPrincipalIdProvider;
import org.apereo.cas.audit.AuditTrailExecutionPlan;
import org.apereo.cas.audit.AuditTrailExecutionPlanConfigurer;
import org.apereo.cas.audit.AuditTrailRecordResolutionPlan;
import org.apereo.cas.audit.AuditTrailRecordResolutionPlanConfigurer;
import org.apereo.cas.audit.spi.FilterAndDelegateAuditTrailManager;
import org.apereo.cas.audit.spi.plan.DefaultAuditTrailExecutionPlan;
import org.apereo.cas.audit.spi.plan.DefaultAuditTrailRecordResolutionPlan;
import org.apereo.cas.audit.spi.principal.ChainingAuditPrincipalIdProvider;
import org.apereo.cas.audit.spi.principal.ThreadLocalPrincipalResolver;
import org.apereo.cas.audit.spi.resource.CredentialsAsFirstParameterResourceResolver;
import org.apereo.cas.audit.spi.resource.MessageBundleAwareResourceResolver;
import org.apereo.cas.audit.spi.resource.NullableReturnValueAuditResourceResolver;
import org.apereo.cas.audit.spi.resource.ServiceAccessEnforcementAuditResourceResolver;
import org.apereo.cas.audit.spi.resource.ServiceResourceResolver;
import org.apereo.cas.audit.spi.resource.ShortenedReturnValueAsStringResourceResolver;
import org.apereo.cas.audit.spi.resource.TicketAsFirstParameterResourceResolver;
import org.apereo.cas.audit.spi.resource.TicketValidationResourceResolver;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.audit.AuditProperties;
import org.apereo.cas.configuration.model.core.audit.AuditSlf4jLogProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.inspektr.audit.AuditTrailManagementAspect;
import org.apereo.inspektr.audit.AuditTrailManager;
import org.apereo.inspektr.audit.spi.AuditActionResolver;
import org.apereo.inspektr.audit.spi.AuditResourceResolver;
import org.apereo.inspektr.audit.spi.support.DefaultAuditActionResolver;
import org.apereo.inspektr.audit.support.AbstractStringAuditTrailManager;
import org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager;
import org.apereo.inspektr.common.spi.PrincipalResolver;
import org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;

@EnableAspectJAutoProxy
@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casCoreAuditConfiguration")
/* loaded from: input_file:org/apereo/cas/audit/spi/config/CasCoreAuditConfiguration.class */
public class CasCoreAuditConfiguration implements AuditTrailExecutionPlanConfigurer, AuditTrailRecordResolutionPlanConfigurer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CasCoreAuditConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private ApplicationContext applicationContext;

    @Bean
    public AuditTrailManagementAspect auditTrailManagementAspect(@Qualifier("auditTrailExecutionPlan") AuditTrailExecutionPlan auditTrailExecutionPlan, @Qualifier("auditTrailRecordResolutionPlan") AuditTrailRecordResolutionPlan auditTrailRecordResolutionPlan) {
        AuditTrailManagementAspect auditTrailManagementAspect = new AuditTrailManagementAspect(this.casProperties.getAudit().getAppCode(), auditablePrincipalResolver(auditPrincipalIdProvider()), CollectionUtils.wrapList(new AuditTrailManager[]{new FilterAndDelegateAuditTrailManager(auditTrailExecutionPlan.getAuditTrailManagers(), this.casProperties.getAudit().getSupportedActions())}), auditTrailRecordResolutionPlan.getAuditActionResolvers(), auditTrailRecordResolutionPlan.getAuditResourceResolvers());
        auditTrailManagementAspect.setFailOnAuditFailures(!this.casProperties.getAudit().isIgnoreAuditFailures());
        return auditTrailManagementAspect;
    }

    @ConditionalOnMissingBean(name = {"auditTrailRecordResolutionPlan"})
    @Autowired
    @Bean
    public AuditTrailRecordResolutionPlan auditTrailRecordResolutionPlan(List<AuditTrailRecordResolutionPlanConfigurer> list) {
        DefaultAuditTrailRecordResolutionPlan defaultAuditTrailRecordResolutionPlan = new DefaultAuditTrailRecordResolutionPlan();
        list.forEach(auditTrailRecordResolutionPlanConfigurer -> {
            LOGGER.trace("Registering audit trail manager [{}]", RegExUtils.removePattern(auditTrailRecordResolutionPlanConfigurer.getClass().getSimpleName(), "\\$.+"));
            auditTrailRecordResolutionPlanConfigurer.configureAuditTrailRecordResolutionPlan(defaultAuditTrailRecordResolutionPlan);
        });
        return defaultAuditTrailRecordResolutionPlan;
    }

    @ConditionalOnMissingBean(name = {"auditTrailExecutionPlan"})
    @Autowired
    @Bean
    public AuditTrailExecutionPlan auditTrailExecutionPlan(List<AuditTrailExecutionPlanConfigurer> list) {
        DefaultAuditTrailExecutionPlan defaultAuditTrailExecutionPlan = new DefaultAuditTrailExecutionPlan();
        list.forEach(auditTrailExecutionPlanConfigurer -> {
            LOGGER.trace("Configuring audit trail execution plan via [{}]", RegExUtils.removePattern(auditTrailExecutionPlanConfigurer.getClass().getSimpleName(), "\\$.+"));
            auditTrailExecutionPlanConfigurer.configureAuditTrailExecutionPlan(defaultAuditTrailExecutionPlan);
        });
        return defaultAuditTrailExecutionPlan;
    }

    @Bean
    public FilterRegistrationBean casClientInfoLoggingFilter() {
        AuditProperties audit = this.casProperties.getAudit();
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(new ClientInfoThreadLocalFilter());
        filterRegistrationBean.setUrlPatterns(CollectionUtils.wrap("/*"));
        filterRegistrationBean.setName("CAS Client Info Logging Filter");
        filterRegistrationBean.setAsyncSupported(true);
        filterRegistrationBean.setOrder(Integer.MIN_VALUE);
        HashMap hashMap = new HashMap();
        if (StringUtils.isNotBlank(audit.getAlternateClientAddrHeaderName())) {
            hashMap.put("alternativeIpAddressHeader", audit.getAlternateClientAddrHeaderName());
        }
        if (StringUtils.isNotBlank(audit.getAlternateServerAddrHeaderName())) {
            hashMap.put("alternateServerAddrHeaderName", audit.getAlternateServerAddrHeaderName());
        }
        hashMap.put("useServerHostAddress", String.valueOf(audit.isUseServerHostAddress()));
        filterRegistrationBean.setInitParameters(hashMap);
        return filterRegistrationBean;
    }

    @ConditionalOnMissingBean(name = {"authenticationActionResolver"})
    @Bean
    public AuditActionResolver authenticationActionResolver() {
        return new DefaultAuditActionResolver("_SUCCESS", "_FAILED");
    }

    @ConditionalOnMissingBean(name = {"ticketCreationActionResolver"})
    @Bean
    public AuditActionResolver ticketCreationActionResolver() {
        return new DefaultAuditActionResolver("_CREATED", "_NOT_CREATED");
    }

    @ConditionalOnMissingBean(name = {"ticketValidationActionResolver"})
    @Bean
    public AuditActionResolver ticketValidationActionResolver() {
        return new DefaultAuditActionResolver("_SUCCESS", "_FAILED");
    }

    @ConditionalOnMissingBean(name = {"returnValueResourceResolver"})
    @Bean
    public AuditResourceResolver returnValueResourceResolver() {
        return new ShortenedReturnValueAsStringResourceResolver();
    }

    @ConditionalOnMissingBean(name = {"nullableReturnValueResourceResolver"})
    @Bean
    public AuditResourceResolver nullableReturnValueResourceResolver() {
        return new NullableReturnValueAuditResourceResolver(returnValueResourceResolver());
    }

    @ConditionalOnMissingBean(name = {"serviceAccessEnforcementAuditResourceResolver"})
    @Bean
    public ServiceAccessEnforcementAuditResourceResolver serviceAccessEnforcementAuditResourceResolver() {
        return new ServiceAccessEnforcementAuditResourceResolver();
    }

    @ConditionalOnMissingBean(name = {"customAuditActionResolverMap"})
    @Bean
    public Map<String, AuditActionResolver> customAuditActionResolverMap() {
        return new HashMap(0);
    }

    @ConditionalOnMissingBean(name = {"customAuditResourceResolverMap"})
    @Bean
    public Map<String, AuditResourceResolver> customAuditResourceResolverMap() {
        return new HashMap(0);
    }

    @ConditionalOnMissingBean(name = {"auditablePrincipalResolver"})
    @Bean
    public PrincipalResolver auditablePrincipalResolver(@Qualifier("auditPrincipalIdProvider") AuditPrincipalIdProvider auditPrincipalIdProvider) {
        return new ThreadLocalPrincipalResolver(auditPrincipalIdProvider);
    }

    @ConditionalOnMissingBean(name = {"ticketResourceResolver"})
    @Bean
    public AuditResourceResolver ticketResourceResolver() {
        return new TicketAsFirstParameterResourceResolver();
    }

    @ConditionalOnMissingBean(name = {"ticketValidationResourceResolver"})
    @Bean
    public AuditResourceResolver ticketValidationResourceResolver() {
        return this.casProperties.getAudit().isIncludeValidationAssertion() ? new TicketValidationResourceResolver() : ticketResourceResolver();
    }

    @ConditionalOnMissingBean(name = {"messageBundleAwareResourceResolver"})
    @Bean
    public AuditResourceResolver messageBundleAwareResourceResolver() {
        return new MessageBundleAwareResourceResolver(this.applicationContext);
    }

    @ConditionalOnMissingBean(name = {"auditPrincipalIdProvider"})
    @Bean
    public AuditPrincipalIdProvider auditPrincipalIdProvider() {
        ArrayList arrayList = new ArrayList(this.applicationContext.getBeansOfType(AuditPrincipalIdProvider.class, false, true).values());
        AnnotationAwareOrderComparator.sort(arrayList);
        return new ChainingAuditPrincipalIdProvider(arrayList);
    }

    public void configureAuditTrailExecutionPlan(AuditTrailExecutionPlan auditTrailExecutionPlan) {
        AuditSlf4jLogProperties slf4j = this.casProperties.getAudit().getSlf4j();
        Slf4jLoggingAuditTrailManager slf4jLoggingAuditTrailManager = new Slf4jLoggingAuditTrailManager();
        slf4jLoggingAuditTrailManager.setUseSingleLine(slf4j.isUseSingleLine());
        slf4jLoggingAuditTrailManager.setEntrySeparator(slf4j.getSinglelineSeparator());
        slf4jLoggingAuditTrailManager.setAuditFormat(AbstractStringAuditTrailManager.AuditFormats.valueOf(slf4j.getAuditFormat().toUpperCase()));
        auditTrailExecutionPlan.registerAuditTrailManager(slf4jLoggingAuditTrailManager);
    }

    public void configureAuditTrailRecordResolutionPlan(AuditTrailRecordResolutionPlan auditTrailRecordResolutionPlan) {
        AuditActionResolver authenticationActionResolver = authenticationActionResolver();
        auditTrailRecordResolutionPlan.registerAuditActionResolver("AUTHENTICATION_RESOLVER", authenticationActionResolver);
        auditTrailRecordResolutionPlan.registerAuditActionResolver("SAVE_SERVICE_ACTION_RESOLVER", authenticationActionResolver);
        DefaultAuditActionResolver defaultAuditActionResolver = new DefaultAuditActionResolver();
        auditTrailRecordResolutionPlan.registerAuditActionResolver("DESTROY_TICKET_GRANTING_TICKET_RESOLVER", defaultAuditActionResolver);
        auditTrailRecordResolutionPlan.registerAuditActionResolver("DESTROY_PROXY_GRANTING_TICKET_RESOLVER", defaultAuditActionResolver);
        AuditActionResolver ticketCreationActionResolver = ticketCreationActionResolver();
        auditTrailRecordResolutionPlan.registerAuditActionResolver("CREATE_PROXY_GRANTING_TICKET_RESOLVER", ticketCreationActionResolver);
        auditTrailRecordResolutionPlan.registerAuditActionResolver("GRANT_SERVICE_TICKET_RESOLVER", ticketCreationActionResolver);
        auditTrailRecordResolutionPlan.registerAuditActionResolver("GRANT_PROXY_TICKET_RESOLVER", ticketCreationActionResolver);
        auditTrailRecordResolutionPlan.registerAuditActionResolver("CREATE_TICKET_GRANTING_TICKET_RESOLVER", ticketCreationActionResolver);
        auditTrailRecordResolutionPlan.registerAuditActionResolver("AUTHENTICATION_EVENT_ACTION_RESOLVER", new DefaultAuditActionResolver("_TRIGGERED", ""));
        auditTrailRecordResolutionPlan.registerAuditActionResolver("VALIDATE_SERVICE_TICKET_RESOLVER", ticketValidationActionResolver());
        auditTrailRecordResolutionPlan.registerAuditActionResolver("SERVICE_ACCESS_ENFORCEMENT_ACTION_RESOLVER", new DefaultAuditActionResolver("_TRIGGERED", ""));
        auditTrailRecordResolutionPlan.registerAuditResourceResolver("AUTHENTICATION_RESOURCE_RESOLVER", new CredentialsAsFirstParameterResourceResolver());
        AuditResourceResolver messageBundleAwareResourceResolver = messageBundleAwareResourceResolver();
        auditTrailRecordResolutionPlan.registerAuditResourceResolver("CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER", messageBundleAwareResourceResolver);
        auditTrailRecordResolutionPlan.registerAuditResourceResolver("CREATE_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER", messageBundleAwareResourceResolver);
        AuditResourceResolver ticketResourceResolver = ticketResourceResolver();
        auditTrailRecordResolutionPlan.registerAuditResourceResolver("DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER", ticketResourceResolver);
        auditTrailRecordResolutionPlan.registerAuditResourceResolver("DESTROY_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER", ticketResourceResolver);
        auditTrailRecordResolutionPlan.registerAuditResourceResolver("GRANT_SERVICE_TICKET_RESOURCE_RESOLVER", new ServiceResourceResolver());
        auditTrailRecordResolutionPlan.registerAuditResourceResolver("GRANT_PROXY_TICKET_RESOURCE_RESOLVER", new ServiceResourceResolver());
        auditTrailRecordResolutionPlan.registerAuditResourceResolver("VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER", ticketValidationResourceResolver());
        auditTrailRecordResolutionPlan.registerAuditResourceResolver("SAVE_SERVICE_RESOURCE_RESOLVER", returnValueResourceResolver());
        auditTrailRecordResolutionPlan.registerAuditResourceResolver("AUTHENTICATION_EVENT_RESOURCE_RESOLVER", nullableReturnValueResourceResolver());
        auditTrailRecordResolutionPlan.registerAuditResourceResolver("SERVICE_ACCESS_ENFORCEMENT_RESOURCE_RESOLVER", serviceAccessEnforcementAuditResourceResolver());
        auditTrailRecordResolutionPlan.registerAuditActionResolvers(customAuditActionResolverMap());
        auditTrailRecordResolutionPlan.registerAuditResourceResolvers(customAuditResourceResolverMap());
    }
}
