package org.apereo.cas.configuration.support;

import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.Multimap;
import groovy.lang.GroovyClassLoader;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.time.Duration;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Predicate;
import java.util.regex.Pattern;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.ClassUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.handler.PrincipalNameTransformer;
import org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties;
import org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesProperties;
import org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties;
import org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties;
import org.apereo.cas.configuration.model.support.ConnectionPoolingProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.cipher.DefaultTicketCipherExecutor;
import org.apereo.cas.util.cipher.NoOpCipherExecutor;
import org.apereo.cas.util.crypto.DefaultPasswordEncoder;
import org.apereo.cas.util.transforms.ConvertCasePrincipalNameTransformer;
import org.apereo.cas.util.transforms.PrefixSuffixPrincipalNameTransformer;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.apereo.services.persondir.support.NamedStubPersonAttributeDao;
import org.codehaus.groovy.control.CompilerConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.DefaultResourceLoader;
import org.springframework.core.io.Resource;
import org.springframework.scheduling.concurrent.ThreadPoolExecutorFactoryBean;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
import org.springframework.security.crypto.password.StandardPasswordEncoder;
import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/apereo/cas/configuration/support/Beans.class */
public final class Beans {
    private static final Logger LOGGER = LoggerFactory.getLogger(Beans.class);

    protected Beans() {
    }

    public static ThreadPoolExecutorFactoryBean newThreadPoolExecutorFactoryBean(ConnectionPoolingProperties connectionPoolingProperties) {
        ThreadPoolExecutorFactoryBean threadPoolExecutorFactoryBean = new ThreadPoolExecutorFactoryBean();
        threadPoolExecutorFactoryBean.setCorePoolSize(connectionPoolingProperties.getMinSize());
        threadPoolExecutorFactoryBean.setMaxPoolSize(connectionPoolingProperties.getMaxSize());
        threadPoolExecutorFactoryBean.setKeepAliveSeconds((int) connectionPoolingProperties.getMaxWait());
        return threadPoolExecutorFactoryBean;
    }

    public static IPersonAttributeDao newStubAttributeRepository(PrincipalAttributesProperties principalAttributesProperties) {
        try {
            NamedStubPersonAttributeDao namedStubPersonAttributeDao = new NamedStubPersonAttributeDao();
            HashMap hashMap = new HashMap();
            principalAttributesProperties.getStub().getAttributes().forEach((str, str2) -> {
                hashMap.put(str, Arrays.asList(StringUtils.commaDelimitedListToStringArray(str2)));
            });
            namedStubPersonAttributeDao.setBackingMap(hashMap);
            return namedStubPersonAttributeDao;
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    public static PasswordEncoder newPasswordEncoder(PasswordEncoderProperties passwordEncoderProperties) {
        String type = passwordEncoderProperties.getType();
        if (org.apache.commons.lang3.StringUtils.isBlank(type)) {
            LOGGER.debug("No password encoder type is defined, and so none shall be created");
            return NoOpPasswordEncoder.getInstance();
        }
        if (type.contains(".")) {
            try {
                LOGGER.debug("Configuration indicates use of a custom password encoder [{}]", type);
                return (PasswordEncoder) Class.forName(type).newInstance();
            } catch (Exception e) {
                LOGGER.error("Falling back to a no-op password encoder as CAS has failed to create an instance of the custom password encoder class " + type, e);
                return NoOpPasswordEncoder.getInstance();
            }
        }
        switch (PasswordEncoderProperties.PasswordEncoderTypes.valueOf(type)) {
            case DEFAULT:
                LOGGER.debug("Creating default password encoder with encoding alg [{}] and character encoding [{}]", passwordEncoderProperties.getEncodingAlgorithm(), passwordEncoderProperties.getCharacterEncoding());
                return new DefaultPasswordEncoder(passwordEncoderProperties.getEncodingAlgorithm(), passwordEncoderProperties.getCharacterEncoding());
            case STANDARD:
                LOGGER.debug("Creating standard password encoder with the secret defined in the configuration");
                return new StandardPasswordEncoder(passwordEncoderProperties.getSecret());
            case BCRYPT:
                LOGGER.debug("Creating BCRYPT password encoder given the strength [{}] and secret in the configuration", Integer.valueOf(passwordEncoderProperties.getStrength()));
                if (org.apache.commons.lang3.StringUtils.isBlank(passwordEncoderProperties.getSecret())) {
                    LOGGER.debug("Creating BCRYPT encoder without secret");
                    return new BCryptPasswordEncoder(passwordEncoderProperties.getStrength());
                }
                LOGGER.debug("Creating BCRYPT encoder with secret");
                return new BCryptPasswordEncoder(passwordEncoderProperties.getStrength(), new SecureRandom(passwordEncoderProperties.getSecret().getBytes(StandardCharsets.UTF_8)));
            case SCRYPT:
                LOGGER.debug("Creating SCRYPT encoder");
                return new SCryptPasswordEncoder();
            case PBKDF2:
                if (!org.apache.commons.lang3.StringUtils.isBlank(passwordEncoderProperties.getSecret())) {
                    return new Pbkdf2PasswordEncoder(passwordEncoderProperties.getSecret(), passwordEncoderProperties.getStrength(), 256);
                }
                LOGGER.debug("Creating PBKDF2 encoder without secret");
                return new Pbkdf2PasswordEncoder();
            case NONE:
            default:
                LOGGER.debug("No password encoder shall be created given the requested encoder type [{}]", type);
                return NoOpPasswordEncoder.getInstance();
        }
    }

    public static PrincipalNameTransformer newPrincipalNameTransformer(PrincipalTransformationProperties principalTransformationProperties) {
        PrincipalNameTransformer principalNameTransformer;
        if (org.apache.commons.lang3.StringUtils.isNotBlank(principalTransformationProperties.getPrefix()) || org.apache.commons.lang3.StringUtils.isNotBlank(principalTransformationProperties.getSuffix())) {
            PrincipalNameTransformer prefixSuffixPrincipalNameTransformer = new PrefixSuffixPrincipalNameTransformer();
            prefixSuffixPrincipalNameTransformer.setPrefix(principalTransformationProperties.getPrefix());
            prefixSuffixPrincipalNameTransformer.setSuffix(principalTransformationProperties.getSuffix());
            principalNameTransformer = prefixSuffixPrincipalNameTransformer;
        } else {
            principalNameTransformer = str -> {
                return str;
            };
        }
        switch (principalTransformationProperties.getCaseConversion()) {
            case UPPERCASE:
                ConvertCasePrincipalNameTransformer convertCasePrincipalNameTransformer = new ConvertCasePrincipalNameTransformer(principalNameTransformer);
                convertCasePrincipalNameTransformer.setToUpperCase(true);
                return convertCasePrincipalNameTransformer;
            case LOWERCASE:
                ConvertCasePrincipalNameTransformer convertCasePrincipalNameTransformer2 = new ConvertCasePrincipalNameTransformer(principalNameTransformer);
                convertCasePrincipalNameTransformer2.setToUpperCase(false);
                return convertCasePrincipalNameTransformer2;
            default:
                return principalNameTransformer;
        }
    }

    public static Map<String, Collection<String>> transformPrincipalAttributesListIntoMap(List<String> list) {
        return CollectionUtils.wrap(transformPrincipalAttributesListIntoMultiMap(list));
    }

    public static Multimap<String, String> transformPrincipalAttributesListIntoMultiMap(List<String> list) {
        ArrayListMultimap create = ArrayListMultimap.create();
        if (list.isEmpty()) {
            LOGGER.debug("No principal attributes are defined");
        } else {
            list.forEach(str -> {
                String trim = str.trim();
                if (!trim.contains(":")) {
                    LOGGER.debug("Mapped principal attribute name [{}]", trim);
                    create.put(trim, trim);
                    return;
                }
                String[] split = trim.split(":");
                String trim2 = split[0].trim();
                String trim3 = split[1].trim();
                LOGGER.debug("Mapped principal attribute name [{}] to [{}]", trim2, trim3);
                create.put(trim2, trim3);
            });
        }
        return create;
    }

    public static Predicate<Credential> newCredentialSelectionPredicate(String str) {
        Resource resource;
        try {
            return org.apache.commons.lang3.StringUtils.isBlank(str) ? credential -> {
                return true;
            } : (!str.endsWith(".groovy") || (resource = new DefaultResourceLoader().getResource(str)) == null) ? (Predicate) ClassUtils.getClass(str).newInstance() : (Predicate) new GroovyClassLoader(Beans.class.getClassLoader(), new CompilerConfiguration(), true).parseClass(IOUtils.toString(resource.getInputStream(), StandardCharsets.UTF_8)).newInstance();
        } catch (Exception e) {
            Predicate<String> asPredicate = Pattern.compile(str).asPredicate();
            return credential2 -> {
                return asPredicate.test(credential2.getId());
            };
        }
    }

    public static Duration newDuration(String str) {
        try {
            return NumberUtils.isCreatable(str) ? Duration.ofSeconds(Long.parseLong(str)) : Duration.parse(str);
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    public static CipherExecutor newTicketRegistryCipherExecutor(EncryptionRandomizedSigningJwtCryptographyProperties encryptionRandomizedSigningJwtCryptographyProperties) {
        return newTicketRegistryCipherExecutor(encryptionRandomizedSigningJwtCryptographyProperties, false);
    }

    public static CipherExecutor newTicketRegistryCipherExecutor(EncryptionRandomizedSigningJwtCryptographyProperties encryptionRandomizedSigningJwtCryptographyProperties, boolean z) {
        if ((org.apache.commons.lang3.StringUtils.isNotBlank(encryptionRandomizedSigningJwtCryptographyProperties.getEncryption().getKey()) && org.apache.commons.lang3.StringUtils.isNotBlank(encryptionRandomizedSigningJwtCryptographyProperties.getEncryption().getKey())) || z) {
            return new DefaultTicketCipherExecutor(encryptionRandomizedSigningJwtCryptographyProperties.getEncryption().getKey(), encryptionRandomizedSigningJwtCryptographyProperties.getSigning().getKey(), encryptionRandomizedSigningJwtCryptographyProperties.getAlg(), encryptionRandomizedSigningJwtCryptographyProperties.getSigning().getKeySize(), encryptionRandomizedSigningJwtCryptographyProperties.getEncryption().getKeySize());
        }
        LOGGER.debug("Ticket registry encryption/signing is turned off. This MAY NOT be safe in a clustered production environment. Consider using other choices to handle encryption, signing and verification of ticket registry tickets, and verify the chosen ticket registry does support this behavior.");
        return NoOpCipherExecutor.getInstance();
    }
}
