package org.apereo.cas.config;

import java.net.HttpURLConnection;
import java.net.URLConnection;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.PseudoPlatformTransactionManager;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.CasJavaClientProperties;
import org.apereo.cas.configuration.model.core.ticket.registry.TicketRegistryProperties;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.logout.LogoutManager;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.DefaultTicketCatalog;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.ServiceTicket;
import org.apereo.cas.ticket.ServiceTicketFactory;
import org.apereo.cas.ticket.TicketCatalog;
import org.apereo.cas.ticket.TicketCatalogConfigurer;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.TicketGrantingTicketFactory;
import org.apereo.cas.ticket.TransientSessionTicket;
import org.apereo.cas.ticket.TransientSessionTicketFactory;
import org.apereo.cas.ticket.UniqueTicketIdGenerator;
import org.apereo.cas.ticket.expiration.builder.ProxyGrantingTicketExpirationPolicyBuilder;
import org.apereo.cas.ticket.expiration.builder.ProxyTicketExpirationPolicyBuilder;
import org.apereo.cas.ticket.expiration.builder.ServiceTicketExpirationPolicyBuilder;
import org.apereo.cas.ticket.expiration.builder.TicketGrantingTicketExpirationPolicyBuilder;
import org.apereo.cas.ticket.expiration.builder.TransientSessionTicketExpirationPolicyBuilder;
import org.apereo.cas.ticket.factory.DefaultProxyGrantingTicketFactory;
import org.apereo.cas.ticket.factory.DefaultProxyTicketFactory;
import org.apereo.cas.ticket.factory.DefaultServiceTicketFactory;
import org.apereo.cas.ticket.factory.DefaultTicketFactory;
import org.apereo.cas.ticket.factory.DefaultTicketGrantingTicketFactory;
import org.apereo.cas.ticket.factory.DefaultTransientSessionTicketFactory;
import org.apereo.cas.ticket.proxy.ProxyGrantingTicket;
import org.apereo.cas.ticket.proxy.ProxyGrantingTicketFactory;
import org.apereo.cas.ticket.proxy.ProxyHandler;
import org.apereo.cas.ticket.proxy.ProxyTicket;
import org.apereo.cas.ticket.proxy.ProxyTicketFactory;
import org.apereo.cas.ticket.proxy.support.Cas10ProxyHandler;
import org.apereo.cas.ticket.proxy.support.Cas20ProxyHandler;
import org.apereo.cas.ticket.registry.CachingTicketRegistry;
import org.apereo.cas.ticket.registry.DefaultTicketRegistry;
import org.apereo.cas.ticket.registry.DefaultTicketRegistrySupport;
import org.apereo.cas.ticket.registry.NoOpLockingStrategy;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.ticket.registry.support.LockingStrategy;
import org.apereo.cas.util.CoreTicketUtils;
import org.apereo.cas.util.ProxyGrantingTicketIdGenerator;
import org.apereo.cas.util.ProxyTicketIdGenerator;
import org.apereo.cas.util.TicketGrantingTicketIdGenerator;
import org.apereo.cas.util.cipher.ProtocolTicketCipherExecutor;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.http.HttpClient;
import org.jasig.cas.client.ssl.HttpURLConnectionFactory;
import org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator;
import org.jasig.cas.client.validation.Cas10TicketValidator;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.jasig.cas.client.validation.Cas30ServiceTicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.context.annotation.Lazy;
import org.springframework.scheduling.annotation.EnableAsync;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import org.springframework.transaction.annotation.TransactionManagementConfigurer;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@EnableScheduling
@EnableTransactionManagement(proxyTargetClass = true)
@AutoConfigureAfter({CasCoreUtilConfiguration.class, CasCoreTicketIdGeneratorsConfiguration.class})
@EnableAspectJAutoProxy(proxyTargetClass = true)
@Configuration("casCoreTicketsConfiguration")
@EnableAsync
/* loaded from: input_file:org/apereo/cas/config/CasCoreTicketsConfiguration.class */
public class CasCoreTicketsConfiguration implements TransactionManagementConfigurer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CasCoreTicketsConfiguration.class);

    @Autowired
    private ApplicationContext applicationContext;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    @Qualifier("uniqueIdGeneratorsMap")
    private ObjectProvider<Map<String, UniqueTicketIdGenerator>> uniqueIdGeneratorsMap;

    @Autowired
    @Qualifier("supportsTrustStoreSslSocketFactoryHttpClient")
    private ObjectProvider<HttpClient> httpClient;

    @Autowired
    @Qualifier("hostnameVerifier")
    private ObjectProvider<HostnameVerifier> hostnameVerifier;

    @Autowired
    @Qualifier("sslContext")
    private ObjectProvider<SSLContext> sslContext;

    @ConditionalOnMissingBean(name = {"casClientTicketValidator"})
    @Bean
    public AbstractUrlBasedTicketValidator casClientTicketValidator() {
        AbstractUrlBasedTicketValidator buildCasClientTicketValidator = buildCasClientTicketValidator(StringUtils.defaultString(this.casProperties.getClient().getPrefix(), this.casProperties.getServer().getPrefix()));
        buildCasClientTicketValidator.setURLConnectionFactory(new HttpURLConnectionFactory() { // from class: org.apereo.cas.config.CasCoreTicketsConfiguration.1
            private static final long serialVersionUID = 3692658214483917813L;

            public HttpURLConnection buildHttpURLConnection(URLConnection uRLConnection) {
                if (uRLConnection instanceof HttpsURLConnection) {
                    HttpsURLConnection httpsURLConnection = (HttpsURLConnection) uRLConnection;
                    httpsURLConnection.setSSLSocketFactory(((SSLContext) CasCoreTicketsConfiguration.this.sslContext.getObject()).getSocketFactory());
                    httpsURLConnection.setHostnameVerifier((HostnameVerifier) CasCoreTicketsConfiguration.this.hostnameVerifier.getObject());
                }
                return (HttpURLConnection) uRLConnection;
            }
        });
        return buildCasClientTicketValidator;
    }

    @ConditionalOnMissingBean(name = {"defaultProxyGrantingTicketFactory"})
    @RefreshScope
    @Bean
    public ProxyGrantingTicketFactory defaultProxyGrantingTicketFactory() {
        return new DefaultProxyGrantingTicketFactory(proxyGrantingTicketUniqueIdGenerator(), proxyGrantingTicketExpirationPolicy(), protocolTicketCipherExecutor());
    }

    @ConditionalOnMissingBean(name = {"defaultProxyTicketFactory"})
    @RefreshScope
    @Bean
    @Lazy
    public ProxyTicketFactory defaultProxyTicketFactory() {
        return new DefaultProxyTicketFactory(proxyTicketExpirationPolicy(), (Map) this.uniqueIdGeneratorsMap.getObject(), protocolTicketCipherExecutor(), this.casProperties.getTicket().getTgt().isOnlyTrackMostRecentSession(), (ServicesManager) this.servicesManager.getObject());
    }

    @ConditionalOnMissingBean(name = {"proxyGrantingTicketUniqueIdGenerator"})
    @RefreshScope
    @Bean
    public UniqueTicketIdGenerator proxyGrantingTicketUniqueIdGenerator() {
        return new ProxyGrantingTicketIdGenerator(this.casProperties.getTicket().getTgt().getMaxLength(), this.casProperties.getHost().getName());
    }

    @ConditionalOnMissingBean(name = {"ticketGrantingTicketUniqueIdGenerator"})
    @RefreshScope
    @Bean
    public UniqueTicketIdGenerator ticketGrantingTicketUniqueIdGenerator() {
        return new TicketGrantingTicketIdGenerator(this.casProperties.getTicket().getTgt().getMaxLength(), this.casProperties.getHost().getName());
    }

    @ConditionalOnMissingBean(name = {"proxy20TicketUniqueIdGenerator"})
    @Bean
    public UniqueTicketIdGenerator proxy20TicketUniqueIdGenerator() {
        return new ProxyTicketIdGenerator(this.casProperties.getTicket().getPgt().getMaxLength(), this.casProperties.getHost().getName());
    }

    @ConditionalOnMissingBean(name = {"defaultTransientSessionTicketFactory"})
    @RefreshScope
    @Bean
    public TransientSessionTicketFactory defaultTransientSessionTicketFactory() {
        return new DefaultTransientSessionTicketFactory(transientSessionTicketExpirationPolicy());
    }

    @ConditionalOnMissingBean(name = {"transientSessionTicketExpirationPolicy"})
    @RefreshScope
    @Bean
    public ExpirationPolicyBuilder transientSessionTicketExpirationPolicy() {
        return new TransientSessionTicketExpirationPolicyBuilder(this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"defaultServiceTicketFactory"})
    @Bean
    @Lazy
    public ServiceTicketFactory defaultServiceTicketFactory() {
        return new DefaultServiceTicketFactory(serviceTicketExpirationPolicy(), (Map) this.uniqueIdGeneratorsMap.getObject(), this.casProperties.getTicket().getTgt().isOnlyTrackMostRecentSession(), protocolTicketCipherExecutor(), (ServicesManager) this.servicesManager.getObject());
    }

    @ConditionalOnMissingBean(name = {"defaultTicketGrantingTicketFactory"})
    @RefreshScope
    @Bean
    public TicketGrantingTicketFactory defaultTicketGrantingTicketFactory() {
        return new DefaultTicketGrantingTicketFactory(ticketGrantingTicketUniqueIdGenerator(), grantingTicketExpirationPolicy(), protocolTicketCipherExecutor());
    }

    @ConditionalOnMissingBean(name = {"defaultTicketFactory"})
    @RefreshScope
    @Bean
    public TicketFactory defaultTicketFactory() {
        DefaultTicketFactory defaultTicketFactory = new DefaultTicketFactory();
        defaultTicketFactory.addTicketFactory(TransientSessionTicket.class, defaultTransientSessionTicketFactory()).addTicketFactory(ProxyGrantingTicket.class, defaultProxyGrantingTicketFactory()).addTicketFactory(TicketGrantingTicket.class, defaultTicketGrantingTicketFactory()).addTicketFactory(ServiceTicket.class, defaultServiceTicketFactory()).addTicketFactory(ProxyTicket.class, defaultProxyTicketFactory());
        return defaultTicketFactory;
    }

    @ConditionalOnMissingBean(name = {"proxy10Handler"})
    @ConditionalOnProperty(prefix = "cas.sso", name = {"proxyAuthnEnabled"}, havingValue = "true", matchIfMissing = true)
    @Bean
    public ProxyHandler proxy10Handler() {
        return new Cas10ProxyHandler();
    }

    @ConditionalOnMissingBean(name = {"proxy20Handler"})
    @ConditionalOnProperty(prefix = "cas.sso", name = {"proxyAuthnEnabled"}, havingValue = "true", matchIfMissing = true)
    @Bean
    public ProxyHandler proxy20Handler() {
        return new Cas20ProxyHandler((HttpClient) this.httpClient.getObject(), proxy20TicketUniqueIdGenerator());
    }

    @ConditionalOnMissingBean(name = {"ticketRegistry"})
    @RefreshScope
    @Bean
    public TicketRegistry ticketRegistry() {
        LOGGER.warn("Runtime memory is used as the persistence storage for retrieving and managing tickets. Tickets that are issued during runtime will be LOST when the web server is restarted. This MAY impact SSO functionality.");
        TicketRegistryProperties.InMemory inMemory = this.casProperties.getTicket().getRegistry().getInMemory();
        CipherExecutor newTicketRegistryCipherExecutor = CoreTicketUtils.newTicketRegistryCipherExecutor(inMemory.getCrypto(), "inMemory");
        return inMemory.isCache() ? new CachingTicketRegistry(newTicketRegistryCipherExecutor, (LogoutManager) this.applicationContext.getBean("logoutManager", LogoutManager.class)) : new DefaultTicketRegistry(new ConcurrentHashMap(inMemory.getInitialCapacity(), inMemory.getLoadFactor(), inMemory.getConcurrency()), newTicketRegistryCipherExecutor);
    }

    @ConditionalOnMissingBean(name = {"defaultTicketRegistrySupport"})
    @Bean
    public TicketRegistrySupport defaultTicketRegistrySupport() {
        return new DefaultTicketRegistrySupport(ticketRegistry());
    }

    @ConditionalOnMissingBean(name = {"grantingTicketExpirationPolicy"})
    @RefreshScope
    @Bean
    public ExpirationPolicyBuilder grantingTicketExpirationPolicy() {
        return new TicketGrantingTicketExpirationPolicyBuilder(this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"proxyGrantingTicketExpirationPolicy"})
    @RefreshScope
    @Bean
    public ExpirationPolicyBuilder proxyGrantingTicketExpirationPolicy() {
        return new ProxyGrantingTicketExpirationPolicyBuilder(grantingTicketExpirationPolicy(), this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"serviceTicketExpirationPolicy"})
    @RefreshScope
    @Bean
    public ExpirationPolicyBuilder serviceTicketExpirationPolicy() {
        return new ServiceTicketExpirationPolicyBuilder(this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"proxyTicketExpirationPolicy"})
    @RefreshScope
    @Bean
    public ExpirationPolicyBuilder proxyTicketExpirationPolicy() {
        return new ProxyTicketExpirationPolicyBuilder(this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"lockingStrategy"})
    @Bean
    public LockingStrategy lockingStrategy() {
        return new NoOpLockingStrategy();
    }

    @ConditionalOnMissingBean(name = {"ticketTransactionManager"})
    @Bean
    public PlatformTransactionManager ticketTransactionManager() {
        return new PseudoPlatformTransactionManager();
    }

    @ConditionalOnMissingBean(name = {"protocolTicketCipherExecutor"})
    @RefreshScope
    @Bean
    public CipherExecutor protocolTicketCipherExecutor() {
        EncryptionJwtSigningJwtCryptographyProperties crypto = this.casProperties.getTicket().getCrypto();
        if (crypto.isEnabled()) {
            return new ProtocolTicketCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey(), crypto.getAlg(), crypto.getSigning().getKeySize(), crypto.getEncryption().getKeySize());
        }
        LOGGER.trace("Protocol tickets generated by CAS are not signed/encrypted.");
        return CipherExecutor.noOp();
    }

    /* renamed from: annotationDrivenTransactionManager, reason: merged with bridge method [inline-methods] */
    public PlatformTransactionManager m2annotationDrivenTransactionManager() {
        return ticketTransactionManager();
    }

    @ConditionalOnMissingBean(name = {"ticketCatalog"})
    @Autowired
    @Bean
    public TicketCatalog ticketCatalog(List<TicketCatalogConfigurer> list) {
        DefaultTicketCatalog defaultTicketCatalog = new DefaultTicketCatalog();
        list.forEach(ticketCatalogConfigurer -> {
            LOGGER.trace("Configuring ticket metadata registration plan [{}]", ticketCatalogConfigurer.getName());
            ticketCatalogConfigurer.configureTicketCatalog(defaultTicketCatalog);
        });
        return defaultTicketCatalog;
    }

    private AbstractUrlBasedTicketValidator buildCasClientTicketValidator(String str) {
        CasJavaClientProperties.ClientTicketValidatorTypes validatorType = this.casProperties.getClient().getValidatorType();
        return validatorType == CasJavaClientProperties.ClientTicketValidatorTypes.CAS10 ? new Cas10TicketValidator(str) : validatorType == CasJavaClientProperties.ClientTicketValidatorTypes.CAS20 ? new Cas20ServiceTicketValidator(str) : new Cas30ServiceTicketValidator(str);
    }
}
