package org.apereo.cas.config;

import java.security.Security;
import java.util.List;
import lombok.Generated;
import org.apereo.cas.acme.AcmeAuthorizationExecutor;
import org.apereo.cas.acme.AcmeCertificateManager;
import org.apereo.cas.acme.AcmeChallengeRepository;
import org.apereo.cas.acme.AcmeWellKnownChallengeController;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.event.ApplicationReadyEvent;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.context.event.EventListener;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "CasAcmeConfiguration", proxyBeanMethods = false)
@ConditionalOnProperty(name = {"cas.acme.server-url"})
/* loaded from: input_file:org/apereo/cas/config/CasAcmeConfiguration.class */
public class CasAcmeConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CasAcmeConfiguration.class);

    @Bean
    public AcmeWellKnownChallengeController acmeWellKnownChallengeController(@Qualifier("acmeChallengeRepository") AcmeChallengeRepository acmeChallengeRepository) {
        return new AcmeWellKnownChallengeController(acmeChallengeRepository);
    }

    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AcmeChallengeRepository acmeChallengeRepository() {
        return new AcmeChallengeRepository();
    }

    @ConditionalOnMissingBean(name = {"acmeAuthorizationExecutor"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public AcmeAuthorizationExecutor acmeAuthorizationExecutor() {
        return AcmeAuthorizationExecutor.defaultChallenge();
    }

    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @ConditionalOnProperty(prefix = "cas.acme", name = {"terms-of-use-accepted"}, havingValue = "true")
    @Bean
    public AcmeCertificateManager acmeCertificateManager(CasConfigurationProperties casConfigurationProperties, @Qualifier("acmeChallengeRepository") AcmeChallengeRepository acmeChallengeRepository, @Qualifier("acmeAuthorizationExecutor") AcmeAuthorizationExecutor acmeAuthorizationExecutor) {
        return new AcmeCertificateManager(acmeChallengeRepository, casConfigurationProperties, acmeAuthorizationExecutor);
    }

    @EventListener
    public void handleApplicationReadyEvent(ApplicationReadyEvent applicationReadyEvent) throws Exception {
        List domains = ((CasConfigurationProperties) applicationReadyEvent.getApplicationContext().getBean(CasConfigurationProperties.class)).getAcme().getDomains();
        LOGGER.info("Fetching certificates for domains [{}]", domains);
        if (applicationReadyEvent.getApplicationContext().containsBean("acmeCertificateManager")) {
            ((AcmeCertificateManager) applicationReadyEvent.getApplicationContext().getBean("acmeCertificateManager", AcmeCertificateManager.class)).fetchCertificate(domains);
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
