package org.apereo.cas.config;

import com.fasterxml.jackson.databind.ObjectMapper;
import de.codecentric.boot.admin.client.config.ClientProperties;
import de.codecentric.boot.admin.client.config.SpringBootAdminClientEnabledCondition;
import de.codecentric.boot.admin.client.registration.BlockingRegistrationClient;
import de.codecentric.boot.admin.client.registration.RegistrationClient;
import de.codecentric.boot.admin.server.config.AdminServerProperties;
import de.codecentric.boot.admin.server.config.SpringBootAdminServerEnabledCondition;
import de.codecentric.boot.admin.server.services.InstanceIdGenerator;
import de.codecentric.boot.admin.server.utils.jackson.AdminServerModule;
import de.codecentric.boot.admin.server.web.client.InstanceWebClientCustomizer;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.sba.CasServerInstanceIdGenerator;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.CasWebSecurityConfigurer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.boot.web.client.RestTemplateCustomizer;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.scheduling.annotation.EnableAsync;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.reactive.function.client.WebClient;

@AutoConfiguration
@EnableAsync(proxyTargetClass = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.SpringBootAdmin})
/* loaded from: input_file:org/apereo/cas/config/CasSpringBootAdminAutoConfiguration.class */
public class CasSpringBootAdminAutoConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CasSpringBootAdminAutoConfiguration.class);

    @EnableConfigurationProperties({CasConfigurationProperties.class, ClientProperties.class})
    @Configuration(value = "SpringBootAdminClientConfiguration", proxyBeanMethods = false)
    @Conditional({SpringBootAdminClientEnabledCondition.class})
    /* loaded from: input_file:org/apereo/cas/config/CasSpringBootAdminAutoConfiguration$SpringBootAdminClientConfiguration.class */
    static class SpringBootAdminClientConfiguration {
        SpringBootAdminClientConfiguration() {
        }

        @Bean
        public RegistrationClient registrationClient(ObjectMapper objectMapper, @Qualifier("httpClient") HttpClient httpClient, ClientProperties clientProperties) {
            objectMapper.findAndRegisterModules().registerModule(new AdminServerModule(new String[]{".*password$"}));
            RestTemplateBuilder customizers = new RestTemplateBuilder(new RestTemplateCustomizer[0]).connectTimeout(clientProperties.getConnectTimeout()).readTimeout(clientProperties.getReadTimeout()).customizers(new RestTemplateCustomizer[]{restTemplate -> {
                restTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory(httpClient.wrappedHttpClient()));
            }});
            if (clientProperties.getUsername() != null && clientProperties.getPassword() != null) {
                customizers = customizers.basicAuthentication(clientProperties.getUsername(), clientProperties.getPassword());
            }
            return new BlockingRegistrationClient(customizers.build());
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class, AdminServerProperties.class})
    @Configuration(value = "SpringBootAdminServerConfiguration", proxyBeanMethods = false)
    @Conditional({SpringBootAdminServerEnabledCondition.class})
    /* loaded from: input_file:org/apereo/cas/config/CasSpringBootAdminAutoConfiguration$SpringBootAdminServerConfiguration.class */
    static class SpringBootAdminServerConfiguration {
        SpringBootAdminServerConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"springBootAdminWebClientCustomizer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public InstanceWebClientCustomizer springBootAdminWebClientCustomizer(@Qualifier("httpClient") HttpClient httpClient) throws Exception {
            SslContext build = SslContextBuilder.forClient().trustManager(httpClient.httpClientFactory().getTrustManagers()[0]).build();
            return builder -> {
                builder.webClient(WebClient.builder().clientConnector(new ReactorClientHttpConnector(reactor.netty.http.client.HttpClient.create().compress(true).secure(sslContextSpec -> {
                    sslContextSpec.sslContext(build);
                }))));
            };
        }

        @ConditionalOnMissingBean(name = {"springBootAdminEndpointConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebSecurityConfigurer<HttpSecurity> springBootAdminEndpointConfigurer(final AdminServerProperties adminServerProperties) {
            return new CasWebSecurityConfigurer<HttpSecurity>(this) { // from class: org.apereo.cas.config.CasSpringBootAdminAutoConfiguration.SpringBootAdminServerConfiguration.1
                public int getOrder() {
                    return Integer.MAX_VALUE;
                }

                public CasWebSecurityConfigurer<HttpSecurity> finish(HttpSecurity httpSecurity) throws Exception {
                    String prependIfMissing = StringUtils.prependIfMissing(adminServerProperties.getContextPath(), "/", new CharSequence[0]);
                    SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
                    savedRequestAwareAuthenticationSuccessHandler.setTargetUrlParameter("redirectTo");
                    savedRequestAwareAuthenticationSuccessHandler.setDefaultTargetUrl(prependIfMissing);
                    httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
                        ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new RequestMatcher[]{new AntPathRequestMatcher(prependIfMissing + "/assets/**"), new AntPathRequestMatcher(prependIfMissing + "/login")})).permitAll().requestMatchers(new RequestMatcher[]{new AntPathRequestMatcher(prependIfMissing + "/**")})).authenticated();
                    }).formLogin(formLoginConfigurer -> {
                        formLoginConfigurer.loginPage(prependIfMissing + "/login").successHandler(savedRequestAwareAuthenticationSuccessHandler);
                    }).logout(logoutConfigurer -> {
                        logoutConfigurer.logoutUrl(prependIfMissing + "/logout");
                    });
                    return this;
                }
            };
        }

        @ConditionalOnMissingBean(name = {"springBootAdminInstanceIdGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public InstanceIdGenerator instanceIdGenerator(CasConfigurationProperties casConfigurationProperties) {
            return new CasServerInstanceIdGenerator(casConfigurationProperties);
        }
    }
}
