package org.apereo.cas.config;

import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.uma.UmaProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20ConfigurationContext;
import org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20TokenGenerator;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.IdTokenGeneratorService;
import org.apereo.cas.ticket.TicketFactoryExecutionPlanConfigurer;
import org.apereo.cas.ticket.UniqueTicketIdGenerator;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.token.JwtBuilder;
import org.apereo.cas.uma.UmaConfigurationContext;
import org.apereo.cas.uma.claim.DefaultUmaResourceSetClaimPermissionExaminer;
import org.apereo.cas.uma.claim.UmaResourceSetClaimPermissionExaminer;
import org.apereo.cas.uma.discovery.UmaServerDiscoverySettings;
import org.apereo.cas.uma.discovery.UmaServerDiscoverySettingsFactory;
import org.apereo.cas.uma.ticket.permission.DefaultUmaPermissionTicketFactory;
import org.apereo.cas.uma.ticket.permission.UmaPermissionTicketExpirationPolicyBuilder;
import org.apereo.cas.uma.ticket.permission.UmaPermissionTicketFactory;
import org.apereo.cas.uma.ticket.resource.repository.ResourceSetRepository;
import org.apereo.cas.uma.ticket.resource.repository.impl.DefaultResourceSetRepository;
import org.apereo.cas.uma.ticket.rpt.UmaIdTokenGeneratorService;
import org.apereo.cas.uma.ticket.rpt.UmaRequestingPartyTokenSigningService;
import org.apereo.cas.uma.web.authn.UmaAuthorizationApiTokenAuthenticator;
import org.apereo.cas.uma.web.authn.UmaRequestingPartyTokenAuthenticator;
import org.apereo.cas.uma.web.controllers.authz.UmaAuthorizationRequestEndpointController;
import org.apereo.cas.uma.web.controllers.claims.UmaRequestingPartyClaimsCollectionEndpointController;
import org.apereo.cas.uma.web.controllers.discovery.UmaWellKnownEndpointController;
import org.apereo.cas.uma.web.controllers.permission.UmaPermissionRegistrationEndpointController;
import org.apereo.cas.uma.web.controllers.policy.UmaCreatePolicyForResourceSetEndpointController;
import org.apereo.cas.uma.web.controllers.policy.UmaDeletePolicyForResourceSetEndpointController;
import org.apereo.cas.uma.web.controllers.policy.UmaFindPolicyForResourceSetEndpointController;
import org.apereo.cas.uma.web.controllers.policy.UmaUpdatePolicyForResourceSetEndpointController;
import org.apereo.cas.uma.web.controllers.resource.UmaCreateResourceSetRegistrationEndpointController;
import org.apereo.cas.uma.web.controllers.resource.UmaDeleteResourceSetRegistrationEndpointController;
import org.apereo.cas.uma.web.controllers.resource.UmaFindResourceSetRegistrationEndpointController;
import org.apereo.cas.uma.web.controllers.resource.UmaUpdateResourceSetRegistrationEndpointController;
import org.apereo.cas.uma.web.controllers.rpt.UmaRequestingPartyTokenJwksEndpointController;
import org.apereo.cas.util.DefaultUniqueTicketIdGenerator;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.http.adapter.JEEHttpActionAdapter;
import org.pac4j.http.client.direct.HeaderClient;
import org.pac4j.springframework.web.SecurityInterceptor;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casOAuthUmaConfiguration")
/* loaded from: input_file:org/apereo/cas/config/CasOAuthUmaConfiguration.class */
public class CasOAuthUmaConfiguration implements WebMvcConfigurer {

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Autowired
    @Qualifier("accessTokenJwtBuilder")
    private ObjectProvider<JwtBuilder> accessTokenJwtBuilder;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    @Qualifier("ticketRegistry")
    private ObjectProvider<TicketRegistry> ticketRegistry;

    @Autowired
    @Qualifier("oauthDistributedSessionCookieGenerator")
    private ObjectProvider<CasCookieBuilder> oauthDistributedSessionCookieGenerator;

    @Autowired
    @Qualifier("oauthDistributedSessionStore")
    private ObjectProvider<SessionStore> oauthDistributedSessionStore;

    @Autowired
    @Qualifier("oauthTokenGenerator")
    private ObjectProvider<OAuth20TokenGenerator> oauthTokenGenerator;

    @Autowired
    private CasConfigurationProperties casProperties;

    @ConditionalOnMissingBean(name = {"umaServerDiscoverySettingsFactory"})
    @Bean
    public FactoryBean<UmaServerDiscoverySettings> umaServerDiscoverySettingsFactory() {
        return new UmaServerDiscoverySettingsFactory(this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"umaResourceSetClaimPermissionExaminer"})
    @RefreshScope
    @Bean
    public UmaResourceSetClaimPermissionExaminer umaResourceSetClaimPermissionExaminer() {
        return new DefaultUmaResourceSetClaimPermissionExaminer();
    }

    @ConditionalOnMissingBean(name = {"umaRequestingPartyTokenGenerator"})
    @RefreshScope
    @Bean
    public IdTokenGeneratorService umaRequestingPartyTokenGenerator() {
        UmaProperties uma = this.casProperties.getAuthn().getUma();
        return new UmaIdTokenGeneratorService(OAuth20ConfigurationContext.builder().ticketRegistry((TicketRegistry) this.ticketRegistry.getObject()).servicesManager((ServicesManager) this.servicesManager.getObject()).idTokenSigningAndEncryptionService(new UmaRequestingPartyTokenSigningService(uma.getRequestingPartyToken().getJwksFile(), uma.getIssuer())).oauthDistributedSessionCookieGenerator((CasCookieBuilder) this.oauthDistributedSessionCookieGenerator.getObject()).sessionStore((SessionStore) this.oauthDistributedSessionStore.getObject()).casProperties(this.casProperties).accessTokenJwtBuilder((JwtBuilder) this.accessTokenJwtBuilder.getObject()).accessTokenGenerator((OAuth20TokenGenerator) this.oauthTokenGenerator.getObject()).applicationContext(this.applicationContext).build());
    }

    @Bean
    public UmaAuthorizationRequestEndpointController umaAuthorizationRequestEndpointController() {
        return new UmaAuthorizationRequestEndpointController(buildConfigurationContext().build());
    }

    @Bean
    public UmaRequestingPartyTokenJwksEndpointController umaRequestingPartyTokenJwksEndpointController() {
        return new UmaRequestingPartyTokenJwksEndpointController(buildConfigurationContext().build());
    }

    @Bean
    public UmaRequestingPartyClaimsCollectionEndpointController umaRequestingPartyClaimsCollectionEndpointController() {
        return new UmaRequestingPartyClaimsCollectionEndpointController(buildConfigurationContext().build());
    }

    @Autowired
    @Bean
    public UmaWellKnownEndpointController umaWellKnownEndpointController(@Qualifier("umaServerDiscoverySettingsFactory") UmaServerDiscoverySettings umaServerDiscoverySettings) {
        return new UmaWellKnownEndpointController(umaServerDiscoverySettings);
    }

    @Bean
    public UmaPermissionRegistrationEndpointController umaPermissionRegistrationEndpointController() {
        return new UmaPermissionRegistrationEndpointController(buildConfigurationContext().build());
    }

    @Bean
    public UmaCreateResourceSetRegistrationEndpointController umaCreateResourceSetRegistrationEndpointController() {
        return new UmaCreateResourceSetRegistrationEndpointController(buildConfigurationContext().build());
    }

    @Bean
    public UmaDeleteResourceSetRegistrationEndpointController umaDeleteResourceSetRegistrationEndpointController() {
        return new UmaDeleteResourceSetRegistrationEndpointController(buildConfigurationContext().build());
    }

    @Bean
    public UmaUpdateResourceSetRegistrationEndpointController umaUpdateResourceSetRegistrationEndpointController() {
        return new UmaUpdateResourceSetRegistrationEndpointController(buildConfigurationContext().build());
    }

    @Bean
    public UmaFindResourceSetRegistrationEndpointController umaFindResourceSetRegistrationEndpointController() {
        return new UmaFindResourceSetRegistrationEndpointController(buildConfigurationContext().build());
    }

    @Bean
    public UmaCreatePolicyForResourceSetEndpointController umaCreatePolicyForResourceSetEndpointController() {
        return new UmaCreatePolicyForResourceSetEndpointController(buildConfigurationContext().build());
    }

    @Bean
    public UmaDeletePolicyForResourceSetEndpointController umaDeletePolicyForResourceSetEndpointController() {
        return new UmaDeletePolicyForResourceSetEndpointController(buildConfigurationContext().build());
    }

    @Bean
    public UmaUpdatePolicyForResourceSetEndpointController umaUpdatePolicyForResourceSetEndpointController() {
        return new UmaUpdatePolicyForResourceSetEndpointController(buildConfigurationContext().build());
    }

    @Bean
    public UmaFindPolicyForResourceSetEndpointController umaFindPolicyForResourceSetEndpointController() {
        return new UmaFindPolicyForResourceSetEndpointController(buildConfigurationContext().build());
    }

    @ConditionalOnMissingBean(name = {"umaResourceSetRepository"})
    @Bean
    public ResourceSetRepository umaResourceSetRepository() {
        return new DefaultResourceSetRepository();
    }

    @ConditionalOnMissingBean(name = {"umaPermissionTicketIdGenerator"})
    @RefreshScope
    @Bean
    public UniqueTicketIdGenerator umaPermissionTicketIdGenerator() {
        return new DefaultUniqueTicketIdGenerator();
    }

    @ConditionalOnMissingBean(name = {"umaPermissionTicketExpirationPolicy"})
    @RefreshScope
    @Bean
    public ExpirationPolicyBuilder umaPermissionTicketExpirationPolicy() {
        return new UmaPermissionTicketExpirationPolicyBuilder(this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"defaultUmaPermissionTicketFactory"})
    @RefreshScope
    @Bean
    public UmaPermissionTicketFactory defaultUmaPermissionTicketFactory() {
        return new DefaultUmaPermissionTicketFactory(umaPermissionTicketIdGenerator(), umaPermissionTicketExpirationPolicy());
    }

    @ConditionalOnMissingBean(name = {"defaultUmaPermissionTicketFactoryConfigurer"})
    @RefreshScope
    @Bean
    public TicketFactoryExecutionPlanConfigurer defaultUmaPermissionTicketFactoryConfigurer() {
        return this::defaultUmaPermissionTicketFactory;
    }

    @Bean
    public SecurityInterceptor umaRequestingPartyTokenSecurityInterceptor() {
        return getSecurityInterceptor(new UmaRequestingPartyTokenAuthenticator((TicketRegistry) this.ticketRegistry.getObject(), (JwtBuilder) this.accessTokenJwtBuilder.getObject()), "CAS_UMA_CLIENT_RPT_AUTH");
    }

    @Bean
    public SecurityInterceptor umaAuthorizationApiTokenSecurityInterceptor() {
        return getSecurityInterceptor(new UmaAuthorizationApiTokenAuthenticator((TicketRegistry) this.ticketRegistry.getObject(), (JwtBuilder) this.accessTokenJwtBuilder.getObject()), "CAS_UMA_CLIENT_AAT_AUTH");
    }

    private SecurityInterceptor getSecurityInterceptor(Authenticator authenticator, String str) {
        HeaderClient headerClient = new HeaderClient("Authorization", "bearer".concat(" "), authenticator);
        headerClient.setName(str);
        String str2 = (String) Stream.of(headerClient.getName()).collect(Collectors.joining(","));
        Config config = new Config(OAuth20Utils.casOAuthCallbackUrl(this.casProperties.getServer().getPrefix()), headerClient);
        config.setSessionStore((SessionStore) this.oauthDistributedSessionStore.getObject());
        SecurityInterceptor securityInterceptor = new SecurityInterceptor(config, str2, JEEHttpActionAdapter.INSTANCE);
        securityInterceptor.setAuthorizers("isFullyAuthenticated");
        return securityInterceptor;
    }

    public void addInterceptors(InterceptorRegistry interceptorRegistry) {
        interceptorRegistry.addInterceptor(umaRequestingPartyTokenSecurityInterceptor()).addPathPatterns(new String[]{"/oauth2.0".concat("/").concat("permission").concat("*")}).addPathPatterns(new String[]{"/oauth2.0".concat("/").concat("resourceSet").concat("*")}).addPathPatterns(new String[]{"/oauth2.0".concat("/*/").concat("policy").concat("*")}).addPathPatterns(new String[]{"/oauth2.0".concat("/").concat("policy").concat("*")}).addPathPatterns(new String[]{"/oauth2.0".concat("/").concat("rqpClaims").concat("*")});
        interceptorRegistry.addInterceptor(umaAuthorizationApiTokenSecurityInterceptor()).addPathPatterns(new String[]{"/oauth2.0".concat("/").concat("rptAuthzRequest").concat("*")});
    }

    private UmaConfigurationContext.UmaConfigurationContextBuilder buildConfigurationContext() {
        return UmaConfigurationContext.builder().accessTokenGenerator((OAuth20TokenGenerator) this.oauthTokenGenerator.getObject()).casProperties(this.casProperties).accessTokenJwtBuilder((JwtBuilder) this.accessTokenJwtBuilder.getObject()).claimPermissionExaminer(umaResourceSetClaimPermissionExaminer()).requestingPartyTokenGenerator(umaRequestingPartyTokenGenerator()).servicesManager((ServicesManager) this.servicesManager.getObject()).sessionStore((SessionStore) this.oauthDistributedSessionStore.getObject()).ticketRegistry((TicketRegistry) this.ticketRegistry.getObject()).umaPermissionTicketFactory(defaultUmaPermissionTicketFactory()).umaResourceSetRepository(umaResourceSetRepository());
    }
}
