package org.apereo.cas.config;

import java.util.Collection;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.validator.authorization.OAuth20AuthorizationRequestValidator;
import org.apereo.cas.support.oauth.web.OAuth20HandlerInterceptorAdapter;
import org.apereo.cas.support.oauth.web.OAuth20TicketGrantingTicketAwareSecurityLogic;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor;
import org.apereo.cas.throttle.AuthenticationThrottlingExecutionPlan;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.pac4j.core.client.DirectClient;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.engine.DefaultSecurityLogic;
import org.pac4j.core.engine.SecurityGrantedAccessAdapter;
import org.pac4j.core.http.adapter.HttpActionAdapter;
import org.pac4j.core.http.adapter.JEEHttpActionAdapter;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.springframework.web.SecurityInterceptor;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casOAuth20ThrottleConfiguration")
/* loaded from: input_file:org/apereo/cas/config/CasOAuth20ThrottleConfiguration.class */
public class CasOAuth20ThrottleConfiguration {

    @Autowired
    @Qualifier("oauthSecConfig")
    private ObjectProvider<Config> oauthSecConfig;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    @Qualifier("accessTokenGrantRequestExtractors")
    private Collection<AccessTokenGrantRequestExtractor> accessTokenGrantRequestExtractors;

    @Autowired
    @Qualifier("oauthAuthorizationRequestValidators")
    private Set<OAuth20AuthorizationRequestValidator> oauthAuthorizationRequestValidators;

    @Autowired
    @Qualifier("authenticationThrottlingExecutionPlan")
    private ObjectProvider<AuthenticationThrottlingExecutionPlan> authenticationThrottlingExecutionPlan;

    @Autowired
    @Qualifier("ticketGrantingTicketCookieGenerator")
    private ObjectProvider<CasCookieBuilder> ticketGrantingTicketCookieGenerator;

    @Autowired
    @Qualifier("ticketRegistry")
    private ObjectProvider<TicketRegistry> ticketRegistry;

    @Autowired
    @Qualifier("centralAuthenticationService")
    private ObjectProvider<CentralAuthenticationService> centralAuthenticationService;

    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20ThrottleConfiguration$OAuth20AccessTokenSecurityLogic.class */
    public static class OAuth20AccessTokenSecurityLogic extends DefaultSecurityLogic {
        public Object perform(WebContext webContext, SessionStore sessionStore, Config config, SecurityGrantedAccessAdapter securityGrantedAccessAdapter, HttpActionAdapter httpActionAdapter, String str, String str2, String str3, Object... objArr) {
            ProfileManager profileManager = getProfileManager(webContext, sessionStore);
            profileManager.setConfig(config);
            profileManager.removeProfiles();
            return super.perform(webContext, sessionStore, config, securityGrantedAccessAdapter, httpActionAdapter, str, str2, str3, objArr);
        }
    }

    @ConditionalOnMissingBean(name = {"requiresAuthenticationAuthorizeInterceptor"})
    @Bean
    public HandlerInterceptor requiresAuthenticationAuthorizeInterceptor() {
        SecurityInterceptor securityInterceptor = new SecurityInterceptor((Config) this.oauthSecConfig.getObject(), "CasOAuthClient", JEEHttpActionAdapter.INSTANCE);
        securityInterceptor.setMatchers("securityheaders");
        securityInterceptor.setAuthorizers("isFullyAuthenticated");
        securityInterceptor.setSecurityLogic(new OAuth20TicketGrantingTicketAwareSecurityLogic((CasCookieBuilder) this.ticketGrantingTicketCookieGenerator.getObject(), (TicketRegistry) this.ticketRegistry.getObject(), (CentralAuthenticationService) this.centralAuthenticationService.getObject()));
        return securityInterceptor;
    }

    @ConditionalOnMissingBean(name = {"requiresAuthenticationAccessTokenInterceptor"})
    @Bean
    public HandlerInterceptor requiresAuthenticationAccessTokenInterceptor() {
        SecurityInterceptor securityInterceptor = new SecurityInterceptor((Config) this.oauthSecConfig.getObject(), (String) ((Config) Objects.requireNonNull((Config) this.oauthSecConfig.getObject())).getClients().findAllClients().stream().filter(client -> {
            return client instanceof DirectClient;
        }).map((v0) -> {
            return v0.getName();
        }).collect(Collectors.joining(",")), JEEHttpActionAdapter.INSTANCE);
        securityInterceptor.setMatchers("securityheaders");
        securityInterceptor.setAuthorizers("isFullyAuthenticated");
        securityInterceptor.setSecurityLogic(new OAuth20AccessTokenSecurityLogic());
        return securityInterceptor;
    }

    @ConditionalOnMissingBean(name = {"oauthHandlerInterceptorAdapter"})
    @RefreshScope
    @Bean
    public HandlerInterceptor oauthHandlerInterceptorAdapter() {
        return new OAuth20HandlerInterceptorAdapter(requiresAuthenticationAccessTokenInterceptor(), requiresAuthenticationAuthorizeInterceptor(), this.accessTokenGrantRequestExtractors, (ServicesManager) this.servicesManager.getObject(), ((Config) this.oauthSecConfig.getObject()).getSessionStore(), this.oauthAuthorizationRequestValidators);
    }

    @ConditionalOnMissingBean(name = {"oauthThrottleWebMvcConfigurer"})
    @Bean
    public WebMvcConfigurer oauthThrottleWebMvcConfigurer() {
        return new WebMvcConfigurer() { // from class: org.apereo.cas.config.CasOAuth20ThrottleConfiguration.1
            public void addInterceptors(InterceptorRegistry interceptorRegistry) {
                ((AuthenticationThrottlingExecutionPlan) CasOAuth20ThrottleConfiguration.this.authenticationThrottlingExecutionPlan.getObject()).getAuthenticationThrottleInterceptors().forEach(handlerInterceptor -> {
                    interceptorRegistry.addInterceptor(handlerInterceptor).order(0).addPathPatterns(new String[]{"/oauth2.0".concat("/*")});
                });
                interceptorRegistry.addInterceptor(CasOAuth20ThrottleConfiguration.this.oauthHandlerInterceptorAdapter()).order(1).addPathPatterns(new String[]{"/oauth2.0".concat("/*")});
            }
        };
    }
}
