package org.apereo.cas.config;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Supplier;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.audit.AuditTrailRecordResolutionPlanConfigurer;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.CasSSLContext;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationService;
import org.apereo.cas.authentication.attribute.AttributeDefinitionStore;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.core.CasServerProperties;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.configuration.model.core.util.EncryptionOptionalSigningOptionalJwtCryptographyProperties;
import org.apereo.cas.configuration.model.support.oauth.OAuthCsrfCookieProperties;
import org.apereo.cas.configuration.model.support.replication.CookieSessionReplicationProperties;
import org.apereo.cas.configuration.model.support.replication.SessionReplicationProperties;
import org.apereo.cas.logout.LogoutExecutionPlanConfigurer;
import org.apereo.cas.notifications.CommunicationsManager;
import org.apereo.cas.pac4j.TicketRegistrySessionStore;
import org.apereo.cas.services.RegisteredServiceCipherExecutor;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20ClientIdAwareProfileManager;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.authenticator.OAuth20AccessTokenAuthenticator;
import org.apereo.cas.support.oauth.authenticator.OAuth20AuthenticationClientProvider;
import org.apereo.cas.support.oauth.authenticator.OAuth20CasAuthenticationBuilder;
import org.apereo.cas.support.oauth.authenticator.OAuth20ClientIdClientSecretAuthenticator;
import org.apereo.cas.support.oauth.authenticator.OAuth20DefaultCasAuthenticationBuilder;
import org.apereo.cas.support.oauth.authenticator.OAuth20ProofKeyCodeExchangeAuthenticator;
import org.apereo.cas.support.oauth.authenticator.OAuth20RefreshTokenAuthenticator;
import org.apereo.cas.support.oauth.authenticator.OAuth20UsernamePasswordAuthenticator;
import org.apereo.cas.support.oauth.authenticator.OAuth20X509Authenticator;
import org.apereo.cas.support.oauth.profile.DefaultOAuth20ProfileScopeToAttributesFilter;
import org.apereo.cas.support.oauth.profile.DefaultOAuth20UserProfileDataCreator;
import org.apereo.cas.support.oauth.profile.OAuth20ProfileScopeToAttributesFilter;
import org.apereo.cas.support.oauth.profile.OAuth20UserProfileDataCreator;
import org.apereo.cas.support.oauth.services.OAuth20RegisteredServiceCipherExecutor;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.validator.CASOAuth20TicketValidator;
import org.apereo.cas.support.oauth.validator.DefaultOAuth20ClientSecretValidator;
import org.apereo.cas.support.oauth.validator.OAuth20ClientSecretValidator;
import org.apereo.cas.support.oauth.validator.authorization.OAuth20AuthorizationCodeResponseTypeAuthorizationRequestValidator;
import org.apereo.cas.support.oauth.validator.authorization.OAuth20AuthorizationRequestValidator;
import org.apereo.cas.support.oauth.validator.authorization.OAuth20IdTokenAndTokenResponseTypeAuthorizationRequestValidator;
import org.apereo.cas.support.oauth.validator.authorization.OAuth20IdTokenResponseTypeAuthorizationRequestValidator;
import org.apereo.cas.support.oauth.validator.authorization.OAuth20ProofKeyCodeExchangeResponseTypeAuthorizationRequestValidator;
import org.apereo.cas.support.oauth.validator.authorization.OAuth20TokenResponseTypeAuthorizationRequestValidator;
import org.apereo.cas.support.oauth.validator.token.OAuth20AuthorizationCodeGrantTypeProofKeyCodeExchangeTokenRequestValidator;
import org.apereo.cas.support.oauth.validator.token.OAuth20AuthorizationCodeGrantTypeTokenRequestValidator;
import org.apereo.cas.support.oauth.validator.token.OAuth20ClientCredentialsGrantTypeTokenRequestValidator;
import org.apereo.cas.support.oauth.validator.token.OAuth20DeviceCodeResponseTypeRequestValidator;
import org.apereo.cas.support.oauth.validator.token.OAuth20PasswordGrantTypeTokenRequestValidator;
import org.apereo.cas.support.oauth.validator.token.OAuth20RefreshTokenGrantTypeTokenRequestValidator;
import org.apereo.cas.support.oauth.validator.token.OAuth20RevocationRequestValidator;
import org.apereo.cas.support.oauth.validator.token.OAuth20TokenExchangeGrantTypeTokenRequestValidator;
import org.apereo.cas.support.oauth.validator.token.OAuth20TokenRequestValidator;
import org.apereo.cas.support.oauth.web.DefaultOAuth20RequestParameterResolver;
import org.apereo.cas.support.oauth.web.OAuth20CasCallbackUrlResolver;
import org.apereo.cas.support.oauth.web.OAuth20DistributedSessionCookieCipherExecutor;
import org.apereo.cas.support.oauth.web.OAuth20RequestParameterResolver;
import org.apereo.cas.support.oauth.web.audit.OAuth20AccessTokenGrantRequestAuditResourceResolver;
import org.apereo.cas.support.oauth.web.audit.OAuth20AccessTokenResponseAuditResourceResolver;
import org.apereo.cas.support.oauth.web.audit.OAuth20AuthorizationResponseAuditResourceResolver;
import org.apereo.cas.support.oauth.web.audit.OAuth20UserProfileDataAuditResourceResolver;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20ConfigurationContext;
import org.apereo.cas.support.oauth.web.response.OAuth20CasClientRedirectActionBuilder;
import org.apereo.cas.support.oauth.web.response.OAuth20DefaultCasClientRedirectActionBuilder;
import org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator;
import org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20TokenGenerator;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenAuthorizationCodeGrantRequestExtractor;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenClientCredentialsGrantRequestExtractor;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenDeviceCodeResponseRequestExtractor;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantAuditableRequestExtractor;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenPasswordGrantRequestExtractor;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenProofKeyCodeExchangeAuthorizationCodeGrantRequestExtractor;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRefreshTokenGrantRequestExtractor;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenTokenExchangeGrantRequestExtractor;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20AccessTokenResponseGenerator;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20DefaultAccessTokenResponseGenerator;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20JwtAccessTokenCipherExecutor;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20RegisteredServiceJwtAccessTokenCipherExecutor;
import org.apereo.cas.support.oauth.web.response.callback.DefaultOAuth20AuthorizationModelAndViewBuilder;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20AuthorizationCodeAuthorizationResponseBuilder;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20AuthorizationModelAndViewBuilder;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20AuthorizationResponseBuilder;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20ClientCredentialsResponseBuilder;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20InvalidAuthorizationResponseBuilder;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20ResourceOwnerCredentialsResponseBuilder;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20ResponseModeBuilder;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20ResponseModeFactory;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20TokenAuthorizationResponseBuilder;
import org.apereo.cas.support.oauth.web.response.callback.mode.DefaultOAuth20ResponseModeFactory;
import org.apereo.cas.support.oauth.web.response.callback.mode.OAuth20ResponseModeFormPostBuilder;
import org.apereo.cas.support.oauth.web.response.callback.mode.OAuth20ResponseModeFragmentBuilder;
import org.apereo.cas.support.oauth.web.response.callback.mode.OAuth20ResponseModeQueryBuilder;
import org.apereo.cas.support.oauth.web.response.introspection.OAuth20DefaultIntrospectionResponseGenerator;
import org.apereo.cas.support.oauth.web.response.introspection.OAuth20IntrospectionResponseGenerator;
import org.apereo.cas.support.oauth.web.views.ConsentApprovalViewResolver;
import org.apereo.cas.support.oauth.web.views.OAuth20CallbackAuthorizeViewResolver;
import org.apereo.cas.support.oauth.web.views.OAuth20ConsentApprovalViewResolver;
import org.apereo.cas.support.oauth.web.views.OAuth20DefaultUserProfileViewRenderer;
import org.apereo.cas.support.oauth.web.views.OAuth20UserProfileViewRenderer;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.OAuth20TicketCatalogConfigurer;
import org.apereo.cas.ticket.TicketCatalogConfigurer;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.TicketFactoryExecutionPlanConfigurer;
import org.apereo.cas.ticket.UniqueTicketIdGenerator;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessTokenCompactor;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessTokenExpirationPolicyBuilder;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessTokenFactory;
import org.apereo.cas.ticket.accesstoken.OAuth20DefaultAccessTokenFactory;
import org.apereo.cas.ticket.accesstoken.OAuth20JwtBuilder;
import org.apereo.cas.ticket.code.OAuth20Code;
import org.apereo.cas.ticket.code.OAuth20CodeCompactor;
import org.apereo.cas.ticket.code.OAuth20CodeExpirationPolicyBuilder;
import org.apereo.cas.ticket.code.OAuth20CodeFactory;
import org.apereo.cas.ticket.code.OAuth20DefaultOAuthCodeFactory;
import org.apereo.cas.ticket.device.OAuth20DefaultDeviceTokenFactory;
import org.apereo.cas.ticket.device.OAuth20DefaultDeviceUserCodeFactory;
import org.apereo.cas.ticket.device.OAuth20DeviceToken;
import org.apereo.cas.ticket.device.OAuth20DeviceTokenCompactor;
import org.apereo.cas.ticket.device.OAuth20DeviceTokenExpirationPolicyBuilder;
import org.apereo.cas.ticket.device.OAuth20DeviceTokenFactory;
import org.apereo.cas.ticket.device.OAuth20DeviceUserCode;
import org.apereo.cas.ticket.device.OAuth20DeviceUserCodeCompactor;
import org.apereo.cas.ticket.device.OAuth20DeviceUserCodeFactory;
import org.apereo.cas.ticket.refreshtoken.OAuth20DefaultRefreshTokenFactory;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshTokenCompactor;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshTokenExpirationPolicyBuilder;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshTokenFactory;
import org.apereo.cas.ticket.registry.TicketCompactor;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.tracking.TicketTrackingPolicy;
import org.apereo.cas.token.JwtBuilder;
import org.apereo.cas.util.HostNameBasedUniqueTicketIdGenerator;
import org.apereo.cas.util.InternalTicketValidator;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.util.http.HttpRequestUtils;
import org.apereo.cas.util.spring.beans.BeanContainer;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.validation.AuthenticationAttributeReleasePolicy;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.support.ArgumentExtractor;
import org.apereo.cas.web.support.CookieUtils;
import org.apereo.cas.web.support.mgmr.DefaultCasCookieValueManager;
import org.apereo.cas.web.support.mgmr.DefaultCookieSameSitePolicy;
import org.apereo.inspektr.audit.spi.AuditResourceResolver;
import org.apereo.inspektr.audit.spi.support.DefaultAuditActionResolver;
import org.pac4j.cas.client.CasClient;
import org.pac4j.cas.config.CasConfiguration;
import org.pac4j.cas.profile.CasProfile;
import org.pac4j.core.client.Client;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.credentials.extractor.BearerAuthExtractor;
import org.pac4j.core.http.url.UrlResolver;
import org.pac4j.core.matching.matcher.Matcher;
import org.pac4j.core.matching.matcher.csrf.CsrfTokenGeneratorMatcher;
import org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator;
import org.pac4j.core.profile.BasicUserProfile;
import org.pac4j.core.profile.factory.ProfileManagerFactory;
import org.pac4j.http.client.direct.DirectBasicAuthClient;
import org.pac4j.http.client.direct.DirectFormClient;
import org.pac4j.http.client.direct.HeaderClient;
import org.pac4j.http.credentials.extractor.X509CredentialsExtractor;
import org.pac4j.jee.context.JEEContext;
import org.pac4j.jee.context.JEEContextFactory;
import org.pac4j.jee.context.session.JEESessionStore;
import org.pac4j.jee.http.adapter.JEEHttpActionAdapter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.scheduling.TaskScheduler;

/* JADX INFO: Access modifiers changed from: package-private */
@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "CasOAuth20Configuration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.OAuth})
/* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration.class */
public class CasOAuth20Configuration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CasOAuth20Configuration.class);
    private static final String OAUTH_OIDC_SERVER_SUPPORT_PREFIX = "OauthOidcServerSupport";

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20AuditConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20AuditConfiguration.class */
    static class CasOAuth20AuditConfiguration {
        CasOAuth20AuditConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"accessTokenGrantAuditableRequestExtractor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditableExecution accessTokenGrantAuditableRequestExtractor(List<AccessTokenGrantRequestExtractor> list) {
            return new AccessTokenGrantAuditableRequestExtractor(list);
        }

        @ConditionalOnMissingBean(name = {"oauthUserProfileDataAuditResourceResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditResourceResolver oauthUserProfileDataAuditResourceResolver() {
            return new OAuth20UserProfileDataAuditResourceResolver();
        }

        @ConditionalOnMissingBean(name = {"oauthAccessTokenGrantRequestAuditResourceResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditResourceResolver oauthAccessTokenGrantRequestAuditResourceResolver() {
            return new OAuth20AccessTokenGrantRequestAuditResourceResolver();
        }

        @ConditionalOnMissingBean(name = {"oauthAccessTokenResponseAuditResourceResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditResourceResolver oauthAccessTokenResponseAuditResourceResolver(CasConfigurationProperties casConfigurationProperties) {
            return new OAuth20AccessTokenResponseAuditResourceResolver(casConfigurationProperties.getAudit().getEngine());
        }

        @ConditionalOnMissingBean(name = {"oauthAuthorizationResponseAuditResourceResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditResourceResolver oauthAuthorizationResponseAuditResourceResolver(CasConfigurationProperties casConfigurationProperties) {
            return new OAuth20AuthorizationResponseAuditResourceResolver(casConfigurationProperties.getAudit().getEngine());
        }

        @ConditionalOnMissingBean(name = {"oauthAuditTrailRecordResolutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditTrailRecordResolutionPlanConfigurer oauthAuditTrailRecordResolutionPlanConfigurer(@Qualifier("oauthUserProfileDataAuditResourceResolver") AuditResourceResolver auditResourceResolver, @Qualifier("oauthAccessTokenGrantRequestAuditResourceResolver") AuditResourceResolver auditResourceResolver2, @Qualifier("oauthAccessTokenResponseAuditResourceResolver") AuditResourceResolver auditResourceResolver3, @Qualifier("oauthAuthorizationResponseAuditResourceResolver") AuditResourceResolver auditResourceResolver4, CasConfigurationProperties casConfigurationProperties) {
            return auditTrailRecordResolutionPlan -> {
                auditTrailRecordResolutionPlan.registerAuditActionResolver("OAUTH2_USER_PROFILE_ACTION_RESOLVER", new DefaultAuditActionResolver("_CREATED", "_CREATED"));
                auditTrailRecordResolutionPlan.registerAuditResourceResolver("OAUTH2_USER_PROFILE_RESOURCE_RESOLVER", auditResourceResolver);
                auditTrailRecordResolutionPlan.registerAuditActionResolver("OAUTH2_ACCESS_TOKEN_REQUEST_ACTION_RESOLVER", new DefaultAuditActionResolver("_CREATED", "_CREATED"));
                auditTrailRecordResolutionPlan.registerAuditResourceResolver("OAUTH2_ACCESS_TOKEN_REQUEST_RESOURCE_RESOLVER", auditResourceResolver2);
                auditTrailRecordResolutionPlan.registerAuditActionResolver("OAUTH2_ACCESS_TOKEN_RESPONSE_ACTION_RESOLVER", new DefaultAuditActionResolver("_CREATED", "_CREATED"));
                auditTrailRecordResolutionPlan.registerAuditResourceResolver("OAUTH2_ACCESS_TOKEN_RESPONSE_RESOURCE_RESOLVER", auditResourceResolver3);
                auditTrailRecordResolutionPlan.registerAuditActionResolver("OAUTH2_AUTHORIZATION_RESPONSE_ACTION_RESOLVER", new DefaultAuditActionResolver("_CREATED", "_CREATED"));
                auditTrailRecordResolutionPlan.registerAuditResourceResolver("OAUTH2_AUTHORIZATION_RESPONSE_RESOURCE_RESOLVER", auditResourceResolver4);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20AuthenticatorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20AuthenticatorConfiguration.class */
    static class CasOAuth20AuthenticatorConfiguration {
        CasOAuth20AuthenticatorConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"oauthCasAuthenticationBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20CasAuthenticationBuilder oauthCasAuthenticationBuilder(@Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("oauthPrincipalFactory") PrincipalFactory principalFactory, @Qualifier("profileScopeToAttributesFilter") OAuth20ProfileScopeToAttributesFilter oAuth20ProfileScopeToAttributesFilter, @Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, CasConfigurationProperties casConfigurationProperties) {
            return new OAuth20DefaultCasAuthenticationBuilder(principalFactory, serviceFactory, oAuth20ProfileScopeToAttributesFilter, oAuth20RequestParameterResolver, casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"oauthClientAuthenticator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Authenticator oauthClientAuthenticator(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("profileScopeToAttributesFilter") OAuth20ProfileScopeToAttributesFilter oAuth20ProfileScopeToAttributesFilter, @Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution, @Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("defaultPrincipalResolver") PrincipalResolver principalResolver, @Qualifier("oauth20ClientSecretValidator") OAuth20ClientSecretValidator oAuth20ClientSecretValidator) {
            return new OAuth20ClientIdClientSecretAuthenticator(servicesManager, serviceFactory, auditableExecution, ticketRegistry, principalResolver, oAuth20RequestParameterResolver, oAuth20ClientSecretValidator, oAuth20ProfileScopeToAttributesFilter, ticketFactory, configurableApplicationContext);
        }

        @ConditionalOnMissingBean(name = {"oauthProofKeyCodeExchangeAuthenticator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Authenticator oauthProofKeyCodeExchangeAuthenticator(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("profileScopeToAttributesFilter") OAuth20ProfileScopeToAttributesFilter oAuth20ProfileScopeToAttributesFilter, @Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution, @Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("defaultPrincipalResolver") PrincipalResolver principalResolver, @Qualifier("oauth20ClientSecretValidator") OAuth20ClientSecretValidator oAuth20ClientSecretValidator) {
            return new OAuth20ProofKeyCodeExchangeAuthenticator(servicesManager, serviceFactory, auditableExecution, ticketRegistry, principalResolver, oAuth20RequestParameterResolver, oAuth20ClientSecretValidator, oAuth20ProfileScopeToAttributesFilter, ticketFactory, configurableApplicationContext);
        }

        @ConditionalOnMissingBean(name = {"oauthRefreshTokenAuthenticator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Authenticator oauthRefreshTokenAuthenticator(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("profileScopeToAttributesFilter") OAuth20ProfileScopeToAttributesFilter oAuth20ProfileScopeToAttributesFilter, @Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution, @Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("defaultPrincipalResolver") PrincipalResolver principalResolver, @Qualifier("oauth20ClientSecretValidator") OAuth20ClientSecretValidator oAuth20ClientSecretValidator) {
            return new OAuth20RefreshTokenAuthenticator(servicesManager, serviceFactory, auditableExecution, ticketRegistry, principalResolver, oAuth20RequestParameterResolver, oAuth20ClientSecretValidator, oAuth20ProfileScopeToAttributesFilter, ticketFactory, configurableApplicationContext);
        }

        @ConditionalOnMissingBean(name = {"oauthUserAuthenticator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Authenticator oauthUserAuthenticator(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("profileScopeToAttributesFilter") OAuth20ProfileScopeToAttributesFilter oAuth20ProfileScopeToAttributesFilter, @Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, @Qualifier("defaultAuthenticationSystemSupport") AuthenticationSystemSupport authenticationSystemSupport, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("oauth20ClientSecretValidator") OAuth20ClientSecretValidator oAuth20ClientSecretValidator, @Qualifier("authenticationAttributeReleasePolicy") AuthenticationAttributeReleasePolicy authenticationAttributeReleasePolicy) {
            return new OAuth20UsernamePasswordAuthenticator(authenticationSystemSupport, servicesManager, serviceFactory, oAuth20RequestParameterResolver, oAuth20ClientSecretValidator, authenticationAttributeReleasePolicy, oAuth20ProfileScopeToAttributesFilter, ticketFactory, configurableApplicationContext);
        }

        @ConditionalOnMissingBean(name = {"oauthAccessTokenAuthenticator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Authenticator oauthAccessTokenAuthenticator(@Qualifier("accessTokenJwtBuilder") JwtBuilder jwtBuilder, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry) {
            return new OAuth20AccessTokenAuthenticator(ticketRegistry, jwtBuilder);
        }

        @ConditionalOnMissingBean(name = {"oauthX509CertificateAuthenticator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Authenticator oauthX509CertificateAuthenticator(@Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("defaultAuthenticationSystemSupport") AuthenticationSystemSupport authenticationSystemSupport, @Qualifier("servicesManager") ServicesManager servicesManager) {
            return new OAuth20X509Authenticator(servicesManager, oAuth20RequestParameterResolver);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20ClientConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20ClientConfiguration.class */
    static class CasOAuth20ClientConfiguration {
        CasOAuth20ClientConfiguration() {
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Client oauthCasClient(@Qualifier("casSslContext") CasSSLContext casSSLContext, @Qualifier("oauthCasClientRedirectActionBuilder") OAuth20CasClientRedirectActionBuilder oAuth20CasClientRedirectActionBuilder, @Qualifier("casCallbackUrlResolver") UrlResolver urlResolver, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, CasConfigurationProperties casConfigurationProperties, @Qualifier("centralAuthenticationService") CentralAuthenticationService centralAuthenticationService, @Qualifier("authenticationAttributeReleasePolicy") AuthenticationAttributeReleasePolicy authenticationAttributeReleasePolicy) {
            CasServerProperties server = casConfigurationProperties.getServer();
            CasConfiguration casConfiguration = new CasConfiguration(server.getLoginUrl());
            casConfiguration.setDefaultTicketValidator(new CASOAuth20TicketValidator(new InternalTicketValidator(centralAuthenticationService, serviceFactory, authenticationAttributeReleasePolicy, servicesManager), authenticationAttributeReleasePolicy));
            casConfiguration.setHostnameVerifier(casSSLContext.getHostnameVerifier());
            casConfiguration.setSslSocketFactory(casSSLContext.getSslContext().getSocketFactory());
            CasClient casClient = new CasClient(casConfiguration);
            casClient.setRedirectionActionBuilder(callContext -> {
                return oAuth20CasClientRedirectActionBuilder.build(casClient, callContext.webContext());
            });
            casClient.setName("CasOAuthClient");
            casClient.setUrlResolver(urlResolver);
            casClient.setCallbackUrl(OAuth20Utils.casOAuthCallbackUrl(server.getPrefix()));
            casClient.setCheckAuthenticationAttempt(false);
            casClient.setProfileCreator((callContext2, credentials) -> {
                CasProfile userProfile = credentials.getUserProfile();
                BasicUserProfile basicUserProfile = new BasicUserProfile();
                basicUserProfile.build(userProfile.getId(), CoreAuthenticationUtils.convertAttributeValuesToObjects(userProfile.getAttributes()), CoreAuthenticationUtils.convertAttributeValuesToObjects(userProfile.getAuthenticationAttributes()));
                return Optional.of(basicUserProfile);
            });
            casClient.init();
            return casClient;
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Client basicAuthClient(@Qualifier("oauthClientAuthenticator") Authenticator authenticator) {
            DirectBasicAuthClient directBasicAuthClient = new DirectBasicAuthClient(authenticator);
            directBasicAuthClient.setName("clientBasicAuth");
            directBasicAuthClient.init();
            return directBasicAuthClient;
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Client directFormClient(@Qualifier("oauthClientAuthenticator") Authenticator authenticator) {
            DirectFormClient directFormClient = new DirectFormClient(authenticator);
            directFormClient.setName("clientForm");
            directFormClient.setUsernameParameter("client_id");
            directFormClient.setPasswordParameter("client_secret");
            directFormClient.init();
            return directFormClient;
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Client pkceAuthnFormClient(@Qualifier("oauthProofKeyCodeExchangeAuthenticator") Authenticator authenticator) {
            DirectFormClient directFormClient = new DirectFormClient(authenticator);
            directFormClient.setName("pkceFormAuthn");
            directFormClient.setUsernameParameter("client_id");
            directFormClient.setPasswordParameter("code_verifier");
            directFormClient.init();
            return directFormClient;
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Client pkceBasicAuthClient(@Qualifier("oauthProofKeyCodeExchangeAuthenticator") Authenticator authenticator) {
            DirectBasicAuthClient directBasicAuthClient = new DirectBasicAuthClient(authenticator);
            directBasicAuthClient.setName("pkceBasicAuthn");
            directBasicAuthClient.init();
            return directBasicAuthClient;
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Client refreshTokenFormClient(@Qualifier("oauthRefreshTokenAuthenticator") Authenticator authenticator) {
            DirectFormClient directFormClient = new DirectFormClient(authenticator);
            directFormClient.setName("clientRefreshTokenFormAuth");
            directFormClient.setUsernameParameter("client_id");
            directFormClient.setPasswordParameter("refresh_token");
            directFormClient.init();
            return directFormClient;
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Client userFormClient(@Qualifier("oauthUserAuthenticator") Authenticator authenticator) {
            DirectFormClient directFormClient = new DirectFormClient(authenticator);
            directFormClient.setName("userForm");
            directFormClient.init();
            return directFormClient;
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Client accessTokenClient(@Qualifier("oauthAccessTokenAuthenticator") Authenticator authenticator) {
            HeaderClient headerClient = new HeaderClient();
            headerClient.setCredentialsExtractor(new BearerAuthExtractor());
            headerClient.setAuthenticator(authenticator);
            headerClient.setName("clientAccessTokenAuth");
            headerClient.init();
            return headerClient;
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Client x509CertificateClient(@Qualifier("oauthX509CertificateAuthenticator") Authenticator authenticator) {
            HeaderClient headerClient = new HeaderClient();
            headerClient.setCredentialsExtractor(new X509CredentialsExtractor());
            headerClient.setAuthenticator(authenticator);
            headerClient.setName("clientX509CertificateAuth");
            headerClient.init();
            return headerClient;
        }

        @ConditionalOnMissingBean(name = {"oauthSecConfigClients"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public BeanContainer<Client> oauthSecConfigClients(@Qualifier("x509CertificateClient") Client client, @Qualifier("basicAuthClient") Client client2, @Qualifier("directFormClient") Client client3, @Qualifier("pkceAuthnFormClient") Client client4, @Qualifier("pkceBasicAuthClient") Client client5, @Qualifier("refreshTokenFormClient") Client client6, @Qualifier("oauthCasClient") Client client7, @Qualifier("userFormClient") Client client8, @Qualifier("accessTokenClient") Client client9, ObjectProvider<List<OAuth20AuthenticationClientProvider>> objectProvider) {
            List list = (List) Optional.ofNullable((List) objectProvider.getIfAvailable()).orElseGet(ArrayList::new);
            AnnotationAwareOrderComparator.sort(list);
            ArrayList arrayList = new ArrayList();
            list.forEach(oAuth20AuthenticationClientProvider -> {
                arrayList.add(oAuth20AuthenticationClientProvider.createClient());
            });
            arrayList.add(client7);
            arrayList.add(client2);
            arrayList.add(client4);
            arrayList.add(client5);
            arrayList.add(client6);
            arrayList.add(client3);
            arrayList.add(client8);
            arrayList.add(client9);
            arrayList.add(client);
            return BeanContainer.of(arrayList);
        }

        @ConditionalOnMissingBean(name = {"oauthSecProfileManagerFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ProfileManagerFactory oauthSecProfileManagerFactory(@Qualifier("oauthDistributedSessionStore") SessionStore sessionStore, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver) {
            return (webContext, sessionStore2) -> {
                return new OAuth20ClientIdAwareProfileManager(webContext, sessionStore, servicesManager, oAuth20RequestParameterResolver);
            };
        }

        @ConditionalOnMissingBean(name = {"oauthSecConfig"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Config oauthSecConfig(@Qualifier("oauthSecProfileManagerFactory") ProfileManagerFactory profileManagerFactory, @Qualifier("oauthDistributedSessionStore") SessionStore sessionStore, @Qualifier("oauthSecCsrfTokenMatcher") Matcher matcher, @Qualifier("oauthSecConfigClients") BeanContainer<Client> beanContainer, CasConfigurationProperties casConfigurationProperties) {
            Config config = new Config(OAuth20Utils.casOAuthCallbackUrl(casConfigurationProperties.getServer().getPrefix()), beanContainer.toList());
            config.setHttpActionAdapter(JEEHttpActionAdapter.INSTANCE);
            config.setWebContextFactory(JEEContextFactory.INSTANCE);
            config.setSessionStoreFactory(frameworkParameters -> {
                return sessionStore;
            });
            config.setMatcher(matcher);
            config.setProfileManagerFactory(profileManagerFactory);
            return config;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20ContextConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20ContextConfiguration.class */
    static class CasOAuth20ContextConfiguration {
        CasOAuth20ContextConfiguration() {
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20ConfigurationContext oauth20ConfigurationContext(@Qualifier("communicationsManager") CommunicationsManager communicationsManager, @Qualifier("authenticationAttributeReleasePolicy") AuthenticationAttributeReleasePolicy authenticationAttributeReleasePolicy, @Qualifier("oauth20ClientSecretValidator") OAuth20ClientSecretValidator oAuth20ClientSecretValidator, @Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("accessTokenJwtBuilder") JwtBuilder jwtBuilder, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution, @Qualifier("centralAuthenticationService") CentralAuthenticationService centralAuthenticationService, @Qualifier("ticketGrantingTicketCookieGenerator") CasCookieBuilder casCookieBuilder, @Qualifier("oauth2UserProfileDataCreator") OAuth20UserProfileDataCreator oAuth20UserProfileDataCreator, @Qualifier("oauthDistributedSessionCookieGenerator") CasCookieBuilder casCookieBuilder2, @Qualifier("oauthUserProfileViewRenderer") OAuth20UserProfileViewRenderer oAuth20UserProfileViewRenderer, @Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("attributeDefinitionStore") AttributeDefinitionStore attributeDefinitionStore, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("oauthDistributedSessionStore") SessionStore sessionStore, @Qualifier("oauthRegisteredServiceCipherExecutor") CipherExecutor cipherExecutor, @Qualifier("oauthPrincipalFactory") PrincipalFactory principalFactory, @Qualifier("callbackAuthorizeViewResolver") OAuth20CallbackAuthorizeViewResolver oAuth20CallbackAuthorizeViewResolver, @Qualifier("profileScopeToAttributesFilter") OAuth20ProfileScopeToAttributesFilter oAuth20ProfileScopeToAttributesFilter, @Qualifier("oauthSecConfig") Config config, ObjectProvider<List<OAuth20TokenRequestValidator>> objectProvider, @Qualifier("deviceTokenExpirationPolicy") ExpirationPolicyBuilder expirationPolicyBuilder, @Qualifier("oauthInvalidAuthorizationBuilder") OAuth20InvalidAuthorizationResponseBuilder oAuth20InvalidAuthorizationResponseBuilder, @Qualifier("consentApprovalViewResolver") ConsentApprovalViewResolver consentApprovalViewResolver, @Qualifier("accessTokenResponseGenerator") OAuth20AccessTokenResponseGenerator oAuth20AccessTokenResponseGenerator, @Qualifier("oauthCasAuthenticationBuilder") OAuth20CasAuthenticationBuilder oAuth20CasAuthenticationBuilder, @Qualifier("argumentExtractor") ArgumentExtractor argumentExtractor, ObjectProvider<List<OAuth20AuthorizationResponseBuilder>> objectProvider2, ObjectProvider<List<OAuth20AuthorizationRequestValidator>> objectProvider3, @Qualifier("oauthTokenGenerator") OAuth20TokenGenerator oAuth20TokenGenerator, List<OAuth20IntrospectionResponseGenerator> list, @Qualifier("defaultPrincipalResolver") PrincipalResolver principalResolver, @Qualifier("taskScheduler") TaskScheduler taskScheduler, @Qualifier("webflowCipherExecutor") CipherExecutor cipherExecutor2, @Qualifier("httpClient") HttpClient httpClient) {
            return OAuth20ConfigurationContext.builder().argumentExtractor(argumentExtractor).httpClient(httpClient).requestParameterResolver(oAuth20RequestParameterResolver).applicationContext(configurableApplicationContext).registeredServiceCipherExecutor(cipherExecutor).sessionStore(sessionStore).servicesManager(servicesManager).ticketRegistry(ticketRegistry).ticketFactory(ticketFactory).principalFactory(principalFactory).webApplicationServiceServiceFactory(serviceFactory).casProperties(casConfigurationProperties).ticketGrantingTicketCookieGenerator(casCookieBuilder).oauthDistributedSessionCookieGenerator(casCookieBuilder2).oauthConfig(config).registeredServiceAccessStrategyEnforcer(auditableExecution).centralAuthenticationService(centralAuthenticationService).callbackAuthorizeViewResolver(oAuth20CallbackAuthorizeViewResolver).profileScopeToAttributesFilter(oAuth20ProfileScopeToAttributesFilter).accessTokenGenerator(oAuth20TokenGenerator).accessTokenJwtBuilder(jwtBuilder).accessTokenResponseGenerator(oAuth20AccessTokenResponseGenerator).deviceTokenExpirationPolicy(expirationPolicyBuilder).accessTokenGrantRequestValidators(objectProvider).userProfileDataCreator(oAuth20UserProfileDataCreator).userProfileViewRenderer(oAuth20UserProfileViewRenderer).consentApprovalViewResolver(consentApprovalViewResolver).authenticationBuilder(oAuth20CasAuthenticationBuilder).oauthInvalidAuthorizationResponseBuilder(oAuth20InvalidAuthorizationResponseBuilder).oauthAuthorizationResponseBuilders(objectProvider2).oauthRequestValidators(objectProvider3).clientSecretValidator(oAuth20ClientSecretValidator).authenticationAttributeReleasePolicy(authenticationAttributeReleasePolicy).attributeDefinitionStore(attributeDefinitionStore).introspectionResponseGenerator(list).principalResolver(principalResolver).taskScheduler(taskScheduler).communicationsManager(communicationsManager).webflowCipherExecutor(cipherExecutor2).build();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20CoreConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20CoreConfiguration.class */
    static class CasOAuth20CoreConfiguration {
        CasOAuth20CoreConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"oauthRequestParameterResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20RequestParameterResolver oauthRequestParameterResolver(@Qualifier("accessTokenJwtBuilder") JwtBuilder jwtBuilder) {
            return new DefaultOAuth20RequestParameterResolver(jwtBuilder);
        }

        @ConditionalOnMissingBean(name = {"oauthPrincipalFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PrincipalFactory oauthPrincipalFactory() {
            return PrincipalFactoryUtils.newPrincipalFactory();
        }

        @ConditionalOnMissingBean(name = {"oauthAuthorizationModelAndViewBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20AuthorizationModelAndViewBuilder oauthAuthorizationModelAndViewBuilder(@Qualifier("oauthResponseModeFactory") OAuth20ResponseModeFactory oAuth20ResponseModeFactory) {
            return new DefaultOAuth20AuthorizationModelAndViewBuilder(oAuth20ResponseModeFactory);
        }

        @ConditionalOnMissingBean(name = {"oauthResponseModeFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20ResponseModeFactory oauthResponseModeFactory(List<OAuth20ResponseModeBuilder> list) {
            DefaultOAuth20ResponseModeFactory defaultOAuth20ResponseModeFactory = new DefaultOAuth20ResponseModeFactory();
            Objects.requireNonNull(defaultOAuth20ResponseModeFactory);
            list.forEach(defaultOAuth20ResponseModeFactory::registerBuilder);
            return defaultOAuth20ResponseModeFactory;
        }

        @ConditionalOnMissingBean(name = {"oauthQueryResponseModeBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20ResponseModeBuilder oauthQueryResponseModeBuilder() {
            return new OAuth20ResponseModeQueryBuilder();
        }

        @ConditionalOnMissingBean(name = {"oauthFormPostResponseModeBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20ResponseModeBuilder oauthFormPostResponseModeBuilder() {
            return new OAuth20ResponseModeFormPostBuilder();
        }

        @ConditionalOnMissingBean(name = {"oauthFragmentResponseModeBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20ResponseModeBuilder oauthFragmentResponseModeBuilder() {
            return new OAuth20ResponseModeFragmentBuilder();
        }

        @ConditionalOnMissingBean(name = {"oauthUserProfileViewRenderer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20UserProfileViewRenderer oauthUserProfileViewRenderer(@Qualifier("attributeDefinitionStore") AttributeDefinitionStore attributeDefinitionStore, @Qualifier("servicesManager") ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties) {
            return new OAuth20DefaultUserProfileViewRenderer(servicesManager, casConfigurationProperties.getAuthn().getOauth(), attributeDefinitionStore);
        }

        @ConditionalOnMissingBean(name = {"callbackAuthorizeViewResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20CallbackAuthorizeViewResolver callbackAuthorizeViewResolver() {
            return OAuth20CallbackAuthorizeViewResolver.asDefault();
        }

        @ConditionalOnMissingBean(name = {"profileScopeToAttributesFilter"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20ProfileScopeToAttributesFilter profileScopeToAttributesFilter() {
            return new DefaultOAuth20ProfileScopeToAttributesFilter();
        }

        @ConditionalOnMissingBean(name = {"oauthRegisteredServiceCipherExecutor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CipherExecutor oauthRegisteredServiceCipherExecutor(CasConfigurationProperties casConfigurationProperties) {
            EncryptionOptionalSigningOptionalJwtCryptographyProperties crypto = casConfigurationProperties.getAuthn().getOauth().getCrypto();
            boolean z = !crypto.isEnabled() && StringUtils.isNotBlank(crypto.getEncryption().getKey()) && StringUtils.isNotBlank(crypto.getSigning().getKey());
            Supplier supplier = () -> {
                CasOAuth20Configuration.LOGGER.warn("Secret encryption/signing is not enabled explicitly in the configuration for OAuth/OIDC services, yet signing/encryption keys are defined for operations. CAS will proceed to enable the encryption/signing functionality.");
                return Boolean.TRUE;
            };
            Objects.requireNonNull(crypto);
            if (((Boolean) FunctionUtils.doIf(z, supplier, crypto::isEnabled).get()).booleanValue()) {
                return CipherExecutorUtils.newStringCipherExecutor(crypto, OAuth20RegisteredServiceCipherExecutor.class);
            }
            CasOAuth20Configuration.LOGGER.info("Relying party secret encryption/signing is turned off for OAuth/OIDC services. This MAY NOT be safe in a production environment. Consider using other choices to handle encryption, signing and verification of relying party secrets.");
            return CipherExecutor.noOp();
        }

        @ConditionalOnMissingBean(name = {"oauthCasClientRedirectActionBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20CasClientRedirectActionBuilder oauthCasClientRedirectActionBuilder() {
            return new OAuth20DefaultCasClientRedirectActionBuilder();
        }

        @ConditionalOnMissingBean(name = {"casCallbackUrlResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public UrlResolver casCallbackUrlResolver(CasConfigurationProperties casConfigurationProperties, @Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver) {
            return new OAuth20CasCallbackUrlResolver(OAuth20Utils.casOAuthCallbackUrl(casConfigurationProperties.getServer().getPrefix()), oAuth20RequestParameterResolver);
        }

        @ConditionalOnMissingBean(name = {"oauthSecCsrfTokenMatcher"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Matcher oauthSecCsrfTokenMatcher(CasConfigurationProperties casConfigurationProperties) {
            CsrfTokenGeneratorMatcher csrfTokenGeneratorMatcher = new CsrfTokenGeneratorMatcher(new DefaultCsrfTokenGenerator());
            OAuthCsrfCookieProperties csrfCookie = casConfigurationProperties.getAuthn().getOauth().getCsrfCookie();
            int maxAge = csrfCookie.getMaxAge();
            if (maxAge >= 0) {
                csrfTokenGeneratorMatcher.setMaxAge(Integer.valueOf(maxAge));
            }
            csrfTokenGeneratorMatcher.setSameSitePolicy(csrfCookie.getSameSitePolicy());
            csrfTokenGeneratorMatcher.setDomain(csrfCookie.getDomain());
            csrfTokenGeneratorMatcher.setPath(csrfCookie.getPath());
            csrfTokenGeneratorMatcher.setHttpOnly(Boolean.valueOf(csrfCookie.isHttpOnly()));
            csrfTokenGeneratorMatcher.setSecure(Boolean.valueOf(csrfCookie.isSecure()));
            return csrfTokenGeneratorMatcher;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20ExtractorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20ExtractorConfiguration.class */
    static class CasOAuth20ExtractorConfiguration {
        CasOAuth20ExtractorConfiguration() {
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AccessTokenGrantRequestExtractor accessTokenTokenExchangeGrantRequestExtractor(@Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return new AccessTokenTokenExchangeGrantRequestExtractor(oAuth20ConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AccessTokenGrantRequestExtractor accessTokenProofKeyCodeExchangeAuthorizationCodeGrantRequestExtractor(@Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return new AccessTokenProofKeyCodeExchangeAuthorizationCodeGrantRequestExtractor(oAuth20ConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AccessTokenGrantRequestExtractor accessTokenAuthorizationCodeGrantRequestExtractor(@Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return new AccessTokenAuthorizationCodeGrantRequestExtractor(oAuth20ConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AccessTokenGrantRequestExtractor accessTokenRefreshTokenGrantRequestExtractor(@Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return new AccessTokenRefreshTokenGrantRequestExtractor(oAuth20ConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AccessTokenGrantRequestExtractor accessTokenPasswordGrantRequestExtractor(@Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return new AccessTokenPasswordGrantRequestExtractor(oAuth20ConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AccessTokenGrantRequestExtractor accessTokenClientCredentialsGrantRequestExtractor(@Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return new AccessTokenClientCredentialsGrantRequestExtractor(oAuth20ConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AccessTokenGrantRequestExtractor accessTokenDeviceCodeResponseRequestExtractor(@Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return new AccessTokenDeviceCodeResponseRequestExtractor(oAuth20ConfigurationContext);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20JwtConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20JwtConfiguration.class */
    static class CasOAuth20JwtConfiguration {
        CasOAuth20JwtConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"oauthAccessTokenJwtCipherExecutor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CipherExecutor oauthAccessTokenJwtCipherExecutor(CasConfigurationProperties casConfigurationProperties) {
            EncryptionOptionalSigningOptionalJwtCryptographyProperties crypto = casConfigurationProperties.getAuthn().getOauth().getAccessToken().getCrypto();
            boolean z = !crypto.isEnabled() && StringUtils.isNotBlank(crypto.getEncryption().getKey()) && StringUtils.isNotBlank(crypto.getSigning().getKey());
            Supplier supplier = () -> {
                CasOAuth20Configuration.LOGGER.warn("Default encryption/signing is not enabled explicitly for OAuth access tokens as JWTs if necessary, yet signing/encryption keys are defined for operations. CAS will proceed to enable the token encryption/signing functionality.");
                return Boolean.TRUE;
            };
            Objects.requireNonNull(crypto);
            if (((Boolean) FunctionUtils.doIf(z, supplier, crypto::isEnabled).get()).booleanValue()) {
                return CipherExecutorUtils.newStringCipherExecutor(crypto, OAuth20JwtAccessTokenCipherExecutor.class);
            }
            CasOAuth20Configuration.LOGGER.info("OAuth access token encryption/signing is turned off for JWTs, if/when needed. This MAY NOT be safe in a production environment.");
            return CipherExecutor.noOp();
        }

        @ConditionalOnMissingBean(name = {"oauthRegisteredServiceJwtAccessTokenCipherExecutor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public RegisteredServiceCipherExecutor oauthRegisteredServiceJwtAccessTokenCipherExecutor() {
            return new OAuth20RegisteredServiceJwtAccessTokenCipherExecutor();
        }

        @ConditionalOnMissingBean(name = {"accessTokenJwtBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public JwtBuilder accessTokenJwtBuilder(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("oauthRegisteredServiceJwtAccessTokenCipherExecutor") RegisteredServiceCipherExecutor registeredServiceCipherExecutor, @Qualifier("oauthAccessTokenJwtCipherExecutor") CipherExecutor cipherExecutor, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("defaultPrincipalResolver") PrincipalResolver principalResolver) {
            return new OAuth20JwtBuilder(cipherExecutor, configurableApplicationContext, servicesManager, registeredServiceCipherExecutor, casConfigurationProperties, principalResolver);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20LogoutConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20LogoutConfiguration.class */
    static class CasOAuth20LogoutConfiguration {
        CasOAuth20LogoutConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"oauthLogoutExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public LogoutExecutionPlanConfigurer oauthLogoutExecutionPlanConfigurer(CasConfigurationProperties casConfigurationProperties, @Qualifier("oauthDistributedSessionStore") SessionStore sessionStore) {
            return logoutExecutionPlan -> {
                if (casConfigurationProperties.getAuthn().getOauth().getSessionReplication().isReplicateSessions()) {
                    logoutExecutionPlan.registerLogoutPostProcessor(ticketGrantingTicket -> {
                        HttpServletRequest httpServletRequestFromRequestAttributes = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
                        HttpServletResponse httpServletResponseFromRequestAttributes = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
                        if (httpServletRequestFromRequestAttributes == null || httpServletResponseFromRequestAttributes == null) {
                            return;
                        }
                        sessionStore.destroySession(new JEEContext(httpServletRequestFromRequestAttributes, httpServletResponseFromRequestAttributes));
                    });
                }
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20ResponseConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20ResponseConfiguration.class */
    static class CasOAuth20ResponseConfiguration {
        CasOAuth20ResponseConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"oauthIntrospectionResponseGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20IntrospectionResponseGenerator oauthIntrospectionResponseGenerator() {
            return new OAuth20DefaultIntrospectionResponseGenerator();
        }

        @ConditionalOnMissingBean(name = {"oauthResourceOwnerCredentialsResponseBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20AuthorizationResponseBuilder oauthResourceOwnerCredentialsResponseBuilder(@Qualifier("oauthAuthorizationModelAndViewBuilder") OAuth20AuthorizationModelAndViewBuilder oAuth20AuthorizationModelAndViewBuilder, @Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return new OAuth20ResourceOwnerCredentialsResponseBuilder(oAuth20ConfigurationContext, oAuth20AuthorizationModelAndViewBuilder);
        }

        @ConditionalOnMissingBean(name = {"oauthClientCredentialsResponseBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20AuthorizationResponseBuilder oauthClientCredentialsResponseBuilder(@Qualifier("oauthAuthorizationModelAndViewBuilder") OAuth20AuthorizationModelAndViewBuilder oAuth20AuthorizationModelAndViewBuilder, @Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return new OAuth20ClientCredentialsResponseBuilder(oAuth20ConfigurationContext, oAuth20AuthorizationModelAndViewBuilder);
        }

        @ConditionalOnMissingBean(name = {"oauthTokenResponseBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20AuthorizationResponseBuilder oauthTokenResponseBuilder(@Qualifier("oauthAuthorizationModelAndViewBuilder") OAuth20AuthorizationModelAndViewBuilder oAuth20AuthorizationModelAndViewBuilder, @Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return new OAuth20TokenAuthorizationResponseBuilder(oAuth20ConfigurationContext, oAuth20AuthorizationModelAndViewBuilder);
        }

        @ConditionalOnMissingBean(name = {"oauthAuthorizationCodeResponseBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20AuthorizationResponseBuilder oauthAuthorizationCodeResponseBuilder(@Qualifier("oauthAuthorizationModelAndViewBuilder") OAuth20AuthorizationModelAndViewBuilder oAuth20AuthorizationModelAndViewBuilder, @Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return new OAuth20AuthorizationCodeAuthorizationResponseBuilder(oAuth20ConfigurationContext, oAuth20AuthorizationModelAndViewBuilder);
        }

        @ConditionalOnMissingBean(name = {"oauthInvalidAuthorizationBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20InvalidAuthorizationResponseBuilder oauthInvalidAuthorizationBuilder(@Qualifier("oauthResponseModeFactory") OAuth20ResponseModeFactory oAuth20ResponseModeFactory, @Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("servicesManager") ServicesManager servicesManager) {
            return new OAuth20InvalidAuthorizationResponseBuilder(servicesManager, oAuth20RequestParameterResolver, oAuth20ResponseModeFactory);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20SessionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20SessionConfiguration.class */
    static class CasOAuth20SessionConfiguration {
        CasOAuth20SessionConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"oauthDistributedSessionCookieCipherExecutor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CipherExecutor oauthDistributedSessionCookieCipherExecutor(CasConfigurationProperties casConfigurationProperties) {
            SessionReplicationProperties sessionReplication = casConfigurationProperties.getAuthn().getOauth().getSessionReplication();
            return (CipherExecutor) FunctionUtils.doIf(sessionReplication.isReplicateSessions(), () -> {
                CookieSessionReplicationProperties cookie = sessionReplication.getCookie();
                EncryptionJwtSigningJwtCryptographyProperties crypto = cookie.getCrypto();
                boolean isEnabled = crypto.isEnabled();
                if (!isEnabled && StringUtils.isNotBlank(crypto.getEncryption().getKey()) && StringUtils.isNotBlank(crypto.getSigning().getKey())) {
                    CasOAuth20Configuration.LOGGER.warn("Encryption/Signing is not enabled explicitly in the configuration for cookie [{}], yet signing/encryption keys are defined for operations. CAS will proceed to enable the cookie encryption/signing functionality.", cookie.getName());
                    isEnabled = true;
                }
                return isEnabled ? CipherExecutorUtils.newStringCipherExecutor(crypto, OAuth20DistributedSessionCookieCipherExecutor.class) : CipherExecutor.noOp();
            }, CipherExecutor::noOp).get();
        }

        @ConditionalOnMissingBean(name = {"oauthDistributedSessionCookieGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasCookieBuilder oauthDistributedSessionCookieGenerator(@Qualifier("geoLocationService") ObjectProvider<GeoLocationService> objectProvider, @Qualifier("oauthDistributedSessionCookieCipherExecutor") CipherExecutor cipherExecutor, CasConfigurationProperties casConfigurationProperties) {
            CookieSessionReplicationProperties cookie = casConfigurationProperties.getAuthn().getOauth().getSessionReplication().getCookie();
            if (StringUtils.isBlank(cookie.getName())) {
                cookie.setName("%s%s".formatted("DISSESSION", CasOAuth20Configuration.OAUTH_OIDC_SERVER_SUPPORT_PREFIX));
            }
            return CookieUtils.buildCookieRetrievingGenerator(cookie, new DefaultCasCookieValueManager(cipherExecutor, objectProvider, DefaultCookieSameSitePolicy.INSTANCE, cookie));
        }

        @ConditionalOnMissingBean(name = {"oauthDistributedSessionStore"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SessionStore oauthDistributedSessionStore(@Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("oauthDistributedSessionCookieGenerator") CasCookieBuilder casCookieBuilder, CasConfigurationProperties casConfigurationProperties) {
            if (casConfigurationProperties.getAuthn().getOauth().getSessionReplication().isReplicateSessions()) {
                return new TicketRegistrySessionStore(ticketRegistry, ticketFactory, casCookieBuilder);
            }
            JEESessionStore jEESessionStore = new JEESessionStore();
            jEESessionStore.setPrefix(CasOAuth20Configuration.OAUTH_OIDC_SERVER_SUPPORT_PREFIX);
            return jEESessionStore;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20StatelessTicketsAutoConfiguration", proxyBeanMethods = false)
    @ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.TicketRegistry}, module = "stateless")
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20StatelessTicketsAutoConfiguration.class */
    static class CasOAuth20StatelessTicketsAutoConfiguration {
        CasOAuth20StatelessTicketsAutoConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"oauth20CodeTicketCompactor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketCompactor<OAuth20Code> oauth20CodeTicketCompactor(@Qualifier("principalFactory") PrincipalFactory principalFactory, @Qualifier("webApplicationServiceFactory") ServiceFactory serviceFactory, @Qualifier("defaultTicketFactory") ObjectProvider<TicketFactory> objectProvider) {
            return new OAuth20CodeCompactor(objectProvider, serviceFactory, principalFactory);
        }

        @ConditionalOnMissingBean(name = {"oauth20AccessTokenTicketCompactor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketCompactor<OAuth20AccessToken> oauth20AccessTokenTicketCompactor(@Qualifier("principalFactory") PrincipalFactory principalFactory, @Qualifier("webApplicationServiceFactory") ServiceFactory serviceFactory, @Qualifier("defaultTicketFactory") ObjectProvider<TicketFactory> objectProvider) {
            return new OAuth20AccessTokenCompactor(objectProvider, serviceFactory, principalFactory);
        }

        @ConditionalOnMissingBean(name = {"oauth20RefreshTokenTicketCompactor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketCompactor<OAuth20RefreshToken> oauth20RefreshTokenTicketCompactor(@Qualifier("principalFactory") PrincipalFactory principalFactory, @Qualifier("webApplicationServiceFactory") ServiceFactory serviceFactory, @Qualifier("defaultTicketFactory") ObjectProvider<TicketFactory> objectProvider) {
            return new OAuth20RefreshTokenCompactor(objectProvider, serviceFactory, principalFactory);
        }

        @ConditionalOnMissingBean(name = {"oauth20DeviceTokenTicketCompactor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketCompactor<OAuth20DeviceToken> oauth20DeviceTokenTicketCompactor(@Qualifier("webApplicationServiceFactory") ServiceFactory serviceFactory, @Qualifier("defaultTicketFactory") ObjectProvider<TicketFactory> objectProvider) {
            return new OAuth20DeviceTokenCompactor(objectProvider, serviceFactory);
        }

        @ConditionalOnMissingBean(name = {"oauth20DeviceUserCodeTicketCompactor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketCompactor<OAuth20DeviceUserCode> oauth20DeviceUserCodeTicketCompactor(@Qualifier("webApplicationServiceFactory") ServiceFactory serviceFactory, @Qualifier("defaultTicketFactory") ObjectProvider<TicketFactory> objectProvider) {
            return new OAuth20DeviceUserCodeCompactor(objectProvider, serviceFactory);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20TicketFactoryPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20TicketFactoryPlanConfiguration.class */
    static class CasOAuth20TicketFactoryPlanConfiguration {
        CasOAuth20TicketFactoryPlanConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"defaultRefreshTokenFactoryConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketFactoryExecutionPlanConfigurer defaultRefreshTokenFactoryConfigurer(@Qualifier("defaultRefreshTokenFactory") OAuth20RefreshTokenFactory oAuth20RefreshTokenFactory) {
            return () -> {
                return oAuth20RefreshTokenFactory;
            };
        }

        @ConditionalOnMissingBean(name = {"defaultDeviceUserCodeFactoryConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketFactoryExecutionPlanConfigurer defaultDeviceUserCodeFactoryConfigurer(@Qualifier("defaultDeviceUserCodeFactory") OAuth20DeviceUserCodeFactory oAuth20DeviceUserCodeFactory) {
            return () -> {
                return oAuth20DeviceUserCodeFactory;
            };
        }

        @ConditionalOnMissingBean(name = {"defaultAccessTokenFactoryConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketFactoryExecutionPlanConfigurer defaultAccessTokenFactoryConfigurer(@Qualifier("defaultAccessTokenFactory") OAuth20AccessTokenFactory oAuth20AccessTokenFactory) {
            return () -> {
                return oAuth20AccessTokenFactory;
            };
        }

        @ConditionalOnMissingBean(name = {"defaultDeviceTokenFactoryConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketFactoryExecutionPlanConfigurer defaultDeviceTokenFactoryConfigurer(@Qualifier("defaultDeviceTokenFactory") OAuth20DeviceTokenFactory oAuth20DeviceTokenFactory) {
            return () -> {
                return oAuth20DeviceTokenFactory;
            };
        }

        @ConditionalOnMissingBean(name = {"defaultOAuthCodeFactoryConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketFactoryExecutionPlanConfigurer defaultOAuthCodeFactoryConfigurer(@Qualifier("defaultOAuthCodeFactory") OAuth20CodeFactory oAuth20CodeFactory) {
            return () -> {
                return oAuth20CodeFactory;
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20TicketsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20TicketsConfiguration.class */
    static class CasOAuth20TicketsConfiguration {
        CasOAuth20TicketsConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"accessTokenExpirationPolicy"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ExpirationPolicyBuilder accessTokenExpirationPolicy(CasConfigurationProperties casConfigurationProperties) {
            return new OAuth20AccessTokenExpirationPolicyBuilder(casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"deviceTokenExpirationPolicy"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ExpirationPolicyBuilder deviceTokenExpirationPolicy(CasConfigurationProperties casConfigurationProperties) {
            return new OAuth20DeviceTokenExpirationPolicyBuilder(casConfigurationProperties);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ExpirationPolicyBuilder oAuthCodeExpirationPolicy(CasConfigurationProperties casConfigurationProperties) {
            return new OAuth20CodeExpirationPolicyBuilder(casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"oAuthCodeIdGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public UniqueTicketIdGenerator oAuthCodeIdGenerator() {
            return new HostNameBasedUniqueTicketIdGenerator();
        }

        @ConditionalOnMissingBean(name = {"refreshTokenIdGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public UniqueTicketIdGenerator refreshTokenIdGenerator() {
            return new HostNameBasedUniqueTicketIdGenerator();
        }

        @ConditionalOnMissingBean(name = {"accessTokenIdGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public UniqueTicketIdGenerator accessTokenIdGenerator() {
            return new HostNameBasedUniqueTicketIdGenerator();
        }

        @ConditionalOnMissingBean(name = {"deviceTokenIdGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public UniqueTicketIdGenerator deviceTokenIdGenerator() {
            return new HostNameBasedUniqueTicketIdGenerator();
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ExpirationPolicyBuilder refreshTokenExpirationPolicy(CasConfigurationProperties casConfigurationProperties) {
            return new OAuth20RefreshTokenExpirationPolicyBuilder(casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"defaultRefreshTokenFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20RefreshTokenFactory defaultRefreshTokenFactory(@Qualifier("refreshTokenIdGenerator") UniqueTicketIdGenerator uniqueTicketIdGenerator, @Qualifier("refreshTokenExpirationPolicy") ExpirationPolicyBuilder expirationPolicyBuilder, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("descendantTicketsTrackingPolicy") TicketTrackingPolicy ticketTrackingPolicy, CasConfigurationProperties casConfigurationProperties) {
            return new OAuth20DefaultRefreshTokenFactory(uniqueTicketIdGenerator, ticketRegistry, expirationPolicyBuilder, servicesManager, ticketTrackingPolicy, casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"defaultAccessTokenFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20AccessTokenFactory defaultAccessTokenFactory(@Qualifier("accessTokenIdGenerator") UniqueTicketIdGenerator uniqueTicketIdGenerator, @Qualifier("accessTokenExpirationPolicy") ExpirationPolicyBuilder expirationPolicyBuilder, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("accessTokenJwtBuilder") JwtBuilder jwtBuilder, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("descendantTicketsTrackingPolicy") TicketTrackingPolicy ticketTrackingPolicy) {
            return new OAuth20DefaultAccessTokenFactory(uniqueTicketIdGenerator, ticketRegistry, expirationPolicyBuilder, jwtBuilder, servicesManager, ticketTrackingPolicy);
        }

        @ConditionalOnMissingBean(name = {"defaultDeviceTokenFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20DeviceTokenFactory defaultDeviceTokenFactory(@Qualifier("deviceTokenExpirationPolicy") ExpirationPolicyBuilder expirationPolicyBuilder, @Qualifier("deviceTokenIdGenerator") UniqueTicketIdGenerator uniqueTicketIdGenerator, @Qualifier("servicesManager") ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties) {
            return new OAuth20DefaultDeviceTokenFactory(uniqueTicketIdGenerator, expirationPolicyBuilder, casConfigurationProperties.getAuthn().getOauth().getDeviceUserCode().getUserCodeLength(), servicesManager);
        }

        @ConditionalOnMissingBean(name = {"defaultDeviceUserCodeFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20DeviceUserCodeFactory defaultDeviceUserCodeFactory(@Qualifier("deviceTokenExpirationPolicy") ExpirationPolicyBuilder expirationPolicyBuilder, @Qualifier("deviceTokenIdGenerator") UniqueTicketIdGenerator uniqueTicketIdGenerator, @Qualifier("servicesManager") ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties) {
            return new OAuth20DefaultDeviceUserCodeFactory(uniqueTicketIdGenerator, expirationPolicyBuilder, casConfigurationProperties.getAuthn().getOauth().getDeviceUserCode().getUserCodeLength(), servicesManager);
        }

        @ConditionalOnMissingBean(name = {"defaultOAuthCodeFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20CodeFactory defaultOAuthCodeFactory(@Qualifier("protocolTicketCipherExecutor") CipherExecutor cipherExecutor, @Qualifier("oAuthCodeIdGenerator") UniqueTicketIdGenerator uniqueTicketIdGenerator, @Qualifier("oAuthCodeExpirationPolicy") ExpirationPolicyBuilder expirationPolicyBuilder, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("descendantTicketsTrackingPolicy") TicketTrackingPolicy ticketTrackingPolicy) {
            return new OAuth20DefaultOAuthCodeFactory(uniqueTicketIdGenerator, expirationPolicyBuilder, servicesManager, cipherExecutor, ticketTrackingPolicy);
        }

        @ConditionalOnMissingBean(name = {"oauth20TicketCatalogConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketCatalogConfigurer oauth20TicketCatalogConfigurer() {
            return new OAuth20TicketCatalogConfigurer();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20TokenGeneratorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20TokenGeneratorConfiguration.class */
    static class CasOAuth20TokenGeneratorConfiguration {
        CasOAuth20TokenGeneratorConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"oauthTokenGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20TokenGenerator oauthTokenGenerator(@Qualifier("defaultPrincipalResolver") PrincipalResolver principalResolver, @Qualifier("profileScopeToAttributesFilter") OAuth20ProfileScopeToAttributesFilter oAuth20ProfileScopeToAttributesFilter, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, CasConfigurationProperties casConfigurationProperties) {
            return new OAuth20DefaultTokenGenerator(ticketFactory, ticketRegistry, principalResolver, oAuth20ProfileScopeToAttributesFilter, casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"accessTokenResponseGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20AccessTokenResponseGenerator accessTokenResponseGenerator(@Qualifier("oauth20ConfigurationContext") ObjectProvider<OAuth20ConfigurationContext> objectProvider) {
            return new OAuth20DefaultAccessTokenResponseGenerator(objectProvider);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20ValidatorsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20ValidatorsConfiguration.class */
    static class CasOAuth20ValidatorsConfiguration {
        CasOAuth20ValidatorsConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"oauth20ClientSecretValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20ClientSecretValidator oauth20ClientSecretValidator(@Qualifier("oauthRegisteredServiceCipherExecutor") CipherExecutor cipherExecutor) {
            return new DefaultOAuth20ClientSecretValidator(cipherExecutor);
        }

        @ConditionalOnMissingBean(name = {"oauth20AuthorizationCodeGrantTypeProofKeyCodeExchangeTokenRequestValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20TokenRequestValidator oauth20AuthorizationCodeGrantTypeProofKeyCodeExchangeTokenRequestValidator(@Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return (OAuth20TokenRequestValidator) BeanSupplier.of(OAuth20TokenRequestValidator.class).when(oAuth20ConfigurationContext.getCasProperties().getAuthn().getOidc().getDiscovery().getGrantTypesSupported().contains(OAuth20GrantTypes.AUTHORIZATION_CODE.getType())).supply(() -> {
                return new OAuth20AuthorizationCodeGrantTypeProofKeyCodeExchangeTokenRequestValidator(oAuth20ConfigurationContext);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"oauthAuthorizationCodeGrantTypeTokenRequestValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20TokenRequestValidator oauthAuthorizationCodeGrantTypeTokenRequestValidator(@Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return (OAuth20TokenRequestValidator) BeanSupplier.of(OAuth20TokenRequestValidator.class).when(oAuth20ConfigurationContext.getCasProperties().getAuthn().getOidc().getDiscovery().getGrantTypesSupported().contains(OAuth20GrantTypes.AUTHORIZATION_CODE.getType())).supply(() -> {
                return new OAuth20AuthorizationCodeGrantTypeTokenRequestValidator(oAuth20ConfigurationContext);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"oauthDeviceCodeResponseTypeRequestValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20TokenRequestValidator oauthDeviceCodeResponseTypeRequestValidator(CasConfigurationProperties casConfigurationProperties, @Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, @Qualifier("servicesManager") ServicesManager servicesManager) {
            return (OAuth20TokenRequestValidator) BeanSupplier.of(OAuth20TokenRequestValidator.class).when(casConfigurationProperties.getAuthn().getOidc().getDiscovery().getResponseTypesSupported().contains(OAuth20ResponseTypes.DEVICE_CODE.getType())).supply(() -> {
                return new OAuth20DeviceCodeResponseTypeRequestValidator(servicesManager, serviceFactory, oAuth20RequestParameterResolver);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"oauthRevocationRequestValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20TokenRequestValidator oauthRevocationRequestValidator(@Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("oauthDistributedSessionStore") SessionStore sessionStore, @Qualifier("servicesManager") ServicesManager servicesManager) {
            return new OAuth20RevocationRequestValidator(servicesManager, sessionStore, oAuth20RequestParameterResolver);
        }

        @ConditionalOnMissingBean(name = {"oauthRefreshTokenGrantTypeTokenRequestValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20TokenRequestValidator oauthRefreshTokenGrantTypeTokenRequestValidator(@Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return (OAuth20TokenRequestValidator) BeanSupplier.of(OAuth20TokenRequestValidator.class).when(oAuth20ConfigurationContext.getCasProperties().getAuthn().getOidc().getDiscovery().getGrantTypesSupported().contains(OAuth20GrantTypes.REFRESH_TOKEN.getType())).supply(() -> {
                return new OAuth20RefreshTokenGrantTypeTokenRequestValidator(oAuth20ConfigurationContext);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"oauthTokenExchangeGrantTypeTokenRequestValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20TokenRequestValidator oauthTokenExchangeGrantTypeTokenRequestValidator(@Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return (OAuth20TokenRequestValidator) BeanSupplier.of(OAuth20TokenRequestValidator.class).when(oAuth20ConfigurationContext.getCasProperties().getAuthn().getOidc().getDiscovery().getGrantTypesSupported().contains(OAuth20GrantTypes.TOKEN_EXCHANGE.getType())).supply(() -> {
                return new OAuth20TokenExchangeGrantTypeTokenRequestValidator(oAuth20ConfigurationContext);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"oauthPasswordGrantTypeTokenRequestValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20TokenRequestValidator oauthPasswordGrantTypeTokenRequestValidator(@Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return (OAuth20TokenRequestValidator) BeanSupplier.of(OAuth20TokenRequestValidator.class).when(oAuth20ConfigurationContext.getCasProperties().getAuthn().getOidc().getDiscovery().getGrantTypesSupported().contains(OAuth20GrantTypes.PASSWORD.getType())).supply(() -> {
                return new OAuth20PasswordGrantTypeTokenRequestValidator(oAuth20ConfigurationContext);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"oauthClientCredentialsGrantTypeTokenRequestValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20TokenRequestValidator oauthClientCredentialsGrantTypeTokenRequestValidator(@Qualifier("oauth20ConfigurationContext") OAuth20ConfigurationContext oAuth20ConfigurationContext) {
            return (OAuth20TokenRequestValidator) BeanSupplier.of(OAuth20TokenRequestValidator.class).when(oAuth20ConfigurationContext.getCasProperties().getAuthn().getOidc().getDiscovery().getGrantTypesSupported().contains(OAuth20GrantTypes.CLIENT_CREDENTIALS.getType())).supply(() -> {
                return new OAuth20ClientCredentialsGrantTypeTokenRequestValidator(oAuth20ConfigurationContext);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"oauthAuthorizationCodeResponseTypeRequestValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20AuthorizationRequestValidator oauthAuthorizationCodeResponseTypeRequestValidator(CasConfigurationProperties casConfigurationProperties, @Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution, @Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, @Qualifier("servicesManager") ServicesManager servicesManager) {
            List responseTypesSupported = casConfigurationProperties.getAuthn().getOidc().getDiscovery().getResponseTypesSupported();
            return (OAuth20AuthorizationRequestValidator) BeanSupplier.of(OAuth20AuthorizationRequestValidator.class).when(() -> {
                return Boolean.valueOf(responseTypesSupported.contains(OAuth20ResponseTypes.CODE.getType()));
            }).supply(() -> {
                return new OAuth20AuthorizationCodeResponseTypeAuthorizationRequestValidator(servicesManager, serviceFactory, auditableExecution, oAuth20RequestParameterResolver);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"oauthProofKeyCodeExchangeResponseTypeAuthorizationRequestValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20AuthorizationRequestValidator oauthProofKeyCodeExchangeResponseTypeAuthorizationRequestValidator(CasConfigurationProperties casConfigurationProperties, @Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution, @Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, @Qualifier("servicesManager") ServicesManager servicesManager) {
            List responseTypesSupported = casConfigurationProperties.getAuthn().getOidc().getDiscovery().getResponseTypesSupported();
            return (OAuth20AuthorizationRequestValidator) BeanSupplier.of(OAuth20AuthorizationRequestValidator.class).when(() -> {
                return Boolean.valueOf(responseTypesSupported.contains(OAuth20ResponseTypes.CODE.getType()));
            }).supply(() -> {
                return new OAuth20ProofKeyCodeExchangeResponseTypeAuthorizationRequestValidator(servicesManager, serviceFactory, auditableExecution, oAuth20RequestParameterResolver);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"oauthTokenResponseTypeRequestValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20AuthorizationRequestValidator oauthTokenResponseTypeRequestValidator(CasConfigurationProperties casConfigurationProperties, @Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution, @Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, @Qualifier("servicesManager") ServicesManager servicesManager) {
            List responseTypesSupported = casConfigurationProperties.getAuthn().getOidc().getDiscovery().getResponseTypesSupported();
            return (OAuth20AuthorizationRequestValidator) BeanSupplier.of(OAuth20AuthorizationRequestValidator.class).when(() -> {
                return Boolean.valueOf(responseTypesSupported.contains(OAuth20ResponseTypes.TOKEN.getType()));
            }).supply(() -> {
                return new OAuth20TokenResponseTypeAuthorizationRequestValidator(servicesManager, serviceFactory, auditableExecution, oAuth20RequestParameterResolver);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"oauthIdTokenResponseTypeRequestValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20AuthorizationRequestValidator oauthIdTokenResponseTypeRequestValidator(CasConfigurationProperties casConfigurationProperties, @Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution, @Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, @Qualifier("servicesManager") ServicesManager servicesManager) {
            List responseTypesSupported = casConfigurationProperties.getAuthn().getOidc().getDiscovery().getResponseTypesSupported();
            return (OAuth20AuthorizationRequestValidator) BeanSupplier.of(OAuth20AuthorizationRequestValidator.class).when(() -> {
                return Boolean.valueOf(responseTypesSupported.contains(OAuth20ResponseTypes.ID_TOKEN.getType()));
            }).supply(() -> {
                return new OAuth20IdTokenResponseTypeAuthorizationRequestValidator(servicesManager, serviceFactory, auditableExecution, oAuth20RequestParameterResolver);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"oauthIdTokenAndTokenResponseTypeRequestValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20AuthorizationRequestValidator oauthIdTokenAndTokenResponseTypeRequestValidator(CasConfigurationProperties casConfigurationProperties, @Qualifier("oauthRequestParameterResolver") OAuth20RequestParameterResolver oAuth20RequestParameterResolver, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution, @Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, @Qualifier("servicesManager") ServicesManager servicesManager) {
            List responseTypesSupported = casConfigurationProperties.getAuthn().getOidc().getDiscovery().getResponseTypesSupported();
            return (OAuth20AuthorizationRequestValidator) BeanSupplier.of(OAuth20AuthorizationRequestValidator.class).when(() -> {
                return Boolean.valueOf(responseTypesSupported.contains(OAuth20ResponseTypes.IDTOKEN_TOKEN.getType()));
            }).supply(() -> {
                return new OAuth20IdTokenAndTokenResponseTypeAuthorizationRequestValidator(servicesManager, serviceFactory, auditableExecution, oAuth20RequestParameterResolver);
            }).otherwiseProxy().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasOAuth20WebConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasOAuth20Configuration$CasOAuth20WebConfiguration.class */
    static class CasOAuth20WebConfiguration {
        CasOAuth20WebConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"consentApprovalViewResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ConsentApprovalViewResolver consentApprovalViewResolver(@Qualifier("oauthDistributedSessionStore") SessionStore sessionStore, CasConfigurationProperties casConfigurationProperties) {
            return new OAuth20ConsentApprovalViewResolver(casConfigurationProperties, sessionStore);
        }

        @ConditionalOnMissingBean(name = {"oauth2UserProfileDataCreator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OAuth20UserProfileDataCreator oauth2UserProfileDataCreator(@Qualifier("oauth20ConfigurationContext") ObjectProvider<OAuth20ConfigurationContext> objectProvider) {
            return new DefaultOAuth20UserProfileDataCreator(objectProvider);
        }
    }

    CasOAuth20Configuration() {
    }
}
