package org.apereo.cas.web.saml2;

import java.time.Period;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.ClassUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.CasSSLContext;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jBaseClientProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.support.pac4j.authentication.attributes.GroovyAttributeConverter;
import org.apereo.cas.support.pac4j.authentication.clients.ConfigurableDelegatedClient;
import org.apereo.cas.support.pac4j.authentication.clients.ConfigurableDelegatedClientBuilder;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.scripting.ExecutableCompiledScriptFactory;
import org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver;
import org.pac4j.core.client.BaseClient;
import org.pac4j.core.profile.converter.AttributeConverter;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.config.SAML2Configuration;
import org.pac4j.saml.metadata.DefaultSAML2MetadataSigner;
import org.pac4j.saml.metadata.SAML2ServiceProviderRequestedAttribute;
import org.pac4j.saml.store.EmptyStoreFactory;
import org.pac4j.saml.store.HttpSessionStoreFactory;
import org.pac4j.saml.store.SAMLMessageStoreFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.core.io.AbstractResource;

/* loaded from: input_file:org/apereo/cas/web/saml2/DelegatedClientSaml2Builder.class */
public class DelegatedClientSaml2Builder implements ConfigurableDelegatedClientBuilder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DelegatedClientSaml2Builder.class);
    private final CasSSLContext casSslContext;
    private final ObjectProvider<SAMLMessageStoreFactory> samlMessageStoreFactory;

    public List<ConfigurableDelegatedClient> build(CasConfigurationProperties casConfigurationProperties) {
        return buildSaml2IdentityProviders(casConfigurationProperties);
    }

    protected List<ConfigurableDelegatedClient> buildSaml2IdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationProperties pac4j = casConfigurationProperties.getAuthn().getPac4j();
        Optional findExecutableCompiledScriptFactory = ExecutableCompiledScriptFactory.findExecutableCompiledScriptFactory();
        return (List) pac4j.getSaml().stream().filter(pac4jSamlClientProperties -> {
            return pac4jSamlClientProperties.isEnabled() && StringUtils.isNotBlank(pac4jSamlClientProperties.getMetadata().getIdentityProviderMetadataPath()) && StringUtils.isNotBlank(pac4jSamlClientProperties.getServiceProviderEntityId());
        }).map(pac4jSamlClientProperties2 -> {
            String resolve = SpringExpressionLanguageValueResolver.getInstance().resolve((String) StringUtils.defaultIfBlank(pac4jSamlClientProperties2.getKeystorePath(), Beans.getTempFilePath("samlSpKeystore", ".jks")));
            String resolve2 = SpringExpressionLanguageValueResolver.getInstance().resolve(pac4jSamlClientProperties2.getMetadata().getIdentityProviderMetadataPath());
            LOGGER.debug("Creating SAML2 identity provider [{}] with identity provider metadata [{}]", pac4jSamlClientProperties2.getClientName(), resolve2);
            SAML2Configuration sAML2Configuration = new SAML2Configuration(resolve, pac4jSamlClientProperties2.getKeystorePassword(), pac4jSamlClientProperties2.getPrivateKeyPassword(), resolve2);
            sAML2Configuration.setForceKeystoreGeneration(pac4jSamlClientProperties2.isForceKeystoreGeneration());
            FunctionUtils.doIf(pac4jSamlClientProperties2.getCertificateExpirationDays() > 0, obj -> {
                sAML2Configuration.setCertificateExpirationPeriod(Period.ofDays(pac4jSamlClientProperties2.getCertificateExpirationDays()));
            }).accept(pac4jSamlClientProperties2);
            String responseBindingType = pac4jSamlClientProperties2.getResponseBindingType();
            Objects.requireNonNull(sAML2Configuration);
            FunctionUtils.doIfNotNull(responseBindingType, sAML2Configuration::setResponseBindingType);
            String certificateSignatureAlg = pac4jSamlClientProperties2.getCertificateSignatureAlg();
            Objects.requireNonNull(sAML2Configuration);
            FunctionUtils.doIfNotNull(certificateSignatureAlg, sAML2Configuration::setCertificateSignatureAlg);
            sAML2Configuration.setPartialLogoutTreatedAsSuccess(pac4jSamlClientProperties2.isPartialLogoutAsSuccess());
            sAML2Configuration.setResponseDestinationAttributeMandatory(pac4jSamlClientProperties2.isResponseDestinationMandatory());
            sAML2Configuration.setSupportedProtocols(pac4jSamlClientProperties2.getSupportedProtocols());
            FunctionUtils.doIfNotBlank(pac4jSamlClientProperties2.getRequestInitiatorUrl(), str -> {
                sAML2Configuration.setRequestInitiatorUrl(pac4jSamlClientProperties2.getRequestInitiatorUrl());
            });
            FunctionUtils.doIfNotBlank(pac4jSamlClientProperties2.getSingleLogoutServiceUrl(), str2 -> {
                sAML2Configuration.setSingleSignOutServiceUrl(pac4jSamlClientProperties2.getSingleLogoutServiceUrl());
            });
            FunctionUtils.doIfNotBlank(pac4jSamlClientProperties2.getLogoutResponseBindingType(), str3 -> {
                sAML2Configuration.setSpLogoutResponseBindingType(pac4jSamlClientProperties2.getLogoutResponseBindingType());
            });
            sAML2Configuration.setCertificateNameToAppend((String) StringUtils.defaultIfBlank(pac4jSamlClientProperties2.getCertificateNameToAppend(), pac4jSamlClientProperties2.getClientName()));
            sAML2Configuration.setMaximumAuthenticationLifetime(Beans.newDuration(pac4jSamlClientProperties2.getMaximumAuthenticationLifetime()).toSeconds());
            String resolve3 = SpringExpressionLanguageValueResolver.getInstance().resolve(pac4jSamlClientProperties2.getServiceProviderEntityId());
            sAML2Configuration.setServiceProviderEntityId(resolve3);
            FunctionUtils.doIfNotNull((String) StringUtils.defaultIfBlank(pac4jSamlClientProperties2.getMetadata().getServiceProvider().getFileSystem().getLocation(), Beans.getTempFilePath("samlSpMetadata", ".xml")), str4 -> {
                AbstractResource rawResourceFrom = ResourceUtils.getRawResourceFrom(str4);
                LOGGER.debug("Service provider metadata is located at [{}] with entity id [{}]", rawResourceFrom, resolve3);
                sAML2Configuration.setServiceProviderMetadataResource(rawResourceFrom);
            });
            sAML2Configuration.setAuthnRequestBindingType(pac4jSamlClientProperties2.getDestinationBinding());
            sAML2Configuration.setSpLogoutRequestBindingType(pac4jSamlClientProperties2.getLogoutRequestBinding());
            sAML2Configuration.setForceAuth(pac4jSamlClientProperties2.isForceAuth());
            sAML2Configuration.setPassive(pac4jSamlClientProperties2.isPassive());
            sAML2Configuration.setSignMetadata(pac4jSamlClientProperties2.isSignServiceProviderMetadata());
            sAML2Configuration.setMetadataSigner(new DefaultSAML2MetadataSigner(sAML2Configuration));
            sAML2Configuration.setAuthnRequestSigned(pac4jSamlClientProperties2.isSignAuthnRequest());
            sAML2Configuration.setSpLogoutRequestSigned(pac4jSamlClientProperties2.isSignServiceProviderLogoutRequest());
            sAML2Configuration.setAcceptedSkew(Beans.newDuration(pac4jSamlClientProperties2.getAcceptedSkew()).toSeconds());
            sAML2Configuration.setSslSocketFactory(this.casSslContext.getSslContext().getSocketFactory());
            sAML2Configuration.setHostnameVerifier(this.casSslContext.getHostnameVerifier());
            FunctionUtils.doIfNotBlank(pac4jSamlClientProperties2.getPrincipalIdAttribute(), str5 -> {
                sAML2Configuration.setAttributeAsId(pac4jSamlClientProperties2.getPrincipalIdAttribute());
            });
            FunctionUtils.doIfNotBlank(pac4jSamlClientProperties2.getNameIdAttribute(), str6 -> {
                sAML2Configuration.setNameIdAttribute(pac4jSamlClientProperties2.getNameIdAttribute());
            });
            sAML2Configuration.setWantsAssertionsSigned(pac4jSamlClientProperties2.isWantsAssertionsSigned());
            sAML2Configuration.setWantsResponsesSigned(pac4jSamlClientProperties2.isWantsResponsesSigned());
            sAML2Configuration.setAllSignatureValidationDisabled(pac4jSamlClientProperties2.isAllSignatureValidationDisabled());
            sAML2Configuration.setUseNameQualifier(pac4jSamlClientProperties2.isUseNameQualifier());
            sAML2Configuration.setAttributeConsumingServiceIndex(pac4jSamlClientProperties2.getAttributeConsumingServiceIndex());
            Optional ofNullable = Optional.ofNullable((SAMLMessageStoreFactory) this.samlMessageStoreFactory.getIfAvailable());
            Objects.requireNonNull(sAML2Configuration);
            ofNullable.ifPresentOrElse(sAML2Configuration::setSamlMessageStoreFactory, () -> {
                FunctionUtils.doIf("EMPTY".equalsIgnoreCase(pac4jSamlClientProperties2.getMessageStoreFactory()), obj2 -> {
                    sAML2Configuration.setSamlMessageStoreFactory(new EmptyStoreFactory());
                }).accept(pac4jSamlClientProperties2);
                FunctionUtils.doIf("SESSION".equalsIgnoreCase(pac4jSamlClientProperties2.getMessageStoreFactory()), obj3 -> {
                    sAML2Configuration.setSamlMessageStoreFactory(new HttpSessionStoreFactory());
                }).accept(pac4jSamlClientProperties2);
                if (pac4jSamlClientProperties2.getMessageStoreFactory().contains(".")) {
                    FunctionUtils.doAndHandle(obj4 -> {
                        sAML2Configuration.setSamlMessageStoreFactory((SAMLMessageStoreFactory) ClassUtils.getClass(getClass().getClassLoader(), pac4jSamlClientProperties2.getMessageStoreFactory()).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]));
                    });
                }
            });
            FunctionUtils.doIf(pac4jSamlClientProperties2.getAssertionConsumerServiceIndex() >= 0, obj2 -> {
                sAML2Configuration.setAssertionConsumerServiceIndex(pac4jSamlClientProperties2.getAssertionConsumerServiceIndex());
            }).accept(pac4jSamlClientProperties2);
            if (!pac4jSamlClientProperties2.getAuthnContextClassRef().isEmpty()) {
                sAML2Configuration.setComparisonType(pac4jSamlClientProperties2.getAuthnContextComparisonType().toUpperCase(Locale.ENGLISH));
                sAML2Configuration.setAuthnContextClassRefs(pac4jSamlClientProperties2.getAuthnContextClassRef());
            }
            FunctionUtils.doIfNotBlank(pac4jSamlClientProperties2.getNameIdPolicyFormat(), str7 -> {
                sAML2Configuration.setNameIdPolicyFormat(pac4jSamlClientProperties2.getNameIdPolicyFormat());
            });
            if (!pac4jSamlClientProperties2.getRequestedAttributes().isEmpty()) {
                pac4jSamlClientProperties2.getRequestedAttributes().stream().map(pac4jSamlServiceProviderRequestedAttribute -> {
                    return new SAML2ServiceProviderRequestedAttribute(pac4jSamlServiceProviderRequestedAttribute.getName(), pac4jSamlServiceProviderRequestedAttribute.getFriendlyName(), pac4jSamlServiceProviderRequestedAttribute.getNameFormat(), pac4jSamlServiceProviderRequestedAttribute.isRequired());
                }).forEach(sAML2ServiceProviderRequestedAttribute -> {
                    sAML2Configuration.getRequestedServiceProviderAttributes().add(sAML2ServiceProviderRequestedAttribute);
                });
            }
            if (!pac4jSamlClientProperties2.getBlockedSignatureSigningAlgorithms().isEmpty()) {
                sAML2Configuration.setBlackListedSignatureSigningAlgorithms(pac4jSamlClientProperties2.getBlockedSignatureSigningAlgorithms());
            }
            if (!pac4jSamlClientProperties2.getSignatureAlgorithms().isEmpty()) {
                sAML2Configuration.setSignatureAlgorithms(pac4jSamlClientProperties2.getSignatureAlgorithms());
            }
            if (!pac4jSamlClientProperties2.getSignatureReferenceDigestMethods().isEmpty()) {
                sAML2Configuration.setSignatureReferenceDigestMethods(pac4jSamlClientProperties2.getSignatureReferenceDigestMethods());
            }
            FunctionUtils.doIfNotBlank(pac4jSamlClientProperties2.getSignatureCanonicalizationAlgorithm(), str8 -> {
                sAML2Configuration.setSignatureCanonicalizationAlgorithm(pac4jSamlClientProperties2.getSignatureCanonicalizationAlgorithm());
            });
            sAML2Configuration.setProviderName(pac4jSamlClientProperties2.getProviderName());
            sAML2Configuration.setNameIdPolicyAllowCreate(pac4jSamlClientProperties2.getNameIdPolicyAllowCreate().toBoolean());
            if (StringUtils.isNotBlank(pac4jSamlClientProperties2.getSaml2AttributeConverter())) {
                if (findExecutableCompiledScriptFactory.isPresent() && ((ExecutableCompiledScriptFactory) findExecutableCompiledScriptFactory.get()).isExternalScript(pac4jSamlClientProperties2.getSaml2AttributeConverter())) {
                    FunctionUtils.doAndHandle(obj3 -> {
                        sAML2Configuration.setSamlAttributeConverter(new GroovyAttributeConverter(((ExecutableCompiledScriptFactory) findExecutableCompiledScriptFactory.get()).fromResource(ResourceUtils.getResourceFrom(pac4jSamlClientProperties2.getSaml2AttributeConverter()))));
                    });
                } else {
                    FunctionUtils.doAndHandle(obj4 -> {
                        sAML2Configuration.setSamlAttributeConverter((AttributeConverter) ClassUtils.getClass(getClass().getClassLoader(), pac4jSamlClientProperties2.getSaml2AttributeConverter()).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]));
                    });
                }
            }
            List mappedAttributes = pac4jSamlClientProperties2.getMappedAttributes();
            if (!mappedAttributes.isEmpty()) {
                sAML2Configuration.setMappedAttributes(CollectionUtils.convertDirectedListToMap(mappedAttributes));
            }
            SAML2Client sAML2Client = new SAML2Client(sAML2Configuration);
            LOGGER.debug("Created SAML2 delegated client [{}]", sAML2Client);
            return new ConfigurableDelegatedClient(sAML2Client, pac4jSamlClientProperties2);
        }).collect(Collectors.toList());
    }

    public BaseClient configure(BaseClient baseClient, Pac4jBaseClientProperties pac4jBaseClientProperties, CasConfigurationProperties casConfigurationProperties) {
        if (baseClient instanceof SAML2Client) {
            SAML2Client sAML2Client = (SAML2Client) baseClient;
            if (sAML2Client.isInitialized()) {
                sAML2Client.getIdentityProviderMetadataResolver().resolve(true);
            }
        }
        return baseClient;
    }

    @Generated
    public DelegatedClientSaml2Builder(CasSSLContext casSSLContext, ObjectProvider<SAMLMessageStoreFactory> objectProvider) {
        this.casSslContext = casSSLContext;
        this.samlMessageStoreFactory = objectProvider;
    }
}
