package org.apereo.cas.config;

import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.CasSSLContext;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.logout.slo.SingleLogoutRequestExecutor;
import org.apereo.cas.pac4j.client.DelegatedIdentityProviders;
import org.apereo.cas.support.pac4j.authentication.clients.ConfigurableDelegatedClientBuilder;
import org.apereo.cas.support.pac4j.authentication.clients.DelegatedClientSessionManager;
import org.apereo.cas.support.pac4j.authentication.clients.DelegatedClientsEndpointContributor;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.CasWebSecurityConfigurer;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.DelegatedAuthenticationSaml2WebflowConfigurer;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext;
import org.apereo.cas.web.flow.actions.ConsumerExecutionAction;
import org.apereo.cas.web.flow.actions.WebflowActionBeanSupplier;
import org.apereo.cas.web.flow.actions.logout.DelegatedSaml2ClientFinishLogoutAction;
import org.apereo.cas.web.flow.actions.logout.DelegatedSaml2ClientLogoutAction;
import org.apereo.cas.web.flow.actions.logout.DelegatedSaml2ClientTerminateSessionAction;
import org.apereo.cas.web.saml2.DelegatedClientSaml2Builder;
import org.apereo.cas.web.saml2.DelegatedClientSaml2SessionManager;
import org.apereo.cas.web.saml2.DelegatedClientsSaml2EndpointContributor;
import org.apereo.cas.web.saml2.DelegatedSaml2ClientMetadataController;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.saml.store.SAMLMessageStoreFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "DelegatedAuthenticationSaml2Configuration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.DelegatedAuthentication}, module = "saml")
/* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationSaml2Configuration.class */
class DelegatedAuthenticationSaml2Configuration {

    @Configuration(value = "DelegatedAuthenticationSAMLWebConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationSaml2Configuration$DelegatedAuthenticationSAMLWebConfiguration.class */
    static class DelegatedAuthenticationSAMLWebConfiguration {
        DelegatedAuthenticationSAMLWebConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"delegatedSaml2ClientTerminateSessionAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedSaml2ClientTerminateSessionAction(@Qualifier("delegatedIdentityProviders") DelegatedIdentityProviders delegatedIdentityProviders, @Qualifier("delegatedClientDistributedSessionStore") SessionStore sessionStore, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return (Action) BeanSupplier.of(Action.class).when(BeanCondition.on("cas.slo.disabled").isFalse().evenIfMissing().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                    return new DelegatedSaml2ClientTerminateSessionAction(delegatedIdentityProviders, sessionStore);
                }).withId("delegatedSaml2ClientTerminateSessionAction").build().get();
            }).otherwise(() -> {
                return ConsumerExecutionAction.NONE;
            }).get();
        }

        @ConditionalOnMissingBean(name = {"delegatedSaml2ClientLogoutAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedSaml2ClientLogoutAction(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("defaultSingleLogoutRequestExecutor") SingleLogoutRequestExecutor singleLogoutRequestExecutor) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new DelegatedSaml2ClientLogoutAction(ticketRegistry, singleLogoutRequestExecutor);
            }).withId("delegatedSaml2ClientLogoutAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationSaml2ClientFinishLogoutAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationSaml2ClientFinishLogoutAction(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("delegatedIdentityProviders") DelegatedIdentityProviders delegatedIdentityProviders, @Qualifier("delegatedClientDistributedSessionStore") SessionStore sessionStore) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new DelegatedSaml2ClientFinishLogoutAction(delegatedIdentityProviders, sessionStore);
            }).withId("delegatedAuthenticationSaml2ClientFinishLogoutAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationSaml2WebflowConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowConfigurer delegatedAuthenticationSaml2WebflowConfigurer(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices, @Qualifier("logoutFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry2) {
            return new DelegatedAuthenticationSaml2WebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, flowDefinitionRegistry2, configurableApplicationContext, casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationSaml2WebflowExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowExecutionPlanConfigurer delegatedAuthenticationSaml2WebflowExecutionPlanConfigurer(@Qualifier("delegatedAuthenticationSaml2WebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer, ConfigurableApplicationContext configurableApplicationContext) {
            return (CasWebflowExecutionPlanConfigurer) BeanSupplier.of(CasWebflowExecutionPlanConfigurer.class).alwaysMatch().supply(() -> {
                return casWebflowExecutionPlan -> {
                    casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
                };
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"delegatedClientSaml2EndpointConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebSecurityConfigurer<Void> delegatedClientSaml2EndpointConfigurer() {
            return new CasWebSecurityConfigurer<Void>(this) { // from class: org.apereo.cas.config.DelegatedAuthenticationSaml2Configuration.DelegatedAuthenticationSAMLWebConfiguration.1
                public List<String> getIgnoredEndpoints() {
                    return List.of(StringUtils.prependIfMissing(DelegatedSaml2ClientMetadataController.BASE_ENDPOINT_SERVICE_PROVIDER, "/", new CharSequence[0]));
                }
            };
        }

        @ConditionalOnMissingBean(name = {"delegatedSaml2ClientMetadataController"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedSaml2ClientMetadataController delegatedSaml2ClientMetadataController(@Qualifier("delegatedIdentityProviders") DelegatedIdentityProviders delegatedIdentityProviders, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) {
            return new DelegatedSaml2ClientMetadataController(delegatedIdentityProviders, openSamlConfigBean);
        }

        @ConditionalOnMissingBean(name = {"delegatedClientsSaml2EndpointContributor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientsEndpointContributor delegatedClientsSaml2EndpointContributor() {
            return new DelegatedClientsSaml2EndpointContributor();
        }

        @ConditionalOnMissingBean(name = {"delegatedSaml2ClientBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ConfigurableDelegatedClientBuilder delegatedSaml2ClientBuilder(@Qualifier("delegatedSaml2ClientSAMLMessageStoreFactory") ObjectProvider<SAMLMessageStoreFactory> objectProvider, @Qualifier("casSslContext") CasSSLContext casSSLContext) {
            return new DelegatedClientSaml2Builder(casSSLContext, objectProvider);
        }

        @ConditionalOnMissingBean(name = {"delegatedClientSaml2SessionManager"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientSessionManager delegatedClientSaml2SessionManager(@Qualifier("delegatedClientAuthenticationConfigurationContext") ObjectProvider<DelegatedClientAuthenticationConfigurationContext> objectProvider) {
            return new DelegatedClientSaml2SessionManager(objectProvider);
        }
    }

    DelegatedAuthenticationSaml2Configuration() {
    }
}
