package org.apereo.cas.web.flow.config;

import java.util.ArrayList;
import java.util.List;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.SpringResourceProperties;
import org.apereo.cas.pac4j.client.ChainingDelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.pac4j.client.DefaultDelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.pac4j.client.DelegatedClientAuthenticationRequestCustomizer;
import org.apereo.cas.pac4j.client.DelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.pac4j.client.GroovyDelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.util.scripting.WatchableGroovyScriptResource;
import org.apereo.cas.validation.DelegatedAuthenticationAccessStrategyHelper;
import org.apereo.cas.web.DefaultDelegatedAuthenticationNavigationController;
import org.apereo.cas.web.DefaultDelegatedClientAuthenticationWebflowManager;
import org.apereo.cas.web.DelegatedAuthenticationCookieGenerator;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer;
import org.apereo.cas.web.flow.DelegatedAuthenticationClientFinishLogoutAction;
import org.apereo.cas.web.flow.DelegatedAuthenticationClientLogoutAction;
import org.apereo.cas.web.flow.DelegatedAuthenticationClientRetryAction;
import org.apereo.cas.web.flow.DelegatedAuthenticationErrorViewResolver;
import org.apereo.cas.web.flow.DelegatedAuthenticationWebflowConfigurer;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationAction;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationWebflowManager;
import org.apereo.cas.web.flow.DelegatedClientIdentityProviderConfigurationProducer;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategy;
import org.apereo.cas.web.flow.configurer.CasMultifactorWebflowCustomizer;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.saml2.DelegatedSaml2ClientMetadataController;
import org.apereo.cas.web.support.ArgumentExtractor;
import org.apereo.cas.web.support.CookieUtils;
import org.pac4j.core.client.Clients;
import org.pac4j.core.context.session.SessionStore;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.web.servlet.error.ErrorViewResolver;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("delegatedAuthenticationWebflowConfiguration")
/* loaded from: input_file:org/apereo/cas/web/flow/config/DelegatedAuthenticationWebflowConfiguration.class */
public class DelegatedAuthenticationWebflowConfiguration {

    @Autowired
    @Qualifier("singleSignOnParticipationStrategy")
    private ObjectProvider<SingleSignOnParticipationStrategy> webflowSingleSignOnParticipationStrategy;

    @Autowired
    @Qualifier("defaultTicketFactory")
    private ObjectProvider<TicketFactory> ticketFactory;

    @Autowired
    @Qualifier("registeredServiceAccessStrategyEnforcer")
    private ObjectProvider<AuditableExecution> registeredServiceAccessStrategyEnforcer;

    @Autowired
    @Qualifier("authenticationServiceSelectionPlan")
    private ObjectProvider<AuthenticationServiceSelectionPlan> authenticationRequestServiceSelectionStrategies;

    @Autowired
    @Qualifier("registeredServiceDelegatedAuthenticationPolicyAuditableEnforcer")
    private ObjectProvider<AuditableExecution> delegatedAuthenticationPolicyAuditableEnforcer;

    @Autowired
    @Qualifier("builtClients")
    private ObjectProvider<Clients> builtClients;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("centralAuthenticationService")
    private ObjectProvider<CentralAuthenticationService> centralAuthenticationService;

    @Autowired
    @Qualifier("defaultAuthenticationSystemSupport")
    private ObjectProvider<AuthenticationSystemSupport> authenticationSystemSupport;

    @Autowired
    @Qualifier("shibboleth.OpenSAMLConfig")
    private ObjectProvider<OpenSamlConfigBean> configBean;

    @Autowired
    @Qualifier("loginFlowRegistry")
    private ObjectProvider<FlowDefinitionRegistry> loginFlowDefinitionRegistry;

    @Autowired
    private ObjectProvider<FlowBuilderServices> flowBuilderServices;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Autowired
    @Qualifier("delegatedClientDistributedSessionCookieGenerator")
    private ObjectProvider<CasCookieBuilder> delegatedClientDistributedSessionCookieGenerator;

    @Autowired
    @Qualifier("delegatedClientDistributedSessionStore")
    private ObjectProvider<SessionStore> delegatedClientDistributedSessionStore;

    @Autowired
    @Qualifier("argumentExtractor")
    private ObjectProvider<ArgumentExtractor> argumentExtractor;

    @Autowired
    @Qualifier("adaptiveAuthenticationPolicy")
    private ObjectProvider<AdaptiveAuthenticationPolicy> adaptiveAuthenticationPolicy;

    @Autowired
    @Qualifier("serviceTicketRequestWebflowEventResolver")
    private ObjectProvider<CasWebflowEventResolver> serviceTicketRequestWebflowEventResolver;

    @Autowired
    @Qualifier("initialAuthenticationAttemptWebflowEventResolver")
    private ObjectProvider<CasDelegatingWebflowEventResolver> initialAuthenticationAttemptWebflowEventResolver;

    @Autowired
    @Qualifier("logoutFlowRegistry")
    private ObjectProvider<FlowDefinitionRegistry> logoutFlowDefinitionRegistry;

    @Autowired
    @Qualifier("conventionErrorViewResolver")
    private ObjectProvider<ErrorViewResolver> conventionErrorViewResolver;

    @ConditionalOnMissingBean(name = {"pac4jErrorViewResolver"})
    @RefreshScope
    @Bean
    public ErrorViewResolver pac4jErrorViewResolver() {
        return new DelegatedAuthenticationErrorViewResolver((ErrorViewResolver) this.conventionErrorViewResolver.getObject());
    }

    @ConditionalOnMissingBean(name = {"delegatedAuthenticationClientLogoutAction"})
    @RefreshScope
    @Bean
    public Action delegatedAuthenticationClientLogoutAction() {
        return new DelegatedAuthenticationClientLogoutAction((Clients) this.builtClients.getObject(), (SessionStore) this.delegatedClientDistributedSessionStore.getObject());
    }

    @ConditionalOnMissingBean(name = {"delegatedAuthenticationClientFinishLogoutAction"})
    @RefreshScope
    @Bean
    public Action delegatedAuthenticationClientFinishLogoutAction() {
        return new DelegatedAuthenticationClientFinishLogoutAction((Clients) this.builtClients.getObject(), (SessionStore) this.delegatedClientDistributedSessionStore.getObject());
    }

    @ConditionalOnMissingBean(name = {"delegatedAuthenticationClientRetryAction"})
    @RefreshScope
    @Bean
    public Action delegatedAuthenticationClientRetryAction() {
        return new DelegatedAuthenticationClientRetryAction((Clients) this.builtClients.getObject(), delegatedClientIdentityProviderConfigurationProducer());
    }

    @ConditionalOnMissingBean(name = {"delegatedAuthenticationAction"})
    @RefreshScope
    @Bean
    public Action delegatedAuthenticationAction() {
        return new DelegatedClientAuthenticationAction(delegatedClientAuthenticationConfigurationContext());
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext$DelegatedClientAuthenticationConfigurationContextBuilder] */
    @ConditionalOnMissingBean(name = {DelegatedClientAuthenticationConfigurationContext.DEFAULT_BEAN_NAME})
    @RefreshScope
    @Bean
    public DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext() {
        return DelegatedClientAuthenticationConfigurationContext.builder().initialAuthenticationAttemptWebflowEventResolver((CasDelegatingWebflowEventResolver) this.initialAuthenticationAttemptWebflowEventResolver.getObject()).serviceTicketRequestWebflowEventResolver((CasWebflowEventResolver) this.serviceTicketRequestWebflowEventResolver.getObject()).adaptiveAuthenticationPolicy((AdaptiveAuthenticationPolicy) this.adaptiveAuthenticationPolicy.getObject()).clients((Clients) this.builtClients.getObject()).servicesManager((ServicesManager) this.servicesManager.getObject()).delegatedAuthenticationPolicyEnforcer((AuditableExecution) this.delegatedAuthenticationPolicyAuditableEnforcer.getObject()).delegatedClientAuthenticationWebflowManager(delegatedClientWebflowManager()).authenticationSystemSupport((AuthenticationSystemSupport) this.authenticationSystemSupport.getObject()).casProperties(this.casProperties).centralAuthenticationService((CentralAuthenticationService) this.centralAuthenticationService.getObject()).authenticationRequestServiceSelectionStrategies((AuthenticationServiceSelectionPlan) this.authenticationRequestServiceSelectionStrategies.getObject()).singleSignOnParticipationStrategy((SingleSignOnParticipationStrategy) this.webflowSingleSignOnParticipationStrategy.getObject()).sessionStore((SessionStore) this.delegatedClientDistributedSessionStore.getObject()).argumentExtractor((ArgumentExtractor) this.argumentExtractor.getObject()).ticketFactory((TicketFactory) this.ticketFactory.getObject()).delegatedClientIdentityProvidersProducer(delegatedClientIdentityProviderConfigurationProducer()).delegatedClientCookieGenerator(delegatedAuthenticationCookieGenerator()).delegatedClientDistributedSessionCookieGenerator((CasCookieBuilder) this.delegatedClientDistributedSessionCookieGenerator.getObject()).registeredServiceAccessStrategyEnforcer((AuditableExecution) this.registeredServiceAccessStrategyEnforcer.getObject()).delegatedClientAuthenticationRequestCustomizers(delegatedClientAuthenticationRequestCustomizers()).delegatedAuthenticationAccessStrategyHelper(getDelegatedAuthenticationAccessStrategyHelper()).build();
    }

    @ConditionalOnMissingBean(name = {"delegatedClientAuthenticationRequestCustomizers"})
    @RefreshScope
    @Bean
    public List<DelegatedClientAuthenticationRequestCustomizer> delegatedClientAuthenticationRequestCustomizers() {
        return new ArrayList(this.applicationContext.getBeansOfType(DelegatedClientAuthenticationRequestCustomizer.class, false, true).values());
    }

    @ConditionalOnMissingBean(name = {"delegatedAuthenticationWebflowConfigurer"})
    @DependsOn({"defaultWebflowConfigurer", "defaultLogoutWebflowConfigurer"})
    @Bean
    public CasWebflowConfigurer delegatedAuthenticationWebflowConfigurer() {
        return new DelegatedAuthenticationWebflowConfigurer((FlowBuilderServices) this.flowBuilderServices.getObject(), (FlowDefinitionRegistry) this.loginFlowDefinitionRegistry.getObject(), (FlowDefinitionRegistry) this.logoutFlowDefinitionRegistry.getObject(), this.applicationContext, this.casProperties);
    }

    @ConditionalOnMissingBean(name = {DelegatedClientAuthenticationWebflowManager.DEFAULT_BEAN_NAME})
    @RefreshScope
    @Bean
    public DelegatedClientAuthenticationWebflowManager delegatedClientWebflowManager() {
        return new DefaultDelegatedClientAuthenticationWebflowManager(delegatedClientAuthenticationConfigurationContext());
    }

    @Bean
    public DelegatedSaml2ClientMetadataController delegatedSaml2ClientMetadataController() {
        return new DelegatedSaml2ClientMetadataController((Clients) this.builtClients.getObject(), (OpenSamlConfigBean) this.configBean.getObject());
    }

    @ConditionalOnMissingBean(name = {"delegatedClientNavigationController"})
    @Bean
    public DefaultDelegatedAuthenticationNavigationController delegatedClientNavigationController() {
        return new DefaultDelegatedAuthenticationNavigationController(delegatedClientAuthenticationConfigurationContext());
    }

    @ConditionalOnMissingBean(name = {"delegatedCasWebflowExecutionPlanConfigurer"})
    @Bean
    public CasWebflowExecutionPlanConfigurer delegatedCasWebflowExecutionPlanConfigurer() {
        return casWebflowExecutionPlan -> {
            casWebflowExecutionPlan.registerWebflowConfigurer(delegatedAuthenticationWebflowConfigurer());
        };
    }

    @ConditionalOnMissingBean(name = {"delegatedAuthenticationCasMultifactorWebflowCustomizer"})
    @Bean
    public CasMultifactorWebflowCustomizer delegatedAuthenticationCasMultifactorWebflowCustomizer() {
        return () -> {
            return List.of("delegatedAuthentication");
        };
    }

    @ConditionalOnMissingBean(name = {"delegatedClientIdentityProviderConfigurationProducer"})
    @RefreshScope
    @Bean
    public DelegatedClientIdentityProviderConfigurationProducer delegatedClientIdentityProviderConfigurationProducer() {
        return new DefaultDelegatedClientIdentityProviderConfigurationProducer((AuthenticationServiceSelectionPlan) this.authenticationRequestServiceSelectionStrategies.getObject(), (Clients) this.builtClients.getObject(), getDelegatedAuthenticationAccessStrategyHelper(), this.casProperties, delegatedClientAuthenticationRequestCustomizers(), delegatedClientIdentityProviderRedirectionStrategy());
    }

    @ConditionalOnMissingBean(name = {"delegatedClientIdentityProviderRedirectionStrategy"})
    @RefreshScope
    @Bean
    public DelegatedClientIdentityProviderRedirectionStrategy delegatedClientIdentityProviderRedirectionStrategy() {
        ChainingDelegatedClientIdentityProviderRedirectionStrategy chainingDelegatedClientIdentityProviderRedirectionStrategy = new ChainingDelegatedClientIdentityProviderRedirectionStrategy();
        SpringResourceProperties groovyRedirectionStrategy = this.casProperties.getAuthn().getPac4j().getCore().getGroovyRedirectionStrategy();
        if (groovyRedirectionStrategy.getLocation() != null) {
            chainingDelegatedClientIdentityProviderRedirectionStrategy.addStrategy(new GroovyDelegatedClientIdentityProviderRedirectionStrategy((ServicesManager) this.servicesManager.getObject(), new WatchableGroovyScriptResource(groovyRedirectionStrategy.getLocation())));
        }
        chainingDelegatedClientIdentityProviderRedirectionStrategy.addStrategy(new DefaultDelegatedClientIdentityProviderRedirectionStrategy((ServicesManager) this.servicesManager.getObject(), delegatedAuthenticationCookieGenerator(), this.casProperties));
        return chainingDelegatedClientIdentityProviderRedirectionStrategy;
    }

    @ConditionalOnMissingBean(name = {"delegatedAuthenticationCookieGenerator"})
    @RefreshScope
    @Bean
    public CasCookieBuilder delegatedAuthenticationCookieGenerator() {
        return new DelegatedAuthenticationCookieGenerator(CookieUtils.buildCookieGenerationContext(this.casProperties.getAuthn().getPac4j().getCookie()));
    }

    private DelegatedAuthenticationAccessStrategyHelper getDelegatedAuthenticationAccessStrategyHelper() {
        return new DelegatedAuthenticationAccessStrategyHelper((ServicesManager) this.servicesManager.getObject(), (AuditableExecution) this.delegatedAuthenticationPolicyAuditableEnforcer.getObject());
    }
}
