package org.apereo.cas.web.flow.config;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Optional;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.SpringResourceProperties;
import org.apereo.cas.pac4j.client.ChainingDelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.pac4j.client.DefaultDelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.pac4j.client.DelegatedClientAuthenticationRequestCustomizer;
import org.apereo.cas.pac4j.client.DelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.pac4j.client.GroovyDelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.util.scripting.WatchableGroovyScriptResource;
import org.apereo.cas.validation.DelegatedAuthenticationAccessStrategyHelper;
import org.apereo.cas.web.DefaultDelegatedAuthenticationNavigationController;
import org.apereo.cas.web.DefaultDelegatedClientAuthenticationWebflowManager;
import org.apereo.cas.web.DelegatedAuthenticationCookieGenerator;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer;
import org.apereo.cas.web.flow.DelegatedAuthenticationClientFinishLogoutAction;
import org.apereo.cas.web.flow.DelegatedAuthenticationClientLogoutAction;
import org.apereo.cas.web.flow.DelegatedAuthenticationClientRetryAction;
import org.apereo.cas.web.flow.DelegatedAuthenticationErrorViewResolver;
import org.apereo.cas.web.flow.DelegatedAuthenticationWebflowConfigurer;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationAction;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationWebflowManager;
import org.apereo.cas.web.flow.DelegatedClientIdentityProviderConfigurationGroovyPostProcessor;
import org.apereo.cas.web.flow.DelegatedClientIdentityProviderConfigurationPostProcessor;
import org.apereo.cas.web.flow.DelegatedClientIdentityProviderConfigurationProducer;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategy;
import org.apereo.cas.web.flow.actions.ConsumerExecutionAction;
import org.apereo.cas.web.flow.configurer.CasMultifactorWebflowCustomizer;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.saml2.DelegatedSaml2ClientMetadataController;
import org.apereo.cas.web.support.ArgumentExtractor;
import org.apereo.cas.web.support.CookieUtils;
import org.pac4j.core.client.Clients;
import org.pac4j.core.context.session.SessionStore;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.web.WebProperties;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcProperties;
import org.springframework.boot.autoconfigure.web.servlet.error.ErrorViewResolver;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.core.io.Resource;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "DelegatedAuthenticationWebflowConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:org/apereo/cas/web/flow/config/DelegatedAuthenticationWebflowConfiguration.class */
public class DelegatedAuthenticationWebflowConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowActionsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/web/flow/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowActionsConfiguration.class */
    public static class DelegatedAuthenticationWebflowActionsConfiguration {
        @ConditionalOnMissingBean(name = {"delegatedAuthenticationClientLogoutAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationClientLogoutAction(CasConfigurationProperties casConfigurationProperties, @Qualifier("builtClients") Clients clients, @Qualifier("delegatedClientDistributedSessionStore") SessionStore sessionStore) {
            return casConfigurationProperties.getSlo().isDisabled() ? ConsumerExecutionAction.NONE : new DelegatedAuthenticationClientLogoutAction(clients, sessionStore);
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationClientFinishLogoutAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationClientFinishLogoutAction(@Qualifier("builtClients") Clients clients, @Qualifier("delegatedClientDistributedSessionStore") SessionStore sessionStore) {
            return new DelegatedAuthenticationClientFinishLogoutAction(clients, sessionStore);
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationClientRetryAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationClientRetryAction(@Qualifier("delegatedClientIdentityProviderConfigurationProducer") DelegatedClientIdentityProviderConfigurationProducer delegatedClientIdentityProviderConfigurationProducer, @Qualifier("builtClients") Clients clients) {
            return new DelegatedAuthenticationClientRetryAction(clients, delegatedClientIdentityProviderConfigurationProducer);
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationAction(@Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext, @Qualifier("delegatedClientWebflowManager") DelegatedClientAuthenticationWebflowManager delegatedClientAuthenticationWebflowManager) {
            return new DelegatedClientAuthenticationAction(delegatedClientAuthenticationConfigurationContext, delegatedClientAuthenticationWebflowManager);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowClientConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/web/flow/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowClientConfiguration.class */
    public static class DelegatedAuthenticationWebflowClientConfiguration {
        @ConditionalOnMissingBean(name = {"delegatedClientIdentityProviderConfigurationPostProcessor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientIdentityProviderConfigurationPostProcessor delegatedClientIdentityProviderConfigurationPostProcessor(CasConfigurationProperties casConfigurationProperties) {
            Resource location = casConfigurationProperties.getAuthn().getPac4j().getCore().getGroovyProviderPostProcessor().getLocation();
            return location == null ? DelegatedClientIdentityProviderConfigurationPostProcessor.noOp() : new DelegatedClientIdentityProviderConfigurationGroovyPostProcessor(new WatchableGroovyScriptResource(location));
        }

        @ConditionalOnMissingBean(name = {"delegatedClientIdentityProviderConfigurationProducer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientIdentityProviderConfigurationProducer delegatedClientIdentityProviderConfigurationProducer(@Qualifier("registeredServiceDelegatedAuthenticationPolicyAuditableEnforcer") AuditableExecution auditableExecution, @Qualifier("servicesManager") ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties, @Qualifier("delegatedClientAuthenticationRequestCustomizers") ObjectProvider<List<DelegatedClientAuthenticationRequestCustomizer>> objectProvider, @Qualifier("delegatedClientIdentityProviderRedirectionStrategy") DelegatedClientIdentityProviderRedirectionStrategy delegatedClientIdentityProviderRedirectionStrategy, @Qualifier("authenticationServiceSelectionPlan") AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, @Qualifier("builtClients") Clients clients) {
            return new DefaultDelegatedClientIdentityProviderConfigurationProducer(authenticationServiceSelectionPlan, clients, DelegatedAuthenticationWebflowConfiguration.getDelegatedAuthenticationAccessStrategyHelper(servicesManager, auditableExecution), casConfigurationProperties, (List) Optional.ofNullable((List) objectProvider.getIfAvailable()).orElseGet(ArrayList::new), delegatedClientIdentityProviderRedirectionStrategy);
        }

        @ConditionalOnMissingBean(name = {"delegatedClientIdentityProviderRedirectionStrategy"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientIdentityProviderRedirectionStrategy delegatedClientIdentityProviderRedirectionStrategy(CasConfigurationProperties casConfigurationProperties, @Qualifier("delegatedAuthenticationCookieGenerator") CasCookieBuilder casCookieBuilder, @Qualifier("servicesManager") ServicesManager servicesManager) {
            ChainingDelegatedClientIdentityProviderRedirectionStrategy chainingDelegatedClientIdentityProviderRedirectionStrategy = new ChainingDelegatedClientIdentityProviderRedirectionStrategy();
            SpringResourceProperties groovyRedirectionStrategy = casConfigurationProperties.getAuthn().getPac4j().getCore().getGroovyRedirectionStrategy();
            if (groovyRedirectionStrategy.getLocation() != null) {
                chainingDelegatedClientIdentityProviderRedirectionStrategy.addStrategy(new GroovyDelegatedClientIdentityProviderRedirectionStrategy(servicesManager, new WatchableGroovyScriptResource(groovyRedirectionStrategy.getLocation())));
            }
            chainingDelegatedClientIdentityProviderRedirectionStrategy.addStrategy(new DefaultDelegatedClientIdentityProviderRedirectionStrategy(servicesManager, casCookieBuilder, casConfigurationProperties));
            return chainingDelegatedClientIdentityProviderRedirectionStrategy;
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationCookieGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasCookieBuilder delegatedAuthenticationCookieGenerator(CasConfigurationProperties casConfigurationProperties) {
            return new DelegatedAuthenticationCookieGenerator(CookieUtils.buildCookieGenerationContext(casConfigurationProperties.getAuthn().getPac4j().getCookie()));
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowContextConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/web/flow/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowContextConfiguration.class */
    public static class DelegatedAuthenticationWebflowContextConfiguration {
        /* JADX WARN: Type inference failed for: r0v9, types: [org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext$DelegatedClientAuthenticationConfigurationContextBuilder] */
        @ConditionalOnMissingBean(name = {DelegatedClientAuthenticationConfigurationContext.DEFAULT_BEAN_NAME})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext(@Qualifier("registeredServiceDelegatedAuthenticationPolicyAuditableEnforcer") AuditableExecution auditableExecution, @Qualifier("serviceTicketRequestWebflowEventResolver") CasWebflowEventResolver casWebflowEventResolver, @Qualifier("initialAuthenticationAttemptWebflowEventResolver") CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver, @Qualifier("adaptiveAuthenticationPolicy") AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy, CasConfigurationProperties casConfigurationProperties, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("builtClients") Clients clients, @Qualifier("delegatedClientIdentityProviderConfigurationProducer") DelegatedClientIdentityProviderConfigurationProducer delegatedClientIdentityProviderConfigurationProducer, @Qualifier("delegatedClientIdentityProviderConfigurationPostProcessor") DelegatedClientIdentityProviderConfigurationPostProcessor delegatedClientIdentityProviderConfigurationPostProcessor, @Qualifier("delegatedClientDistributedSessionCookieGenerator") CasCookieBuilder casCookieBuilder, @Qualifier("centralAuthenticationService") CentralAuthenticationService centralAuthenticationService, @Qualifier("defaultAuthenticationSystemSupport") AuthenticationSystemSupport authenticationSystemSupport, @Qualifier("argumentExtractor") ArgumentExtractor argumentExtractor, @Qualifier("delegatedClientDistributedSessionStore") SessionStore sessionStore, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution2, @Qualifier("singleSignOnParticipationStrategy") SingleSignOnParticipationStrategy singleSignOnParticipationStrategy, @Qualifier("authenticationServiceSelectionPlan") AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, @Qualifier("delegatedAuthenticationCookieGenerator") CasCookieBuilder casCookieBuilder2, @Qualifier("delegatedClientAuthenticationRequestCustomizers") ObjectProvider<List<DelegatedClientAuthenticationRequestCustomizer>> objectProvider) {
            return DelegatedClientAuthenticationConfigurationContext.builder().initialAuthenticationAttemptWebflowEventResolver(casDelegatingWebflowEventResolver).serviceTicketRequestWebflowEventResolver(casWebflowEventResolver).adaptiveAuthenticationPolicy(adaptiveAuthenticationPolicy).clients(clients).servicesManager(servicesManager).delegatedAuthenticationPolicyEnforcer(auditableExecution).authenticationSystemSupport(authenticationSystemSupport).casProperties(casConfigurationProperties).centralAuthenticationService(centralAuthenticationService).authenticationRequestServiceSelectionStrategies(authenticationServiceSelectionPlan).singleSignOnParticipationStrategy(singleSignOnParticipationStrategy).sessionStore(sessionStore).argumentExtractor(argumentExtractor).ticketFactory(ticketFactory).delegatedClientIdentityProvidersProducer(delegatedClientIdentityProviderConfigurationProducer).delegatedClientIdentityProviderConfigurationPostProcessor(delegatedClientIdentityProviderConfigurationPostProcessor).delegatedClientCookieGenerator(casCookieBuilder2).delegatedClientDistributedSessionCookieGenerator(casCookieBuilder).registeredServiceAccessStrategyEnforcer(auditableExecution2).delegatedClientAuthenticationRequestCustomizers((List) Optional.ofNullable((List) objectProvider.getIfAvailable()).orElseGet(ArrayList::new)).delegatedAuthenticationAccessStrategyHelper(DelegatedAuthenticationWebflowConfiguration.getDelegatedAuthenticationAccessStrategyHelper(servicesManager, auditableExecution)).build();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowEndpointsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/web/flow/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowEndpointsConfiguration.class */
    public static class DelegatedAuthenticationWebflowEndpointsConfiguration {
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedSaml2ClientMetadataController delegatedSaml2ClientMetadataController(@Qualifier("builtClients") Clients clients, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) {
            return new DelegatedSaml2ClientMetadataController(clients, openSamlConfigBean);
        }

        @ConditionalOnMissingBean(name = {"delegatedClientNavigationController"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DefaultDelegatedAuthenticationNavigationController delegatedClientNavigationController(@Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext, @Qualifier("delegatedClientWebflowManager") DelegatedClientAuthenticationWebflowManager delegatedClientAuthenticationWebflowManager) {
            return new DefaultDelegatedAuthenticationNavigationController(delegatedClientAuthenticationConfigurationContext, delegatedClientAuthenticationWebflowManager);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class, WebProperties.class, WebMvcProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowErrorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/web/flow/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowErrorConfiguration.class */
    public static class DelegatedAuthenticationWebflowErrorConfiguration {
        @ConditionalOnMissingBean(name = {"pac4jErrorViewResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ErrorViewResolver pac4jErrorViewResolver(WebProperties webProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return new DelegatedAuthenticationErrorViewResolver(configurableApplicationContext, webProperties.getResources());
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowExecutionPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/web/flow/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowExecutionPlanConfiguration.class */
    public static class DelegatedAuthenticationWebflowExecutionPlanConfiguration {
        @ConditionalOnMissingBean(name = {"delegatedCasWebflowExecutionPlanConfigurer"})
        @Bean
        public CasWebflowExecutionPlanConfigurer delegatedCasWebflowExecutionPlanConfigurer(@Qualifier("delegatedAuthenticationWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowManagementConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/web/flow/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowManagementConfiguration.class */
    public static class DelegatedAuthenticationWebflowManagementConfiguration {
        @ConditionalOnMissingBean(name = {DelegatedClientAuthenticationWebflowManager.DEFAULT_BEAN_NAME})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientAuthenticationWebflowManager delegatedClientWebflowManager(@Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext) {
            return new DefaultDelegatedClientAuthenticationWebflowManager(delegatedClientAuthenticationConfigurationContext);
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationCasMultifactorWebflowCustomizer"})
        @Bean
        public CasMultifactorWebflowCustomizer delegatedAuthenticationCasMultifactorWebflowCustomizer() {
            return new CasMultifactorWebflowCustomizer() { // from class: org.apereo.cas.web.flow.config.DelegatedAuthenticationWebflowConfiguration.DelegatedAuthenticationWebflowManagementConfiguration.1
                public Collection<String> getCandidateStatesForMultifactorAuthentication() {
                    return List.of("delegatedAuthentication");
                }
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/web/flow/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowPlanConfiguration.class */
    public static class DelegatedAuthenticationWebflowPlanConfiguration {
        @ConditionalOnMissingBean(name = {"delegatedAuthenticationWebflowConfigurer"})
        @Bean
        public CasWebflowConfigurer delegatedAuthenticationWebflowConfigurer(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices, @Qualifier("logoutFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry2) {
            return new DelegatedAuthenticationWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, flowDefinitionRegistry2, configurableApplicationContext, casConfigurationProperties);
        }
    }

    private static DelegatedAuthenticationAccessStrategyHelper getDelegatedAuthenticationAccessStrategyHelper(ServicesManager servicesManager, AuditableExecution auditableExecution) {
        return new DelegatedAuthenticationAccessStrategyHelper(servicesManager, auditableExecution);
    }
}
