package org.apereo.cas.support.pac4j.config.support.authentication;

import com.github.scribejava.core.model.Verb;
import com.nimbusds.jose.JWSAlgorithm;
import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.pac4j.authentication.ClientAuthenticationMetaDataPopulator;
import org.apereo.cas.support.pac4j.authentication.handler.support.ClientAuthenticationHandler;
import org.apereo.cas.support.pac4j.web.flow.SAML2ClientLogoutAction;
import org.pac4j.cas.client.CasClient;
import org.pac4j.cas.config.CasConfiguration;
import org.pac4j.core.client.BaseClient;
import org.pac4j.core.client.Clients;
import org.pac4j.oauth.client.BitbucketClient;
import org.pac4j.oauth.client.DropBoxClient;
import org.pac4j.oauth.client.FacebookClient;
import org.pac4j.oauth.client.FoursquareClient;
import org.pac4j.oauth.client.GenericOAuth20Client;
import org.pac4j.oauth.client.GitHubClient;
import org.pac4j.oauth.client.Google2Client;
import org.pac4j.oauth.client.LinkedIn2Client;
import org.pac4j.oauth.client.OrcidClient;
import org.pac4j.oauth.client.PayPalClient;
import org.pac4j.oauth.client.TwitterClient;
import org.pac4j.oauth.client.WindowsLiveClient;
import org.pac4j.oauth.client.WordPressClient;
import org.pac4j.oauth.client.YahooClient;
import org.pac4j.oidc.client.AzureAdClient;
import org.pac4j.oidc.client.GoogleOidcClient;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.client.SAML2ClientConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("pac4jAuthenticationEventExecutionPlanConfiguration")
/* loaded from: input_file:org/apereo/cas/support/pac4j/config/support/authentication/Pac4jAuthenticationEventExecutionPlanConfiguration.class */
public class Pac4jAuthenticationEventExecutionPlanConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger(Pac4jAuthenticationEventExecutionPlanConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("personDirectoryPrincipalResolver")
    private PrincipalResolver personDirectoryPrincipalResolver;

    private void configureGithubClient(Collection<BaseClient> collection) {
        Pac4jProperties.Github github = this.casProperties.getAuthn().getPac4j().getGithub();
        if (StringUtils.isNotBlank(github.getId()) && StringUtils.isNotBlank(github.getSecret())) {
            GitHubClient gitHubClient = new GitHubClient(github.getId(), github.getSecret());
            LOGGER.debug("Created client [{}] with identifier [{}]", gitHubClient.getName(), gitHubClient.getKey());
            collection.add(gitHubClient);
        }
    }

    private void configureDropboxClient(Collection<BaseClient> collection) {
        Pac4jProperties.Dropbox dropbox = this.casProperties.getAuthn().getPac4j().getDropbox();
        if (StringUtils.isNotBlank(dropbox.getId()) && StringUtils.isNotBlank(dropbox.getSecret())) {
            DropBoxClient dropBoxClient = new DropBoxClient(dropbox.getId(), dropbox.getSecret());
            LOGGER.debug("Created client [{}] with identifier [{}]", dropBoxClient.getName(), dropBoxClient.getKey());
            collection.add(dropBoxClient);
        }
    }

    private void configureOrcidClient(Collection<BaseClient> collection) {
        Pac4jProperties.Orcid orcid = this.casProperties.getAuthn().getPac4j().getOrcid();
        if (StringUtils.isNotBlank(orcid.getId()) && StringUtils.isNotBlank(orcid.getSecret())) {
            OrcidClient orcidClient = new OrcidClient(orcid.getId(), orcid.getSecret());
            LOGGER.debug("Created client [{}] with identifier [{}]", orcidClient.getName(), orcidClient.getKey());
            collection.add(orcidClient);
        }
    }

    private void configureWindowsLiveClient(Collection<BaseClient> collection) {
        Pac4jProperties.WindowsLive windowsLive = this.casProperties.getAuthn().getPac4j().getWindowsLive();
        if (StringUtils.isNotBlank(windowsLive.getId()) && StringUtils.isNotBlank(windowsLive.getSecret())) {
            WindowsLiveClient windowsLiveClient = new WindowsLiveClient(windowsLive.getId(), windowsLive.getSecret());
            LOGGER.debug("Created client [{}] with identifier [{}]", windowsLiveClient.getName(), windowsLiveClient.getKey());
            collection.add(windowsLiveClient);
        }
    }

    private void configureYahooClient(Collection<BaseClient> collection) {
        Pac4jProperties.Yahoo yahoo = this.casProperties.getAuthn().getPac4j().getYahoo();
        if (StringUtils.isNotBlank(yahoo.getId()) && StringUtils.isNotBlank(yahoo.getSecret())) {
            YahooClient yahooClient = new YahooClient(yahoo.getId(), yahoo.getSecret());
            LOGGER.debug("Created client [{}] with identifier [{}]", yahooClient.getName(), yahooClient.getKey());
            collection.add(yahooClient);
        }
    }

    private void configureFoursquareClient(Collection<BaseClient> collection) {
        Pac4jProperties.Foursquare foursquare = this.casProperties.getAuthn().getPac4j().getFoursquare();
        if (StringUtils.isNotBlank(foursquare.getId()) && StringUtils.isNotBlank(foursquare.getSecret())) {
            FoursquareClient foursquareClient = new FoursquareClient(foursquare.getId(), foursquare.getSecret());
            LOGGER.debug("Created client [{}] with identifier [{}]", foursquareClient.getName(), foursquareClient.getKey());
            collection.add(foursquareClient);
        }
    }

    private void configureGoogleClient(Collection<BaseClient> collection) {
        Pac4jProperties.Google google = this.casProperties.getAuthn().getPac4j().getGoogle();
        Google2Client google2Client = new Google2Client(google.getId(), google.getSecret());
        if (StringUtils.isNotBlank(google.getId()) && StringUtils.isNotBlank(google.getSecret())) {
            if (StringUtils.isNotBlank(google.getScope())) {
                google2Client.setScope(Google2Client.Google2Scope.valueOf(google.getScope().toUpperCase()));
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", google2Client.getName(), google2Client.getKey());
            collection.add(google2Client);
        }
    }

    private void configureFacebookClient(Collection<BaseClient> collection) {
        Pac4jProperties.Facebook facebook = this.casProperties.getAuthn().getPac4j().getFacebook();
        if (StringUtils.isNotBlank(facebook.getId()) && StringUtils.isNotBlank(facebook.getSecret())) {
            FacebookClient facebookClient = new FacebookClient(facebook.getId(), facebook.getSecret());
            if (StringUtils.isNotBlank(facebook.getScope())) {
                facebookClient.setScope(facebook.getScope());
            }
            if (StringUtils.isNotBlank(facebook.getFields())) {
                facebookClient.setFields(facebook.getFields());
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", facebookClient.getName(), facebookClient.getKey());
            collection.add(facebookClient);
        }
    }

    private void configureLinkedInClient(Collection<BaseClient> collection) {
        Pac4jProperties.LinkedIn linkedIn = this.casProperties.getAuthn().getPac4j().getLinkedIn();
        if (StringUtils.isNotBlank(linkedIn.getId()) && StringUtils.isNotBlank(linkedIn.getSecret())) {
            LinkedIn2Client linkedIn2Client = new LinkedIn2Client(linkedIn.getId(), linkedIn.getSecret());
            if (StringUtils.isNotBlank(linkedIn.getScope())) {
                linkedIn2Client.setScope(linkedIn.getScope());
            }
            if (StringUtils.isNotBlank(linkedIn.getFields())) {
                linkedIn2Client.setFields(linkedIn.getFields());
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", linkedIn2Client.getName(), linkedIn2Client.getKey());
            collection.add(linkedIn2Client);
        }
    }

    private void configureTwitterClient(Collection<BaseClient> collection) {
        Pac4jProperties.Twitter twitter = this.casProperties.getAuthn().getPac4j().getTwitter();
        if (StringUtils.isNotBlank(twitter.getId()) && StringUtils.isNotBlank(twitter.getSecret())) {
            TwitterClient twitterClient = new TwitterClient(twitter.getId(), twitter.getSecret());
            LOGGER.debug("Created client [{}] with identifier [{}]", twitterClient.getName(), twitterClient.getKey());
            collection.add(twitterClient);
        }
    }

    private void configureWordpressClient(Collection<BaseClient> collection) {
        Pac4jProperties.Wordpress wordpress = this.casProperties.getAuthn().getPac4j().getWordpress();
        if (StringUtils.isNotBlank(wordpress.getId()) && StringUtils.isNotBlank(wordpress.getSecret())) {
            WordPressClient wordPressClient = new WordPressClient(wordpress.getId(), wordpress.getSecret());
            LOGGER.debug("Created client [{}] with identifier [{}]", wordPressClient.getName(), wordPressClient.getKey());
            collection.add(wordPressClient);
        }
    }

    private void configureBitbucketClient(Collection<BaseClient> collection) {
        Pac4jProperties.Bitbucket bitbucket = this.casProperties.getAuthn().getPac4j().getBitbucket();
        if (StringUtils.isNotBlank(bitbucket.getId()) && StringUtils.isNotBlank(bitbucket.getSecret())) {
            BitbucketClient bitbucketClient = new BitbucketClient(bitbucket.getId(), bitbucket.getSecret());
            LOGGER.debug("Created client [{}] with identifier [{}]", bitbucketClient.getName(), bitbucketClient.getKey());
            collection.add(bitbucketClient);
        }
    }

    private void configurePaypalClient(Collection<BaseClient> collection) {
        Pac4jProperties.Paypal paypal = this.casProperties.getAuthn().getPac4j().getPaypal();
        if (StringUtils.isNotBlank(paypal.getId()) && StringUtils.isNotBlank(paypal.getSecret())) {
            PayPalClient payPalClient = new PayPalClient(paypal.getId(), paypal.getSecret());
            LOGGER.debug("Created client [{}] with identifier [{}]", payPalClient.getName(), payPalClient.getKey());
            collection.add(payPalClient);
        }
    }

    private void configureCasClient(Collection<BaseClient> collection) {
        AtomicInteger atomicInteger = new AtomicInteger();
        this.casProperties.getAuthn().getPac4j().getCas().stream().filter(pac4jCasProperties -> {
            return StringUtils.isNotBlank(pac4jCasProperties.getLoginUrl());
        }).forEach(pac4jCasProperties2 -> {
            CasClient casClient = new CasClient(new CasConfiguration(pac4jCasProperties2.getLoginUrl(), pac4jCasProperties2.getProtocol()));
            int intValue = atomicInteger.intValue();
            if (intValue > 0) {
                casClient.setName(casClient.getClass().getSimpleName() + intValue);
            }
            atomicInteger.incrementAndGet();
            LOGGER.debug("Created client [{}]", casClient);
            collection.add(casClient);
        });
    }

    private void configureSamlClient(Collection<BaseClient> collection) {
        AtomicInteger atomicInteger = new AtomicInteger();
        this.casProperties.getAuthn().getPac4j().getSaml().stream().filter(pac4jSamlProperties -> {
            return StringUtils.isNotBlank(pac4jSamlProperties.getKeystorePath()) && StringUtils.isNotBlank(pac4jSamlProperties.getIdentityProviderMetadataPath());
        }).forEach(pac4jSamlProperties2 -> {
            SAML2ClientConfiguration sAML2ClientConfiguration = new SAML2ClientConfiguration(pac4jSamlProperties2.getKeystorePath(), pac4jSamlProperties2.getKeystorePassword(), pac4jSamlProperties2.getPrivateKeyPassword(), pac4jSamlProperties2.getIdentityProviderMetadataPath());
            sAML2ClientConfiguration.setMaximumAuthenticationLifetime(pac4jSamlProperties2.getMaximumAuthenticationLifetime());
            sAML2ClientConfiguration.setServiceProviderEntityId(pac4jSamlProperties2.getServiceProviderEntityId());
            sAML2ClientConfiguration.setServiceProviderMetadataPath(pac4jSamlProperties2.getServiceProviderMetadataPath());
            sAML2ClientConfiguration.setDestinationBindingType("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
            sAML2ClientConfiguration.setForceAuth(pac4jSamlProperties2.isForceAuth());
            sAML2ClientConfiguration.setPassive(pac4jSamlProperties2.isPassive());
            sAML2ClientConfiguration.setWantsAssertionsSigned(pac4jSamlProperties2.isWantsAssertionsSigned());
            if (StringUtils.isNotBlank(pac4jSamlProperties2.getAuthnContextClassRef())) {
                sAML2ClientConfiguration.setComparisonType(pac4jSamlProperties2.getAuthnContextComparisonType().toUpperCase());
                sAML2ClientConfiguration.setAuthnContextClassRef(pac4jSamlProperties2.getAuthnContextClassRef());
            }
            if (StringUtils.isNotBlank(pac4jSamlProperties2.getKeystoreAlias())) {
                sAML2ClientConfiguration.setKeystoreAlias(pac4jSamlProperties2.getKeystoreAlias());
            }
            if (StringUtils.isNotBlank(pac4jSamlProperties2.getNameIdPolicyFormat())) {
                sAML2ClientConfiguration.setNameIdPolicyFormat(pac4jSamlProperties2.getNameIdPolicyFormat());
            }
            SAML2Client sAML2Client = new SAML2Client(sAML2ClientConfiguration);
            int intValue = atomicInteger.intValue();
            if (pac4jSamlProperties2.getClientName() != null) {
                sAML2Client.setName(pac4jSamlProperties2.getClientName());
            } else if (intValue > 0) {
                sAML2Client.setName(sAML2Client.getClass().getSimpleName() + intValue);
            }
            atomicInteger.incrementAndGet();
            LOGGER.debug("Created client [{}]", sAML2Client);
            collection.add(sAML2Client);
        });
    }

    private void configureOAuth20Client(Collection<BaseClient> collection) {
        AtomicInteger atomicInteger = new AtomicInteger();
        this.casProperties.getAuthn().getPac4j().getOauth2().stream().filter(pac4jOAuth20Properties -> {
            return StringUtils.isNotBlank(pac4jOAuth20Properties.getId()) && StringUtils.isNotBlank(pac4jOAuth20Properties.getSecret());
        }).forEach(pac4jOAuth20Properties2 -> {
            GenericOAuth20Client genericOAuth20Client = new GenericOAuth20Client();
            genericOAuth20Client.setKey(pac4jOAuth20Properties2.getId());
            genericOAuth20Client.setSecret(pac4jOAuth20Properties2.getSecret());
            genericOAuth20Client.setProfileAttrs(pac4jOAuth20Properties2.getProfileAttrs());
            genericOAuth20Client.setProfileNodePath(pac4jOAuth20Properties2.getProfilePath());
            genericOAuth20Client.setProfileUrl(pac4jOAuth20Properties2.getProfileUrl());
            genericOAuth20Client.setProfileVerb(Verb.valueOf(pac4jOAuth20Properties2.getProfileVerb().toUpperCase()));
            genericOAuth20Client.setTokenUrl(pac4jOAuth20Properties2.getTokenUrl());
            genericOAuth20Client.setAuthUrl(pac4jOAuth20Properties2.getAuthUrl());
            genericOAuth20Client.setCustomParams(pac4jOAuth20Properties2.getCustomParams());
            int intValue = atomicInteger.intValue();
            if (intValue > 0) {
                genericOAuth20Client.setName(genericOAuth20Client.getClass().getSimpleName() + intValue);
            }
            atomicInteger.incrementAndGet();
            LOGGER.debug("Created client [{}]", genericOAuth20Client);
            collection.add(genericOAuth20Client);
        });
    }

    private void configureOidcClient(Collection<BaseClient> collection) {
        AtomicInteger atomicInteger = new AtomicInteger();
        this.casProperties.getAuthn().getPac4j().getOidc().stream().filter(pac4jOidcProperties -> {
            return StringUtils.isNotBlank(pac4jOidcProperties.getId()) && StringUtils.isNotBlank(pac4jOidcProperties.getSecret());
        }).forEach(pac4jOidcProperties2 -> {
            GoogleOidcClient oidcClient;
            OidcConfiguration oidcConfiguration = new OidcConfiguration();
            if (StringUtils.isNotBlank(pac4jOidcProperties2.getScope())) {
                oidcConfiguration.setScope(pac4jOidcProperties2.getScope());
            }
            oidcConfiguration.setUseNonce(pac4jOidcProperties2.isUseNonce());
            oidcConfiguration.setSecret(pac4jOidcProperties2.getSecret());
            oidcConfiguration.setClientId(pac4jOidcProperties2.getId());
            if (StringUtils.isNotBlank(pac4jOidcProperties2.getPreferredJwsAlgorithm())) {
                oidcConfiguration.setPreferredJwsAlgorithm(JWSAlgorithm.parse(pac4jOidcProperties2.getPreferredJwsAlgorithm().toUpperCase()));
            }
            oidcConfiguration.setMaxClockSkew(pac4jOidcProperties2.getMaxClockSkew());
            oidcConfiguration.setDiscoveryURI(pac4jOidcProperties2.getDiscoveryUri());
            oidcConfiguration.setCustomParams(pac4jOidcProperties2.getCustomParams());
            String upperCase = pac4jOidcProperties2.getType().toUpperCase();
            boolean z = -1;
            switch (upperCase.hashCode()) {
                case 62794351:
                    if (upperCase.equals("AZURE")) {
                        z = true;
                        break;
                    }
                    break;
                case 637834679:
                    if (upperCase.equals("GENERIC")) {
                        z = 2;
                        break;
                    }
                    break;
                case 2108052025:
                    if (upperCase.equals("GOOGLE")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    oidcClient = new GoogleOidcClient(oidcConfiguration);
                    break;
                case true:
                    oidcClient = new AzureAdClient(oidcConfiguration);
                    break;
                case true:
                default:
                    oidcClient = new OidcClient(oidcConfiguration);
                    break;
            }
            int intValue = atomicInteger.intValue();
            if (intValue > 0) {
                oidcClient.setName(oidcClient.getClass().getSimpleName() + intValue);
            }
            atomicInteger.incrementAndGet();
            LOGGER.debug("Created client [{}]", oidcClient);
            collection.add(oidcClient);
        });
    }

    @RefreshScope
    @Bean
    public Clients builtClients() {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        configureCasClient(linkedHashSet);
        configureFacebookClient(linkedHashSet);
        configureOidcClient(linkedHashSet);
        configureOAuth20Client(linkedHashSet);
        configureSamlClient(linkedHashSet);
        configureTwitterClient(linkedHashSet);
        configureDropboxClient(linkedHashSet);
        configureFoursquareClient(linkedHashSet);
        configureGithubClient(linkedHashSet);
        configureGoogleClient(linkedHashSet);
        configureWindowsLiveClient(linkedHashSet);
        configureYahooClient(linkedHashSet);
        configureLinkedInClient(linkedHashSet);
        configurePaypalClient(linkedHashSet);
        configureWordpressClient(linkedHashSet);
        configureBitbucketClient(linkedHashSet);
        configureOrcidClient(linkedHashSet);
        LOGGER.debug("The following clients are built: [{}]", linkedHashSet);
        if (linkedHashSet.isEmpty()) {
            LOGGER.warn("No delegated authentication clients are defined/configured");
        }
        LOGGER.info("Located and prepared [{}] delegated authentication client(s)", Integer.valueOf(linkedHashSet.size()));
        return new Clients(this.casProperties.getServer().getLoginUrl(), new ArrayList(linkedHashSet));
    }

    @ConditionalOnMissingBean(name = {"clientPrincipalFactory"})
    @Bean
    public PrincipalFactory clientPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"clientAuthenticationMetaDataPopulator"})
    @Bean
    public AuthenticationMetaDataPopulator clientAuthenticationMetaDataPopulator() {
        return new ClientAuthenticationMetaDataPopulator();
    }

    @ConditionalOnMissingBean(name = {"saml2ClientLogoutAction"})
    @Bean
    public Action saml2ClientLogoutAction() {
        return new SAML2ClientLogoutAction(builtClients());
    }

    @ConditionalOnMissingBean(name = {"clientAuthenticationHandler"})
    @RefreshScope
    @Bean
    public AuthenticationHandler clientAuthenticationHandler() {
        Pac4jProperties pac4j = this.casProperties.getAuthn().getPac4j();
        ClientAuthenticationHandler clientAuthenticationHandler = new ClientAuthenticationHandler(pac4j.getName(), this.servicesManager, clientPrincipalFactory(), builtClients());
        clientAuthenticationHandler.setTypedIdUsed(pac4j.isTypedIdUsed());
        return clientAuthenticationHandler;
    }

    @ConditionalOnMissingBean(name = {"pac4jAuthenticationEventExecutionPlanConfigurer"})
    @Bean
    public AuthenticationEventExecutionPlanConfigurer pac4jAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            if (builtClients().findAllClients().isEmpty()) {
                return;
            }
            LOGGER.info("Registering delegated authentication clients...");
            authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(clientAuthenticationHandler(), this.personDirectoryPrincipalResolver);
            authenticationEventExecutionPlan.registerMetadataPopulator(clientAuthenticationMetaDataPopulator());
        };
    }
}
