package org.apereo.cas.config;

import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.audit.AuditTrailRecordResolutionPlanConfigurer;
import org.apereo.cas.audit.DelegatedAuthenticationAuditResourceResolver;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.provision.ChainingDelegatedClientUserProfileProvisioner;
import org.apereo.cas.authentication.principal.provision.DelegatedClientUserProfileProvisioner;
import org.apereo.cas.authentication.principal.provision.GroovyDelegatedClientUserProfileProvisioner;
import org.apereo.cas.authentication.principal.provision.RestfulDelegatedClientUserProfileProvisioner;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationCoreProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProvisioningProperties;
import org.apereo.cas.logout.LogoutExecutionPlanConfigurer;
import org.apereo.cas.pac4j.DistributedJEESessionStore;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.pac4j.RefreshableDelegatedClients;
import org.apereo.cas.support.pac4j.authentication.ClientAuthenticationMetaDataPopulator;
import org.apereo.cas.support.pac4j.authentication.DefaultDelegatedClientFactory;
import org.apereo.cas.support.pac4j.authentication.DelegatedClientFactory;
import org.apereo.cas.support.pac4j.authentication.DelegatedClientFactoryCustomizer;
import org.apereo.cas.support.pac4j.authentication.RestfulDelegatedClientFactory;
import org.apereo.cas.support.pac4j.authentication.handler.support.DelegatedClientAuthenticationHandler;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.util.HttpRequestUtils;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.support.CookieUtils;
import org.apereo.inspektr.audit.spi.AuditActionResolver;
import org.apereo.inspektr.audit.spi.AuditResourceResolver;
import org.pac4j.core.client.Clients;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.session.JEESessionStore;
import org.pac4j.core.context.session.SessionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.core.io.Resource;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("pac4jAuthenticationEventExecutionPlanConfiguration")
/* loaded from: input_file:org/apereo/cas/config/Pac4jAuthenticationEventExecutionPlanConfiguration.class */
public class Pac4jAuthenticationEventExecutionPlanConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(Pac4jAuthenticationEventExecutionPlanConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    @Qualifier("defaultPrincipalResolver")
    private ObjectProvider<PrincipalResolver> defaultPrincipalResolver;

    @Autowired
    @Qualifier("authenticationActionResolver")
    private ObjectProvider<AuditActionResolver> authenticationActionResolver;

    @Autowired
    @Qualifier("defaultTicketFactory")
    private ObjectProvider<TicketFactory> ticketFactory;

    @Autowired
    @Qualifier("centralAuthenticationService")
    private ObjectProvider<CentralAuthenticationService> centralAuthenticationService;

    @ConditionalOnMissingBean(name = {"pac4jDelegatedClientFactory"})
    @RefreshScope
    @Bean
    public DelegatedClientFactory pac4jDelegatedClientFactory() {
        if (StringUtils.isNotBlank(this.casProperties.getAuthn().getPac4j().getRest().getUrl())) {
            return new RestfulDelegatedClientFactory(this.casProperties);
        }
        Collection values = this.applicationContext.getBeansOfType(DelegatedClientFactoryCustomizer.class, false, true).values();
        AnnotationAwareOrderComparator.sortIfNecessary(values);
        return new DefaultDelegatedClientFactory(this.casProperties, values);
    }

    @ConditionalOnMissingBean(name = {"delegatedClientDistributedSessionStore"})
    @RefreshScope
    @Bean
    public SessionStore delegatedClientDistributedSessionStore() {
        return this.casProperties.getAuthn().getPac4j().getCore().isReplicateSessions() ? new DistributedJEESessionStore((CentralAuthenticationService) this.centralAuthenticationService.getObject(), (TicketFactory) this.ticketFactory.getObject(), delegatedClientDistributedSessionCookieGenerator()) : JEESessionStore.INSTANCE;
    }

    @ConditionalOnMissingBean(name = {"delegatedClientDistributedSessionCookieGenerator"})
    @RefreshScope
    @Bean
    public CasCookieBuilder delegatedClientDistributedSessionCookieGenerator() {
        return CookieUtils.buildCookieRetrievingGenerator(this.casProperties.getSessionReplication().getCookie());
    }

    @ConditionalOnMissingBean(name = {"builtClients"})
    @RefreshScope
    @Bean
    public Clients builtClients() {
        return new RefreshableDelegatedClients(this.casProperties.getServer().getLoginUrl(), pac4jDelegatedClientFactory());
    }

    @ConditionalOnMissingBean(name = {"clientPrincipalFactory"})
    @RefreshScope
    @Bean
    public PrincipalFactory clientPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"clientAuthenticationMetaDataPopulator"})
    @RefreshScope
    @Bean
    public AuthenticationMetaDataPopulator clientAuthenticationMetaDataPopulator() {
        return new ClientAuthenticationMetaDataPopulator();
    }

    @ConditionalOnMissingBean(name = {"clientAuthenticationHandler"})
    @RefreshScope
    @Bean
    public AuthenticationHandler clientAuthenticationHandler() {
        Pac4jDelegatedAuthenticationCoreProperties core = this.casProperties.getAuthn().getPac4j().getCore();
        DelegatedClientAuthenticationHandler delegatedClientAuthenticationHandler = new DelegatedClientAuthenticationHandler(core.getName(), core.getOrder(), (ServicesManager) this.servicesManager.getObject(), clientPrincipalFactory(), builtClients(), clientUserProfileProvisioner(), delegatedClientDistributedSessionStore());
        delegatedClientAuthenticationHandler.setTypedIdUsed(core.isTypedIdUsed());
        delegatedClientAuthenticationHandler.setPrincipalAttributeId(core.getPrincipalAttributeId());
        return delegatedClientAuthenticationHandler;
    }

    @ConditionalOnMissingBean(name = {"clientUserProfileProvisioner"})
    @RefreshScope
    @Bean
    public DelegatedClientUserProfileProvisioner clientUserProfileProvisioner() {
        Pac4jDelegatedAuthenticationProvisioningProperties provisioning = this.casProperties.getAuthn().getPac4j().getProvisioning();
        ChainingDelegatedClientUserProfileProvisioner chainingDelegatedClientUserProfileProvisioner = new ChainingDelegatedClientUserProfileProvisioner();
        Resource location = provisioning.getGroovy().getLocation();
        if (location != null) {
            chainingDelegatedClientUserProfileProvisioner.addProvisioner(new GroovyDelegatedClientUserProfileProvisioner(location));
        }
        if (StringUtils.isNotBlank(provisioning.getRest().getUrl())) {
            chainingDelegatedClientUserProfileProvisioner.addProvisioner(new RestfulDelegatedClientUserProfileProvisioner(provisioning.getRest()));
        }
        return chainingDelegatedClientUserProfileProvisioner.isEmpty() ? DelegatedClientUserProfileProvisioner.noOp() : chainingDelegatedClientUserProfileProvisioner;
    }

    @ConditionalOnMissingBean(name = {"pac4jAuthenticationEventExecutionPlanConfigurer"})
    @RefreshScope
    @Bean
    public AuthenticationEventExecutionPlanConfigurer pac4jAuthenticationEventExecutionPlanConfigurer() {
        return authenticationEventExecutionPlan -> {
            if (builtClients().findAllClients().isEmpty()) {
                return;
            }
            LOGGER.info("Registering delegated authentication clients...");
            authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(clientAuthenticationHandler(), (PrincipalResolver) this.defaultPrincipalResolver.getObject());
            authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(clientAuthenticationMetaDataPopulator());
        };
    }

    @ConditionalOnMissingBean(name = {"delegatedAuthenticationAuditResourceResolver"})
    @RefreshScope
    @Bean
    public AuditResourceResolver delegatedAuthenticationAuditResourceResolver() {
        return new DelegatedAuthenticationAuditResourceResolver();
    }

    @ConditionalOnMissingBean(name = {"delegatedAuthenticationAuditTrailRecordResolutionPlanConfigurer"})
    @RefreshScope
    @Bean
    public AuditTrailRecordResolutionPlanConfigurer delegatedAuthenticationAuditTrailRecordResolutionPlanConfigurer() {
        return auditTrailRecordResolutionPlan -> {
            auditTrailRecordResolutionPlan.registerAuditActionResolver("DELEGATED_CLIENT_ACTION_RESOLVER", (AuditActionResolver) this.authenticationActionResolver.getObject());
            auditTrailRecordResolutionPlan.registerAuditResourceResolver("DELEGATED_CLIENT_RESOURCE_RESOLVER", delegatedAuthenticationAuditResourceResolver());
        };
    }

    @ConditionalOnMissingBean(name = {"delegatedAuthenticationLogoutExecutionPlanConfigurer"})
    @RefreshScope
    @Bean
    public LogoutExecutionPlanConfigurer delegatedAuthenticationLogoutExecutionPlanConfigurer() {
        return logoutExecutionPlan -> {
            if (this.casProperties.getAuthn().getPac4j().getCore().isReplicateSessions()) {
                logoutExecutionPlan.registerLogoutPostProcessor(ticketGrantingTicket -> {
                    HttpServletRequest httpServletRequestFromRequestAttributes = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
                    HttpServletResponse httpServletResponseFromRequestAttributes = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
                    if (httpServletRequestFromRequestAttributes == null || httpServletResponseFromRequestAttributes == null) {
                        return;
                    }
                    delegatedClientDistributedSessionStore().destroySession(new JEEContext(httpServletRequestFromRequestAttributes, httpServletResponseFromRequestAttributes));
                });
            }
        };
    }
}
