package org.apereo.cas.config;

import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.audit.AuditTrailRecordResolutionPlanConfigurer;
import org.apereo.cas.audit.DelegatedAuthenticationAuditResourceResolver;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.CasSSLContext;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.provision.ChainingDelegatedClientUserProfileProvisioner;
import org.apereo.cas.authentication.principal.provision.DelegatedClientUserProfileProvisioner;
import org.apereo.cas.authentication.principal.provision.GroovyDelegatedClientUserProfileProvisioner;
import org.apereo.cas.authentication.principal.provision.RestfulDelegatedClientUserProfileProvisioner;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationCoreProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProvisioningProperties;
import org.apereo.cas.logout.LogoutExecutionPlanConfigurer;
import org.apereo.cas.pac4j.DistributedJEESessionStore;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.pac4j.RefreshableDelegatedClients;
import org.apereo.cas.support.pac4j.authentication.ClientAuthenticationMetaDataPopulator;
import org.apereo.cas.support.pac4j.authentication.DefaultDelegatedClientFactory;
import org.apereo.cas.support.pac4j.authentication.DelegatedClientFactory;
import org.apereo.cas.support.pac4j.authentication.DelegatedClientFactoryCustomizer;
import org.apereo.cas.support.pac4j.authentication.RestfulDelegatedClientFactory;
import org.apereo.cas.support.pac4j.authentication.handler.support.DelegatedClientAuthenticationHandler;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.HttpRequestUtils;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.support.CookieUtils;
import org.apereo.inspektr.audit.spi.AuditActionResolver;
import org.apereo.inspektr.audit.spi.AuditResourceResolver;
import org.pac4j.core.client.Clients;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.session.JEESessionStore;
import org.pac4j.core.context.session.SessionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.core.io.Resource;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "pac4jAuthenticationEventExecutionPlanConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:org/apereo/cas/config/Pac4jAuthenticationEventExecutionPlanConfiguration.class */
public class Pac4jAuthenticationEventExecutionPlanConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(Pac4jAuthenticationEventExecutionPlanConfiguration.class);

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "Pac4jAuthenticationEventExecutionPlanAuditConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/Pac4jAuthenticationEventExecutionPlanConfiguration$Pac4jAuthenticationEventExecutionPlanAuditConfiguration.class */
    public static class Pac4jAuthenticationEventExecutionPlanAuditConfiguration {
        @ConditionalOnMissingBean(name = {"delegatedAuthenticationAuditResourceResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditResourceResolver delegatedAuthenticationAuditResourceResolver() {
            return new DelegatedAuthenticationAuditResourceResolver();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "Pac4jAuthenticationEventExecutionPlanAuditPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/Pac4jAuthenticationEventExecutionPlanConfiguration$Pac4jAuthenticationEventExecutionPlanAuditPlanConfiguration.class */
    public static class Pac4jAuthenticationEventExecutionPlanAuditPlanConfiguration {
        @ConditionalOnMissingBean(name = {"delegatedAuthenticationAuditTrailRecordResolutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditTrailRecordResolutionPlanConfigurer delegatedAuthenticationAuditTrailRecordResolutionPlanConfigurer(@Qualifier("delegatedAuthenticationAuditResourceResolver") AuditResourceResolver auditResourceResolver, @Qualifier("authenticationActionResolver") AuditActionResolver auditActionResolver) {
            return auditTrailRecordResolutionPlan -> {
                auditTrailRecordResolutionPlan.registerAuditActionResolver("DELEGATED_CLIENT_ACTION_RESOLVER", auditActionResolver);
                auditTrailRecordResolutionPlan.registerAuditResourceResolver("DELEGATED_CLIENT_RESOURCE_RESOLVER", auditResourceResolver);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "Pac4jAuthenticationEventExecutionPlanBaseConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/Pac4jAuthenticationEventExecutionPlanConfiguration$Pac4jAuthenticationEventExecutionPlanBaseConfiguration.class */
    public static class Pac4jAuthenticationEventExecutionPlanBaseConfiguration {
        @ConditionalOnMissingBean(name = {"pac4jAuthenticationEventExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationEventExecutionPlanConfigurer pac4jAuthenticationEventExecutionPlanConfigurer(@Qualifier("builtClients") Clients clients, @Qualifier("clientAuthenticationHandler") AuthenticationHandler authenticationHandler, @Qualifier("clientAuthenticationMetaDataPopulator") AuthenticationMetaDataPopulator authenticationMetaDataPopulator, @Qualifier("defaultPrincipalResolver") PrincipalResolver principalResolver) {
            return authenticationEventExecutionPlan -> {
                if (clients.findAllClients().isEmpty()) {
                    return;
                }
                Pac4jAuthenticationEventExecutionPlanConfiguration.LOGGER.info("Registering delegated authentication clients...");
                authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(authenticationHandler, principalResolver);
                authenticationEventExecutionPlan.registerAuthenticationMetadataPopulator(authenticationMetaDataPopulator);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "Pac4jAuthenticationEventExecutionPlanClientConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/Pac4jAuthenticationEventExecutionPlanConfiguration$Pac4jAuthenticationEventExecutionPlanClientConfiguration.class */
    public static class Pac4jAuthenticationEventExecutionPlanClientConfiguration {
        @ConditionalOnMissingBean(name = {"builtClients"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Clients builtClients(CasConfigurationProperties casConfigurationProperties, @Qualifier("pac4jDelegatedClientFactory") DelegatedClientFactory delegatedClientFactory) {
            return new RefreshableDelegatedClients(casConfigurationProperties.getServer().getLoginUrl(), delegatedClientFactory);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "Pac4jAuthenticationEventExecutionPlanClientFactoryConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/Pac4jAuthenticationEventExecutionPlanConfiguration$Pac4jAuthenticationEventExecutionPlanClientFactoryConfiguration.class */
    public static class Pac4jAuthenticationEventExecutionPlanClientFactoryConfiguration {
        @ConditionalOnMissingBean(name = {"pac4jDelegatedClientFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientFactory pac4jDelegatedClientFactory(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, ObjectProvider<List<DelegatedClientFactoryCustomizer>> objectProvider, @Qualifier("casSslContext") CasSSLContext casSSLContext) {
            return StringUtils.isNotBlank(casConfigurationProperties.getAuthn().getPac4j().getRest().getUrl()) ? new RestfulDelegatedClientFactory(casConfigurationProperties) : new DefaultDelegatedClientFactory(casConfigurationProperties, (List) Optional.ofNullable((List) objectProvider.getIfAvailable()).map(list -> {
                AnnotationAwareOrderComparator.sortIfNecessary(list);
                return list;
            }).orElse(new ArrayList(0)), casSSLContext, configurableApplicationContext);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "Pac4jAuthenticationEventExecutionPlanCoreConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/Pac4jAuthenticationEventExecutionPlanConfiguration$Pac4jAuthenticationEventExecutionPlanCoreConfiguration.class */
    public static class Pac4jAuthenticationEventExecutionPlanCoreConfiguration {
        @ConditionalOnMissingBean(name = {"delegatedClientDistributedSessionCookieGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasCookieBuilder delegatedClientDistributedSessionCookieGenerator(CasConfigurationProperties casConfigurationProperties) {
            return CookieUtils.buildCookieRetrievingGenerator(casConfigurationProperties.getSessionReplication().getCookie());
        }

        @ConditionalOnMissingBean(name = {"clientPrincipalFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public PrincipalFactory clientPrincipalFactory() {
            return PrincipalFactoryUtils.newPrincipalFactory();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "Pac4jAuthenticationEventExecutionPlanHandlerConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/Pac4jAuthenticationEventExecutionPlanConfiguration$Pac4jAuthenticationEventExecutionPlanHandlerConfiguration.class */
    public static class Pac4jAuthenticationEventExecutionPlanHandlerConfiguration {
        @ConditionalOnMissingBean(name = {"clientAuthenticationHandler"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationHandler clientAuthenticationHandler(CasConfigurationProperties casConfigurationProperties, @Qualifier("clientPrincipalFactory") PrincipalFactory principalFactory, @Qualifier("builtClients") Clients clients, @Qualifier("clientUserProfileProvisioner") DelegatedClientUserProfileProvisioner delegatedClientUserProfileProvisioner, @Qualifier("delegatedClientDistributedSessionStore") SessionStore sessionStore, @Qualifier("servicesManager") ServicesManager servicesManager) {
            Pac4jDelegatedAuthenticationCoreProperties core = casConfigurationProperties.getAuthn().getPac4j().getCore();
            DelegatedClientAuthenticationHandler delegatedClientAuthenticationHandler = new DelegatedClientAuthenticationHandler(core.getName(), core.getOrder(), servicesManager, principalFactory, clients, delegatedClientUserProfileProvisioner, sessionStore);
            delegatedClientAuthenticationHandler.setTypedIdUsed(core.isTypedIdUsed());
            delegatedClientAuthenticationHandler.setPrincipalAttributeId(core.getPrincipalAttributeId());
            return delegatedClientAuthenticationHandler;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "Pac4jAuthenticationEventExecutionPlanLogoutConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/Pac4jAuthenticationEventExecutionPlanConfiguration$Pac4jAuthenticationEventExecutionPlanLogoutConfiguration.class */
    public static class Pac4jAuthenticationEventExecutionPlanLogoutConfiguration {
        @ConditionalOnMissingBean(name = {"delegatedAuthenticationLogoutExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public LogoutExecutionPlanConfigurer delegatedAuthenticationLogoutExecutionPlanConfigurer(CasConfigurationProperties casConfigurationProperties, @Qualifier("delegatedClientDistributedSessionStore") SessionStore sessionStore) {
            return logoutExecutionPlan -> {
                if (casConfigurationProperties.getAuthn().getPac4j().getCore().isReplicateSessions()) {
                    logoutExecutionPlan.registerLogoutPostProcessor(ticketGrantingTicket -> {
                        HttpServletRequest httpServletRequestFromRequestAttributes = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
                        HttpServletResponse httpServletResponseFromRequestAttributes = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
                        if (httpServletRequestFromRequestAttributes == null || httpServletResponseFromRequestAttributes == null) {
                            return;
                        }
                        sessionStore.destroySession(new JEEContext(httpServletRequestFromRequestAttributes, httpServletResponseFromRequestAttributes));
                    });
                }
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "Pac4jAuthenticationEventExecutionPlanMetadataConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/Pac4jAuthenticationEventExecutionPlanConfiguration$Pac4jAuthenticationEventExecutionPlanMetadataConfiguration.class */
    public static class Pac4jAuthenticationEventExecutionPlanMetadataConfiguration {
        @ConditionalOnMissingBean(name = {"clientAuthenticationMetaDataPopulator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationMetaDataPopulator clientAuthenticationMetaDataPopulator() {
            return new ClientAuthenticationMetaDataPopulator();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "Pac4jAuthenticationEventExecutionPlanProvisionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/Pac4jAuthenticationEventExecutionPlanConfiguration$Pac4jAuthenticationEventExecutionPlanProvisionConfiguration.class */
    public static class Pac4jAuthenticationEventExecutionPlanProvisionConfiguration {
        @ConditionalOnMissingBean(name = {"clientUserProfileProvisioner"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientUserProfileProvisioner clientUserProfileProvisioner(ObjectProvider<List<Supplier<DelegatedClientUserProfileProvisioner>>> objectProvider) {
            return new ChainingDelegatedClientUserProfileProvisioner((List) ((List) objectProvider.getIfAvailable(() -> {
                return CollectionUtils.wrapList(new Supplier[]{DelegatedClientUserProfileProvisioner::noOp});
            })).stream().map((v0) -> {
                return v0.get();
            }).collect(Collectors.toList()));
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "Pac4jAuthenticationEventExecutionPlanProvisionerConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/Pac4jAuthenticationEventExecutionPlanConfiguration$Pac4jAuthenticationEventExecutionPlanProvisionerConfiguration.class */
    public static class Pac4jAuthenticationEventExecutionPlanProvisionerConfiguration {
        @ConditionalOnMissingBean(name = {"groovyDelegatedClientUserProfileProvisioner"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @ConditionalOnProperty(name = {"cas.authn.pac4j.provisioning.groovy.location"})
        @Bean
        public Supplier<DelegatedClientUserProfileProvisioner> groovyDelegatedClientUserProfileProvisioner(CasConfigurationProperties casConfigurationProperties) {
            Resource location = casConfigurationProperties.getAuthn().getPac4j().getProvisioning().getGroovy().getLocation();
            return () -> {
                return new GroovyDelegatedClientUserProfileProvisioner(location);
            };
        }

        @ConditionalOnMissingBean(name = {"restDelegatedClientUserProfileProvisioner"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @ConditionalOnProperty(name = {"cas.authn.pac4j.provisioning.rest.url"})
        @Bean
        public Supplier<DelegatedClientUserProfileProvisioner> restDelegatedClientUserProfileProvisioner(CasConfigurationProperties casConfigurationProperties) {
            Pac4jDelegatedAuthenticationProvisioningProperties provisioning = casConfigurationProperties.getAuthn().getPac4j().getProvisioning();
            return () -> {
                return new RestfulDelegatedClientUserProfileProvisioner(provisioning.getRest());
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "Pac4jAuthenticationEventExecutionPlanSessionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/Pac4jAuthenticationEventExecutionPlanConfiguration$Pac4jAuthenticationEventExecutionPlanSessionConfiguration.class */
    public static class Pac4jAuthenticationEventExecutionPlanSessionConfiguration {
        @ConditionalOnMissingBean(name = {"delegatedClientDistributedSessionStore"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SessionStore delegatedClientDistributedSessionStore(CasConfigurationProperties casConfigurationProperties, @Qualifier("delegatedClientDistributedSessionCookieGenerator") CasCookieBuilder casCookieBuilder, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("centralAuthenticationService") CentralAuthenticationService centralAuthenticationService) {
            return casConfigurationProperties.getAuthn().getPac4j().getCore().isReplicateSessions() ? new DistributedJEESessionStore(centralAuthenticationService, ticketFactory, casCookieBuilder) : JEESessionStore.INSTANCE;
        }
    }
}
