package org.apereo.cas.config;

import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import net.shibboleth.utilities.java.support.xml.BasicParserPool;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.services.SamlIdPEntityIdValidationServiceSelectionStrategy;
import org.apereo.cas.support.saml.services.SamlIdPSingleLogoutServiceLogoutUrlBuilder;
import org.apereo.cas.support.saml.services.idp.metadata.cache.ChainingMetadataResolverCacheLoader;
import org.apereo.cas.support.saml.services.idp.metadata.cache.DefaultSamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.web.idp.metadata.SamlIdpMetadataAndCertificatesGenerationService;
import org.apereo.cas.support.saml.web.idp.metadata.ShibbolethIdpMetadataAndCertificatesGenerationService;
import org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.IdPInitiatedProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.SLOPostProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.SSOPostProfileCallbackHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.SSOPostProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.builders.AuthnContextClassRefBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.DefaultAuthnContextClassRefBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileSamlAssertionBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileSamlAttributeStatementBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileSamlAuthNStatementBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileSamlConditionsBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileSamlNameIdBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileSamlResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileSamlSubjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlAttributeEncoder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectEncrypter;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSigner;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.validation.ValidationServiceSelectionStrategy;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.ui.velocity.VelocityEngineFactory;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("samlIdPConfiguration")
/* loaded from: input_file:org/apereo/cas/config/SamlIdPConfiguration.class */
public class SamlIdPConfiguration {

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("noRedirectHttpClient")
    private HttpClient httpClient;

    @Autowired
    @Qualifier("shibboleth.OpenSAMLConfig")
    private OpenSamlConfigBean openSamlConfigBean;

    @Resource(name = "validationServiceSelectionStrategies")
    private List<ValidationServiceSelectionStrategy> validationServiceSelectionStrategies;

    @Autowired
    @Qualifier("shibboleth.VelocityEngine")
    private VelocityEngineFactory velocityEngineFactory;

    @Autowired
    @Qualifier("shibboleth.ParserPool")
    private BasicParserPool parserPool;

    @Resource(name = "webApplicationServiceFactory")
    private ServiceFactory<WebApplicationService> webApplicationServiceFactory;

    @Autowired(required = false)
    @Qualifier("authenticationContextClassMappings")
    private Map authenticationContextClassMappings;

    @Autowired(required = false)
    @Qualifier("overrideDataEncryptionAlgorithms")
    private List overrideDataEncryptionAlgorithms;

    @Autowired(required = false)
    @Qualifier("overrideKeyEncryptionAlgorithms")
    private List overrideKeyEncryptionAlgorithms;

    @Autowired(required = false)
    @Qualifier("overrideBlackListedEncryptionAlgorithms")
    private List overrideBlackListedEncryptionAlgorithms;

    @Autowired(required = false)
    @Qualifier("overrideWhiteListedEncryptionAlgorithms")
    private List overrideWhiteListedAlgorithms;

    @Autowired(required = false)
    @Qualifier("overrideSignatureReferenceDigestMethods")
    private List overrideSignatureReferenceDigestMethods;

    @Autowired(required = false)
    @Qualifier("overrideSignatureAlgorithms")
    private List overrideSignatureAlgorithms;

    @Autowired(required = false)
    @Qualifier("overrideBlackListedSignatureAlgorithms")
    private List overrideBlackListedSignatureSigningAlgorithms;

    @Autowired(required = false)
    @Qualifier("overrideWhiteListedSignatureSigningAlgorithms")
    private List overrideWhiteListedSignatureSigningAlgorithms;

    @PostConstruct
    public void init() {
        this.validationServiceSelectionStrategies.add(0, samlIdPEntityIdValidationServiceSelectionStrategy());
    }

    @Bean
    public org.springframework.core.io.Resource templateSpMetadata() {
        return new ClassPathResource("template-sp-metadata.xml");
    }

    @Bean(name = {"defaultSingleLogoutServiceLogoutUrlBuilder", "samlIdPSingleLogoutServiceLogoutUrlBuilder"})
    public SamlIdPSingleLogoutServiceLogoutUrlBuilder samlIdPSingleLogoutServiceLogoutUrlBuilder() {
        SamlIdPSingleLogoutServiceLogoutUrlBuilder samlIdPSingleLogoutServiceLogoutUrlBuilder = new SamlIdPSingleLogoutServiceLogoutUrlBuilder();
        samlIdPSingleLogoutServiceLogoutUrlBuilder.setSamlRegisteredServiceCachingMetadataResolver(defaultSamlRegisteredServiceCachingMetadataResolver());
        samlIdPSingleLogoutServiceLogoutUrlBuilder.setServicesManager(this.servicesManager);
        return samlIdPSingleLogoutServiceLogoutUrlBuilder;
    }

    @Bean
    public ValidationServiceSelectionStrategy samlIdPEntityIdValidationServiceSelectionStrategy() {
        SamlIdPEntityIdValidationServiceSelectionStrategy samlIdPEntityIdValidationServiceSelectionStrategy = new SamlIdPEntityIdValidationServiceSelectionStrategy();
        samlIdPEntityIdValidationServiceSelectionStrategy.setWebApplicationServiceFactory(this.webApplicationServiceFactory);
        return samlIdPEntityIdValidationServiceSelectionStrategy;
    }

    @RefreshScope
    @Bean
    public ChainingMetadataResolverCacheLoader chainingMetadataResolverCacheLoader() {
        ChainingMetadataResolverCacheLoader chainingMetadataResolverCacheLoader = new ChainingMetadataResolverCacheLoader();
        SamlIdPProperties.Metadata metadata = this.casProperties.getAuthn().getSamlIdp().getMetadata();
        chainingMetadataResolverCacheLoader.setFailFastInitialization(metadata.isFailFast());
        chainingMetadataResolverCacheLoader.setMetadataCacheExpirationMinutes(metadata.getCacheExpirationMinutes());
        chainingMetadataResolverCacheLoader.setRequireValidMetadata(metadata.isRequireValidMetadata());
        chainingMetadataResolverCacheLoader.setConfigBean(this.openSamlConfigBean);
        chainingMetadataResolverCacheLoader.setHttpClient(this.httpClient);
        chainingMetadataResolverCacheLoader.setBasicAuthnUsername(metadata.getBasicAuthnUsername());
        chainingMetadataResolverCacheLoader.setBasicAuthnPassword(metadata.getBasicAuthnPassword());
        chainingMetadataResolverCacheLoader.setSupportedContentTypes(metadata.getSupportedContentTypes());
        return chainingMetadataResolverCacheLoader;
    }

    @RefreshScope
    @Bean
    public SamlRegisteredServiceCachingMetadataResolver defaultSamlRegisteredServiceCachingMetadataResolver() {
        DefaultSamlRegisteredServiceCachingMetadataResolver defaultSamlRegisteredServiceCachingMetadataResolver = new DefaultSamlRegisteredServiceCachingMetadataResolver();
        defaultSamlRegisteredServiceCachingMetadataResolver.setChainingMetadataResolverCacheLoader(chainingMetadataResolverCacheLoader());
        defaultSamlRegisteredServiceCachingMetadataResolver.setMetadataCacheExpirationMinutes(this.casProperties.getAuthn().getSamlIdp().getMetadata().getCacheExpirationMinutes());
        defaultSamlRegisteredServiceCachingMetadataResolver.setChainingMetadataResolverCacheLoader(chainingMetadataResolverCacheLoader());
        return defaultSamlRegisteredServiceCachingMetadataResolver;
    }

    @RefreshScope
    @Bean
    public SamlProfileSamlResponseBuilder samlProfileSamlResponseBuilder() {
        SamlProfileSamlResponseBuilder samlProfileSamlResponseBuilder = new SamlProfileSamlResponseBuilder();
        samlProfileSamlResponseBuilder.setConfigBean(this.openSamlConfigBean);
        samlProfileSamlResponseBuilder.setSamlObjectEncrypter(samlObjectEncrypter());
        samlProfileSamlResponseBuilder.setSamlProfileSamlAssertionBuilder(samlProfileSamlAssertionBuilder());
        samlProfileSamlResponseBuilder.setVelocityEngineFactory(this.velocityEngineFactory);
        samlProfileSamlResponseBuilder.setSamlObjectSigner(samlObjectSigner());
        return samlProfileSamlResponseBuilder;
    }

    @RefreshScope
    @Bean
    public SamlProfileSamlSubjectBuilder samlProfileSamlSubjectBuilder() {
        SamlProfileSamlSubjectBuilder samlProfileSamlSubjectBuilder = new SamlProfileSamlSubjectBuilder();
        samlProfileSamlSubjectBuilder.setConfigBean(this.openSamlConfigBean);
        samlProfileSamlSubjectBuilder.setSkewAllowance(this.casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance());
        samlProfileSamlSubjectBuilder.setSsoPostProfileSamlNameIdBuilder(samlProfileSamlNameIdBuilder());
        return samlProfileSamlSubjectBuilder;
    }

    @RefreshScope
    @Bean
    public SamlObjectEncrypter samlObjectEncrypter() {
        SamlObjectEncrypter samlObjectEncrypter = new SamlObjectEncrypter();
        samlObjectEncrypter.setOverrideBlackListedEncryptionAlgorithms(this.overrideBlackListedEncryptionAlgorithms);
        samlObjectEncrypter.setOverrideDataEncryptionAlgorithms(this.overrideDataEncryptionAlgorithms);
        samlObjectEncrypter.setOverrideKeyEncryptionAlgorithms(this.overrideKeyEncryptionAlgorithms);
        samlObjectEncrypter.setOverrideWhiteListedAlgorithms(this.overrideWhiteListedAlgorithms);
        return samlObjectEncrypter;
    }

    @RefreshScope
    @Bean
    public SamlObjectSigner samlObjectSigner() {
        SamlObjectSigner samlObjectSigner = new SamlObjectSigner();
        samlObjectSigner.setOverrideBlackListedSignatureAlgorithms(this.overrideBlackListedSignatureSigningAlgorithms);
        samlObjectSigner.setOverrideSignatureAlgorithms(this.overrideSignatureAlgorithms);
        samlObjectSigner.setOverrideSignatureReferenceDigestMethods(this.overrideSignatureReferenceDigestMethods);
        samlObjectSigner.setOverrideWhiteListedAlgorithms(this.overrideWhiteListedSignatureSigningAlgorithms);
        return samlObjectSigner;
    }

    @Bean
    public SamlIdpMetadataAndCertificatesGenerationService shibbolethIdpMetadataAndCertificatesGenerationService() {
        ShibbolethIdpMetadataAndCertificatesGenerationService shibbolethIdpMetadataAndCertificatesGenerationService = new ShibbolethIdpMetadataAndCertificatesGenerationService();
        shibbolethIdpMetadataAndCertificatesGenerationService.setEntityId(this.casProperties.getAuthn().getSamlIdp().getEntityId());
        shibbolethIdpMetadataAndCertificatesGenerationService.setHostName(this.casProperties.getAuthn().getSamlIdp().getHostName());
        shibbolethIdpMetadataAndCertificatesGenerationService.setMetadataLocation(this.casProperties.getAuthn().getSamlIdp().getMetadata().getLocation());
        shibbolethIdpMetadataAndCertificatesGenerationService.setScope(this.casProperties.getAuthn().getSamlIdp().getScope());
        return shibbolethIdpMetadataAndCertificatesGenerationService;
    }

    @RefreshScope
    @Bean
    public SamlProfileSamlNameIdBuilder samlProfileSamlNameIdBuilder() {
        SamlProfileSamlNameIdBuilder samlProfileSamlNameIdBuilder = new SamlProfileSamlNameIdBuilder();
        samlProfileSamlNameIdBuilder.setConfigBean(this.openSamlConfigBean);
        return samlProfileSamlNameIdBuilder;
    }

    @RefreshScope
    @Bean
    public SamlProfileSamlConditionsBuilder samlProfileSamlConditionsBuilder() {
        SamlProfileSamlConditionsBuilder samlProfileSamlConditionsBuilder = new SamlProfileSamlConditionsBuilder();
        samlProfileSamlConditionsBuilder.setConfigBean(this.openSamlConfigBean);
        return samlProfileSamlConditionsBuilder;
    }

    @RefreshScope
    @Bean
    public AuthnContextClassRefBuilder defaultAuthnContextClassRefBuilder() {
        return new DefaultAuthnContextClassRefBuilder();
    }

    @RefreshScope
    @Bean
    public SamlProfileSamlAssertionBuilder samlProfileSamlAssertionBuilder() {
        SamlProfileSamlAssertionBuilder samlProfileSamlAssertionBuilder = new SamlProfileSamlAssertionBuilder();
        samlProfileSamlAssertionBuilder.setConfigBean(this.openSamlConfigBean);
        samlProfileSamlAssertionBuilder.setSamlObjectSigner(samlObjectSigner());
        samlProfileSamlAssertionBuilder.setSamlProfileSamlAttributeStatementBuilder(samlProfileSamlAttributeStatementBuilder());
        samlProfileSamlAssertionBuilder.setSamlProfileSamlAuthNStatementBuilder(samlProfileSamlAuthNStatementBuilder());
        samlProfileSamlAssertionBuilder.setSamlProfileSamlConditionsBuilder(samlProfileSamlConditionsBuilder());
        samlProfileSamlAssertionBuilder.setSamlProfileSamlSubjectBuilder(samlProfileSamlSubjectBuilder());
        return samlProfileSamlAssertionBuilder;
    }

    @RefreshScope
    @Bean
    public SamlProfileSamlAuthNStatementBuilder samlProfileSamlAuthNStatementBuilder() {
        SamlProfileSamlAuthNStatementBuilder samlProfileSamlAuthNStatementBuilder = new SamlProfileSamlAuthNStatementBuilder();
        samlProfileSamlAuthNStatementBuilder.setConfigBean(this.openSamlConfigBean);
        samlProfileSamlAuthNStatementBuilder.setAuthnContextClassRefBuilder(defaultAuthnContextClassRefBuilder());
        return samlProfileSamlAuthNStatementBuilder;
    }

    @RefreshScope
    @Bean
    public SamlProfileSamlAttributeStatementBuilder samlProfileSamlAttributeStatementBuilder() {
        SamlProfileSamlAttributeStatementBuilder samlProfileSamlAttributeStatementBuilder = new SamlProfileSamlAttributeStatementBuilder();
        samlProfileSamlAttributeStatementBuilder.setSamlAttributeEncoder(new SamlAttributeEncoder());
        samlProfileSamlAttributeStatementBuilder.setConfigBean(this.openSamlConfigBean);
        return samlProfileSamlAttributeStatementBuilder;
    }

    @RefreshScope
    @Bean
    public SSOPostProfileHandlerController ssoPostProfileHandlerController() {
        SSOPostProfileHandlerController sSOPostProfileHandlerController = new SSOPostProfileHandlerController();
        initControllerBean(sSOPostProfileHandlerController);
        return sSOPostProfileHandlerController;
    }

    private void initControllerBean(AbstractSamlProfileHandlerController abstractSamlProfileHandlerController) {
        abstractSamlProfileHandlerController.setConfigBean(this.openSamlConfigBean);
        abstractSamlProfileHandlerController.setParserPool(this.parserPool);
        abstractSamlProfileHandlerController.setResponseBuilder(samlProfileSamlResponseBuilder());
        abstractSamlProfileHandlerController.setSamlObjectSigner(samlObjectSigner());
        abstractSamlProfileHandlerController.setSamlRegisteredServiceCachingMetadataResolver(defaultSamlRegisteredServiceCachingMetadataResolver());
        abstractSamlProfileHandlerController.setServicesManager(this.servicesManager);
        abstractSamlProfileHandlerController.setWebApplicationServiceFactory(this.webApplicationServiceFactory);
        abstractSamlProfileHandlerController.setLogoutUrl(this.casProperties.getServer().getLogoutUrl());
        abstractSamlProfileHandlerController.setForceSignedLogoutRequests(this.casProperties.getAuthn().getSamlIdp().getLogout().isForceSignedLogoutRequests());
        abstractSamlProfileHandlerController.setSingleLogoutCallbacksDisabled(this.casProperties.getAuthn().getSamlIdp().getLogout().isSingleLogoutCallbacksDisabled());
        abstractSamlProfileHandlerController.setLoginUrl(this.casProperties.getServer().getLoginUrl());
        abstractSamlProfileHandlerController.setServerName(this.casProperties.getServer().getName());
        abstractSamlProfileHandlerController.setServerPrefix(this.casProperties.getServer().getPrefix());
        abstractSamlProfileHandlerController.setAuthenticationContextRequestParameter(this.casProperties.getAuthn().getMfa().getRequestParameter());
        abstractSamlProfileHandlerController.setAuthenticationContextClassMappings(this.authenticationContextClassMappings);
    }

    @RefreshScope
    @Bean
    public SLOPostProfileHandlerController sloPostProfileHandlerController() {
        SLOPostProfileHandlerController sLOPostProfileHandlerController = new SLOPostProfileHandlerController();
        initControllerBean(sLOPostProfileHandlerController);
        return sLOPostProfileHandlerController;
    }

    @RefreshScope
    @Bean
    public IdPInitiatedProfileHandlerController idPInitiatedSamlProfileHandlerController() {
        IdPInitiatedProfileHandlerController idPInitiatedProfileHandlerController = new IdPInitiatedProfileHandlerController();
        initControllerBean(idPInitiatedProfileHandlerController);
        return idPInitiatedProfileHandlerController;
    }

    @RefreshScope
    @Bean
    public SSOPostProfileCallbackHandlerController ssoPostProfileCallbackHandlerController() {
        SSOPostProfileCallbackHandlerController sSOPostProfileCallbackHandlerController = new SSOPostProfileCallbackHandlerController();
        initControllerBean(sSOPostProfileCallbackHandlerController);
        return sSOPostProfileCallbackHandlerController;
    }
}
