package org.apereo.cas.config;

import java.util.concurrent.TimeUnit;
import org.apereo.cas.authentication.principal.PersistentIdGenerator;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties;
import org.apereo.cas.logout.SingleLogoutServiceLogoutUrlBuilder;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.services.SamlIdPSingleLogoutServiceLogoutUrlBuilder;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.web.idp.profile.artifact.CasSamlArtifactMap;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.assertion.SamlProfileSamlAssertionBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.attr.SamlProfileSamlAttributeStatementBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.authn.AuthnContextClassRefBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.authn.DefaultAuthnContextClassRefBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.authn.SamlProfileSamlAuthNStatementBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.conditions.SamlProfileSamlConditionsBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.BaseSamlObjectSigner;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlAttributeEncoder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectEncrypter;
import org.apereo.cas.support.saml.web.idp.profile.builders.nameid.SamlProfileSamlNameIdBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.artifact.SamlProfileArtifactFaultResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.artifact.SamlProfileArtifactResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.query.SamlProfileAttributeQueryFaultResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.query.SamlProfileAttributeQueryResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.soap.SamlProfileSamlSoap11FaultResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.soap.SamlProfileSamlSoap11ResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.subject.SamlProfileSamlSubjectBuilder;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.ticket.artifact.DefaultSamlArtifactTicketFactory;
import org.apereo.cas.ticket.artifact.SamlArtifactTicketExpirationPolicy;
import org.apereo.cas.ticket.artifact.SamlArtifactTicketFactory;
import org.apereo.cas.ticket.query.DefaultSamlAttributeQueryTicketFactory;
import org.apereo.cas.ticket.query.SamlAttributeQueryTicketExpirationPolicy;
import org.apereo.cas.ticket.query.SamlAttributeQueryTicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.web.UrlValidator;
import org.apereo.cas.web.support.CookieRetrievingCookieGenerator;
import org.opensaml.saml.common.binding.artifact.SAMLArtifactMap;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Subject;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.ui.velocity.VelocityEngineFactory;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("samlIdPConfiguration")
/* loaded from: input_file:org/apereo/cas/config/SamlIdPConfiguration.class */
public class SamlIdPConfiguration {

    @Autowired
    @Qualifier("ticketGrantingTicketCookieGenerator")
    private CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator;

    @Autowired
    @Qualifier("ticketRegistry")
    private TicketRegistry ticketRegistry;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("defaultSamlRegisteredServiceCachingMetadataResolver")
    private SamlRegisteredServiceCachingMetadataResolver defaultSamlRegisteredServiceCachingMetadataResolver;

    @Autowired
    @Qualifier("casSamlIdPMetadataResolver")
    private MetadataResolver casSamlIdPMetadataResolver;

    @Autowired
    @Qualifier("shibbolethCompatiblePersistentIdGenerator")
    private PersistentIdGenerator shibbolethCompatiblePersistentIdGenerator;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("shibboleth.OpenSAMLConfig")
    private OpenSamlConfigBean openSamlConfigBean;

    @Autowired
    @Qualifier("shibboleth.VelocityEngine")
    private VelocityEngineFactory velocityEngineFactory;

    @Autowired
    @Qualifier("webApplicationServiceFactory")
    private ServiceFactory webApplicationServiceFactory;

    @Autowired
    @Qualifier("urlValidator")
    private UrlValidator urlValidator;

    @Bean
    public SingleLogoutServiceLogoutUrlBuilder singleLogoutServiceLogoutUrlBuilder() {
        return new SamlIdPSingleLogoutServiceLogoutUrlBuilder(this.servicesManager, this.defaultSamlRegisteredServiceCachingMetadataResolver, this.urlValidator);
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlResponseBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Response> samlProfileSamlResponseBuilder() {
        return new SamlProfileSaml2ResponseBuilder(this.openSamlConfigBean, samlObjectSigner(), this.velocityEngineFactory, samlProfileSamlAssertionBuilder(), samlObjectEncrypter(), this.ticketRegistry, samlArtifactTicketFactory(), this.ticketGrantingTicketCookieGenerator, samlArtifactMap(), samlAttributeQueryTicketFactory());
    }

    @ConditionalOnMissingBean(name = {"samlArtifactTicketFactory"})
    @RefreshScope
    @Bean
    public SamlArtifactTicketFactory samlArtifactTicketFactory() {
        return new DefaultSamlArtifactTicketFactory(samlArtifactTicketExpirationPolicy(), this.openSamlConfigBean, this.webApplicationServiceFactory);
    }

    @ConditionalOnMissingBean(name = {"samlArtifactTicketExpirationPolicy"})
    @RefreshScope
    @Bean
    public ExpirationPolicy samlArtifactTicketExpirationPolicy() {
        return new SamlArtifactTicketExpirationPolicy(this.casProperties.getTicket().getSt().getTimeToKillInSeconds());
    }

    @RefreshScope
    @Bean
    public SAMLArtifactMap samlArtifactMap() {
        try {
            CasSamlArtifactMap casSamlArtifactMap = new CasSamlArtifactMap(this.ticketRegistry, samlArtifactTicketFactory(), this.ticketGrantingTicketCookieGenerator);
            casSamlArtifactMap.initialize();
            casSamlArtifactMap.setArtifactLifetime(TimeUnit.SECONDS.toMillis(samlArtifactTicketExpirationPolicy().getTimeToLive().longValue()));
            return casSamlArtifactMap;
        } catch (Exception e) {
            throw new BeanCreationException(e.getMessage(), e);
        }
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlSubjectBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Subject> samlProfileSamlSubjectBuilder() {
        return new SamlProfileSamlSubjectBuilder(this.openSamlConfigBean, samlProfileSamlNameIdBuilder(), this.casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlSoap11FaultResponseBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<org.opensaml.saml.saml2.ecp.Response> samlProfileSamlSoap11FaultResponseBuilder() {
        return new SamlProfileSamlSoap11FaultResponseBuilder(this.openSamlConfigBean, samlObjectSigner(), this.velocityEngineFactory, samlProfileSamlAssertionBuilder(), samlProfileSamlResponseBuilder(), samlObjectEncrypter());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlSoap11ResponseBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<org.opensaml.saml.saml2.ecp.Response> samlProfileSamlSoap11ResponseBuilder() {
        return new SamlProfileSamlSoap11ResponseBuilder(this.openSamlConfigBean, samlObjectSigner(), this.velocityEngineFactory, samlProfileSamlAssertionBuilder(), samlProfileSamlResponseBuilder(), samlObjectEncrypter());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlArtifactFaultResponseBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Response> samlProfileSamlArtifactFaultResponseBuilder() {
        return new SamlProfileArtifactFaultResponseBuilder(this.openSamlConfigBean, samlObjectSigner(), this.velocityEngineFactory, samlProfileSamlAssertionBuilder(), samlProfileSamlResponseBuilder(), samlObjectEncrypter());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlArtifactResponseBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Response> samlProfileSamlArtifactResponseBuilder() {
        return new SamlProfileArtifactResponseBuilder(this.openSamlConfigBean, samlObjectSigner(), this.velocityEngineFactory, samlProfileSamlAssertionBuilder(), samlProfileSamlResponseBuilder(), samlObjectEncrypter());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlNameIdBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<NameID> samlProfileSamlNameIdBuilder() {
        return new SamlProfileSamlNameIdBuilder(this.openSamlConfigBean, this.shibbolethCompatiblePersistentIdGenerator);
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlConditionsBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Conditions> samlProfileSamlConditionsBuilder() {
        return new SamlProfileSamlConditionsBuilder(this.openSamlConfigBean);
    }

    @ConditionalOnMissingBean(name = {"defaultAuthnContextClassRefBuilder"})
    @RefreshScope
    @Bean
    public AuthnContextClassRefBuilder defaultAuthnContextClassRefBuilder() {
        return new DefaultAuthnContextClassRefBuilder(this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlAssertionBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Assertion> samlProfileSamlAssertionBuilder() {
        return new SamlProfileSamlAssertionBuilder(this.openSamlConfigBean, samlProfileSamlAuthNStatementBuilder(), samlProfileSamlAttributeStatementBuilder(), samlProfileSamlSubjectBuilder(), samlProfileSamlConditionsBuilder(), samlObjectSigner());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlAuthNStatementBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<AuthnStatement> samlProfileSamlAuthNStatementBuilder() {
        return new SamlProfileSamlAuthNStatementBuilder(this.openSamlConfigBean, defaultAuthnContextClassRefBuilder());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlAttributeStatementBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<AttributeStatement> samlProfileSamlAttributeStatementBuilder() {
        return new SamlProfileSamlAttributeStatementBuilder(this.openSamlConfigBean, new SamlAttributeEncoder());
    }

    @ConditionalOnMissingBean(name = {"samlObjectEncrypter"})
    @RefreshScope
    @Bean
    public SamlObjectEncrypter samlObjectEncrypter() {
        SamlIdPProperties.Algorithms algs = this.casProperties.getAuthn().getSamlIdp().getAlgs();
        return new SamlObjectEncrypter(algs.getOverrideDataEncryptionAlgorithms(), algs.getOverrideKeyEncryptionAlgorithms(), algs.getOverrideBlackListedEncryptionAlgorithms(), algs.getOverrideWhiteListedAlgorithms());
    }

    @ConditionalOnMissingBean(name = {"samlObjectSigner"})
    @RefreshScope
    @Bean
    public BaseSamlObjectSigner samlObjectSigner() {
        SamlIdPProperties.Algorithms algs = this.casProperties.getAuthn().getSamlIdp().getAlgs();
        return new BaseSamlObjectSigner(algs.getOverrideSignatureReferenceDigestMethods(), algs.getOverrideSignatureAlgorithms(), algs.getOverrideBlackListedSignatureSigningAlgorithms(), algs.getOverrideWhiteListedSignatureSigningAlgorithms(), this.casSamlIdPMetadataResolver);
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlAttributeQueryFaultResponseBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Response> samlProfileSamlAttributeQueryFaultResponseBuilder() {
        return new SamlProfileAttributeQueryFaultResponseBuilder(this.openSamlConfigBean, samlObjectSigner(), this.velocityEngineFactory, samlProfileSamlAssertionBuilder(), samlProfileSamlResponseBuilder(), samlObjectEncrypter());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlAttributeQueryResponseBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Response> samlProfileSamlAttributeQueryResponseBuilder() {
        return new SamlProfileAttributeQueryResponseBuilder(this.openSamlConfigBean, samlObjectSigner(), this.velocityEngineFactory, samlProfileSamlAssertionBuilder(), samlProfileSamlResponseBuilder(), samlObjectEncrypter());
    }

    @ConditionalOnMissingBean(name = {"samlAttributeQueryTicketFactory"})
    @RefreshScope
    @Bean
    public SamlAttributeQueryTicketFactory samlAttributeQueryTicketFactory() {
        return new DefaultSamlAttributeQueryTicketFactory(samlAttributeQueryTicketExpirationPolicy(), this.openSamlConfigBean, this.webApplicationServiceFactory);
    }

    @ConditionalOnMissingBean(name = {"samlAttributeQueryTicketExpirationPolicy"})
    @RefreshScope
    @Bean
    public ExpirationPolicy samlAttributeQueryTicketExpirationPolicy() {
        return new SamlAttributeQueryTicketExpirationPolicy(this.casProperties.getTicket().getSt().getTimeToKillInSeconds());
    }
}
