package org.apereo.cas.config;

import java.net.URL;
import lombok.Generated;
import org.apache.commons.lang3.RegExUtils;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.InMemoryResourceMetadataResolver;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.idp.metadata.generator.FileSystemSamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGeneratorConfigurationContext;
import org.apereo.cas.support.saml.idp.metadata.locator.FileSystemSamlIdPMetadataLocator;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator;
import org.apereo.cas.support.saml.idp.metadata.writer.DefaultSamlIdPCertificateAndKeyWriter;
import org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataHealthIndicator;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceMetadataResolverCacheLoader;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.ClasspathResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.FileSystemResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.GroovyResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.JsonResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.MetadataQueryProtocolMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.plan.DefaultSamlRegisteredServiceMetadataResolutionPlan;
import org.apereo.cas.support.saml.services.idp.metadata.plan.SamlRegisteredServiceMetadataResolutionPlan;
import org.apereo.cas.support.saml.services.idp.metadata.plan.SamlRegisteredServiceMetadataResolutionPlanConfigurator;
import org.apereo.cas.support.saml.util.NonInflatingSaml20ObjectBuilder;
import org.apereo.cas.support.saml.web.idp.metadata.SamlIdPMetadataController;
import org.apereo.cas.support.saml.web.idp.metadata.SamlRegisteredServiceCachedMetadataEndpoint;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlPostProfileHandlerEndpoint;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.http.HttpClient;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.saml2.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnEnabledEndpoint;
import org.springframework.boot.actuate.autoconfigure.health.ConditionalOnEnabledHealthIndicator;
import org.springframework.boot.actuate.health.HealthIndicator;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.io.ResourceLoader;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("samlIdPMetadataConfiguration")
/* loaded from: input_file:org/apereo/cas/config/SamlIdPMetadataConfiguration.class */
public class SamlIdPMetadataConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlIdPMetadataConfiguration.class);

    @Autowired
    private ResourceLoader resourceLoader;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    @Qualifier("noRedirectHttpClient")
    private ObjectProvider<HttpClient> httpClient;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private ApplicationContext applicationContext;

    @Autowired
    @Qualifier("shibboleth.OpenSAMLConfig")
    private ObjectProvider<OpenSamlConfigBean> openSamlConfigBean;

    @Autowired
    @Qualifier("registeredServiceAccessStrategyEnforcer")
    private ObjectProvider<AuditableExecution> registeredServiceAccessStrategyEnforcer;

    @Autowired
    @Qualifier("defaultAuthenticationSystemSupport")
    private ObjectProvider<AuthenticationSystemSupport> authenticationSystemSupport;

    @Autowired
    @Qualifier("webApplicationServiceFactory")
    private ObjectProvider<ServiceFactory<WebApplicationService>> webApplicationServiceFactory;

    @Autowired
    @Qualifier("samlProfileSamlResponseBuilder")
    private ObjectProvider<SamlProfileObjectBuilder<Response>> samlProfileSamlResponseBuilder;

    @DependsOn({"samlIdPMetadataGenerator"})
    @Autowired
    @Lazy
    @Bean(initMethod = "initialize", destroyMethod = "destroy")
    public MetadataResolver casSamlIdPMetadataResolver(@Qualifier("samlIdPMetadataLocator") SamlIdPMetadataLocator samlIdPMetadataLocator) {
        SamlIdPProperties samlIdp = this.casProperties.getAuthn().getSamlIdp();
        InMemoryResourceMetadataResolver inMemoryResourceMetadataResolver = new InMemoryResourceMetadataResolver(samlIdPMetadataLocator.getMetadata(), (OpenSamlConfigBean) this.openSamlConfigBean.getObject());
        inMemoryResourceMetadataResolver.setParserPool(((OpenSamlConfigBean) this.openSamlConfigBean.getIfAvailable()).getParserPool());
        inMemoryResourceMetadataResolver.setFailFastInitialization(samlIdp.getMetadata().isFailFast());
        inMemoryResourceMetadataResolver.setRequireValidMetadata(samlIdp.getMetadata().isRequireValidMetadata());
        inMemoryResourceMetadataResolver.setId(samlIdp.getEntityId());
        return inMemoryResourceMetadataResolver;
    }

    @RefreshScope
    @Bean
    public SamlIdPMetadataController samlIdPMetadataController() {
        return new SamlIdPMetadataController(samlIdPMetadataGenerator(), samlIdPMetadataLocator());
    }

    @ConditionalOnMissingBean(name = {"samlIdPMetadataGenerator"})
    @Bean(initMethod = "initialize")
    public SamlIdPMetadataGenerator samlIdPMetadataGenerator() {
        SamlIdPProperties samlIdp = this.casProperties.getAuthn().getSamlIdp();
        return new FileSystemSamlIdPMetadataGenerator(SamlIdPMetadataGeneratorConfigurationContext.builder().samlIdPMetadataLocator(samlIdPMetadataLocator()).samlIdPCertificateAndKeyWriter(samlSelfSignedCertificateWriter()).entityId(samlIdp.getEntityId()).resourceLoader(this.resourceLoader).casServerPrefix(this.casProperties.getServer().getPrefix()).scope(samlIdp.getScope()).metadataCipherExecutor(CipherExecutor.noOpOfStringToString()).build());
    }

    @ConditionalOnMissingBean(name = {"samlSelfSignedCertificateWriter"})
    @Bean
    public SamlIdPCertificateAndKeyWriter samlSelfSignedCertificateWriter() {
        URL url = new URL(this.casProperties.getServer().getPrefix());
        DefaultSamlIdPCertificateAndKeyWriter defaultSamlIdPCertificateAndKeyWriter = new DefaultSamlIdPCertificateAndKeyWriter();
        defaultSamlIdPCertificateAndKeyWriter.setHostname(url.getHost());
        defaultSamlIdPCertificateAndKeyWriter.setUriSubjectAltNames(CollectionUtils.wrap(url.getHost().concat("/idp/metadata")));
        return defaultSamlIdPCertificateAndKeyWriter;
    }

    @ConditionalOnMissingBean(name = {"samlIdPMetadataLocator"})
    @Bean
    public SamlIdPMetadataLocator samlIdPMetadataLocator() {
        return new FileSystemSamlIdPMetadataLocator(this.casProperties.getAuthn().getSamlIdp().getMetadata().getLocation());
    }

    @ConditionalOnMissingBean(name = {"chainingMetadataResolverCacheLoader"})
    @RefreshScope
    @Bean
    public SamlRegisteredServiceMetadataResolverCacheLoader chainingMetadataResolverCacheLoader() {
        return new SamlRegisteredServiceMetadataResolverCacheLoader((OpenSamlConfigBean) this.openSamlConfigBean.getIfAvailable(), (HttpClient) this.httpClient.getIfAvailable(), samlRegisteredServiceMetadataResolvers());
    }

    @ConditionalOnMissingBean(name = {"samlRegisteredServiceMetadataResolvers"})
    @Bean
    public SamlRegisteredServiceMetadataResolutionPlan samlRegisteredServiceMetadataResolvers() {
        DefaultSamlRegisteredServiceMetadataResolutionPlan defaultSamlRegisteredServiceMetadataResolutionPlan = new DefaultSamlRegisteredServiceMetadataResolutionPlan();
        SamlIdPProperties samlIdp = this.casProperties.getAuthn().getSamlIdp();
        OpenSamlConfigBean openSamlConfigBean = (OpenSamlConfigBean) this.openSamlConfigBean.getIfAvailable();
        defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new MetadataQueryProtocolMetadataResolver(samlIdp, openSamlConfigBean));
        defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new JsonResourceMetadataResolver(samlIdp, openSamlConfigBean));
        defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new FileSystemResourceMetadataResolver(samlIdp, openSamlConfigBean));
        defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new UrlResourceMetadataResolver(samlIdp, openSamlConfigBean));
        defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new ClasspathResourceMetadataResolver(samlIdp, openSamlConfigBean));
        defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new GroovyResourceMetadataResolver(samlIdp, openSamlConfigBean));
        this.applicationContext.getBeansOfType(SamlRegisteredServiceMetadataResolutionPlanConfigurator.class, false, true).values().forEach(samlRegisteredServiceMetadataResolutionPlanConfigurator -> {
            LOGGER.trace("Configuring saml metadata resolution plan [{}]", RegExUtils.removePattern(samlRegisteredServiceMetadataResolutionPlanConfigurator.getClass().getSimpleName(), "\\$.+"));
            samlRegisteredServiceMetadataResolutionPlanConfigurator.configureMetadataResolutionPlan(defaultSamlRegisteredServiceMetadataResolutionPlan);
        });
        return defaultSamlRegisteredServiceMetadataResolutionPlan;
    }

    @ConditionalOnMissingBean(name = {"defaultSamlRegisteredServiceCachingMetadataResolver"})
    @RefreshScope
    @Bean
    public SamlRegisteredServiceCachingMetadataResolver defaultSamlRegisteredServiceCachingMetadataResolver() {
        return new SamlRegisteredServiceDefaultCachingMetadataResolver(this.casProperties.getAuthn().getSamlIdp().getMetadata().getCacheExpirationMinutes(), chainingMetadataResolverCacheLoader());
    }

    @ConditionalOnMissingBean(name = {"samlRegisteredServiceMetadataHealthIndicator"})
    @ConditionalOnEnabledHealthIndicator("samlRegisteredServiceMetadataHealthIndicator")
    @Bean
    public HealthIndicator samlRegisteredServiceMetadataHealthIndicator() {
        return new SamlRegisteredServiceMetadataHealthIndicator(samlRegisteredServiceMetadataResolvers(), (ServicesManager) this.servicesManager.getIfAvailable());
    }

    @ConditionalOnEnabledEndpoint
    @Bean
    public SamlRegisteredServiceCachedMetadataEndpoint samlRegisteredServiceCachedMetadataEndpoint() {
        return new SamlRegisteredServiceCachedMetadataEndpoint(this.casProperties, defaultSamlRegisteredServiceCachingMetadataResolver(), (ServicesManager) this.servicesManager.getIfAvailable(), (AuditableExecution) this.registeredServiceAccessStrategyEnforcer.getIfAvailable(), (OpenSamlConfigBean) this.openSamlConfigBean.getIfAvailable());
    }

    @ConditionalOnEnabledEndpoint
    @Bean
    public SSOSamlPostProfileHandlerEndpoint ssoSamlPostProfileHandlerEndpoint() {
        return new SSOSamlPostProfileHandlerEndpoint(this.casProperties, (ServicesManager) this.servicesManager.getIfAvailable(), (AuthenticationSystemSupport) this.authenticationSystemSupport.getIfAvailable(), (ServiceFactory) this.webApplicationServiceFactory.getIfAvailable(), PrincipalFactoryUtils.newPrincipalFactory(), (SamlProfileObjectBuilder) this.samlProfileSamlResponseBuilder.getIfAvailable(), defaultSamlRegisteredServiceCachingMetadataResolver(), new NonInflatingSaml20ObjectBuilder((OpenSamlConfigBean) this.openSamlConfigBean.getIfAvailable()));
    }
}
