package org.apereo.cas.config;

import java.util.concurrent.TimeUnit;
import org.apache.velocity.app.VelocityEngine;
import org.apereo.cas.audit.AuditTrailRecordResolutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.ProtocolAttributeEncoder;
import org.apereo.cas.authentication.attribute.AttributeDefinitionStore;
import org.apereo.cas.authentication.principal.PersistentIdGenerator;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.logout.LogoutExecutionPlanConfigurer;
import org.apereo.cas.logout.slo.SingleLogoutMessageCreator;
import org.apereo.cas.logout.slo.SingleLogoutServiceLogoutUrlBuilder;
import org.apereo.cas.logout.slo.SingleLogoutServiceMessageHandler;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.web.idp.audit.SamlRequestAuditResourceResolver;
import org.apereo.cas.support.saml.web.idp.audit.SamlResponseAuditPrincipalIdProvider;
import org.apereo.cas.support.saml.web.idp.audit.SamlResponseAuditResourceResolver;
import org.apereo.cas.support.saml.web.idp.profile.artifact.CasSamlArtifactMap;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.assertion.SamlProfileSamlAssertionBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.attr.SamlProfileSamlAttributeStatementBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.authn.AuthnContextClassRefBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.authn.DefaultAuthnContextClassRefBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.authn.SamlProfileSamlAuthNStatementBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.conditions.SamlProfileSamlConditionsBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectEncrypter;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.attribute.SamlAttributeEncoder;
import org.apereo.cas.support.saml.web.idp.profile.builders.nameid.SamlProfileSamlNameIdBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSamlResponseBuilderConfigurationContext;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.artifact.SamlProfileArtifactFaultResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.artifact.SamlProfileArtifactResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.query.SamlProfileAttributeQueryFaultResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.query.SamlProfileAttributeQueryResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.soap.SamlProfileSamlSoap11FaultResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.soap.SamlProfileSamlSoap11ResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.subject.SamlProfileSamlSubjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.slo.SamlIdPSingleLogoutServiceLogoutUrlBuilder;
import org.apereo.cas.support.saml.web.idp.profile.slo.SamlIdPSingleLogoutServiceMessageHandler;
import org.apereo.cas.support.saml.web.idp.profile.slo.SamlProfileSingleLogoutMessageCreator;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.artifact.DefaultSamlArtifactTicketFactory;
import org.apereo.cas.ticket.artifact.SamlArtifactTicketExpirationPolicyBuilder;
import org.apereo.cas.ticket.artifact.SamlArtifactTicketFactory;
import org.apereo.cas.ticket.query.DefaultSamlAttributeQueryTicketFactory;
import org.apereo.cas.ticket.query.SamlAttributeQueryTicketExpirationPolicyBuilder;
import org.apereo.cas.ticket.query.SamlAttributeQueryTicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.web.UrlValidator;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.inspektr.audit.spi.support.DefaultAuditActionResolver;
import org.opensaml.saml.common.binding.artifact.SAMLArtifactMap;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Subject;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("samlIdPConfiguration")
/* loaded from: input_file:org/apereo/cas/config/SamlIdPConfiguration.class */
public class SamlIdPConfiguration {

    @Autowired
    @Qualifier("ticketGrantingTicketCookieGenerator")
    private ObjectProvider<CasCookieBuilder> ticketGrantingTicketCookieGenerator;

    @Autowired
    @Qualifier("ticketRegistry")
    private ObjectProvider<TicketRegistry> ticketRegistry;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("defaultSamlRegisteredServiceCachingMetadataResolver")
    private ObjectProvider<SamlRegisteredServiceCachingMetadataResolver> defaultSamlRegisteredServiceCachingMetadataResolver;

    @Autowired
    @Qualifier("casSamlIdPMetadataResolver")
    private ObjectProvider<MetadataResolver> casSamlIdPMetadataResolver;

    @Autowired
    @Qualifier("shibbolethCompatiblePersistentIdGenerator")
    private ObjectProvider<PersistentIdGenerator> shibbolethCompatiblePersistentIdGenerator;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    @Qualifier("shibboleth.OpenSAMLConfig")
    private ObjectProvider<OpenSamlConfigBean> openSamlConfigBean;

    @Autowired
    @Qualifier("shibboleth.VelocityEngine")
    private ObjectProvider<VelocityEngine> velocityEngineFactory;

    @Autowired
    @Qualifier("samlIdPServiceFactory")
    private ObjectProvider<ServiceFactory> samlIdPServiceFactory;

    @Autowired
    @Qualifier("urlValidator")
    private ObjectProvider<UrlValidator> urlValidator;

    @Autowired
    @Qualifier("samlIdPMetadataLocator")
    private ObjectProvider<SamlIdPMetadataLocator> samlIdPMetadataLocator;

    @Autowired
    @Qualifier("noRedirectHttpClient")
    private ObjectProvider<HttpClient> httpClient;

    @Autowired
    @Qualifier("authenticationServiceSelectionPlan")
    private ObjectProvider<AuthenticationServiceSelectionPlan> authenticationServiceSelectionPlan;

    @Autowired
    @Qualifier("attributeDefinitionStore")
    private ObjectProvider<AttributeDefinitionStore> attributeDefinitionStore;

    @ConditionalOnMissingBean(name = {"samlSingleLogoutServiceLogoutUrlBuilder"})
    @Bean
    public SingleLogoutServiceLogoutUrlBuilder samlSingleLogoutServiceLogoutUrlBuilder() {
        return new SamlIdPSingleLogoutServiceLogoutUrlBuilder((ServicesManager) this.servicesManager.getObject(), (SamlRegisteredServiceCachingMetadataResolver) this.defaultSamlRegisteredServiceCachingMetadataResolver.getObject(), (UrlValidator) this.urlValidator.getObject());
    }

    @ConditionalOnMissingBean(name = {"samlLogoutBuilder"})
    @Bean
    public SingleLogoutMessageCreator samlLogoutBuilder() {
        return new SamlProfileSingleLogoutMessageCreator((OpenSamlConfigBean) this.openSamlConfigBean.getObject(), (ServicesManager) this.servicesManager.getObject(), (SamlRegisteredServiceCachingMetadataResolver) this.defaultSamlRegisteredServiceCachingMetadataResolver.getObject(), this.casProperties.getAuthn().getSamlIdp(), samlObjectSigner());
    }

    @ConditionalOnMissingBean(name = {"samlSingleLogoutServiceMessageHandler"})
    @Bean
    public SingleLogoutServiceMessageHandler samlSingleLogoutServiceMessageHandler() {
        return new SamlIdPSingleLogoutServiceMessageHandler((HttpClient) this.httpClient.getObject(), samlLogoutBuilder(), (ServicesManager) this.servicesManager.getObject(), samlSingleLogoutServiceLogoutUrlBuilder(), this.casProperties.getSlo().isAsynchronous(), (AuthenticationServiceSelectionPlan) this.authenticationServiceSelectionPlan.getObject(), (SamlRegisteredServiceCachingMetadataResolver) this.defaultSamlRegisteredServiceCachingMetadataResolver.getObject(), (VelocityEngine) this.velocityEngineFactory.getObject());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlResponseBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Response> samlProfileSamlResponseBuilder() {
        return new SamlProfileSaml2ResponseBuilder(getSamlResponseBuilderConfigurationContextBuilder().build());
    }

    @ConditionalOnMissingBean(name = {"samlArtifactTicketFactory"})
    @RefreshScope
    @Bean
    public SamlArtifactTicketFactory samlArtifactTicketFactory() {
        return new DefaultSamlArtifactTicketFactory(samlArtifactTicketExpirationPolicy(), (OpenSamlConfigBean) this.openSamlConfigBean.getObject(), (ServiceFactory) this.samlIdPServiceFactory.getObject());
    }

    @ConditionalOnMissingBean(name = {"samlArtifactTicketExpirationPolicy"})
    @RefreshScope
    @Bean
    public ExpirationPolicyBuilder samlArtifactTicketExpirationPolicy() {
        return new SamlArtifactTicketExpirationPolicyBuilder(this.casProperties);
    }

    @RefreshScope
    @Bean(initMethod = "initialize", destroyMethod = "destroy")
    public SAMLArtifactMap samlArtifactMap() {
        CasSamlArtifactMap casSamlArtifactMap = new CasSamlArtifactMap((TicketRegistry) this.ticketRegistry.getObject(), samlArtifactTicketFactory(), (CasCookieBuilder) this.ticketGrantingTicketCookieGenerator.getObject());
        casSamlArtifactMap.setArtifactLifetime(TimeUnit.SECONDS.toMillis(samlArtifactTicketExpirationPolicy().buildTicketExpirationPolicy().getTimeToLive().longValue()));
        return casSamlArtifactMap;
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlSubjectBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Subject> samlProfileSamlSubjectBuilder() {
        return new SamlProfileSamlSubjectBuilder((OpenSamlConfigBean) this.openSamlConfigBean.getObject(), samlProfileSamlNameIdBuilder(), this.casProperties, samlObjectEncrypter());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlSoap11FaultResponseBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<org.opensaml.saml.saml2.ecp.Response> samlProfileSamlSoap11FaultResponseBuilder() {
        return new SamlProfileSamlSoap11FaultResponseBuilder(getSamlResponseBuilderConfigurationContextBuilder().samlSoapResponseBuilder(samlProfileSamlResponseBuilder()).build());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlSoap11ResponseBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<org.opensaml.saml.saml2.ecp.Response> samlProfileSamlSoap11ResponseBuilder() {
        return new SamlProfileSamlSoap11ResponseBuilder(getSamlResponseBuilderConfigurationContextBuilder().samlSoapResponseBuilder(samlProfileSamlResponseBuilder()).build());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlArtifactFaultResponseBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Response> samlProfileSamlArtifactFaultResponseBuilder() {
        return new SamlProfileArtifactFaultResponseBuilder(getSamlResponseBuilderConfigurationContextBuilder().samlSoapResponseBuilder(samlProfileSamlResponseBuilder()).build());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlArtifactResponseBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Response> samlProfileSamlArtifactResponseBuilder() {
        return new SamlProfileArtifactResponseBuilder(getSamlResponseBuilderConfigurationContextBuilder().samlSoapResponseBuilder(samlProfileSamlResponseBuilder()).build());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlNameIdBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<NameID> samlProfileSamlNameIdBuilder() {
        return new SamlProfileSamlNameIdBuilder((OpenSamlConfigBean) this.openSamlConfigBean.getObject(), (PersistentIdGenerator) this.shibbolethCompatiblePersistentIdGenerator.getObject());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlConditionsBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Conditions> samlProfileSamlConditionsBuilder() {
        return new SamlProfileSamlConditionsBuilder((OpenSamlConfigBean) this.openSamlConfigBean.getObject(), this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"defaultAuthnContextClassRefBuilder"})
    @RefreshScope
    @Bean
    public AuthnContextClassRefBuilder defaultAuthnContextClassRefBuilder() {
        return new DefaultAuthnContextClassRefBuilder(this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlAssertionBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Assertion> samlProfileSamlAssertionBuilder() {
        return new SamlProfileSamlAssertionBuilder((OpenSamlConfigBean) this.openSamlConfigBean.getObject(), this.casProperties, samlProfileSamlAuthNStatementBuilder(), samlProfileSamlAttributeStatementBuilder(), samlProfileSamlSubjectBuilder(), samlProfileSamlConditionsBuilder(), samlObjectSigner());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlAuthNStatementBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<AuthnStatement> samlProfileSamlAuthNStatementBuilder() {
        return new SamlProfileSamlAuthNStatementBuilder((OpenSamlConfigBean) this.openSamlConfigBean.getObject(), defaultAuthnContextClassRefBuilder(), this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlAttributeStatementBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<AttributeStatement> samlProfileSamlAttributeStatementBuilder() {
        return new SamlProfileSamlAttributeStatementBuilder((OpenSamlConfigBean) this.openSamlConfigBean.getObject(), samlAttributeEncoder(), this.casProperties.getAuthn().getSamlIdp(), samlObjectEncrypter(), (AttributeDefinitionStore) this.attributeDefinitionStore.getObject());
    }

    @ConditionalOnMissingBean(name = {"samlAttributeEncoder"})
    @RefreshScope
    @Bean
    public ProtocolAttributeEncoder samlAttributeEncoder() {
        return new SamlAttributeEncoder();
    }

    @ConditionalOnMissingBean(name = {"samlObjectEncrypter"})
    @RefreshScope
    @Bean
    public SamlIdPObjectEncrypter samlObjectEncrypter() {
        return new SamlIdPObjectEncrypter(this.casProperties.getAuthn().getSamlIdp());
    }

    @ConditionalOnMissingBean(name = {"samlObjectSigner"})
    @RefreshScope
    @Bean
    public SamlIdPObjectSigner samlObjectSigner() {
        return new SamlIdPObjectSigner((MetadataResolver) this.casSamlIdPMetadataResolver.getObject(), this.casProperties, (SamlIdPMetadataLocator) this.samlIdPMetadataLocator.getObject());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlAttributeQueryFaultResponseBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Response> samlProfileSamlAttributeQueryFaultResponseBuilder() {
        return new SamlProfileAttributeQueryFaultResponseBuilder(getSamlResponseBuilderConfigurationContextBuilder().samlSoapResponseBuilder(samlProfileSamlResponseBuilder()).build());
    }

    @ConditionalOnMissingBean(name = {"samlProfileSamlAttributeQueryResponseBuilder"})
    @RefreshScope
    @Bean
    public SamlProfileObjectBuilder<Response> samlProfileSamlAttributeQueryResponseBuilder() {
        return new SamlProfileAttributeQueryResponseBuilder(getSamlResponseBuilderConfigurationContextBuilder().samlSoapResponseBuilder(samlProfileSamlResponseBuilder()).build());
    }

    @ConditionalOnMissingBean(name = {"samlAttributeQueryTicketFactory"})
    @RefreshScope
    @Bean
    public SamlAttributeQueryTicketFactory samlAttributeQueryTicketFactory() {
        return new DefaultSamlAttributeQueryTicketFactory(samlAttributeQueryTicketExpirationPolicy(), (ServiceFactory) this.samlIdPServiceFactory.getObject(), (OpenSamlConfigBean) this.openSamlConfigBean.getObject());
    }

    @ConditionalOnMissingBean(name = {"samlAttributeQueryTicketExpirationPolicy"})
    @RefreshScope
    @Bean
    public ExpirationPolicyBuilder samlAttributeQueryTicketExpirationPolicy() {
        return new SamlAttributeQueryTicketExpirationPolicyBuilder(this.casProperties);
    }

    @Bean
    public SamlResponseAuditPrincipalIdProvider samlResponseAuditPrincipalIdProvider() {
        return new SamlResponseAuditPrincipalIdProvider();
    }

    @Bean
    public LogoutExecutionPlanConfigurer casSamlIdPLogoutExecutionPlanConfigurer() {
        return logoutExecutionPlan -> {
            logoutExecutionPlan.registerSingleLogoutServiceMessageHandler(samlSingleLogoutServiceMessageHandler());
        };
    }

    @Bean
    public AuditTrailRecordResolutionPlanConfigurer casSamlIdPAuditTrailRecordResolutionPlanConfigurer() {
        return auditTrailRecordResolutionPlan -> {
            auditTrailRecordResolutionPlan.registerAuditResourceResolver("SAML2_RESPONSE_RESOURCE_RESOLVER", new SamlResponseAuditResourceResolver());
            auditTrailRecordResolutionPlan.registerAuditActionResolver("SAML2_RESPONSE_ACTION_RESOLVER", new DefaultAuditActionResolver("_CREATED", "_CREATED"));
            auditTrailRecordResolutionPlan.registerAuditResourceResolver("SAML2_REQUEST_RESOURCE_RESOLVER", new SamlRequestAuditResourceResolver());
            auditTrailRecordResolutionPlan.registerAuditActionResolver("SAML2_REQUEST_ACTION_RESOLVER", new DefaultAuditActionResolver("_CREATED", "_CREATED"));
        };
    }

    private SamlProfileSamlResponseBuilderConfigurationContext.SamlProfileSamlResponseBuilderConfigurationContextBuilder getSamlResponseBuilderConfigurationContextBuilder() {
        return SamlProfileSamlResponseBuilderConfigurationContext.builder().openSamlConfigBean((OpenSamlConfigBean) this.openSamlConfigBean.getObject()).samlObjectSigner(samlObjectSigner()).velocityEngineFactory((VelocityEngine) this.velocityEngineFactory.getObject()).samlProfileSamlAssertionBuilder(samlProfileSamlAssertionBuilder()).samlObjectEncrypter(samlObjectEncrypter()).ticketGrantingTicketCookieGenerator((CasCookieBuilder) this.ticketGrantingTicketCookieGenerator.getObject()).ticketRegistry((TicketRegistry) this.ticketRegistry.getObject()).samlArtifactTicketFactory(samlArtifactTicketFactory()).samlArtifactMap(samlArtifactMap()).samlAttributeQueryTicketFactory(samlAttributeQueryTicketFactory()).casProperties(this.casProperties);
    }
}
