package org.apereo.cas.config;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import lombok.Generated;
import org.apache.velocity.app.VelocityEngine;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.idp.DefaultSamlIdPCasEventListener;
import org.apereo.cas.support.saml.idp.SamlIdPCasEventListener;
import org.apereo.cas.support.saml.idp.metadata.generator.FileSystemSamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGeneratorConfigurationContext;
import org.apereo.cas.support.saml.idp.metadata.locator.FileSystemSamlIdPMetadataLocator;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver;
import org.apereo.cas.support.saml.idp.metadata.writer.DefaultSamlIdPCertificateAndKeyWriter;
import org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter;
import org.apereo.cas.support.saml.services.idp.metadata.SamlIdPMetadataDocument;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataHealthIndicator;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceMetadataResolverCacheLoader;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.ClasspathResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.FileSystemResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.GroovyResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.JsonResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.MetadataQueryProtocolMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.plan.DefaultSamlRegisteredServiceMetadataResolutionPlan;
import org.apereo.cas.support.saml.services.idp.metadata.plan.SamlRegisteredServiceMetadataResolutionPlan;
import org.apereo.cas.support.saml.services.idp.metadata.plan.SamlRegisteredServiceMetadataResolutionPlanConfigurer;
import org.apereo.cas.support.saml.util.NonInflatingSaml20ObjectBuilder;
import org.apereo.cas.support.saml.web.idp.metadata.SamlIdPMetadataController;
import org.apereo.cas.support.saml.web.idp.metadata.SamlRegisteredServiceCachedMetadataEndpoint;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPPostProfileHandlerEndpoint;
import org.apereo.cas.support.saml.web.idp.web.SamlIdPErrorController;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.saml2.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnAvailableEndpoint;
import org.springframework.boot.actuate.autoconfigure.health.ConditionalOnEnabledHealthIndicator;
import org.springframework.boot.actuate.health.HealthIndicator;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "SamlIdPMetadataConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:org/apereo/cas/config/SamlIdPMetadataConfiguration.class */
public class SamlIdPMetadataConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlIdPMetadataConfiguration.class);

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPMetadataCacheConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPMetadataConfiguration$SamlIdPMetadataCacheConfiguration.class */
    public static class SamlIdPMetadataCacheConfiguration {
        @ConditionalOnMissingBean(name = {"samlIdPMetadataCache"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Cache<String, SamlIdPMetadataDocument> samlIdPMetadataCache(CasConfigurationProperties casConfigurationProperties) {
            return Caffeine.newBuilder().initialCapacity(10).maximumSize(100L).expireAfterAccess(Beans.newDuration(casConfigurationProperties.getAuthn().getSamlIdp().getMetadata().getCore().getCacheExpiration())).build();
        }

        @ConditionalOnMissingBean(name = {"chainingMetadataResolverCacheLoader"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlRegisteredServiceMetadataResolverCacheLoader chainingMetadataResolverCacheLoader(@Qualifier("samlRegisteredServiceMetadataResolvers") SamlRegisteredServiceMetadataResolutionPlan samlRegisteredServiceMetadataResolutionPlan, @Qualifier("httpClient") HttpClient httpClient, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) {
            return new SamlRegisteredServiceMetadataResolverCacheLoader(openSamlConfigBean, httpClient, samlRegisteredServiceMetadataResolutionPlan);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPMetadataContextConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPMetadataConfiguration$SamlIdPMetadataContextConfiguration.class */
    public static class SamlIdPMetadataContextConfiguration {
        @ConditionalOnMissingBean(name = {"samlIdPMetadataGeneratorConfigurationContext"})
        @Bean
        public SamlIdPMetadataGeneratorConfigurationContext samlIdPMetadataGeneratorConfigurationContext(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("samlIdPMetadataLocator") SamlIdPMetadataLocator samlIdPMetadataLocator, @Qualifier("samlSelfSignedCertificateWriter") SamlIdPCertificateAndKeyWriter samlIdPCertificateAndKeyWriter, @Qualifier("samlIdPMetadataGeneratorCipherExecutor") CipherExecutor cipherExecutor, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, @Qualifier("velocityEngineFactoryBean") VelocityEngine velocityEngine) throws Exception {
            return SamlIdPMetadataGeneratorConfigurationContext.builder().samlIdPMetadataLocator(samlIdPMetadataLocator).samlIdPCertificateAndKeyWriter(samlIdPCertificateAndKeyWriter).applicationContext(configurableApplicationContext).metadataCipherExecutor(cipherExecutor).casProperties(casConfigurationProperties).openSamlConfigBean(openSamlConfigBean).velocityEngine(velocityEngine).build();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPMetadataEndpointConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPMetadataConfiguration$SamlIdPMetadataEndpointConfiguration.class */
    public static class SamlIdPMetadataEndpointConfiguration {
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlIdPErrorController samlIdPErrorController() {
            return new SamlIdPErrorController();
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlIdPMetadataController samlIdPMetadataController(@Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, @Qualifier("samlIdPMetadataGenerator") SamlIdPMetadataGenerator samlIdPMetadataGenerator, @Qualifier("samlIdPMetadataLocator") SamlIdPMetadataLocator samlIdPMetadataLocator, @Qualifier("servicesManager") ServicesManager servicesManager) throws Exception {
            return new SamlIdPMetadataController(samlIdPMetadataGenerator, samlIdPMetadataLocator, servicesManager, serviceFactory);
        }

        @ConditionalOnMissingBean(name = {"samlRegisteredServiceMetadataHealthIndicator"})
        @ConditionalOnEnabledHealthIndicator("samlRegisteredServiceMetadataHealthIndicator")
        @Bean
        public HealthIndicator samlRegisteredServiceMetadataHealthIndicator(@Qualifier("samlRegisteredServiceMetadataResolvers") SamlRegisteredServiceMetadataResolutionPlan samlRegisteredServiceMetadataResolutionPlan, @Qualifier("servicesManager") ServicesManager servicesManager) {
            return new SamlRegisteredServiceMetadataHealthIndicator(samlRegisteredServiceMetadataResolutionPlan, servicesManager);
        }

        @ConditionalOnAvailableEndpoint
        @Bean
        public SamlRegisteredServiceCachedMetadataEndpoint samlRegisteredServiceCachedMetadataEndpoint(CasConfigurationProperties casConfigurationProperties, @Qualifier("defaultSamlRegisteredServiceCachingMetadataResolver") SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution) {
            return new SamlRegisteredServiceCachedMetadataEndpoint(casConfigurationProperties, samlRegisteredServiceCachingMetadataResolver, servicesManager, auditableExecution, openSamlConfigBean);
        }

        @ConditionalOnAvailableEndpoint
        @Bean
        public SSOSamlIdPPostProfileHandlerEndpoint ssoSamlPostProfileHandlerEndpoint(CasConfigurationProperties casConfigurationProperties, @Qualifier("defaultSamlRegisteredServiceCachingMetadataResolver") SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, @Qualifier("defaultAuthenticationSystemSupport") AuthenticationSystemSupport authenticationSystemSupport, @Qualifier("samlProfileSamlResponseBuilder") SamlProfileObjectBuilder<Response> samlProfileObjectBuilder, @Qualifier("samlIdPServiceFactory") ServiceFactory serviceFactory) {
            return new SSOSamlIdPPostProfileHandlerEndpoint(casConfigurationProperties, servicesManager, authenticationSystemSupport, serviceFactory, PrincipalFactoryUtils.newPrincipalFactory(), samlProfileObjectBuilder, samlRegisteredServiceCachingMetadataResolver, new NonInflatingSaml20ObjectBuilder(openSamlConfigBean));
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPMetadataGenerationConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPMetadataConfiguration$SamlIdPMetadataGenerationConfiguration.class */
    public static class SamlIdPMetadataGenerationConfiguration {
        @ConditionalOnMissingBean(name = {"samlIdPMetadataGenerator"})
        @Bean
        public SamlIdPMetadataGenerator samlIdPMetadataGenerator(@Qualifier("samlIdPMetadataGeneratorConfigurationContext") SamlIdPMetadataGeneratorConfigurationContext samlIdPMetadataGeneratorConfigurationContext) throws Exception {
            return new FileSystemSamlIdPMetadataGenerator(samlIdPMetadataGeneratorConfigurationContext);
        }

        @ConditionalOnMissingBean(name = {"samlSelfSignedCertificateWriter"})
        @Bean
        public SamlIdPCertificateAndKeyWriter samlSelfSignedCertificateWriter(CasConfigurationProperties casConfigurationProperties) throws Exception {
            URL url = new URL(casConfigurationProperties.getServer().getPrefix());
            DefaultSamlIdPCertificateAndKeyWriter defaultSamlIdPCertificateAndKeyWriter = new DefaultSamlIdPCertificateAndKeyWriter();
            defaultSamlIdPCertificateAndKeyWriter.setHostname(url.getHost());
            defaultSamlIdPCertificateAndKeyWriter.setUriSubjectAltNames(CollectionUtils.wrap(url.getHost().concat("/idp/metadata")));
            return defaultSamlIdPCertificateAndKeyWriter;
        }

        @ConditionalOnMissingBean(name = {"samlIdPMetadataGeneratorCipherExecutor"})
        @Bean
        public CipherExecutor samlIdPMetadataGeneratorCipherExecutor() {
            return CipherExecutor.noOpOfStringToString();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPMetadataInitializationConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPMetadataConfiguration$SamlIdPMetadataInitializationConfiguration.class */
    public static class SamlIdPMetadataInitializationConfiguration {
        @Bean
        public SamlIdPCasEventListener samlIdPCasEventListener(@Qualifier("samlIdPMetadataGenerator") SamlIdPMetadataGenerator samlIdPMetadataGenerator) {
            return new DefaultSamlIdPCasEventListener(samlIdPMetadataGenerator);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPMetadataLocatorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPMetadataConfiguration$SamlIdPMetadataLocatorConfiguration.class */
    public static class SamlIdPMetadataLocatorConfiguration {
        @ConditionalOnMissingBean(name = {"samlIdPMetadataLocator"})
        @Bean
        public SamlIdPMetadataLocator samlIdPMetadataLocator(CasConfigurationProperties casConfigurationProperties, @Qualifier("samlIdPMetadataCache") Cache<String, SamlIdPMetadataDocument> cache) throws Exception {
            return new FileSystemSamlIdPMetadataLocator(ResourceUtils.getRawResourceFrom(SpringExpressionLanguageValueResolver.getInstance().resolve(casConfigurationProperties.getAuthn().getSamlIdp().getMetadata().getFileSystem().getLocation())), cache);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPMetadataResolutionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPMetadataConfiguration$SamlIdPMetadataResolutionConfiguration.class */
    public static class SamlIdPMetadataResolutionConfiguration {
        @ConditionalOnMissingBean(name = {"samlRegisteredServiceMetadataResolvers"})
        @Bean
        public SamlRegisteredServiceMetadataResolutionPlan samlRegisteredServiceMetadataResolvers(ObjectProvider<List<SamlRegisteredServiceMetadataResolutionPlanConfigurer>> objectProvider, CasConfigurationProperties casConfigurationProperties, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) {
            DefaultSamlRegisteredServiceMetadataResolutionPlan defaultSamlRegisteredServiceMetadataResolutionPlan = new DefaultSamlRegisteredServiceMetadataResolutionPlan();
            SamlIdPProperties samlIdp = casConfigurationProperties.getAuthn().getSamlIdp();
            defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new MetadataQueryProtocolMetadataResolver(samlIdp, openSamlConfigBean));
            defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new JsonResourceMetadataResolver(samlIdp, openSamlConfigBean));
            defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new FileSystemResourceMetadataResolver(samlIdp, openSamlConfigBean));
            defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new UrlResourceMetadataResolver(samlIdp, openSamlConfigBean));
            defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new ClasspathResourceMetadataResolver(samlIdp, openSamlConfigBean));
            defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new GroovyResourceMetadataResolver(samlIdp, openSamlConfigBean));
            ((List) Optional.ofNullable((List) objectProvider.getIfAvailable()).orElseGet(ArrayList::new)).forEach(samlRegisteredServiceMetadataResolutionPlanConfigurer -> {
                SamlIdPMetadataConfiguration.LOGGER.trace("Configuring saml metadata resolution plan [{}]", samlRegisteredServiceMetadataResolutionPlanConfigurer.getName());
                samlRegisteredServiceMetadataResolutionPlanConfigurer.configureMetadataResolutionPlan(defaultSamlRegisteredServiceMetadataResolutionPlan);
            });
            return defaultSamlRegisteredServiceMetadataResolutionPlan;
        }

        @DependsOn({"samlIdPMetadataGenerator"})
        @Lazy
        @Bean(initMethod = "initialize", destroyMethod = "destroy")
        public MetadataResolver casSamlIdPMetadataResolver(CasConfigurationProperties casConfigurationProperties, @Qualifier("samlIdPMetadataLocator") SamlIdPMetadataLocator samlIdPMetadataLocator, @Qualifier("samlIdPMetadataGenerator") SamlIdPMetadataGenerator samlIdPMetadataGenerator, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) throws Exception {
            SamlIdPProperties samlIdp = casConfigurationProperties.getAuthn().getSamlIdp();
            SamlIdPMetadataResolver samlIdPMetadataResolver = new SamlIdPMetadataResolver(samlIdPMetadataLocator, samlIdPMetadataGenerator, openSamlConfigBean, casConfigurationProperties);
            samlIdPMetadataResolver.setFailFastInitialization(samlIdp.getMetadata().getCore().isFailFast());
            samlIdPMetadataResolver.setRequireValidMetadata(samlIdp.getMetadata().getCore().isRequireValidMetadata());
            samlIdPMetadataResolver.setId(samlIdp.getCore().getEntityId());
            return samlIdPMetadataResolver;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPMetadataResolverConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPMetadataConfiguration$SamlIdPMetadataResolverConfiguration.class */
    public static class SamlIdPMetadataResolverConfiguration {
        @ConditionalOnMissingBean(name = {"defaultSamlRegisteredServiceCachingMetadataResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlRegisteredServiceCachingMetadataResolver defaultSamlRegisteredServiceCachingMetadataResolver(CasConfigurationProperties casConfigurationProperties, @Qualifier("chainingMetadataResolverCacheLoader") SamlRegisteredServiceMetadataResolverCacheLoader samlRegisteredServiceMetadataResolverCacheLoader, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) {
            return new SamlRegisteredServiceDefaultCachingMetadataResolver(Beans.newDuration(casConfigurationProperties.getAuthn().getSamlIdp().getMetadata().getCore().getCacheExpiration()), samlRegisteredServiceMetadataResolverCacheLoader, openSamlConfigBean);
        }
    }
}
