package org.apereo.cas.config;

import java.util.Objects;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.MultifactorAuthenticationContextValidator;
import org.apereo.cas.authentication.MultifactorAuthenticationTrigger;
import org.apereo.cas.authentication.MultifactorAuthenticationTriggerSelectionStrategy;
import org.apereo.cas.authentication.attribute.AttributeDefinitionStore;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.consent.ConsentActivationStrategy;
import org.apereo.cas.consent.ConsentableAttributeBuilder;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.web.consent.SamlIdPConsentSingleSignOnParticipationStrategy;
import org.apereo.cas.support.saml.web.consent.SamlIdPConsentableAttributeBuilder;
import org.apereo.cas.support.saml.web.flow.SamlIdPMetadataUIAction;
import org.apereo.cas.support.saml.web.flow.SamlIdPWebflowConfigurer;
import org.apereo.cas.support.saml.web.idp.web.SamlIdPMultifactorAuthenticationTrigger;
import org.apereo.cas.support.saml.web.idp.web.SamlIdPSingleSignOnParticipationStrategy;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategy;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategyConfigurer;
import org.apereo.cas.web.flow.login.SessionStoreTicketGrantingTicketAction;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.impl.CasWebflowEventResolutionConfigurationContext;
import org.apereo.cas.web.flow.resolver.impl.mfa.DefaultMultifactorAuthenticationProviderWebflowEventResolver;
import org.pac4j.core.context.session.SessionStore;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.SAMLIdentityProvider})
/* loaded from: input_file:org/apereo/cas/config/SamlIdPWebflowConfiguration.class */
public class SamlIdPWebflowConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPConsentSingleSignOnWebflowConfiguration", proxyBeanMethods = false)
    @ConditionalOnBean(name = {"consentEngine"})
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPWebflowConfiguration$SamlIdPConsentSingleSignOnWebflowConfiguration.class */
    public static class SamlIdPConsentSingleSignOnWebflowConfiguration {
        @ConditionalOnMissingBean(name = {"samlIdPConsentSingleSignOnParticipationStrategyConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SingleSignOnParticipationStrategyConfigurer samlIdPConsentSingleSignOnParticipationStrategyConfigurer(@Qualifier("defaultMultifactorTriggerSelectionStrategy") MultifactorAuthenticationTriggerSelectionStrategy multifactorAuthenticationTriggerSelectionStrategy, @Qualifier("authenticationContextValidator") MultifactorAuthenticationContextValidator multifactorAuthenticationContextValidator, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("defaultTicketRegistrySupport") TicketRegistrySupport ticketRegistrySupport, @Qualifier("authenticationServiceSelectionPlan") AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, @Qualifier("consentActivationStrategy") ConsentActivationStrategy consentActivationStrategy) {
            SamlIdPConsentSingleSignOnParticipationStrategy samlIdPConsentSingleSignOnParticipationStrategy = new SamlIdPConsentSingleSignOnParticipationStrategy(servicesManager, ticketRegistrySupport, authenticationServiceSelectionPlan, consentActivationStrategy, multifactorAuthenticationContextValidator, multifactorAuthenticationTriggerSelectionStrategy);
            return chainingSingleSignOnParticipationStrategy -> {
                chainingSingleSignOnParticipationStrategy.addStrategy(samlIdPConsentSingleSignOnParticipationStrategy);
            };
        }
    }

    @Configuration(value = "SamlIdPConsentWebflowConfiguration", proxyBeanMethods = false)
    @ConditionalOnBean(name = {"consentEngine"})
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPWebflowConfiguration$SamlIdPConsentWebflowConfiguration.class */
    public static class SamlIdPConsentWebflowConfiguration {
        @ConditionalOnMissingBean(name = {"samlIdPConsentableAttributeBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ConsentableAttributeBuilder samlIdPConsentableAttributeBuilder(@Qualifier("attributeDefinitionStore") AttributeDefinitionStore attributeDefinitionStore) {
            return new SamlIdPConsentableAttributeBuilder(attributeDefinitionStore);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPWebflowActionsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPWebflowConfiguration$SamlIdPWebflowActionsConfiguration.class */
    public static class SamlIdPWebflowActionsConfiguration {
        @ConditionalOnMissingBean(name = {"samlIdPSessionStoreTicketGrantingTicketAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action samlIdPSessionStoreTicketGrantingTicketAction(@Qualifier("samlIdPDistributedSessionStore") SessionStore sessionStore) {
            return new SessionStoreTicketGrantingTicketAction(sessionStore);
        }

        @ConditionalOnMissingBean(name = {"samlIdPMetadataUIParserAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action samlIdPMetadataUIParserAction(@Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("authenticationServiceSelectionPlan") AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, @Qualifier("defaultSamlRegisteredServiceCachingMetadataResolver") SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver) {
            return new SamlIdPMetadataUIAction(servicesManager, samlRegisteredServiceCachingMetadataResolver, authenticationServiceSelectionPlan);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPWebflowCoreConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPWebflowConfiguration$SamlIdPWebflowCoreConfiguration.class */
    public static class SamlIdPWebflowCoreConfiguration {
        @ConditionalOnMissingBean(name = {"samlIdPCasWebflowExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowExecutionPlanConfigurer samlIdPCasWebflowExecutionPlanConfigurer(@Qualifier("samlIdPWebConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
            };
        }

        @ConditionalOnMissingBean(name = {"samlIdPWebConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowConfigurer samlIdPWebConfigurer(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("loginFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices) {
            return new SamlIdPWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPWebflowEventsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPWebflowConfiguration$SamlIdPWebflowEventsConfiguration.class */
    public static class SamlIdPWebflowEventsConfiguration {
        @ConditionalOnMissingBean(name = {"samlIdPAuthenticationContextWebflowEventResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowEventResolver samlIdPAuthenticationContextWebflowEventResolver(@Qualifier("samlIdPMultifactorAuthenticationTrigger") MultifactorAuthenticationTrigger multifactorAuthenticationTrigger, @Qualifier("initialAuthenticationAttemptWebflowEventResolver") CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver, @Qualifier("casWebflowConfigurationContext") CasWebflowEventResolutionConfigurationContext casWebflowEventResolutionConfigurationContext) {
            DefaultMultifactorAuthenticationProviderWebflowEventResolver defaultMultifactorAuthenticationProviderWebflowEventResolver = new DefaultMultifactorAuthenticationProviderWebflowEventResolver(casWebflowEventResolutionConfigurationContext, multifactorAuthenticationTrigger);
            ((CasDelegatingWebflowEventResolver) Objects.requireNonNull(casDelegatingWebflowEventResolver)).addDelegate(defaultMultifactorAuthenticationProviderWebflowEventResolver);
            return defaultMultifactorAuthenticationProviderWebflowEventResolver;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPWebflowMultifactorAuthenticationConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPWebflowConfiguration$SamlIdPWebflowMultifactorAuthenticationConfiguration.class */
    public static class SamlIdPWebflowMultifactorAuthenticationConfiguration {
        @ConditionalOnMissingBean(name = {"samlIdPMultifactorAuthenticationTrigger"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public MultifactorAuthenticationTrigger samlIdPMultifactorAuthenticationTrigger(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, @Qualifier("samlIdPDistributedSessionStore") SessionStore sessionStore) {
            return new SamlIdPMultifactorAuthenticationTrigger(openSamlConfigBean, sessionStore, configurableApplicationContext, casConfigurationProperties);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPWebflowSingleSignOnConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPWebflowConfiguration$SamlIdPWebflowSingleSignOnConfiguration.class */
    public static class SamlIdPWebflowSingleSignOnConfiguration {
        @ConditionalOnMissingBean(name = {"samlIdPSingleSignOnParticipationStrategy"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SingleSignOnParticipationStrategy samlIdPSingleSignOnParticipationStrategy(@Qualifier("defaultMultifactorTriggerSelectionStrategy") MultifactorAuthenticationTriggerSelectionStrategy multifactorAuthenticationTriggerSelectionStrategy, @Qualifier("authenticationContextValidator") MultifactorAuthenticationContextValidator multifactorAuthenticationContextValidator, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("defaultTicketRegistrySupport") TicketRegistrySupport ticketRegistrySupport, @Qualifier("authenticationServiceSelectionPlan") AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan) {
            return new SamlIdPSingleSignOnParticipationStrategy(servicesManager, ticketRegistrySupport, authenticationServiceSelectionPlan, multifactorAuthenticationContextValidator, multifactorAuthenticationTriggerSelectionStrategy);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPWebflowSingleSignOnPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPWebflowConfiguration$SamlIdPWebflowSingleSignOnPlanConfiguration.class */
    public static class SamlIdPWebflowSingleSignOnPlanConfiguration {
        @ConditionalOnMissingBean(name = {"samlIdPSingleSignOnParticipationStrategyConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SingleSignOnParticipationStrategyConfigurer samlIdPSingleSignOnParticipationStrategyConfigurer(@Qualifier("samlIdPSingleSignOnParticipationStrategy") SingleSignOnParticipationStrategy singleSignOnParticipationStrategy) {
            return chainingSingleSignOnParticipationStrategy -> {
                chainingSingleSignOnParticipationStrategy.addStrategy(singleSignOnParticipationStrategy);
            };
        }
    }
}
