package org.apereo.cas.config;

import java.util.List;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.app.VelocityEngine;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationService;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.attribute.PersonAttributeDao;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.configuration.model.core.web.session.SessionStorageTypes;
import org.apereo.cas.configuration.model.support.replication.CookieSessionReplicationProperties;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPAlgorithmsProperties;
import org.apereo.cas.configuration.model.support.saml.idp.profile.SamlIdPSLOProfileProperties;
import org.apereo.cas.configuration.model.support.saml.idp.profile.SamlIdPSSOProfileProperties;
import org.apereo.cas.configuration.model.support.saml.idp.profile.SamlIdPSSOSimpleSignProfileProperties;
import org.apereo.cas.logout.LogoutExecutionPlanConfigurer;
import org.apereo.cas.logout.LogoutRedirectionStrategy;
import org.apereo.cas.logout.slo.SingleLogoutMessageCreator;
import org.apereo.cas.logout.slo.SingleLogoutServiceLogoutUrlBuilder;
import org.apereo.cas.logout.slo.SingleLogoutServiceMessageHandler;
import org.apereo.cas.pac4j.BrowserWebStorageSessionStore;
import org.apereo.cas.pac4j.TicketRegistrySessionStore;
import org.apereo.cas.services.CasRegisteredService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServiceRegistryExecutionPlanConfigurer;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.ServicesManagerRegisteredServiceLocator;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.idp.SamlIdPDistributedSessionCookieCipherExecutor;
import org.apereo.cas.support.saml.services.SamlIdPServiceRegistry;
import org.apereo.cas.support.saml.services.SamlIdPServicesManagerRegisteredServiceLocator;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.web.idp.profile.HttpServletRequestXMLMessageDecodersMap;
import org.apereo.cas.support.saml.web.idp.profile.SamlIdPInitiatedProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.SamlProfileHandlerConfigurationContext;
import org.apereo.cas.support.saml.web.idp.profile.artifact.SamlIdPSaml1ArtifactResolutionProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectEncrypter;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlIdPObjectSignatureValidator;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator;
import org.apereo.cas.support.saml.web.idp.profile.ecp.ECPSamlIdPProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.query.SamlIdPSaml2AttributeQueryProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.slo.SLOSamlIdPPostProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.slo.SLOSamlIdPRedirectProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.slo.SamlIdPLogoutResponseObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.slo.SamlIdPProfileSingleLogoutMessageCreator;
import org.apereo.cas.support.saml.web.idp.profile.slo.SamlIdPSingleLogoutRedirectionStrategy;
import org.apereo.cas.support.saml.web.idp.profile.slo.SamlIdPSingleLogoutServiceMessageHandler;
import org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPPostProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPPostSimpleSignProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPProfileCallbackHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.sso.UrlDecodingHTTPRedirectDeflateDecoder;
import org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor;
import org.apereo.cas.support.saml.web.idp.profile.sso.request.SSOSamlHttpRequestExtractor;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.InternalTicketValidator;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.validation.AuthenticationAttributeReleasePolicy;
import org.apereo.cas.validation.TicketValidator;
import org.apereo.cas.web.CasWebSecurityConfigurer;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategy;
import org.apereo.cas.web.support.CookieUtils;
import org.apereo.cas.web.support.mgmr.DefaultCasCookieValueManager;
import org.apereo.cas.web.support.mgmr.DefaultCookieSameSitePolicy;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostSimpleSignDecoder;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.soap.soap11.Envelope;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.jee.context.session.JEESessionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.http.HttpMethod;

/* JADX INFO: Access modifiers changed from: package-private */
@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "SamlIdPEndpointsConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.SAMLIdentityProvider})
/* loaded from: input_file:org/apereo/cas/config/SamlIdPEndpointsConfiguration.class */
public class SamlIdPEndpointsConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlIdPEndpointsConfiguration.class);
    private static final String SAML_SERVER_SUPPORT_PREFIX = "SamlServerSupport";

    /* renamed from: org.apereo.cas.config.SamlIdPEndpointsConfiguration$1, reason: invalid class name */
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPEndpointsConfiguration$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apereo$cas$configuration$model$core$web$session$SessionStorageTypes = new int[SessionStorageTypes.values().length];

        static {
            try {
                $SwitchMap$org$apereo$cas$configuration$model$core$web$session$SessionStorageTypes[SessionStorageTypes.TICKET_REGISTRY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apereo$cas$configuration$model$core$web$session$SessionStorageTypes[SessionStorageTypes.BROWSER_STORAGE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPEndpointControllersConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPEndpointsConfiguration$SamlIdPEndpointControllersConfiguration.class */
    static class SamlIdPEndpointControllersConfiguration {
        SamlIdPEndpointControllersConfiguration() {
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SSOSamlIdPPostProfileHandlerController ssoPostProfileHandlerController(@Qualifier("samlProfileHandlerConfigurationContext") SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext) {
            return new SSOSamlIdPPostProfileHandlerController(samlProfileHandlerConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SSOSamlIdPPostSimpleSignProfileHandlerController ssoPostSimpleSignProfileHandlerController(@Qualifier("samlProfileHandlerConfigurationContext") SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext, @Qualifier("ssoPostSimpleSignProfileHandlerDecoders") HttpServletRequestXMLMessageDecodersMap httpServletRequestXMLMessageDecodersMap) {
            samlProfileHandlerConfigurationContext.setSamlMessageDecoders(httpServletRequestXMLMessageDecodersMap);
            return new SSOSamlIdPPostSimpleSignProfileHandlerController(samlProfileHandlerConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SLOSamlIdPRedirectProfileHandlerController sloRedirectProfileHandlerController(@Qualifier("samlProfileHandlerConfigurationContext") SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext, @Qualifier("sloRedirectProfileHandlerDecoders") HttpServletRequestXMLMessageDecodersMap httpServletRequestXMLMessageDecodersMap) {
            samlProfileHandlerConfigurationContext.setSamlMessageDecoders(httpServletRequestXMLMessageDecodersMap);
            return new SLOSamlIdPRedirectProfileHandlerController(samlProfileHandlerConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SLOSamlIdPPostProfileHandlerController sloPostProfileHandlerController(@Qualifier("samlProfileHandlerConfigurationContext") SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext, @Qualifier("sloPostProfileHandlerDecoders") HttpServletRequestXMLMessageDecodersMap httpServletRequestXMLMessageDecodersMap) {
            samlProfileHandlerConfigurationContext.setSamlMessageDecoders(httpServletRequestXMLMessageDecodersMap);
            return new SLOSamlIdPPostProfileHandlerController(samlProfileHandlerConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlIdPInitiatedProfileHandlerController idpInitiatedSamlProfileHandlerController(@Qualifier("samlProfileHandlerConfigurationContext") SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext, @Qualifier("samlIdPObjectSignatureValidator") SamlObjectSignatureValidator samlObjectSignatureValidator) {
            samlProfileHandlerConfigurationContext.setSamlObjectSignatureValidator(samlObjectSignatureValidator);
            return new SamlIdPInitiatedProfileHandlerController(samlProfileHandlerConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SSOSamlIdPProfileCallbackHandlerController ssoPostProfileCallbackHandlerController(@Qualifier("samlProfileHandlerConfigurationContext") SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext) {
            return new SSOSamlIdPProfileCallbackHandlerController(samlProfileHandlerConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ECPSamlIdPProfileHandlerController ecpProfileHandlerController(@Qualifier("samlProfileHandlerConfigurationContext") SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext, @Qualifier("samlProfileSamlSoap11FaultResponseBuilder") SamlProfileObjectBuilder<Envelope> samlProfileObjectBuilder, @Qualifier("samlProfileSamlSoap11ResponseBuilder") SamlProfileObjectBuilder<Envelope> samlProfileObjectBuilder2) {
            samlProfileHandlerConfigurationContext.setResponseBuilder(samlProfileObjectBuilder2);
            samlProfileHandlerConfigurationContext.setSamlFaultResponseBuilder(samlProfileObjectBuilder);
            return new ECPSamlIdPProfileHandlerController(samlProfileHandlerConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlIdPSaml1ArtifactResolutionProfileHandlerController saml1ArtifactResolutionController(@Qualifier("samlProfileHandlerConfigurationContext") SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext, @Qualifier("samlProfileSamlArtifactFaultResponseBuilder") SamlProfileObjectBuilder<Envelope> samlProfileObjectBuilder, @Qualifier("samlProfileSamlArtifactResponseBuilder") SamlProfileObjectBuilder<Envelope> samlProfileObjectBuilder2) {
            samlProfileHandlerConfigurationContext.setSamlFaultResponseBuilder(samlProfileObjectBuilder);
            samlProfileHandlerConfigurationContext.setResponseBuilder(samlProfileObjectBuilder2);
            return new SamlIdPSaml1ArtifactResolutionProfileHandlerController(samlProfileHandlerConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlIdPSaml2AttributeQueryProfileHandlerController saml2AttributeQueryProfileHandlerController(@Qualifier("samlProfileHandlerConfigurationContext") SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext, @Qualifier("samlProfileSamlAttributeQueryResponseBuilder") SamlProfileObjectBuilder<Envelope> samlProfileObjectBuilder) {
            samlProfileHandlerConfigurationContext.setResponseBuilder(samlProfileObjectBuilder);
            return new SamlIdPSaml2AttributeQueryProfileHandlerController(samlProfileHandlerConfigurationContext);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPEndpointCoreConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPEndpointsConfiguration$SamlIdPEndpointCoreConfiguration.class */
    static class SamlIdPEndpointCoreConfiguration {
        SamlIdPEndpointCoreConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"ssoSamlHttpRequestExtractor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SSOSamlHttpRequestExtractor ssoSamlHttpRequestExtractor(@Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) {
            return new DefaultSSOSamlHttpRequestExtractor(openSamlConfigBean.getParserPool());
        }

        @ConditionalOnMissingBean(name = {"samlIdPTicketValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketValidator samlIdPTicketValidator(@Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("centralAuthenticationService") CentralAuthenticationService centralAuthenticationService, @Qualifier("samlIdPServiceFactory") ServiceFactory serviceFactory, @Qualifier("authenticationAttributeReleasePolicy") AuthenticationAttributeReleasePolicy authenticationAttributeReleasePolicy) {
            return new InternalTicketValidator(centralAuthenticationService, serviceFactory, authenticationAttributeReleasePolicy, servicesManager);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebSecurityConfigurer<Void> samlIdPProtocolEndpointConfigurer() {
            return new CasWebSecurityConfigurer<Void>(this) { // from class: org.apereo.cas.config.SamlIdPEndpointsConfiguration.SamlIdPEndpointCoreConfiguration.1
                public List<String> getIgnoredEndpoints() {
                    return List.of(StringUtils.prependIfMissing("/idp", "/", new CharSequence[0]), StringUtils.prependIfMissing("/idp/profile/SAML1", "/", new CharSequence[0]), StringUtils.prependIfMissing("/idp/profile/SAML2", "/", new CharSequence[0]));
                }
            };
        }

        @ConditionalOnMissingBean(name = {"samlIdPDistributedSessionCookieCipherExecutor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CipherExecutor samlIdPDistributedSessionCookieCipherExecutor(CasConfigurationProperties casConfigurationProperties) {
            return (CipherExecutor) FunctionUtils.doIf(casConfigurationProperties.getAuthn().getSamlIdp().getCore().getSessionStorageType() == SessionStorageTypes.TICKET_REGISTRY, () -> {
                CookieSessionReplicationProperties cookie = casConfigurationProperties.getAuthn().getSamlIdp().getCore().getSessionReplication().getCookie();
                EncryptionJwtSigningJwtCryptographyProperties crypto = cookie.getCrypto();
                boolean isEnabled = crypto.isEnabled();
                if (!isEnabled && StringUtils.isNotBlank(crypto.getEncryption().getKey()) && StringUtils.isNotBlank(crypto.getSigning().getKey())) {
                    SamlIdPEndpointsConfiguration.LOGGER.warn("Encryption/Signing is not enabled explicitly in the configuration for cookie [{}], yet signing/encryption keys are defined for operations. CAS will proceed to enable the cookie encryption/signing functionality.", cookie.getName());
                    isEnabled = true;
                }
                return isEnabled ? CipherExecutorUtils.newStringCipherExecutor(crypto, SamlIdPDistributedSessionCookieCipherExecutor.class) : CipherExecutor.noOp();
            }, CipherExecutor::noOp).get();
        }

        @ConditionalOnMissingBean(name = {"samlIdPDistributedSessionCookieGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasCookieBuilder samlIdPDistributedSessionCookieGenerator(@Qualifier("geoLocationService") ObjectProvider<GeoLocationService> objectProvider, @Qualifier("samlIdPDistributedSessionCookieCipherExecutor") CipherExecutor cipherExecutor, CasConfigurationProperties casConfigurationProperties) {
            CookieSessionReplicationProperties cookie = casConfigurationProperties.getAuthn().getSamlIdp().getCore().getSessionReplication().getCookie();
            if (StringUtils.isBlank(cookie.getName())) {
                cookie.setName("%s%s".formatted("DISSESSION", SamlIdPEndpointsConfiguration.SAML_SERVER_SUPPORT_PREFIX));
            }
            return CookieUtils.buildCookieRetrievingGenerator(cookie, new DefaultCasCookieValueManager(cipherExecutor, objectProvider, DefaultCookieSameSitePolicy.INSTANCE, cookie));
        }

        @ConditionalOnMissingBean(name = {"samlIdPDistributedSessionStore"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SessionStore samlIdPDistributedSessionStore(CasConfigurationProperties casConfigurationProperties, @Qualifier("samlIdPDistributedSessionCookieGenerator") CasCookieBuilder casCookieBuilder, @Qualifier("webflowCipherExecutor") CipherExecutor cipherExecutor, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory) {
            switch (AnonymousClass1.$SwitchMap$org$apereo$cas$configuration$model$core$web$session$SessionStorageTypes[casConfigurationProperties.getAuthn().getSamlIdp().getCore().getSessionStorageType().ordinal()]) {
                case 1:
                    return new TicketRegistrySessionStore(ticketRegistry, ticketFactory, casCookieBuilder);
                case 2:
                    return new BrowserWebStorageSessionStore(cipherExecutor, "SamlIdPSessionStore");
                default:
                    JEESessionStore jEESessionStore = new JEESessionStore();
                    jEESessionStore.setPrefix(SamlIdPEndpointsConfiguration.SAML_SERVER_SUPPORT_PREFIX);
                    return jEESessionStore;
            }
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPEndpointCryptoConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPEndpointsConfiguration$SamlIdPEndpointCryptoConfiguration.class */
    static class SamlIdPEndpointCryptoConfiguration {
        SamlIdPEndpointCryptoConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"samlIdPObjectSignatureValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlObjectSignatureValidator samlIdPObjectSignatureValidator(CasConfigurationProperties casConfigurationProperties, @Qualifier("casSamlIdPMetadataResolver") MetadataResolver metadataResolver) {
            SamlIdPAlgorithmsProperties algs = casConfigurationProperties.getAuthn().getSamlIdp().getAlgs();
            return new SamlIdPObjectSignatureValidator(algs.getOverrideSignatureReferenceDigestMethods(), algs.getOverrideSignatureAlgorithms(), algs.getOverrideBlockedSignatureSigningAlgorithms(), algs.getOverrideAllowedSignatureSigningAlgorithms(), metadataResolver, casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"samlObjectSignatureValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlObjectSignatureValidator samlObjectSignatureValidator(CasConfigurationProperties casConfigurationProperties) {
            SamlIdPAlgorithmsProperties algs = casConfigurationProperties.getAuthn().getSamlIdp().getAlgs();
            return new SamlObjectSignatureValidator(algs.getOverrideSignatureReferenceDigestMethods(), algs.getOverrideSignatureAlgorithms(), algs.getOverrideBlockedSignatureSigningAlgorithms(), algs.getOverrideAllowedSignatureSigningAlgorithms(), casConfigurationProperties);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPEndpointDecoderConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPEndpointsConfiguration$SamlIdPEndpointDecoderConfiguration.class */
    static class SamlIdPEndpointDecoderConfiguration {
        SamlIdPEndpointDecoderConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"ssoPostProfileHandlerDecoders"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public HttpServletRequestXMLMessageDecodersMap ssoPostProfileHandlerDecoders(CasConfigurationProperties casConfigurationProperties) {
            SamlIdPSSOProfileProperties sso = casConfigurationProperties.getAuthn().getSamlIdp().getProfile().getSso();
            HttpServletRequestXMLMessageDecodersMap httpServletRequestXMLMessageDecodersMap = new HttpServletRequestXMLMessageDecodersMap();
            httpServletRequestXMLMessageDecodersMap.put(HttpMethod.GET, new UrlDecodingHTTPRedirectDeflateDecoder(sso.isUrlDecodeRedirectRequest()));
            httpServletRequestXMLMessageDecodersMap.put(HttpMethod.POST, new HTTPPostDecoder());
            return httpServletRequestXMLMessageDecodersMap;
        }

        @ConditionalOnMissingBean(name = {"ssoPostSimpleSignProfileHandlerDecoders"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public HttpServletRequestXMLMessageDecodersMap ssoPostSimpleSignProfileHandlerDecoders(CasConfigurationProperties casConfigurationProperties) {
            SamlIdPSSOSimpleSignProfileProperties ssoPostSimpleSign = casConfigurationProperties.getAuthn().getSamlIdp().getProfile().getSsoPostSimpleSign();
            HttpServletRequestXMLMessageDecodersMap httpServletRequestXMLMessageDecodersMap = new HttpServletRequestXMLMessageDecodersMap();
            httpServletRequestXMLMessageDecodersMap.put(HttpMethod.GET, new UrlDecodingHTTPRedirectDeflateDecoder(ssoPostSimpleSign.isUrlDecodeRedirectRequest()));
            httpServletRequestXMLMessageDecodersMap.put(HttpMethod.POST, new HTTPPostSimpleSignDecoder());
            return httpServletRequestXMLMessageDecodersMap;
        }

        @ConditionalOnMissingBean(name = {"sloRedirectProfileHandlerDecoders"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public HttpServletRequestXMLMessageDecodersMap sloRedirectProfileHandlerDecoders(CasConfigurationProperties casConfigurationProperties) {
            SamlIdPSLOProfileProperties slo = casConfigurationProperties.getAuthn().getSamlIdp().getProfile().getSlo();
            HttpServletRequestXMLMessageDecodersMap httpServletRequestXMLMessageDecodersMap = new HttpServletRequestXMLMessageDecodersMap();
            httpServletRequestXMLMessageDecodersMap.put(HttpMethod.GET, new UrlDecodingHTTPRedirectDeflateDecoder(slo.isUrlDecodeRedirectRequest()));
            return httpServletRequestXMLMessageDecodersMap;
        }

        @ConditionalOnMissingBean(name = {"sloPostProfileHandlerDecoders"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public HttpServletRequestXMLMessageDecodersMap sloPostProfileHandlerDecoders() {
            HttpServletRequestXMLMessageDecodersMap httpServletRequestXMLMessageDecodersMap = new HttpServletRequestXMLMessageDecodersMap();
            httpServletRequestXMLMessageDecodersMap.put(HttpMethod.POST, new HTTPPostDecoder());
            return httpServletRequestXMLMessageDecodersMap;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPEndpointLogoutConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPEndpointsConfiguration$SamlIdPEndpointLogoutConfiguration.class */
    static class SamlIdPEndpointLogoutConfiguration {
        SamlIdPEndpointLogoutConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"samlLogoutBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SingleLogoutMessageCreator samlLogoutBuilder(CasConfigurationProperties casConfigurationProperties, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, @Qualifier("defaultSamlRegisteredServiceCachingMetadataResolver") SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, @Qualifier("samlObjectSigner") SamlIdPObjectSigner samlIdPObjectSigner) {
            return new SamlIdPProfileSingleLogoutMessageCreator(openSamlConfigBean, servicesManager, samlRegisteredServiceCachingMetadataResolver, casConfigurationProperties.getAuthn().getSamlIdp(), samlIdPObjectSigner);
        }

        @ConditionalOnMissingBean(name = {"samlSingleLogoutServiceMessageHandler"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SingleLogoutServiceMessageHandler samlSingleLogoutServiceMessageHandler(CasConfigurationProperties casConfigurationProperties, @Qualifier("samlLogoutBuilder") SingleLogoutMessageCreator singleLogoutMessageCreator, @Qualifier("singleLogoutServiceLogoutUrlBuilder") SingleLogoutServiceLogoutUrlBuilder singleLogoutServiceLogoutUrlBuilder, @Qualifier("httpClient") HttpClient httpClient, @Qualifier("velocityEngineFactory") VelocityEngine velocityEngine, @Qualifier("authenticationServiceSelectionPlan") AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, @Qualifier("defaultSamlRegisteredServiceCachingMetadataResolver") SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver) {
            return new SamlIdPSingleLogoutServiceMessageHandler(httpClient, singleLogoutMessageCreator, servicesManager, singleLogoutServiceLogoutUrlBuilder, casConfigurationProperties.getSlo().isAsynchronous(), authenticationServiceSelectionPlan, samlRegisteredServiceCachingMetadataResolver, velocityEngine, openSamlConfigBean);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlIdPLogoutResponseObjectBuilder samlIdPLogoutResponseObjectBuilder(@Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) {
            return new SamlIdPLogoutResponseObjectBuilder(openSamlConfigBean);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPEndpointsLogoutExecutionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPEndpointsConfiguration$SamlIdPEndpointsLogoutExecutionConfiguration.class */
    static class SamlIdPEndpointsLogoutExecutionConfiguration {
        SamlIdPEndpointsLogoutExecutionConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"casSamlIdPLogoutExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public LogoutExecutionPlanConfigurer casSamlIdPLogoutExecutionPlanConfigurer(@Qualifier("samlIdPSingleLogoutRedirectionStrategy") LogoutRedirectionStrategy logoutRedirectionStrategy, @Qualifier("samlSingleLogoutServiceMessageHandler") SingleLogoutServiceMessageHandler singleLogoutServiceMessageHandler) {
            return logoutExecutionPlan -> {
                logoutExecutionPlan.registerLogoutRedirectionStrategy(logoutRedirectionStrategy);
                logoutExecutionPlan.registerSingleLogoutServiceMessageHandler(singleLogoutServiceMessageHandler);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPEndpointsLogoutResponseConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPEndpointsConfiguration$SamlIdPEndpointsLogoutResponseConfiguration.class */
    static class SamlIdPEndpointsLogoutResponseConfiguration {
        SamlIdPEndpointsLogoutResponseConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"samlIdPSingleLogoutRedirectionStrategy"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public LogoutRedirectionStrategy samlIdPSingleLogoutRedirectionStrategy(@Qualifier("samlProfileHandlerConfigurationContext") SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext) {
            return new SamlIdPSingleLogoutRedirectionStrategy(samlProfileHandlerConfigurationContext);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPExecutionContextConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPEndpointsConfiguration$SamlIdPExecutionContextConfiguration.class */
    static class SamlIdPExecutionContextConfiguration {
        SamlIdPExecutionContextConfiguration() {
        }

        @Scope("prototype")
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext(@Qualifier("authenticationAttributeReleasePolicy") AuthenticationAttributeReleasePolicy authenticationAttributeReleasePolicy, @Qualifier("samlIdPCallbackService") Service service, @Qualifier("samlObjectEncrypter") SamlIdPObjectEncrypter samlIdPObjectEncrypter, @Qualifier("samlObjectSigner") SamlIdPObjectSigner samlIdPObjectSigner, @Qualifier("defaultTicketRegistrySupport") TicketRegistrySupport ticketRegistrySupport, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, @Qualifier("defaultSamlRegisteredServiceCachingMetadataResolver") SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, @Qualifier("samlIdPServiceFactory") ServiceFactory serviceFactory, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, CasConfigurationProperties casConfigurationProperties, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("samlIdPTicketValidator") TicketValidator ticketValidator, @Qualifier("ssoSamlHttpRequestExtractor") SSOSamlHttpRequestExtractor sSOSamlHttpRequestExtractor, @Qualifier("defaultAuthenticationSystemSupport") AuthenticationSystemSupport authenticationSystemSupport, @Qualifier("samlObjectSignatureValidator") SamlObjectSignatureValidator samlObjectSignatureValidator, @Qualifier("singleSignOnParticipationStrategy") SingleSignOnParticipationStrategy singleSignOnParticipationStrategy, @Qualifier("singleLogoutServiceLogoutUrlBuilder") SingleLogoutServiceLogoutUrlBuilder singleLogoutServiceLogoutUrlBuilder, @Qualifier("samlIdPLogoutResponseObjectBuilder") SamlIdPLogoutResponseObjectBuilder samlIdPLogoutResponseObjectBuilder, @Qualifier("samlIdPDistributedSessionCookieGenerator") CasCookieBuilder casCookieBuilder, @Qualifier("ticketGrantingTicketCookieGenerator") CasCookieBuilder casCookieBuilder2, @Qualifier("samlIdPDistributedSessionStore") SessionStore sessionStore, @Qualifier("samlProfileSamlResponseBuilder") SamlProfileObjectBuilder<Response> samlProfileObjectBuilder, @Qualifier("samlProfileSamlAttributeQueryFaultResponseBuilder") SamlProfileObjectBuilder<Envelope> samlProfileObjectBuilder2, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("attributeRepository") PersonAttributeDao personAttributeDao, @Qualifier("ssoPostProfileHandlerDecoders") HttpServletRequestXMLMessageDecodersMap httpServletRequestXMLMessageDecodersMap) {
            return SamlProfileHandlerConfigurationContext.builder().attributeRepository(personAttributeDao).samlMessageDecoders(httpServletRequestXMLMessageDecodersMap).authenticationAttributeReleasePolicy(authenticationAttributeReleasePolicy).samlObjectSigner(samlIdPObjectSigner).ticketFactory(ticketFactory).samlObjectEncrypter(samlIdPObjectEncrypter).authenticationSystemSupport(authenticationSystemSupport).servicesManager(servicesManager).webApplicationServiceFactory(serviceFactory).samlRegisteredServiceCachingMetadataResolver(samlRegisteredServiceCachingMetadataResolver).openSamlConfigBean(openSamlConfigBean).casProperties(casConfigurationProperties).ticketRegistrySupport(ticketRegistrySupport).singleSignOnParticipationStrategy(singleSignOnParticipationStrategy).logoutResponseBuilder(samlIdPLogoutResponseObjectBuilder).singleLogoutServiceLogoutUrlBuilder(singleLogoutServiceLogoutUrlBuilder).samlObjectSignatureValidator(samlObjectSignatureValidator).samlHttpRequestExtractor(sSOSamlHttpRequestExtractor).responseBuilder(samlProfileObjectBuilder).ticketValidator(ticketValidator).ticketRegistry(ticketRegistry).sessionStore(sessionStore).ticketGrantingTicketCookieGenerator(casCookieBuilder2).samlDistributedSessionCookieGenerator(casCookieBuilder).registeredServiceAccessStrategyEnforcer(auditableExecution).callbackService(service).samlFaultResponseBuilder(samlProfileObjectBuilder2).build();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPServicesConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPEndpointsConfiguration$SamlIdPServicesConfiguration.class */
    static class SamlIdPServicesConfiguration {
        SamlIdPServicesConfiguration() {
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Service samlIdPCallbackService(@Qualifier("samlIdPServiceFactory") ServiceFactory serviceFactory, CasConfigurationProperties casConfigurationProperties) {
            return serviceFactory.createService(casConfigurationProperties.getServer().getPrefix().concat("/idp/profile/SAML2/Callback"));
        }

        @ConditionalOnMissingBean(name = {"samlIdPServiceRegistryExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ServiceRegistryExecutionPlanConfigurer samlIdPServiceRegistryExecutionPlanConfigurer(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("samlIdPCallbackService") Service service) {
            return serviceRegistryExecutionPlan -> {
                String concat = service.getId().concat(".*");
                SamlIdPEndpointsConfiguration.LOGGER.debug("Initializing SAML IdP callback service [{}]", concat);
                RegisteredService casRegisteredService = new CasRegisteredService();
                casRegisteredService.setId(RandomUtils.nextLong());
                casRegisteredService.setEvaluationOrder(Integer.MIN_VALUE);
                casRegisteredService.setName(casRegisteredService.getClass().getSimpleName());
                casRegisteredService.setDescription("SAML Authentication Request Callback");
                casRegisteredService.setServiceId(concat);
                serviceRegistryExecutionPlan.registerServiceRegistry(new SamlIdPServiceRegistry(configurableApplicationContext, new RegisteredService[]{casRegisteredService}));
            };
        }

        @ConditionalOnMissingBean(name = {"samlIdPServicesManagerRegisteredServiceLocator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ServicesManagerRegisteredServiceLocator samlIdPServicesManagerRegisteredServiceLocator(@Qualifier("defaultSamlRegisteredServiceCachingMetadataResolver") SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver) {
            return new SamlIdPServicesManagerRegisteredServiceLocator(samlRegisteredServiceCachingMetadataResolver);
        }
    }

    SamlIdPEndpointsConfiguration() {
    }
}
