package org.apereo.cas.config;

import java.security.Security;
import java.time.Duration;
import org.apache.velocity.app.VelocityEngine;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.audit.AuditPrincipalIdProvider;
import org.apereo.cas.audit.AuditTrailRecordResolutionPlanConfigurer;
import org.apereo.cas.authentication.attribute.AttributeDefinitionStore;
import org.apereo.cas.authentication.attribute.AttributeDefinitionStoreConfigurer;
import org.apereo.cas.authentication.attribute.DefaultAttributeDefinitionStore;
import org.apereo.cas.authentication.principal.PersistentIdGenerator;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.logout.slo.SingleLogoutServiceLogoutUrlBuilder;
import org.apereo.cas.logout.slo.SingleLogoutServiceLogoutUrlBuilderConfigurer;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.web.idp.audit.SamlMetadataResolverAuditResourceResolver;
import org.apereo.cas.support.saml.web.idp.audit.SamlRequestAuditResourceResolver;
import org.apereo.cas.support.saml.web.idp.audit.SamlResponseAuditPrincipalIdProvider;
import org.apereo.cas.support.saml.web.idp.audit.SamlResponseAuditResourceResolver;
import org.apereo.cas.support.saml.web.idp.profile.SamlSecurityProvider;
import org.apereo.cas.support.saml.web.idp.profile.artifact.CasSamlArtifactMap;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.assertion.SamlProfileSamlAssertionBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.attr.SamlProfileSamlAttributeStatementBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.authn.SamlProfileAuthnContextClassRefBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.authn.SamlProfileSamlAuthNStatementBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.conditions.SamlProfileSamlConditionsBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectEncrypter;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner;
import org.apereo.cas.support.saml.web.idp.profile.builders.nameid.SamlProfileSamlNameIdBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSamlResponseBuilderConfigurationContext;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.artifact.SamlProfileArtifactFaultResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.artifact.SamlProfileArtifactResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.query.SamlProfileAttributeQueryFaultResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.query.SamlProfileAttributeQueryResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.soap.SamlProfileSamlSoap11FaultResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.soap.SamlProfileSamlSoap11ResponseBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.subject.SamlProfileSamlSubjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.slo.SamlIdPSingleLogoutServiceLogoutUrlBuilder;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.TicketFactoryExecutionPlanConfigurer;
import org.apereo.cas.ticket.artifact.DefaultSamlArtifactTicketFactory;
import org.apereo.cas.ticket.artifact.SamlArtifactTicketExpirationPolicyBuilder;
import org.apereo.cas.ticket.artifact.SamlArtifactTicketFactory;
import org.apereo.cas.ticket.query.DefaultSamlAttributeQueryTicketFactory;
import org.apereo.cas.ticket.query.SamlAttributeQueryTicketExpirationPolicyBuilder;
import org.apereo.cas.ticket.query.SamlAttributeQueryTicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.tracking.TicketTrackingPolicy;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.UrlValidator;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.inspektr.audit.spi.AuditActionResolver;
import org.apereo.inspektr.audit.spi.AuditResourceResolver;
import org.apereo.inspektr.audit.spi.support.DefaultAuditActionResolver;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.binding.artifact.SAMLArtifactMap;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.AuthnContext;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.soap.soap11.Envelope;
import org.pac4j.core.context.session.SessionStore;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.core.io.ClassPathResource;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "SamlIdPConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.SAMLIdentityProvider})
/* loaded from: input_file:org/apereo/cas/config/SamlIdPConfiguration.class */
class SamlIdPConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPAttributeDefinitionsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPConfiguration$SamlIdPAttributeDefinitionsConfiguration.class */
    static class SamlIdPAttributeDefinitionsConfiguration {
        SamlIdPAttributeDefinitionsConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"samlIdPAttributeDefinitionStoreConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AttributeDefinitionStoreConfigurer samlIdPAttributeDefinitionStoreConfigurer(CasConfigurationProperties casConfigurationProperties) {
            return () -> {
                return DefaultAttributeDefinitionStore.from(new ClassPathResource("samlidp-attribute-definitions.json"));
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPAuditConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPConfiguration$SamlIdPAuditConfiguration.class */
    static class SamlIdPAuditConfiguration {
        SamlIdPAuditConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"samlResponseAuditPrincipalIdProvider"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditPrincipalIdProvider samlResponseAuditPrincipalIdProvider() {
            return new SamlResponseAuditPrincipalIdProvider();
        }

        @ConditionalOnMissingBean(name = {"samlResponseAuditResourceResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditResourceResolver samlResponseAuditResourceResolver() {
            return new SamlResponseAuditResourceResolver();
        }

        @ConditionalOnMissingBean(name = {"samlRequestAuditResourceResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditResourceResolver samlRequestAuditResourceResolver() {
            return new SamlRequestAuditResourceResolver();
        }

        @ConditionalOnMissingBean(name = {"samlMetadataResolutionAuditActionResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditActionResolver samlMetadataResolutionAuditActionResolver() {
            return new DefaultAuditActionResolver();
        }

        @ConditionalOnMissingBean(name = {"samlMetadataResolutionAuditResourceResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditResourceResolver samlMetadataResolutionAuditResourceResolver() {
            return new SamlMetadataResolverAuditResourceResolver();
        }

        @ConditionalOnMissingBean(name = {"samlRequestAuditActionResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditActionResolver samlRequestAuditActionResolver() {
            return new DefaultAuditActionResolver("_CREATED", "_CREATED");
        }

        @ConditionalOnMissingBean(name = {"samlResponseAuditActionResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditActionResolver samlResponseAuditActionResolver() {
            return new DefaultAuditActionResolver("_CREATED", "_CREATED");
        }

        @ConditionalOnMissingBean(name = {"casSamlIdPAuditTrailRecordResolutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditTrailRecordResolutionPlanConfigurer casSamlIdPAuditTrailRecordResolutionPlanConfigurer(@Qualifier("samlMetadataResolutionAuditResourceResolver") AuditResourceResolver auditResourceResolver, @Qualifier("samlResponseAuditActionResolver") AuditActionResolver auditActionResolver, @Qualifier("samlRequestAuditActionResolver") AuditActionResolver auditActionResolver2, @Qualifier("samlResponseAuditResourceResolver") AuditResourceResolver auditResourceResolver2, @Qualifier("samlRequestAuditResourceResolver") AuditResourceResolver auditResourceResolver3, @Qualifier("samlMetadataResolutionAuditActionResolver") AuditActionResolver auditActionResolver3) {
            return auditTrailRecordResolutionPlan -> {
                auditTrailRecordResolutionPlan.registerAuditResourceResolver("SAML2_RESPONSE_RESOURCE_RESOLVER", auditResourceResolver2);
                auditTrailRecordResolutionPlan.registerAuditActionResolver("SAML2_RESPONSE_ACTION_RESOLVER", auditActionResolver);
                auditTrailRecordResolutionPlan.registerAuditResourceResolver("SAML2_REQUEST_RESOURCE_RESOLVER", auditResourceResolver3);
                auditTrailRecordResolutionPlan.registerAuditActionResolver("SAML2_REQUEST_ACTION_RESOLVER", auditActionResolver2);
                auditTrailRecordResolutionPlan.registerAuditResourceResolver("SAML2_METADATA_RESOLUTION_RESOURCE_RESOLVER", auditResourceResolver);
                auditTrailRecordResolutionPlan.registerAuditActionResolver("SAML2_METADATA_RESOLUTION_ACTION_RESOLVER", auditActionResolver3);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPCryptoConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPConfiguration$SamlIdPCryptoConfiguration.class */
    static class SamlIdPCryptoConfiguration {
        SamlIdPCryptoConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"samlObjectEncrypter"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlIdPObjectEncrypter samlObjectEncrypter(@Qualifier("samlIdPMetadataLocator") SamlIdPMetadataLocator samlIdPMetadataLocator, CasConfigurationProperties casConfigurationProperties) {
            return new SamlIdPObjectEncrypter(casConfigurationProperties.getAuthn().getSamlIdp(), samlIdPMetadataLocator);
        }

        @ConditionalOnMissingBean(name = {"samlObjectSigner"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlIdPObjectSigner samlObjectSigner(CasConfigurationProperties casConfigurationProperties, @Qualifier("casSamlIdPMetadataResolver") MetadataResolver metadataResolver, @Qualifier("samlIdPMetadataLocator") SamlIdPMetadataLocator samlIdPMetadataLocator) {
            return new DefaultSamlIdPObjectSigner(metadataResolver, casConfigurationProperties, samlIdPMetadataLocator);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPLogoutConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPConfiguration$SamlIdPLogoutConfiguration.class */
    static class SamlIdPLogoutConfiguration {
        SamlIdPLogoutConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"samlSingleLogoutServiceLogoutUrlBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SingleLogoutServiceLogoutUrlBuilder samlSingleLogoutServiceLogoutUrlBuilder(@Qualifier("defaultSamlRegisteredServiceCachingMetadataResolver") SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("urlValidator") UrlValidator urlValidator, CasConfigurationProperties casConfigurationProperties) {
            return new SamlIdPSingleLogoutServiceLogoutUrlBuilder(servicesManager, samlRegisteredServiceCachingMetadataResolver, urlValidator, casConfigurationProperties.getAuthn().getSamlIdp());
        }

        @ConditionalOnMissingBean(name = {"samlSingleLogoutServiceLogoutUrlBuilderConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SingleLogoutServiceLogoutUrlBuilderConfigurer samlSingleLogoutServiceLogoutUrlBuilderConfigurer(@Qualifier("samlSingleLogoutServiceLogoutUrlBuilder") SingleLogoutServiceLogoutUrlBuilder singleLogoutServiceLogoutUrlBuilder) {
            return () -> {
                return singleLogoutServiceLogoutUrlBuilder;
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPProfileBuilderConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPConfiguration$SamlIdPProfileBuilderConfiguration.class */
    static class SamlIdPProfileBuilderConfiguration {
        SamlIdPProfileBuilderConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"samlResponseBuilderConfigurationContext"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Scope("prototype")
        @Bean
        public SamlProfileSamlResponseBuilderConfigurationContext samlResponseBuilderConfigurationContext(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("casSamlIdPMetadataResolver") MetadataResolver metadataResolver, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, @Qualifier("samlObjectSigner") SamlIdPObjectSigner samlIdPObjectSigner, @Qualifier("velocityEngineFactory") VelocityEngine velocityEngine, @Qualifier("samlProfileSamlAssertionBuilder") SamlProfileObjectBuilder<Assertion> samlProfileObjectBuilder, @Qualifier("samlObjectEncrypter") SamlIdPObjectEncrypter samlIdPObjectEncrypter, @Qualifier("ticketGrantingTicketCookieGenerator") CasCookieBuilder casCookieBuilder, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("samlIdPDistributedSessionStore") SessionStore sessionStore, @Qualifier("samlArtifactMap") SAMLArtifactMap sAMLArtifactMap, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("centralAuthenticationService") CentralAuthenticationService centralAuthenticationService) {
            return SamlProfileSamlResponseBuilderConfigurationContext.builder().applicationContext(configurableApplicationContext).samlIdPMetadataResolver(metadataResolver).openSamlConfigBean(openSamlConfigBean).samlObjectSigner(samlIdPObjectSigner).velocityEngineFactory(velocityEngine).samlProfileSamlAssertionBuilder(samlProfileObjectBuilder).samlObjectEncrypter(samlIdPObjectEncrypter).ticketGrantingTicketCookieGenerator(casCookieBuilder).ticketRegistry(ticketRegistry).sessionStore(sessionStore).samlArtifactMap(sAMLArtifactMap).centralAuthenticationService(centralAuthenticationService).casProperties(casConfigurationProperties).ticketFactory(ticketFactory).build();
        }

        @ConditionalOnMissingBean(name = {"samlProfileSamlAttributeQueryFaultResponseBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileObjectBuilder<Envelope> samlProfileSamlAttributeQueryFaultResponseBuilder(@Qualifier("samlProfileSamlResponseBuilder") SamlProfileObjectBuilder<Response> samlProfileObjectBuilder, @Qualifier("samlResponseBuilderConfigurationContext") SamlProfileSamlResponseBuilderConfigurationContext samlProfileSamlResponseBuilderConfigurationContext) {
            return new SamlProfileAttributeQueryFaultResponseBuilder(samlProfileSamlResponseBuilderConfigurationContext.withSamlSoapResponseBuilder(samlProfileObjectBuilder));
        }

        @ConditionalOnMissingBean(name = {"samlProfileSamlAttributeQueryResponseBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileObjectBuilder<Envelope> samlProfileSamlAttributeQueryResponseBuilder(@Qualifier("samlProfileSamlResponseBuilder") SamlProfileObjectBuilder<Response> samlProfileObjectBuilder, @Qualifier("samlResponseBuilderConfigurationContext") SamlProfileSamlResponseBuilderConfigurationContext samlProfileSamlResponseBuilderConfigurationContext) {
            return new SamlProfileAttributeQueryResponseBuilder(samlProfileSamlResponseBuilderConfigurationContext.withSamlSoapResponseBuilder(samlProfileObjectBuilder));
        }

        @ConditionalOnMissingBean(name = {"samlProfileSamlSubjectBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileObjectBuilder<Subject> samlProfileSamlSubjectBuilder(CasConfigurationProperties casConfigurationProperties, @Qualifier("samlProfileSamlNameIdBuilder") SamlProfileObjectBuilder<SAMLObject> samlProfileObjectBuilder, @Qualifier("samlObjectEncrypter") SamlIdPObjectEncrypter samlIdPObjectEncrypter, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) {
            return new SamlProfileSamlSubjectBuilder(openSamlConfigBean, samlProfileObjectBuilder, casConfigurationProperties, samlIdPObjectEncrypter);
        }

        @ConditionalOnMissingBean(name = {"samlProfileSamlSoap11FaultResponseBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileObjectBuilder<Envelope> samlProfileSamlSoap11FaultResponseBuilder(@Qualifier("samlProfileSamlNameIdBuilder") SamlProfileObjectBuilder<SAMLObject> samlProfileObjectBuilder, @Qualifier("samlResponseBuilderConfigurationContext") SamlProfileSamlResponseBuilderConfigurationContext samlProfileSamlResponseBuilderConfigurationContext) {
            return new SamlProfileSamlSoap11FaultResponseBuilder(samlProfileSamlResponseBuilderConfigurationContext.withSamlSoapResponseBuilder(samlProfileObjectBuilder));
        }

        @ConditionalOnMissingBean(name = {"samlProfileSamlSoap11ResponseBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileObjectBuilder<Envelope> samlProfileSamlSoap11ResponseBuilder(@Qualifier("samlProfileSamlNameIdBuilder") SamlProfileObjectBuilder<SAMLObject> samlProfileObjectBuilder, @Qualifier("samlResponseBuilderConfigurationContext") SamlProfileSamlResponseBuilderConfigurationContext samlProfileSamlResponseBuilderConfigurationContext) {
            return new SamlProfileSamlSoap11ResponseBuilder(samlProfileSamlResponseBuilderConfigurationContext.withSamlSoapResponseBuilder(samlProfileObjectBuilder));
        }

        @ConditionalOnMissingBean(name = {"samlProfileSamlArtifactFaultResponseBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileObjectBuilder<Envelope> samlProfileSamlArtifactFaultResponseBuilder(@Qualifier("samlProfileSamlNameIdBuilder") SamlProfileObjectBuilder<SAMLObject> samlProfileObjectBuilder, @Qualifier("samlResponseBuilderConfigurationContext") SamlProfileSamlResponseBuilderConfigurationContext samlProfileSamlResponseBuilderConfigurationContext) {
            return new SamlProfileArtifactFaultResponseBuilder(samlProfileSamlResponseBuilderConfigurationContext.withSamlSoapResponseBuilder(samlProfileObjectBuilder));
        }

        @ConditionalOnMissingBean(name = {"samlProfileSamlArtifactResponseBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileObjectBuilder<Envelope> samlProfileSamlArtifactResponseBuilder(@Qualifier("samlProfileSamlNameIdBuilder") SamlProfileObjectBuilder<SAMLObject> samlProfileObjectBuilder, @Qualifier("samlResponseBuilderConfigurationContext") SamlProfileSamlResponseBuilderConfigurationContext samlProfileSamlResponseBuilderConfigurationContext) {
            return new SamlProfileArtifactResponseBuilder(samlProfileSamlResponseBuilderConfigurationContext.withSamlSoapResponseBuilder(samlProfileObjectBuilder));
        }

        @ConditionalOnMissingBean(name = {"samlProfileSamlNameIdBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileObjectBuilder<SAMLObject> samlProfileSamlNameIdBuilder(@Qualifier("casSamlIdPMetadataResolver") MetadataResolver metadataResolver, @Qualifier("shibbolethCompatiblePersistentIdGenerator") PersistentIdGenerator persistentIdGenerator, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, @Qualifier("samlObjectEncrypter") SamlIdPObjectEncrypter samlIdPObjectEncrypter) {
            return new SamlProfileSamlNameIdBuilder(openSamlConfigBean, persistentIdGenerator, metadataResolver, samlIdPObjectEncrypter);
        }

        @ConditionalOnMissingBean(name = {"samlProfileSamlConditionsBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileObjectBuilder<Conditions> samlProfileSamlConditionsBuilder(CasConfigurationProperties casConfigurationProperties, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) {
            return new SamlProfileSamlConditionsBuilder(openSamlConfigBean, casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"defaultAuthnContextClassRefBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileObjectBuilder<AuthnContext> defaultAuthnContextClassRefBuilder(@Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, @Qualifier("casSamlIdPMetadataResolver") MetadataResolver metadataResolver, CasConfigurationProperties casConfigurationProperties) {
            return new SamlProfileAuthnContextClassRefBuilder(openSamlConfigBean, metadataResolver, casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"samlProfileSamlAssertionBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileObjectBuilder<Assertion> samlProfileSamlAssertionBuilder(@Qualifier("samlProfileSamlAuthNStatementBuilder") SamlProfileObjectBuilder<AuthnStatement> samlProfileObjectBuilder, @Qualifier("samlProfileSamlAttributeStatementBuilder") SamlProfileObjectBuilder<AttributeStatement> samlProfileObjectBuilder2, @Qualifier("samlProfileSamlSubjectBuilder") SamlProfileObjectBuilder<Subject> samlProfileObjectBuilder3, @Qualifier("samlProfileSamlConditionsBuilder") SamlProfileObjectBuilder<Conditions> samlProfileObjectBuilder4, @Qualifier("samlObjectSigner") SamlIdPObjectSigner samlIdPObjectSigner, @Qualifier("casSamlIdPMetadataResolver") MetadataResolver metadataResolver, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) {
            return new SamlProfileSamlAssertionBuilder(openSamlConfigBean, samlProfileObjectBuilder, samlProfileObjectBuilder2, samlProfileObjectBuilder3, samlProfileObjectBuilder4, samlIdPObjectSigner, metadataResolver);
        }

        @ConditionalOnMissingBean(name = {"samlProfileSamlAuthNStatementBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileObjectBuilder<AuthnStatement> samlProfileSamlAuthNStatementBuilder(CasConfigurationProperties casConfigurationProperties, @Qualifier("defaultAuthnContextClassRefBuilder") SamlProfileObjectBuilder<AuthnContext> samlProfileObjectBuilder, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) {
            return new SamlProfileSamlAuthNStatementBuilder(openSamlConfigBean, samlProfileObjectBuilder, casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"samlProfileSamlAttributeStatementBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileObjectBuilder<AttributeStatement> samlProfileSamlAttributeStatementBuilder(CasConfigurationProperties casConfigurationProperties, @Qualifier("samlObjectEncrypter") SamlIdPObjectEncrypter samlIdPObjectEncrypter, @Qualifier("samlProfileSamlNameIdBuilder") SamlProfileObjectBuilder<SAMLObject> samlProfileObjectBuilder, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, @Qualifier("samlIdPServiceFactory") ServiceFactory serviceFactory, @Qualifier("attributeDefinitionStore") AttributeDefinitionStore attributeDefinitionStore, @Qualifier("casSamlIdPMetadataResolver") MetadataResolver metadataResolver) {
            return new SamlProfileSamlAttributeStatementBuilder(openSamlConfigBean, casConfigurationProperties, samlIdPObjectEncrypter, attributeDefinitionStore, serviceFactory, samlProfileObjectBuilder, metadataResolver);
        }

        @ConditionalOnMissingBean(name = {"samlProfileSamlResponseBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlProfileObjectBuilder<Response> samlProfileSamlResponseBuilder(@Qualifier("samlResponseBuilderConfigurationContext") SamlProfileSamlResponseBuilderConfigurationContext samlProfileSamlResponseBuilderConfigurationContext) {
            return new SamlProfileSaml2ResponseBuilder(samlProfileSamlResponseBuilderConfigurationContext);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPTicketConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPConfiguration$SamlIdPTicketConfiguration.class */
    static class SamlIdPTicketConfiguration {
        SamlIdPTicketConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"samlAttributeQueryTicketFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlAttributeQueryTicketFactory samlAttributeQueryTicketFactory(@Qualifier("samlAttributeQueryTicketExpirationPolicy") ExpirationPolicyBuilder expirationPolicyBuilder, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, @Qualifier("samlIdPServiceFactory") ServiceFactory serviceFactory) {
            return new DefaultSamlAttributeQueryTicketFactory(expirationPolicyBuilder, serviceFactory, openSamlConfigBean);
        }

        @ConditionalOnMissingBean(name = {"samlArtifactTicketFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlArtifactTicketFactory samlArtifactTicketFactory(@Qualifier("samlArtifactTicketExpirationPolicy") ExpirationPolicyBuilder expirationPolicyBuilder, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, @Qualifier("samlIdPServiceFactory") ServiceFactory serviceFactory, @Qualifier("descendantTicketsTrackingPolicy") TicketTrackingPolicy ticketTrackingPolicy) {
            return new DefaultSamlArtifactTicketFactory(expirationPolicyBuilder, openSamlConfigBean, serviceFactory, ticketTrackingPolicy);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean(initMethod = "initialize", destroyMethod = "destroy")
        public SAMLArtifactMap samlArtifactMap(@Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("samlArtifactTicketExpirationPolicy") ExpirationPolicyBuilder expirationPolicyBuilder, @Qualifier("ticketGrantingTicketCookieGenerator") CasCookieBuilder casCookieBuilder, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("samlIdPDistributedSessionStore") SessionStore sessionStore) {
            CasSamlArtifactMap casSamlArtifactMap = new CasSamlArtifactMap(ticketRegistry, ticketFactory, casCookieBuilder, sessionStore);
            casSamlArtifactMap.setArtifactLifetime(Duration.ofSeconds(expirationPolicyBuilder.buildTicketExpirationPolicy().getTimeToLive().longValue()));
            return casSamlArtifactMap;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPTicketExpirationPolicyConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPConfiguration$SamlIdPTicketExpirationPolicyConfiguration.class */
    static class SamlIdPTicketExpirationPolicyConfiguration {
        SamlIdPTicketExpirationPolicyConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"samlAttributeQueryTicketExpirationPolicy"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ExpirationPolicyBuilder samlAttributeQueryTicketExpirationPolicy(CasConfigurationProperties casConfigurationProperties) {
            return new SamlAttributeQueryTicketExpirationPolicyBuilder(casConfigurationProperties);
        }

        @ConditionalOnMissingBean(name = {"samlArtifactTicketExpirationPolicy"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ExpirationPolicyBuilder samlArtifactTicketExpirationPolicy(CasConfigurationProperties casConfigurationProperties) {
            return new SamlArtifactTicketExpirationPolicyBuilder(casConfigurationProperties);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlIdPTicketFactoryPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlIdPConfiguration$SamlIdPTicketFactoryPlanConfiguration.class */
    static class SamlIdPTicketFactoryPlanConfiguration {
        SamlIdPTicketFactoryPlanConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"samlAttributeQueryTicketFactoryConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketFactoryExecutionPlanConfigurer samlAttributeQueryTicketFactoryConfigurer(@Qualifier("samlAttributeQueryTicketFactory") SamlAttributeQueryTicketFactory samlAttributeQueryTicketFactory) {
            return () -> {
                return samlAttributeQueryTicketFactory;
            };
        }

        @ConditionalOnMissingBean(name = {"samlArtifactTicketFactoryConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketFactoryExecutionPlanConfigurer samlArtifactTicketFactoryConfigurer(@Qualifier("samlArtifactTicketFactory") SamlArtifactTicketFactory samlArtifactTicketFactory) {
            return () -> {
                return samlArtifactTicketFactory;
            };
        }
    }

    SamlIdPConfiguration() {
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        Security.addProvider(new SamlSecurityProvider());
    }
}
