package org.apereo.cas.config;

import java.util.HashSet;
import java.util.List;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategyConfigurer;
import org.apereo.cas.authentication.SecurityTokenServiceClientBuilder;
import org.apereo.cas.authentication.SecurityTokenServiceTokenFetcher;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.services.CasRegisteredService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServiceRegistryExecutionPlanConfigurer;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.ServicesManagerRegisteredServiceLocator;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.TicketValidator;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.InternalTicketValidator;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.validation.AuthenticationAttributeReleasePolicy;
import org.apereo.cas.web.ProtocolEndpointWebSecurityConfigurer;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.ws.idp.authentication.WSFederationAuthenticationServiceSelectionStrategy;
import org.apereo.cas.ws.idp.metadata.WSFederationMetadataController;
import org.apereo.cas.ws.idp.services.DefaultRelyingPartyTokenProducer;
import org.apereo.cas.ws.idp.services.DefaultWSFederationRelyingPartyAttributeWriter;
import org.apereo.cas.ws.idp.services.WSFederationRelyingPartyAttributeWriter;
import org.apereo.cas.ws.idp.services.WSFederationRelyingPartyTokenProducer;
import org.apereo.cas.ws.idp.services.WSFederationServiceRegistry;
import org.apereo.cas.ws.idp.services.WsFederationServicesManagerRegisteredServiceLocator;
import org.apereo.cas.ws.idp.web.WSFederationRequestConfigurationContext;
import org.apereo.cas.ws.idp.web.WSFederationValidateRequestCallbackController;
import org.apereo.cas.ws.idp.web.WSFederationValidateRequestController;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportResource;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@ImportResource(locations = {"classpath:META-INF/cxf/cxf.xml"})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = CasFeatureModule.FeatureCatalog.WsFederationIdentityProvider)
/* loaded from: input_file:org/apereo/cas/config/CoreWsSecurityIdentityProviderConfiguration.class */
public class CoreWsSecurityIdentityProviderConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CoreWsSecurityIdentityProviderConfiguration.class);

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecurityIdentityProviderContextConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecurityIdentityProviderConfiguration$CoreWsSecurityIdentityProviderContextConfiguration.class */
    public static class CoreWsSecurityIdentityProviderContextConfiguration {
        /* JADX WARN: Type inference failed for: r0v1, types: [org.apereo.cas.ws.idp.web.WSFederationRequestConfigurationContext$WSFederationRequestConfigurationContextBuilder] */
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public WSFederationRequestConfigurationContext wsFederationConfigurationContext(@Qualifier("wsFederationRelyingPartyTokenProducer") WSFederationRelyingPartyTokenProducer wSFederationRelyingPartyTokenProducer, @Qualifier("noRedirectHttpClient") HttpClient httpClient, @Qualifier("wsFederationAuthenticationServiceSelectionStrategy") AuthenticationServiceSelectionStrategy authenticationServiceSelectionStrategy, @Qualifier("defaultTicketRegistrySupport") TicketRegistrySupport ticketRegistrySupport, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("wsFederationCallbackService") Service service, @Qualifier("securityTokenServiceTokenFetcher") SecurityTokenServiceTokenFetcher securityTokenServiceTokenFetcher, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("ticketGrantingTicketCookieGenerator") CasCookieBuilder casCookieBuilder, @Qualifier("wsFederationTicketValidator") TicketValidator ticketValidator, @Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, CasConfigurationProperties casConfigurationProperties) {
            return WSFederationRequestConfigurationContext.builder().servicesManager(servicesManager).relyingPartyTokenProducer(wSFederationRelyingPartyTokenProducer).webApplicationServiceFactory(serviceFactory).casProperties(casConfigurationProperties).ticketValidator(ticketValidator).securityTokenServiceTokenFetcher(securityTokenServiceTokenFetcher).serviceSelectionStrategy(authenticationServiceSelectionStrategy).httpClient(httpClient).ticketFactory(ticketFactory).ticketGrantingTicketCookieGenerator(casCookieBuilder).ticketRegistry(ticketRegistry).ticketRegistrySupport(ticketRegistrySupport).callbackService(service).build();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecurityIdentityProviderControllersConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecurityIdentityProviderConfiguration$CoreWsSecurityIdentityProviderControllersConfiguration.class */
    public static class CoreWsSecurityIdentityProviderControllersConfiguration {
        @ConditionalOnMissingBean(name = {"federationValidateRequestController"})
        @Bean
        public WSFederationValidateRequestController federationValidateRequestController(@Qualifier("wsFederationConfigurationContext") WSFederationRequestConfigurationContext wSFederationRequestConfigurationContext) {
            return new WSFederationValidateRequestController(wSFederationRequestConfigurationContext);
        }

        @Bean
        public WSFederationValidateRequestCallbackController federationValidateRequestCallbackController(@Qualifier("wsFederationConfigurationContext") WSFederationRequestConfigurationContext wSFederationRequestConfigurationContext) {
            return new WSFederationValidateRequestCallbackController(wSFederationRequestConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public WSFederationMetadataController wsFederationMetadataController(CasConfigurationProperties casConfigurationProperties) {
            return new WSFederationMetadataController(casConfigurationProperties);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecurityIdentityProviderServiceSelectionConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecurityIdentityProviderConfiguration$CoreWsSecurityIdentityProviderServiceSelectionConfiguration.class */
    public static class CoreWsSecurityIdentityProviderServiceSelectionConfiguration {
        @ConditionalOnMissingBean(name = {"wsFederationAuthenticationServiceSelectionStrategy"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationServiceSelectionStrategy wsFederationAuthenticationServiceSelectionStrategy(@Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, @Qualifier("servicesManager") ServicesManager servicesManager) {
            return new WSFederationAuthenticationServiceSelectionStrategy(servicesManager, serviceFactory);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecurityIdentityProviderServiceSelectionPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecurityIdentityProviderConfiguration$CoreWsSecurityIdentityProviderServiceSelectionPlanConfiguration.class */
    public static class CoreWsSecurityIdentityProviderServiceSelectionPlanConfiguration {
        @ConditionalOnMissingBean(name = {"wsFederationAuthenticationServiceSelectionStrategyConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationServiceSelectionStrategyConfigurer wsFederationAuthenticationServiceSelectionStrategyConfigurer(@Qualifier("wsFederationAuthenticationServiceSelectionStrategy") AuthenticationServiceSelectionStrategy authenticationServiceSelectionStrategy) {
            return authenticationServiceSelectionPlan -> {
                authenticationServiceSelectionPlan.registerStrategy(authenticationServiceSelectionStrategy);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecurityIdentityProviderServicesConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecurityIdentityProviderConfiguration$CoreWsSecurityIdentityProviderServicesConfiguration.class */
    public static class CoreWsSecurityIdentityProviderServicesConfiguration {
        @ConditionalOnMissingBean(name = {"wsFederationServicesManagerRegisteredServiceLocator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ServicesManagerRegisteredServiceLocator wsFederationServicesManagerRegisteredServiceLocator() {
            return new WsFederationServicesManagerRegisteredServiceLocator();
        }

        @Bean
        public Service wsFederationCallbackService(@Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory) {
            return serviceFactory.createService("/ws/idp/federationcallback");
        }

        @ConditionalOnMissingBean(name = {"wsFederationServiceRegistryExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ServiceRegistryExecutionPlanConfigurer wsFederationServiceRegistryExecutionPlanConfigurer(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("wsFederationCallbackService") Service service) {
            return serviceRegistryExecutionPlan -> {
                CoreWsSecurityIdentityProviderConfiguration.LOGGER.debug("Initializing WS Federation callback service [{}]", service);
                RegisteredService casRegisteredService = new CasRegisteredService();
                casRegisteredService.setId(RandomUtils.nextLong());
                casRegisteredService.setEvaluationOrder(Integer.MIN_VALUE);
                casRegisteredService.setName(casRegisteredService.getClass().getSimpleName());
                casRegisteredService.setDescription("WS-Federation Authentication Request");
                casRegisteredService.setServiceId(service.getId().concat(".+"));
                CoreWsSecurityIdentityProviderConfiguration.LOGGER.debug("Saving callback service [{}] into the registry", casRegisteredService.getServiceId());
                serviceRegistryExecutionPlan.registerServiceRegistry(new WSFederationServiceRegistry(configurableApplicationContext, casRegisteredService));
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecurityIdentityProviderTicketsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecurityIdentityProviderConfiguration$CoreWsSecurityIdentityProviderTicketsConfiguration.class */
    public static class CoreWsSecurityIdentityProviderTicketsConfiguration {
        @ConditionalOnMissingBean(name = {"defaultWSFederationRelyingPartyAttributeWriter"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public WSFederationRelyingPartyAttributeWriter defaultWSFederationRelyingPartyAttributeWriter(CasConfigurationProperties casConfigurationProperties) {
            return new DefaultWSFederationRelyingPartyAttributeWriter(new HashSet(casConfigurationProperties.getAuthn().getWsfedIdp().getSts().getCustomClaims()));
        }

        @ConditionalOnMissingBean(name = {"wsFederationRelyingPartyTokenProducer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public WSFederationRelyingPartyTokenProducer wsFederationRelyingPartyTokenProducer(@Qualifier("defaultWSFederationRelyingPartyAttributeWriter") WSFederationRelyingPartyAttributeWriter wSFederationRelyingPartyAttributeWriter, @Qualifier("securityTokenServiceCredentialCipherExecutor") CipherExecutor cipherExecutor, @Qualifier("securityTokenServiceClientBuilder") SecurityTokenServiceClientBuilder securityTokenServiceClientBuilder) {
            return new DefaultRelyingPartyTokenProducer(securityTokenServiceClientBuilder, cipherExecutor, wSFederationRelyingPartyAttributeWriter);
        }

        @ConditionalOnMissingBean(name = {"wsFederationTicketValidator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public TicketValidator wsFederationTicketValidator(@Qualifier("webApplicationServiceFactory") ServiceFactory<WebApplicationService> serviceFactory, @Qualifier("authenticationAttributeReleasePolicy") AuthenticationAttributeReleasePolicy authenticationAttributeReleasePolicy, @Qualifier("centralAuthenticationService") CentralAuthenticationService centralAuthenticationService, @Qualifier("servicesManager") ServicesManager servicesManager) {
            return new InternalTicketValidator(centralAuthenticationService, serviceFactory, authenticationAttributeReleasePolicy, servicesManager);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecurityIdentityProviderWebConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecurityIdentityProviderConfiguration$CoreWsSecurityIdentityProviderWebConfiguration.class */
    public static class CoreWsSecurityIdentityProviderWebConfiguration {
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ProtocolEndpointWebSecurityConfigurer<Void> wsFederationProtocolEndpointConfigurer() {
            return new ProtocolEndpointWebSecurityConfigurer<Void>() { // from class: org.apereo.cas.config.CoreWsSecurityIdentityProviderConfiguration.CoreWsSecurityIdentityProviderWebConfiguration.1
                public List<String> getIgnoredEndpoints() {
                    return List.of(StringUtils.prependIfMissing("/ws/idp", "/", new CharSequence[0]), StringUtils.prependIfMissing("/ws/sts/", "/", new CharSequence[0]));
                }
            };
        }
    }
}
