package org.apereo.cas.config;

import java.util.HashSet;
import java.util.List;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategyConfigurer;
import org.apereo.cas.authentication.SecurityTokenServiceClientBuilder;
import org.apereo.cas.authentication.SecurityTokenServiceTokenFetcher;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegexRegisteredService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServiceRegistryExecutionPlanConfigurer;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.ServicesManagerRegisteredServiceLocator;
import org.apereo.cas.ticket.SecurityTokenTicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.web.ProtocolEndpointWebSecurityConfigurer;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.ws.idp.authentication.WSFederationAuthenticationServiceSelectionStrategy;
import org.apereo.cas.ws.idp.metadata.WSFederationMetadataController;
import org.apereo.cas.ws.idp.services.DefaultRelyingPartyTokenProducer;
import org.apereo.cas.ws.idp.services.WSFederationRelyingPartyTokenProducer;
import org.apereo.cas.ws.idp.services.WSFederationServiceRegistry;
import org.apereo.cas.ws.idp.services.WsFederationServicesManagerRegisteredServiceLocator;
import org.apereo.cas.ws.idp.web.WSFederationRequestConfigurationContext;
import org.apereo.cas.ws.idp.web.WSFederationValidateRequestCallbackController;
import org.apereo.cas.ws.idp.web.WSFederationValidateRequestController;
import org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator;
import org.jasig.cas.client.validation.TicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportResource;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@ImportResource(locations = {"classpath:META-INF/cxf/cxf.xml"})
@Configuration("coreWsSecurityIdentityProviderConfiguration")
/* loaded from: input_file:org/apereo/cas/config/CoreWsSecurityIdentityProviderConfiguration.class */
public class CoreWsSecurityIdentityProviderConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CoreWsSecurityIdentityProviderConfiguration.class);

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Autowired
    @Qualifier("casClientTicketValidator")
    private ObjectProvider<AbstractUrlBasedTicketValidator> casClientTicketValidator;

    @Autowired
    @Qualifier("ticketGrantingTicketCookieGenerator")
    private ObjectProvider<CasCookieBuilder> ticketGrantingTicketCookieGenerator;

    @Autowired
    @Qualifier("noRedirectHttpClient")
    private ObjectProvider<HttpClient> httpClient;

    @Autowired
    @Qualifier("defaultTicketRegistrySupport")
    private ObjectProvider<TicketRegistrySupport> ticketRegistrySupport;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    @Qualifier("webApplicationServiceFactory")
    private ObjectProvider<ServiceFactory> webApplicationServiceFactory;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("securityTokenTicketFactory")
    private ObjectProvider<SecurityTokenTicketFactory> securityTokenTicketFactory;

    @Autowired
    @Qualifier("ticketRegistry")
    private ObjectProvider<TicketRegistry> ticketRegistry;

    @Autowired
    @Qualifier("securityTokenServiceTokenFetcher")
    private ObjectProvider<SecurityTokenServiceTokenFetcher> securityTokenServiceTokenFetcher;

    @ConditionalOnMissingBean(name = {"federationValidateRequestController"})
    @Bean
    public WSFederationValidateRequestController federationValidateRequestController() {
        return new WSFederationValidateRequestController(getConfigurationContext().build());
    }

    @Autowired
    @Bean
    public WSFederationValidateRequestCallbackController federationValidateRequestCallbackController(@Qualifier("wsFederationRelyingPartyTokenProducer") WSFederationRelyingPartyTokenProducer wSFederationRelyingPartyTokenProducer) {
        return new WSFederationValidateRequestCallbackController(getConfigurationContext().relyingPartyTokenProducer(wSFederationRelyingPartyTokenProducer).build());
    }

    @Bean
    public Service wsFederationCallbackService() {
        return ((ServiceFactory) this.webApplicationServiceFactory.getObject()).createService("/ws/idp/federationcallback");
    }

    @RefreshScope
    @Bean
    public WSFederationMetadataController wsFederationMetadataController() {
        return new WSFederationMetadataController(this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"wsFederationRelyingPartyTokenProducer"})
    @Autowired
    @RefreshScope
    @Bean
    public WSFederationRelyingPartyTokenProducer wsFederationRelyingPartyTokenProducer(@Qualifier("securityTokenServiceCredentialCipherExecutor") CipherExecutor cipherExecutor, @Qualifier("securityTokenServiceClientBuilder") SecurityTokenServiceClientBuilder securityTokenServiceClientBuilder) {
        return new DefaultRelyingPartyTokenProducer(securityTokenServiceClientBuilder, cipherExecutor, new HashSet(this.casProperties.getAuthn().getWsfedIdp().getSts().getCustomClaims()));
    }

    @ConditionalOnMissingBean(name = {"wsFederationAuthenticationServiceSelectionStrategy"})
    @RefreshScope
    @Bean
    public AuthenticationServiceSelectionStrategy wsFederationAuthenticationServiceSelectionStrategy() {
        return new WSFederationAuthenticationServiceSelectionStrategy((ServicesManager) this.servicesManager.getObject(), (ServiceFactory) this.webApplicationServiceFactory.getObject());
    }

    @ConditionalOnMissingBean(name = {"wsFederationAuthenticationServiceSelectionStrategyConfigurer"})
    @Bean
    public AuthenticationServiceSelectionStrategyConfigurer wsFederationAuthenticationServiceSelectionStrategyConfigurer() {
        return authenticationServiceSelectionPlan -> {
            authenticationServiceSelectionPlan.registerStrategy(wsFederationAuthenticationServiceSelectionStrategy());
        };
    }

    @ConditionalOnMissingBean(name = {"wsFederationServiceRegistryExecutionPlanConfigurer"})
    @Bean
    public ServiceRegistryExecutionPlanConfigurer wsFederationServiceRegistryExecutionPlanConfigurer() {
        return serviceRegistryExecutionPlan -> {
            Service wsFederationCallbackService = wsFederationCallbackService();
            LOGGER.debug("Initializing WS Federation callback service [{}]", wsFederationCallbackService);
            RegisteredService regexRegisteredService = new RegexRegisteredService();
            regexRegisteredService.setId(RandomUtils.nextLong());
            regexRegisteredService.setEvaluationOrder(Integer.MIN_VALUE);
            regexRegisteredService.setName(regexRegisteredService.getClass().getSimpleName());
            regexRegisteredService.setDescription("WS-Federation Authentication Request");
            regexRegisteredService.setServiceId(wsFederationCallbackService.getId().concat(".+"));
            LOGGER.debug("Saving callback service [{}] into the registry", regexRegisteredService);
            serviceRegistryExecutionPlan.registerServiceRegistry(new WSFederationServiceRegistry(this.applicationContext, regexRegisteredService));
        };
    }

    @Bean
    public ProtocolEndpointWebSecurityConfigurer<Void> wsFederationProtocolEndpointConfigurer() {
        return new ProtocolEndpointWebSecurityConfigurer<Void>() { // from class: org.apereo.cas.config.CoreWsSecurityIdentityProviderConfiguration.1
            public List<String> getIgnoredEndpoints() {
                return List.of(StringUtils.prependIfMissing("/ws/idp", "/", new CharSequence[0]), StringUtils.prependIfMissing("/ws/sts/", "/", new CharSequence[0]));
            }
        };
    }

    @ConditionalOnMissingBean(name = {"wsFederationServicesManagerRegisteredServiceLocator"})
    @Bean
    public ServicesManagerRegisteredServiceLocator wsFederationServicesManagerRegisteredServiceLocator() {
        return new WsFederationServicesManagerRegisteredServiceLocator();
    }

    private WSFederationRequestConfigurationContext.WSFederationRequestConfigurationContextBuilder getConfigurationContext() {
        return WSFederationRequestConfigurationContext.builder().servicesManager((ServicesManager) this.servicesManager.getObject()).webApplicationServiceFactory((ServiceFactory) this.webApplicationServiceFactory.getObject()).casProperties(this.casProperties).ticketValidator((TicketValidator) this.casClientTicketValidator.getObject()).securityTokenServiceTokenFetcher((SecurityTokenServiceTokenFetcher) this.securityTokenServiceTokenFetcher.getObject()).serviceSelectionStrategy(wsFederationAuthenticationServiceSelectionStrategy()).httpClient((HttpClient) this.httpClient.getObject()).securityTokenTicketFactory((SecurityTokenTicketFactory) this.securityTokenTicketFactory.getObject()).ticketGrantingTicketCookieGenerator((CasCookieBuilder) this.ticketGrantingTicketCookieGenerator.getObject()).ticketRegistry((TicketRegistry) this.ticketRegistry.getObject()).ticketRegistrySupport((TicketRegistrySupport) this.ticketRegistrySupport.getObject()).callbackService(wsFederationCallbackService());
    }
}
