package org.apereo.cas.support.wsfederation.config;

import java.util.Map;
import javax.annotation.PostConstruct;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.DefaultAuthenticationSystemSupport;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.wsfederation.WsFederationAttributeMutator;
import org.apereo.cas.support.wsfederation.WsFederationConfiguration;
import org.apereo.cas.support.wsfederation.WsFederationHelper;
import org.apereo.cas.support.wsfederation.authentication.handler.support.WsFederationAuthenticationHandler;
import org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredentialsToPrincipalResolver;
import org.apereo.cas.support.wsfederation.web.flow.WsFederationAction;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ResourceLoader;
import org.springframework.util.StringUtils;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("wsFederationConfiguration")
/* loaded from: input_file:org/apereo/cas/support/wsfederation/config/WsFederationAuthenticationConfiguration.class */
public class WsFederationAuthenticationConfiguration {

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("attributeRepository")
    private IPersonAttributeDao attributeRepository;

    @Autowired(required = false)
    @Qualifier("wsfedAttributeMutator")
    private WsFederationAttributeMutator attributeMutator;

    @Autowired
    @Qualifier("shibboleth.OpenSAMLConfig")
    private OpenSamlConfigBean configBean;

    @Autowired
    private ResourceLoader resourceLoader;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("centralAuthenticationService")
    private CentralAuthenticationService centralAuthenticationService;

    @Autowired(required = false)
    @Qualifier("defaultAuthenticationSystemSupport")
    private AuthenticationSystemSupport authenticationSystemSupport = new DefaultAuthenticationSystemSupport();

    @Autowired
    @Qualifier("authenticationHandlersResolvers")
    private Map authenticationHandlersResolvers;

    @RefreshScope
    @Bean
    public WsFederationConfiguration wsFedConfig() {
        WsFederationConfiguration wsFederationConfiguration = new WsFederationConfiguration();
        wsFederationConfiguration.setAttributesType(WsFederationConfiguration.WsFedPrincipalResolutionAttributesType.valueOf(this.casProperties.getAuthn().getWsfed().getAttributesType()));
        wsFederationConfiguration.setIdentityAttribute(this.casProperties.getAuthn().getWsfed().getIdentityAttribute());
        wsFederationConfiguration.setIdentityProviderIdentifier(this.casProperties.getAuthn().getWsfed().getIdentityProviderIdentifier());
        wsFederationConfiguration.setIdentityProviderUrl(this.casProperties.getAuthn().getWsfed().getIdentityProviderUrl());
        wsFederationConfiguration.setTolerance(this.casProperties.getAuthn().getWsfed().getTolerance());
        wsFederationConfiguration.setRelyingPartyIdentifier(this.casProperties.getAuthn().getWsfed().getRelyingPartyIdentifier());
        StringUtils.commaDelimitedListToSet(this.casProperties.getAuthn().getWsfed().getSigningCertificateResources()).forEach(str -> {
            wsFederationConfiguration.getSigningCertificateResources().add(this.resourceLoader.getResource(str));
        });
        StringUtils.commaDelimitedListToSet(this.casProperties.getAuthn().getWsfed().getEncryptionPrivateKey()).forEach(str2 -> {
            wsFederationConfiguration.setEncryptionPrivateKey(this.resourceLoader.getResource(str2));
        });
        StringUtils.commaDelimitedListToSet(this.casProperties.getAuthn().getWsfed().getEncryptionCertificate()).forEach(str3 -> {
            wsFederationConfiguration.setEncryptionCertificate(this.resourceLoader.getResource(str3));
        });
        wsFederationConfiguration.setEncryptionPrivateKeyPassword(this.casProperties.getAuthn().getWsfed().getEncryptionPrivateKeyPassword());
        wsFederationConfiguration.setAttributeMutator(this.attributeMutator);
        return wsFederationConfiguration;
    }

    @RefreshScope
    @Bean
    public WsFederationHelper wsFederationHelper() {
        WsFederationHelper wsFederationHelper = new WsFederationHelper();
        wsFederationHelper.setConfigBean(this.configBean);
        return wsFederationHelper;
    }

    @RefreshScope
    @Bean
    public AuthenticationHandler adfsAuthNHandler() {
        WsFederationAuthenticationHandler wsFederationAuthenticationHandler = new WsFederationAuthenticationHandler();
        wsFederationAuthenticationHandler.setPrincipalFactory(adfsPrincipalFactory());
        wsFederationAuthenticationHandler.setServicesManager(this.servicesManager);
        return wsFederationAuthenticationHandler;
    }

    @RefreshScope
    @Bean
    public PrincipalResolver adfsPrincipalResolver() {
        WsFederationCredentialsToPrincipalResolver wsFederationCredentialsToPrincipalResolver = new WsFederationCredentialsToPrincipalResolver();
        wsFederationCredentialsToPrincipalResolver.setConfiguration(wsFedConfig());
        wsFederationCredentialsToPrincipalResolver.setAttributeRepository(this.attributeRepository);
        wsFederationCredentialsToPrincipalResolver.setPrincipalAttributeName(this.casProperties.getAuthn().getWsfed().getPrincipal().getPrincipalAttribute());
        wsFederationCredentialsToPrincipalResolver.setReturnNullIfNoAttributes(this.casProperties.getAuthn().getWsfed().getPrincipal().isReturnNull());
        wsFederationCredentialsToPrincipalResolver.setPrincipalFactory(adfsPrincipalFactory());
        return wsFederationCredentialsToPrincipalResolver;
    }

    @Bean
    public PrincipalFactory adfsPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @RefreshScope
    @Bean
    public Action wsFederationAction() {
        WsFederationAction wsFederationAction = new WsFederationAction();
        wsFederationAction.setAuthenticationSystemSupport(this.authenticationSystemSupport);
        wsFederationAction.setCentralAuthenticationService(this.centralAuthenticationService);
        wsFederationAction.setConfiguration(wsFedConfig());
        wsFederationAction.setWsFederationHelper(wsFederationHelper());
        wsFederationAction.setServicesManager(this.servicesManager);
        return wsFederationAction;
    }

    @PostConstruct
    protected void initializeRootApplicationContext() {
        if (org.apache.commons.lang3.StringUtils.isNotBlank(this.casProperties.getAuthn().getWsfed().getIdentityProviderUrl()) && org.apache.commons.lang3.StringUtils.isNotBlank(this.casProperties.getAuthn().getWsfed().getIdentityProviderIdentifier())) {
            if (this.casProperties.getAuthn().getWsfed().isAttributeResolverEnabled()) {
                this.authenticationHandlersResolvers.put(adfsAuthNHandler(), adfsPrincipalResolver());
            } else {
                this.authenticationHandlersResolvers.put(adfsAuthNHandler(), null);
            }
        }
    }
}
