package org.apereo.cas.config;

import java.util.List;
import java.util.Properties;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apereo.inspektr.aspect.TraceLogAspect;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.pac4j.cas.client.CasClient;
import org.pac4j.core.authorization.RequireAnyRoleAuthorizer;
import org.pac4j.core.authorization.generator.SpringSecurityPropertiesAuthorizationGenerator;
import org.pac4j.core.client.Client;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.http.client.direct.IpClient;
import org.pac4j.http.credentials.authenticator.IpRegexpAuthenticator;
import org.pac4j.springframework.web.RequiresAuthenticationInterceptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMappingCustomizer;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.mvc.WebContentInterceptor;

@Configuration("casSecurityContextConfiguration")
/* loaded from: input_file:org/apereo/cas/config/CasSecurityContextConfiguration.class */
public class CasSecurityContextConfiguration extends WebMvcConfigurerAdapter {
    private static final Logger LOGGER;

    @Value("${cas.securityContext.adminpages.ip:127\\.0\\.0\\.1}")
    private String regexPattern;

    @Value("${cas.securityContext.adminpages.adminRoles:}")
    private String roles;

    @Value("${cas.securityContext.adminpages.loginUrl:}")
    private String loginUrl;

    @Value("${cas.securityContext.adminpages.service:}")
    private String callbackUrl;

    @Value("${cas.securityContext.adminpages.users:}")
    private Resource userPropertiesFile;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;
    private static final JoinPoint.StaticPart ajc$tjp_3 = null;
    private static final JoinPoint.StaticPart ajc$tjp_4 = null;
    private static final JoinPoint.StaticPart ajc$tjp_5 = null;
    private static final JoinPoint.StaticPart ajc$tjp_6 = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apereo.cas.config.CasSecurityContextConfiguration$2, reason: invalid class name */
    /* loaded from: input_file:org/apereo/cas/config/CasSecurityContextConfiguration$2.class */
    public class AnonymousClass2 extends HandlerInterceptorAdapter {
        private static final JoinPoint.StaticPart ajc$tjp_0 = null;

        /* renamed from: org.apereo.cas.config.CasSecurityContextConfiguration$2$AjcClosure1 */
        /* loaded from: input_file:org/apereo/cas/config/CasSecurityContextConfiguration$2$AjcClosure1.class */
        public class AjcClosure1 extends AroundClosure {
            public AjcClosure1(Object[] objArr) {
                super(objArr);
            }

            public Object run(Object[] objArr) {
                Object[] objArr2 = ((AroundClosure) this).state;
                return Conversions.booleanObject(AnonymousClass2.preHandle_aroundBody0((AnonymousClass2) objArr2[0], (HttpServletRequest) objArr2[1], (HttpServletResponse) objArr2[2], objArr2[3], (JoinPoint) objArr2[4]));
            }
        }

        AnonymousClass2() {
        }

        public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
            return Conversions.booleanValue(TraceLogAspect.aspectOf().traceMethod(new AjcClosure1(new Object[]{this, httpServletRequest, httpServletResponse, obj, Factory.makeJP(ajc$tjp_0, this, this, new Object[]{httpServletRequest, httpServletResponse, obj})}).linkClosureAndJoinPoint(69648)));
        }

        static {
            ajc$preClinit();
        }

        static final boolean preHandle_aroundBody0(AnonymousClass2 anonymousClass2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, JoinPoint joinPoint) {
            return Pattern.compile("/status(/)*$").matcher(httpServletRequest.getRequestURI()).find() ? CasSecurityContextConfiguration.this.requiresAuthenticationStatusInterceptor().preHandle(httpServletRequest, httpServletResponse, obj) : CasSecurityContextConfiguration.this.requiresAuthenticationStatusAdminEndpointsInterceptor().preHandle(httpServletRequest, httpServletResponse, obj);
        }

        private static void ajc$preClinit() {
            Factory factory = new Factory("CasSecurityContextConfiguration.java", AnonymousClass2.class);
            ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "preHandle", "org.apereo.cas.config.CasSecurityContextConfiguration$2", "javax.servlet.http.HttpServletRequest:javax.servlet.http.HttpServletResponse:java.lang.Object", "request:response:handler", "java.lang.Exception", "boolean"), 155);
        }
    }

    /* loaded from: input_file:org/apereo/cas/config/CasSecurityContextConfiguration$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return CasSecurityContextConfiguration.webContentInterceptor_aroundBody0((CasSecurityContextConfiguration) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/apereo/cas/config/CasSecurityContextConfiguration$AjcClosure11.class */
    public class AjcClosure11 extends AroundClosure {
        public AjcClosure11(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return CasSecurityContextConfiguration.statusInterceptor_aroundBody10((CasSecurityContextConfiguration) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/apereo/cas/config/CasSecurityContextConfiguration$AjcClosure13.class */
    public class AjcClosure13 extends AroundClosure {
        public AjcClosure13(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return CasSecurityContextConfiguration.mappingCustomizer_aroundBody12((CasSecurityContextConfiguration) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/apereo/cas/config/CasSecurityContextConfiguration$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return CasSecurityContextConfiguration.requiresAuthenticationStatusInterceptor_aroundBody2((CasSecurityContextConfiguration) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/apereo/cas/config/CasSecurityContextConfiguration$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return CasSecurityContextConfiguration.config_aroundBody4((CasSecurityContextConfiguration) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/apereo/cas/config/CasSecurityContextConfiguration$AjcClosure7.class */
    public class AjcClosure7 extends AroundClosure {
        public AjcClosure7(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return CasSecurityContextConfiguration.requiresAuthenticationStatusAdminEndpointsInterceptor_aroundBody6((CasSecurityContextConfiguration) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/apereo/cas/config/CasSecurityContextConfiguration$AjcClosure9.class */
    public class AjcClosure9 extends AroundClosure {
        public AjcClosure9(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            CasSecurityContextConfiguration.addInterceptors_aroundBody8((CasSecurityContextConfiguration) objArr2[0], (InterceptorRegistry) objArr2[1], (JoinPoint) objArr2[2]);
            return null;
        }
    }

    static {
        ajc$preClinit();
        LOGGER = LoggerFactory.getLogger(CasSecurityContextConfiguration.class);
    }

    @RefreshScope
    @Bean(name = {"webContentInterceptor"})
    public WebContentInterceptor webContentInterceptor() {
        return (WebContentInterceptor) TraceLogAspect.aspectOf().traceMethod(new AjcClosure1(new Object[]{this, Factory.makeJP(ajc$tjp_0, this, this)}).linkClosureAndJoinPoint(69648));
    }

    @RefreshScope
    @Bean(name = {"requiresAuthenticationStatusInterceptor"})
    public RequiresAuthenticationInterceptor requiresAuthenticationStatusInterceptor() {
        return (RequiresAuthenticationInterceptor) TraceLogAspect.aspectOf().traceMethod(new AjcClosure3(new Object[]{this, Factory.makeJP(ajc$tjp_1, this, this)}).linkClosureAndJoinPoint(69648));
    }

    @RefreshScope
    @Bean(name = {"config"})
    public Config config() {
        return (Config) TraceLogAspect.aspectOf().traceMethod(new AjcClosure5(new Object[]{this, Factory.makeJP(ajc$tjp_2, this, this)}).linkClosureAndJoinPoint(69648));
    }

    @RefreshScope
    @Bean(name = {"requiresAuthenticationStatusAdminEndpointsInterceptor"})
    public RequiresAuthenticationInterceptor requiresAuthenticationStatusAdminEndpointsInterceptor() {
        return (RequiresAuthenticationInterceptor) TraceLogAspect.aspectOf().traceMethod(new AjcClosure7(new Object[]{this, Factory.makeJP(ajc$tjp_3, this, this)}).linkClosureAndJoinPoint(69648));
    }

    public void addInterceptors(InterceptorRegistry interceptorRegistry) {
        TraceLogAspect.aspectOf().traceMethod(new AjcClosure9(new Object[]{this, interceptorRegistry, Factory.makeJP(ajc$tjp_4, this, this, interceptorRegistry)}).linkClosureAndJoinPoint(69648));
    }

    @Bean(name = {"statusInterceptor"})
    public HandlerInterceptorAdapter statusInterceptor() {
        return (HandlerInterceptorAdapter) TraceLogAspect.aspectOf().traceMethod(new AjcClosure11(new Object[]{this, Factory.makeJP(ajc$tjp_5, this, this)}).linkClosureAndJoinPoint(69648));
    }

    @RefreshScope
    @Bean(name = {"mappingCustomizer"})
    public EndpointHandlerMappingCustomizer mappingCustomizer() {
        return (EndpointHandlerMappingCustomizer) TraceLogAspect.aspectOf().traceMethod(new AjcClosure13(new Object[]{this, Factory.makeJP(ajc$tjp_6, this, this)}).linkClosureAndJoinPoint(69648));
    }

    static final WebContentInterceptor webContentInterceptor_aroundBody0(CasSecurityContextConfiguration casSecurityContextConfiguration, JoinPoint joinPoint) {
        WebContentInterceptor webContentInterceptor = new WebContentInterceptor();
        webContentInterceptor.setCacheSeconds(0);
        webContentInterceptor.setAlwaysUseFullPath(true);
        return webContentInterceptor;
    }

    static final RequiresAuthenticationInterceptor requiresAuthenticationStatusInterceptor_aroundBody2(CasSecurityContextConfiguration casSecurityContextConfiguration, JoinPoint joinPoint) {
        return new RequiresAuthenticationInterceptor(new Config(new IpClient(new IpRegexpAuthenticator(casSecurityContextConfiguration.regexPattern))), "IpClient");
    }

    static final Config config_aroundBody4(CasSecurityContextConfiguration casSecurityContextConfiguration, JoinPoint joinPoint) {
        try {
            if (StringUtils.isNotBlank(casSecurityContextConfiguration.loginUrl) && StringUtils.isNotBlank(casSecurityContextConfiguration.callbackUrl) && StringUtils.isNotBlank(casSecurityContextConfiguration.roles)) {
                CasClient casClient = new CasClient(casSecurityContextConfiguration.loginUrl);
                Properties properties = new Properties();
                properties.load(casSecurityContextConfiguration.userPropertiesFile.getInputStream());
                casClient.setAuthorizationGenerator(new SpringSecurityPropertiesAuthorizationGenerator(properties));
                Config config = new Config(casSecurityContextConfiguration.callbackUrl, casClient);
                config.setAuthorizer(new RequireAnyRoleAuthorizer(org.springframework.util.StringUtils.commaDelimitedListToSet(casSecurityContextConfiguration.roles)));
                return config;
            }
        } catch (Exception e) {
            LOGGER.warn(e.getMessage(), e);
        }
        return new Config();
    }

    static final RequiresAuthenticationInterceptor requiresAuthenticationStatusAdminEndpointsInterceptor_aroundBody6(CasSecurityContextConfiguration casSecurityContextConfiguration, JoinPoint joinPoint) {
        Config config = casSecurityContextConfiguration.config();
        return config.getClients() == null ? casSecurityContextConfiguration.requiresAuthenticationStatusInterceptor() : new RequiresAuthenticationInterceptor(config, "CasClient", "securityHeaders,csrfToken,RequireAnyRoleAuthorizer") { // from class: org.apereo.cas.config.CasSecurityContextConfiguration.1
            protected void forbidden(WebContext webContext, List<Client> list, UserProfile userProfile) {
                webContext.setResponseStatus(403);
            }
        };
    }

    static final void addInterceptors_aroundBody8(CasSecurityContextConfiguration casSecurityContextConfiguration, InterceptorRegistry interceptorRegistry, JoinPoint joinPoint) {
        interceptorRegistry.addInterceptor(casSecurityContextConfiguration.statusInterceptor()).addPathPatterns(new String[]{"/status/**"});
        interceptorRegistry.addInterceptor(casSecurityContextConfiguration.webContentInterceptor()).addPathPatterns(new String[]{"/*"});
    }

    static final HandlerInterceptorAdapter statusInterceptor_aroundBody10(CasSecurityContextConfiguration casSecurityContextConfiguration, JoinPoint joinPoint) {
        return new AnonymousClass2();
    }

    static final EndpointHandlerMappingCustomizer mappingCustomizer_aroundBody12(CasSecurityContextConfiguration casSecurityContextConfiguration, JoinPoint joinPoint) {
        return endpointHandlerMapping -> {
            endpointHandlerMapping.setInterceptors(new Object[]{statusInterceptor()});
        };
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("CasSecurityContextConfiguration.java", CasSecurityContextConfiguration.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "webContentInterceptor", "org.apereo.cas.config.CasSecurityContextConfiguration", "", "", "", "org.springframework.web.servlet.mvc.WebContentInterceptor"), 68);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "requiresAuthenticationStatusInterceptor", "org.apereo.cas.config.CasSecurityContextConfiguration", "", "", "", "org.pac4j.springframework.web.RequiresAuthenticationInterceptor"), 82);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "config", "org.apereo.cas.config.CasSecurityContextConfiguration", "", "", "", "org.pac4j.core.config.Config"), 94);
        ajc$tjp_3 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "requiresAuthenticationStatusAdminEndpointsInterceptor", "org.apereo.cas.config.CasSecurityContextConfiguration", "", "", "", "org.pac4j.springframework.web.RequiresAuthenticationInterceptor"), 122);
        ajc$tjp_4 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "addInterceptors", "org.apereo.cas.config.CasSecurityContextConfiguration", "org.springframework.web.servlet.config.annotation.InterceptorRegistry", "registry", "", "void"), 141);
        ajc$tjp_5 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "statusInterceptor", "org.apereo.cas.config.CasSecurityContextConfiguration", "", "", "", "org.springframework.web.servlet.handler.HandlerInterceptorAdapter"), 152);
        ajc$tjp_6 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "mappingCustomizer", "org.apereo.cas.config.CasSecurityContextConfiguration", "", "", "", "org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMappingCustomizer"), 176);
    }
}
