package org.apereo.cas.config;

import java.util.List;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.ProtocolAttributeEncoder;
import org.apereo.cas.authentication.attribute.AttributeDefinitionStore;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.ResponseBuilder;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.support.saml.SamlCoreProperties;
import org.apereo.cas.services.CasProtocolVersions;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.authentication.SamlResponseBuilder;
import org.apereo.cas.support.saml.authentication.principal.SamlServiceResponseBuilder;
import org.apereo.cas.support.saml.util.Saml10ObjectBuilder;
import org.apereo.cas.support.saml.web.SamlValidateController;
import org.apereo.cas.support.saml.web.SamlValidateEndpoint;
import org.apereo.cas.support.saml.web.view.Saml10FailureResponseView;
import org.apereo.cas.support.saml.web.view.Saml10SuccessResponseView;
import org.apereo.cas.ticket.proxy.ProxyHandler;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.validation.AuthenticationAttributeReleasePolicy;
import org.apereo.cas.validation.CasProtocolValidationSpecification;
import org.apereo.cas.validation.CasProtocolVersionValidationSpecification;
import org.apereo.cas.validation.ChainingCasProtocolValidationSpecification;
import org.apereo.cas.web.CasWebSecurityConfigurer;
import org.apereo.cas.web.ServiceValidateConfigurationContext;
import org.apereo.cas.web.ServiceValidationViewFactoryConfigurer;
import org.apereo.cas.web.UrlValidator;
import org.apereo.cas.web.support.ArgumentExtractor;
import org.apereo.cas.web.view.attributes.NoOpProtocolAttributesRenderer;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnAvailableEndpoint;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.web.servlet.View;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "SamlConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.SAML})
/* loaded from: input_file:org/apereo/cas/config/SamlConfiguration.class */
class SamlConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlBuilderConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlConfiguration$SamlBuilderConfiguration.class */
    static class SamlBuilderConfiguration {
        SamlBuilderConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"samlResponseBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlResponseBuilder samlResponseBuilder(@Qualifier("servicesManager") ServicesManager servicesManager, CasConfigurationProperties casConfigurationProperties, @Qualifier("saml10ObjectBuilder") Saml10ObjectBuilder saml10ObjectBuilder, @Qualifier("casAttributeEncoder") ProtocolAttributeEncoder protocolAttributeEncoder) {
            SamlCoreProperties samlCore = casConfigurationProperties.getSamlCore();
            return new SamlResponseBuilder(saml10ObjectBuilder, samlCore.getIssuer(), samlCore.getAttributeNamespace(), samlCore.getIssueLength(), samlCore.getSkewAllowance(), protocolAttributeEncoder, servicesManager);
        }

        @ConditionalOnMissingBean(name = {"samlServiceResponseBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ResponseBuilder samlServiceResponseBuilder(@Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("urlValidator") UrlValidator urlValidator) {
            return new SamlServiceResponseBuilder(servicesManager, urlValidator);
        }

        @ConditionalOnMissingBean(name = {"saml10ObjectBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Saml10ObjectBuilder saml10ObjectBuilder(@Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) {
            return new Saml10ObjectBuilder(openSamlConfigBean);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlViewFactoryConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlConfiguration$SamlViewFactoryConfiguration.class */
    static class SamlViewFactoryConfiguration {
        SamlViewFactoryConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"samlServiceValidationViewFactoryConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ServiceValidationViewFactoryConfigurer samlServiceValidationViewFactoryConfigurer(@Qualifier("casSamlServiceSuccessView") View view, @Qualifier("casSamlServiceFailureView") View view2) {
            return serviceValidationViewFactory -> {
                serviceValidationViewFactory.registerView(SamlValidateController.class, Pair.of(view, view2));
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlViewsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlConfiguration$SamlViewsConfiguration.class */
    static class SamlViewsConfiguration {
        SamlViewsConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"casSamlServiceSuccessView"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public View casSamlServiceSuccessView(@Qualifier("samlResponseBuilder") SamlResponseBuilder samlResponseBuilder, @Qualifier("argumentExtractor") ArgumentExtractor argumentExtractor, @Qualifier("casAttributeEncoder") ProtocolAttributeEncoder protocolAttributeEncoder, @Qualifier("authenticationServiceSelectionPlan") AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("authenticationAttributeReleasePolicy") AuthenticationAttributeReleasePolicy authenticationAttributeReleasePolicy, @Qualifier("attributeDefinitionStore") AttributeDefinitionStore attributeDefinitionStore) {
            return new Saml10SuccessResponseView(protocolAttributeEncoder, servicesManager, argumentExtractor, authenticationAttributeReleasePolicy, authenticationServiceSelectionPlan, NoOpProtocolAttributesRenderer.INSTANCE, samlResponseBuilder, attributeDefinitionStore);
        }

        @ConditionalOnMissingBean(name = {"casSamlServiceFailureView"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public View casSamlServiceFailureView(@Qualifier("samlResponseBuilder") SamlResponseBuilder samlResponseBuilder, @Qualifier("argumentExtractor") ArgumentExtractor argumentExtractor, @Qualifier("casAttributeEncoder") ProtocolAttributeEncoder protocolAttributeEncoder, @Qualifier("authenticationServiceSelectionPlan") AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("authenticationAttributeReleasePolicy") AuthenticationAttributeReleasePolicy authenticationAttributeReleasePolicy, @Qualifier("attributeDefinitionStore") AttributeDefinitionStore attributeDefinitionStore) {
            return new Saml10FailureResponseView(protocolAttributeEncoder, servicesManager, argumentExtractor, authenticationAttributeReleasePolicy, authenticationServiceSelectionPlan, NoOpProtocolAttributesRenderer.INSTANCE, samlResponseBuilder, attributeDefinitionStore);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlWebConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlConfiguration$SamlWebConfiguration.class */
    static class SamlWebConfiguration {
        SamlWebConfiguration() {
        }

        @ConditionalOnAvailableEndpoint
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlValidateEndpoint samlValidateEndpoint(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("samlResponseBuilder") ObjectProvider<SamlResponseBuilder> objectProvider, @Qualifier("webApplicationServiceFactory") ObjectProvider<ServiceFactory<WebApplicationService>> objectProvider2, @Qualifier("shibboleth.OpenSAMLConfig") ObjectProvider<OpenSamlConfigBean> objectProvider3, @Qualifier("servicesManager") ObjectProvider<ServicesManager> objectProvider4, @Qualifier("defaultAuthenticationSystemSupport") ObjectProvider<AuthenticationSystemSupport> objectProvider5, @Qualifier("registeredServiceAccessStrategyEnforcer") ObjectProvider<AuditableExecution> objectProvider6, @Qualifier("defaultPrincipalResolver") ObjectProvider<PrincipalResolver> objectProvider7, @Qualifier("principalFactory") ObjectProvider<PrincipalFactory> objectProvider8) {
            return new SamlValidateEndpoint(casConfigurationProperties, configurableApplicationContext, objectProvider4, objectProvider5, objectProvider2, objectProvider8, objectProvider, objectProvider3, objectProvider6, objectProvider7);
        }

        @ConditionalOnMissingBean(name = {"samlValidateControllerValidationSpecification"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasProtocolValidationSpecification samlValidateControllerValidationSpecification(@Qualifier("casSingleAuthenticationProtocolValidationSpecification") CasProtocolValidationSpecification casProtocolValidationSpecification) {
            ChainingCasProtocolValidationSpecification chainingCasProtocolValidationSpecification = new ChainingCasProtocolValidationSpecification();
            chainingCasProtocolValidationSpecification.addSpecification(casProtocolValidationSpecification);
            chainingCasProtocolValidationSpecification.addSpecification(new CasProtocolVersionValidationSpecification(Set.of(CasProtocolVersions.SAML1)));
            return chainingCasProtocolValidationSpecification;
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlValidateController samlValidateController(@Qualifier("casValidationConfigurationContext") ServiceValidateConfigurationContext serviceValidateConfigurationContext, @Qualifier("proxy20Handler") ProxyHandler proxyHandler, @Qualifier("samlValidateControllerValidationSpecification") CasProtocolValidationSpecification casProtocolValidationSpecification) {
            return new SamlValidateController(serviceValidateConfigurationContext.withValidationSpecifications(CollectionUtils.wrapSet(casProtocolValidationSpecification)).withProxyHandler(proxyHandler));
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "SamlWebSecurityConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/SamlConfiguration$SamlWebSecurityConfiguration.class */
    static class SamlWebSecurityConfiguration {
        SamlWebSecurityConfiguration() {
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebSecurityConfigurer<Void> samlProtocolEndpointConfigurer() {
            return new CasWebSecurityConfigurer<Void>(this) { // from class: org.apereo.cas.config.SamlConfiguration.SamlWebSecurityConfiguration.1
                public List<String> getIgnoredEndpoints() {
                    return List.of(StringUtils.prependIfMissing("/samlValidate", "/", new CharSequence[0]));
                }
            };
        }
    }

    SamlConfiguration() {
    }
}
