package org.apereo.cas.config;

import org.apereo.cas.authentication.CasSSLContext;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.logout.slo.SingleLogoutRequestExecutor;
import org.apereo.cas.pac4j.web.DelegatedClientOidcBuilder;
import org.apereo.cas.pac4j.web.DelegatedClientOidcSessionManager;
import org.apereo.cas.pac4j.web.DelegatedClientsOidcEndpointContributor;
import org.apereo.cas.pac4j.web.flow.DelegatedAuthenticationOidcWebflowConfigurer;
import org.apereo.cas.pac4j.web.flow.DelegatedClientOidcLogoutAction;
import org.apereo.cas.support.pac4j.authentication.clients.ConfigurableDelegatedClientBuilder;
import org.apereo.cas.support.pac4j.authentication.clients.DelegatedClientSessionManager;
import org.apereo.cas.support.pac4j.authentication.clients.DelegatedClientsEndpointContributor;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext;
import org.apereo.cas.web.flow.actions.WebflowActionBeanSupplier;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "DelegatedAuthenticationOidcConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.DelegatedAuthentication}, module = "oidc")
/* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationOidcConfiguration.class */
class DelegatedAuthenticationOidcConfiguration {
    DelegatedAuthenticationOidcConfiguration() {
    }

    @ConditionalOnMissingBean(name = {"delegatedClientsOidcEndpointContributor"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public DelegatedClientsEndpointContributor delegatedClientsOidcEndpointContributor() {
        return new DelegatedClientsOidcEndpointContributor();
    }

    @ConditionalOnMissingBean(name = {"delegatedOidcClientBuilder"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public ConfigurableDelegatedClientBuilder delegatedOidcClientBuilder(@Qualifier("casSslContext") CasSSLContext casSSLContext) {
        return new DelegatedClientOidcBuilder(casSSLContext);
    }

    @ConditionalOnMissingBean(name = {"delegatedClientOidcSessionManager"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public DelegatedClientSessionManager delegatedClientOidcSessionManager(@Qualifier("delegatedClientAuthenticationConfigurationContext") ObjectProvider<DelegatedClientAuthenticationConfigurationContext> objectProvider) {
        return new DelegatedClientOidcSessionManager(objectProvider);
    }

    @ConditionalOnMissingBean(name = {"delegatedClientOidcLogoutAction"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public Action delegatedClientOidcLogoutAction(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("defaultSingleLogoutRequestExecutor") SingleLogoutRequestExecutor singleLogoutRequestExecutor) {
        return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
            return new DelegatedClientOidcLogoutAction(ticketRegistry, singleLogoutRequestExecutor);
        }).withId("delegatedClientOidcLogoutAction").build().get();
    }

    @ConditionalOnMissingBean(name = {"delegatedAuthenticationOidcWebflowConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasWebflowConfigurer delegatedAuthenticationOidcWebflowConfigurer(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("flowDefinitionRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices) {
        return new DelegatedAuthenticationOidcWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
    }

    @ConditionalOnMissingBean(name = {"delegatedAuthenticationOidcWebflowExecutionPlanConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasWebflowExecutionPlanConfigurer delegatedAuthenticationOidcWebflowExecutionPlanConfigurer(@Qualifier("delegatedAuthenticationOidcWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer, ConfigurableApplicationContext configurableApplicationContext) {
        return (CasWebflowExecutionPlanConfigurer) BeanSupplier.of(CasWebflowExecutionPlanConfigurer.class).alwaysMatch().supply(() -> {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
            };
        }).otherwiseProxy().get();
    }
}
