package org.apereo.cas.config;

import org.apereo.cas.authentication.CasSSLContext;
import org.apereo.cas.aws.AmazonClientConfigurationBuilder;
import org.apereo.cas.aws.ChainingAWSCredentialsProvider;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.support.pac4j.saml.Pac4jSamlServiceProviderMetadataAmazonS3Properties;
import org.apereo.cas.support.pac4j.authentication.clients.DelegatedClientFactoryCustomizer;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.config.SAML2Configuration;
import org.pac4j.saml.metadata.s3.SAML2S3MetadataGenerator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.S3ClientBuilder;

@Configuration(value = "DelegatedAuthenticationSaml2AmazonS3Configuration", proxyBeanMethods = false)
@ConditionalOnClass({S3Client.class})
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.DelegatedAuthentication}, module = "saml-s3", enabledByDefault = false)
/* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationSaml2AmazonS3Configuration.class */
class DelegatedAuthenticationSaml2AmazonS3Configuration {
    DelegatedAuthenticationSaml2AmazonS3Configuration() {
    }

    @ConditionalOnMissingBean(name = {"delegatedSaml2ClientAmazonS3MetadataCustomizer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public DelegatedClientFactoryCustomizer delegatedSaml2ClientAmazonS3MetadataCustomizer(CasConfigurationProperties casConfigurationProperties, @Qualifier("casSslContext") CasSSLContext casSSLContext) {
        return client -> {
            if (client instanceof SAML2Client) {
                SAML2Configuration configuration = ((SAML2Client) client).getConfiguration();
                casConfigurationProperties.getAuthn().getPac4j().getSaml().forEach(pac4jSamlClientProperties -> {
                    Pac4jSamlServiceProviderMetadataAmazonS3Properties amazonS3 = pac4jSamlClientProperties.getMetadata().getServiceProvider().getAmazonS3();
                    AwsCredentialsProvider chainingAWSCredentialsProvider = ChainingAWSCredentialsProvider.getInstance(amazonS3.getCredentialAccessKey(), amazonS3.getCredentialSecretKey(), amazonS3.getProfilePath(), amazonS3.getProfileName());
                    S3ClientBuilder builder = S3Client.builder();
                    AmazonClientConfigurationBuilder.prepareSyncClientBuilder(builder, chainingAWSCredentialsProvider, amazonS3);
                    SAML2S3MetadataGenerator sAML2S3MetadataGenerator = new SAML2S3MetadataGenerator((S3Client) builder.build(), configuration.getServiceProviderEntityId());
                    configuration.setServiceProviderMetadataResource(ResourceUtils.NULL_RESOURCE);
                    configuration.setMetadataGenerator(sAML2S3MetadataGenerator);
                });
            }
        };
    }
}
