package org.apereo.cas.config;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.principal.DelegatedAuthenticationCredentialExtractor;
import org.apereo.cas.authentication.principal.DelegatedClientAuthenticationCredentialResolver;
import org.apereo.cas.authentication.principal.GroovyDelegatedClientAuthenticationCredentialResolver;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.logout.LogoutExecutionPlan;
import org.apereo.cas.logout.slo.SingleLogoutRequestExecutor;
import org.apereo.cas.multitenancy.TenantExtractor;
import org.apereo.cas.multitenancy.UnknownTenantException;
import org.apereo.cas.pac4j.client.ChainingDelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.pac4j.client.DefaultDelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.pac4j.client.DelegatedClientAuthenticationFailureEvaluator;
import org.apereo.cas.pac4j.client.DelegatedClientAuthenticationRequestCustomizer;
import org.apereo.cas.pac4j.client.DelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.pac4j.client.DelegatedClientNameExtractor;
import org.apereo.cas.pac4j.client.DelegatedIdentityProviderFactory;
import org.apereo.cas.pac4j.client.DelegatedIdentityProviders;
import org.apereo.cas.pac4j.client.GroovyDelegatedClientAuthenticationRequestCustomizer;
import org.apereo.cas.pac4j.client.GroovyDelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.pac4j.client.authz.DefaultDelegatedClientIdentityProviderAuthorizer;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.services.web.support.MappedExceptionErrorViewResolver;
import org.apereo.cas.support.pac4j.authentication.clients.DelegatedClientsEndpoint;
import org.apereo.cas.support.pac4j.authentication.clients.DelegatedClientsEndpointContributor;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.nativex.CasRuntimeHintsRegistrar;
import org.apereo.cas.util.scripting.ExecutableCompiledScriptFactory;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.util.spring.boot.ConditionalOnMissingGraalVMNativeImage;
import org.apereo.cas.web.CasWebSecurityConfigurer;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.flow.CasDefaultFlowUrlHandler;
import org.apereo.cas.web.flow.CasFlowHandlerAdapter;
import org.apereo.cas.web.flow.CasFlowHandlerMapping;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlan;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.CasWebflowIdExtractor;
import org.apereo.cas.web.flow.CasWebflowLoginContextProvider;
import org.apereo.cas.web.flow.DefaultDelegatedClientAuthenticationWebflowManager;
import org.apereo.cas.web.flow.DefaultDelegatedClientAuthenticationWebflowStateContributor;
import org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer;
import org.apereo.cas.web.flow.DelegatedAuthenticationSingleSignOnEvaluator;
import org.apereo.cas.web.flow.DelegatedAuthenticationWebflowConfigurer;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationWebflowManager;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationWebflowStateContributor;
import org.apereo.cas.web.flow.DelegatedClientIdentityProviderAuthorizer;
import org.apereo.cas.web.flow.DelegatedClientIdentityProviderConfigurationGroovyPostProcessor;
import org.apereo.cas.web.flow.DelegatedClientIdentityProviderConfigurationPostProcessor;
import org.apereo.cas.web.flow.DelegatedClientIdentityProviderConfigurationProducer;
import org.apereo.cas.web.flow.DelegationWebflowUtils;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategy;
import org.apereo.cas.web.flow.actions.ConsumerExecutionAction;
import org.apereo.cas.web.flow.actions.DelegatedAuthenticationClientRetryAction;
import org.apereo.cas.web.flow.actions.DelegatedAuthenticationGenerateClientsAction;
import org.apereo.cas.web.flow.actions.DelegatedClientAuthenticationAction;
import org.apereo.cas.web.flow.actions.DelegatedClientAuthenticationCredentialSelectionAction;
import org.apereo.cas.web.flow.actions.DelegatedClientAuthenticationCredentialSelectionFinalizeAction;
import org.apereo.cas.web.flow.actions.DelegatedClientAuthenticationFailureAction;
import org.apereo.cas.web.flow.actions.DelegatedClientAuthenticationRedirectAction;
import org.apereo.cas.web.flow.actions.DelegatedClientAuthenticationStoreWebflowStateAction;
import org.apereo.cas.web.flow.actions.WebflowActionBeanSupplier;
import org.apereo.cas.web.flow.actions.logout.DelegatedAuthenticationClientLogoutAction;
import org.apereo.cas.web.flow.actions.logout.DelegatedAuthenticationIdentityProviderFinalizeLogoutAction;
import org.apereo.cas.web.flow.actions.logout.DelegatedAuthenticationIdentityProviderLogoutAction;
import org.apereo.cas.web.flow.configurer.CasMultifactorWebflowCustomizer;
import org.apereo.cas.web.flow.controller.DefaultDelegatedAuthenticationNavigationController;
import org.apereo.cas.web.flow.error.DefaultDelegatedClientAuthenticationFailureEvaluator;
import org.apereo.cas.web.flow.executor.WebflowExecutorFactory;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.ArgumentExtractor;
import org.apereo.cas.web.support.CookieUtils;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.cas.web.support.gen.CookieRetrievingCookieGenerator;
import org.apereo.cas.web.support.mgmr.NoOpCookieValueManager;
import org.pac4j.core.context.session.SessionStore;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnAvailableEndpoint;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.web.WebProperties;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcProperties;
import org.springframework.boot.autoconfigure.web.servlet.error.ErrorViewResolver;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.http.HttpStatus;
import org.springframework.web.servlet.HandlerAdapter;
import org.springframework.web.servlet.HandlerMapping;
import org.springframework.webflow.config.FlowDefinitionRegistryBuilder;
import org.springframework.webflow.context.servlet.FlowUrlHandler;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.FlowBuilder;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;
import org.springframework.webflow.execution.FlowExecutionListener;
import org.springframework.webflow.execution.RequestContext;
import org.springframework.webflow.executor.FlowExecutor;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "DelegatedAuthenticationWebflowConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.DelegatedAuthentication})
/* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationWebflowConfiguration.class */
class DelegatedAuthenticationWebflowConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowActionsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowActionsConfiguration.class */
    static class DelegatedAuthenticationWebflowActionsConfiguration {
        DelegatedAuthenticationWebflowActionsConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationClientCredentialSelectionFinalizeAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationClientCredentialSelectionFinalizeAction(@Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new DelegatedClientAuthenticationCredentialSelectionFinalizeAction(delegatedClientAuthenticationConfigurationContext);
            }).withId("delegatedAuthenticationClientCredentialSelectionFinalizeAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationClientCredentialSelectionAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationClientCredentialSelectionAction(@Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new DelegatedClientAuthenticationCredentialSelectionAction(delegatedClientAuthenticationConfigurationContext);
            }).withId("delegatedAuthenticationClientCredentialSelectionAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationFailureAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationFailureAction(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("delegatedClientAuthenticationFailureEvaluator") DelegatedClientAuthenticationFailureEvaluator delegatedClientAuthenticationFailureEvaluator) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new DelegatedClientAuthenticationFailureAction(delegatedClientAuthenticationFailureEvaluator);
            }).withId("delegatedAuthenticationFailureAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationRedirectToClientAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationRedirectToClientAction(@Qualifier("delegatedClientWebflowManager") DelegatedClientAuthenticationWebflowManager delegatedClientAuthenticationWebflowManager, @Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new DelegatedClientAuthenticationRedirectAction(delegatedClientAuthenticationConfigurationContext, delegatedClientAuthenticationWebflowManager);
            }).withId("delegatedAuthenticationRedirectToClientAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationStoreWebflowAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationStoreWebflowAction(@Qualifier("delegatedClientWebflowManager") DelegatedClientAuthenticationWebflowManager delegatedClientAuthenticationWebflowManager, @Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new DelegatedClientAuthenticationStoreWebflowStateAction(delegatedClientAuthenticationConfigurationContext, delegatedClientAuthenticationWebflowManager);
            }).withId("delegatedAuthenticationStoreWebflowAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationIdentityProviderLogoutAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationIdentityProviderLogoutAction(@Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new DelegatedAuthenticationIdentityProviderLogoutAction(delegatedClientAuthenticationConfigurationContext);
            }).withId("delegatedAuthenticationIdentityProviderLogoutAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationIdentityProviderFinalizeLogoutAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationIdentityProviderFinalizeLogoutAction(@Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new DelegatedAuthenticationIdentityProviderFinalizeLogoutAction(delegatedClientAuthenticationConfigurationContext);
            }).withId("delegatedAuthenticationIdentityProviderFinalizeLogoutAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationClientLogoutAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationClientLogoutAction(@Qualifier("ticketRegistry") TicketRegistry ticketRegistry, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("delegatedIdentityProviders") DelegatedIdentityProviders delegatedIdentityProviders, @Qualifier("delegatedClientDistributedSessionStore") SessionStore sessionStore) {
            return (Action) BeanSupplier.of(Action.class).when(BeanCondition.on("cas.slo.disabled").isFalse().evenIfMissing().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                    return new DelegatedAuthenticationClientLogoutAction(delegatedIdentityProviders, sessionStore, ticketRegistry);
                }).withId("delegatedAuthenticationClientLogoutAction").build().get();
            }).otherwise(() -> {
                return ConsumerExecutionAction.NONE;
            }).get();
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationClientRetryAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationClientRetryAction(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("delegatedClientIdentityProviderConfigurationProducer") DelegatedClientIdentityProviderConfigurationProducer delegatedClientIdentityProviderConfigurationProducer, @Qualifier("delegatedIdentityProviders") DelegatedIdentityProviders delegatedIdentityProviders) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new DelegatedAuthenticationClientRetryAction(delegatedIdentityProviders, delegatedClientIdentityProviderConfigurationProducer);
            }).withId("delegatedAuthenticationClientRetryAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationCreateClientsAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationCreateClientsAction(@Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext, CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new DelegatedAuthenticationGenerateClientsAction(new DelegatedAuthenticationSingleSignOnEvaluator(delegatedClientAuthenticationConfigurationContext));
            }).withId("delegatedAuthenticationCreateClientsAction").build().get();
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationAction"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Action delegatedAuthenticationAction(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("delegatedClientAuthenticationFailureEvaluator") DelegatedClientAuthenticationFailureEvaluator delegatedClientAuthenticationFailureEvaluator, @Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext, @Qualifier("delegatedClientWebflowManager") DelegatedClientAuthenticationWebflowManager delegatedClientAuthenticationWebflowManager) {
            return WebflowActionBeanSupplier.builder().withApplicationContext(configurableApplicationContext).withProperties(casConfigurationProperties).withAction(() -> {
                return new DelegatedClientAuthenticationAction(delegatedClientAuthenticationConfigurationContext, delegatedClientAuthenticationWebflowManager, delegatedClientAuthenticationFailureEvaluator);
            }).withId("delegatedAuthenticationAction").build().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowClientConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowClientConfiguration.class */
    static class DelegatedAuthenticationWebflowClientConfiguration {
        DelegatedAuthenticationWebflowClientConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"delegatedClientEndpointConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebSecurityConfigurer<Void> delegatedClientEndpointConfigurer() {
            return new CasWebSecurityConfigurer<Void>(this) { // from class: org.apereo.cas.config.DelegatedAuthenticationWebflowConfiguration.DelegatedAuthenticationWebflowClientConfiguration.1
                public List<String> getIgnoredEndpoints() {
                    return List.of(StringUtils.prependIfMissing("clientredirect", "/", new CharSequence[0]));
                }
            };
        }

        @ConditionalOnMissingBean(name = {"groovyDelegatedClientAuthenticationCredentialResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @ConditionalOnMissingGraalVMNativeImage
        @Bean
        public DelegatedClientAuthenticationCredentialResolver groovyDelegatedClientAuthenticationCredentialResolver(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext) {
            return (DelegatedClientAuthenticationCredentialResolver) BeanSupplier.of(DelegatedClientAuthenticationCredentialResolver.class).when(BeanCondition.on("cas.authn.pac4j.profile-selection.groovy.location").exists().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new GroovyDelegatedClientAuthenticationCredentialResolver(delegatedClientAuthenticationConfigurationContext, casConfigurationProperties.getAuthn().getPac4j().getProfileSelection().getGroovy().getLocation());
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"delegatedClientIdentityProviderAuthorizer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientIdentityProviderAuthorizer delegatedClientIdentityProviderAuthorizer(@Qualifier("tenantExtractor") TenantExtractor tenantExtractor, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("registeredServiceDelegatedAuthenticationPolicyAuditableEnforcer") AuditableExecution auditableExecution) {
            return new DefaultDelegatedClientIdentityProviderAuthorizer(servicesManager, auditableExecution, tenantExtractor);
        }

        @ConditionalOnMissingBean(name = {"delegatedClientAuthenticationFailureEvaluator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientAuthenticationFailureEvaluator delegatedClientAuthenticationFailureEvaluator(@Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext) {
            return new DefaultDelegatedClientAuthenticationFailureEvaluator(delegatedClientAuthenticationConfigurationContext);
        }

        @ConditionalOnMissingBean(name = {"delegatedClientIdentityProviderConfigurationPostProcessor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientIdentityProviderConfigurationPostProcessor delegatedClientIdentityProviderConfigurationPostProcessor(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
            return (DelegatedClientIdentityProviderConfigurationPostProcessor) BeanSupplier.of(DelegatedClientIdentityProviderConfigurationPostProcessor.class).when(BeanCondition.on("cas.authn.pac4j.core.groovy-provider-post-processor.location").exists().given(configurableApplicationContext.getEnvironment())).and(CasRuntimeHintsRegistrar::notInNativeImage).supply(() -> {
                return new DelegatedClientIdentityProviderConfigurationGroovyPostProcessor(ExecutableCompiledScriptFactory.getExecutableCompiledScriptFactory().fromResource(casConfigurationProperties.getAuthn().getPac4j().getCore().getGroovyProviderPostProcessor().getLocation()));
            }).otherwise(DelegatedClientIdentityProviderConfigurationPostProcessor::noOp).get();
        }

        @ConditionalOnMissingBean(name = {"delegatedClientIdentityProviderConfigurationProducer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientIdentityProviderConfigurationProducer delegatedClientIdentityProviderConfigurationProducer(@Qualifier("delegatedClientAuthenticationConfigurationContext") ObjectProvider<DelegatedClientAuthenticationConfigurationContext> objectProvider) {
            return new DefaultDelegatedClientIdentityProviderConfigurationProducer(objectProvider);
        }

        @ConditionalOnMissingBean(name = {"delegatedClientIdentityProviderRedirectionStrategy"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientIdentityProviderRedirectionStrategy delegatedClientIdentityProviderRedirectionStrategy(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("delegatedAuthenticationCookieGenerator") CasCookieBuilder casCookieBuilder, @Qualifier("servicesManager") ServicesManager servicesManager) {
            ChainingDelegatedClientIdentityProviderRedirectionStrategy chainingDelegatedClientIdentityProviderRedirectionStrategy = new ChainingDelegatedClientIdentityProviderRedirectionStrategy();
            FunctionUtils.doIfNotNull(casConfigurationProperties.getAuthn().getPac4j().getCore().getGroovyRedirectionStrategy().getLocation(), resource -> {
                chainingDelegatedClientIdentityProviderRedirectionStrategy.addStrategy(new GroovyDelegatedClientIdentityProviderRedirectionStrategy(servicesManager, ExecutableCompiledScriptFactory.getExecutableCompiledScriptFactory().fromResource(resource), configurableApplicationContext));
            });
            chainingDelegatedClientIdentityProviderRedirectionStrategy.addStrategy(new DefaultDelegatedClientIdentityProviderRedirectionStrategy(servicesManager, casCookieBuilder, casConfigurationProperties, configurableApplicationContext));
            return chainingDelegatedClientIdentityProviderRedirectionStrategy;
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationCookieGenerator"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasCookieBuilder delegatedAuthenticationCookieGenerator(@Qualifier("tenantExtractor") TenantExtractor tenantExtractor, CasConfigurationProperties casConfigurationProperties) {
            return new CookieRetrievingCookieGenerator(CookieUtils.buildCookieGenerationContext(casConfigurationProperties.getAuthn().getPac4j().getCookie()), new NoOpCookieValueManager(tenantExtractor));
        }

        @ConditionalOnMissingBean(name = {"groovyDelegatedClientAuthenticationRequestCustomizer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @ConditionalOnMissingGraalVMNativeImage
        @Bean
        public DelegatedClientAuthenticationRequestCustomizer groovyDelegatedClientAuthenticationRequestCustomizer(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
            return (DelegatedClientAuthenticationRequestCustomizer) BeanSupplier.of(DelegatedClientAuthenticationRequestCustomizer.class).when(BeanCondition.on("cas.authn.pac4j.core.groovy-authentication-request-customizer.location").exists().given(configurableApplicationContext.getEnvironment())).when(ExecutableCompiledScriptFactory.findExecutableCompiledScriptFactory().isPresent()).supply(() -> {
                return new GroovyDelegatedClientAuthenticationRequestCustomizer(ExecutableCompiledScriptFactory.getExecutableCompiledScriptFactory().fromResource(casConfigurationProperties.getAuthn().getPac4j().getCore().getGroovyAuthenticationRequestCustomizer().getLocation()), configurableApplicationContext);
            }).otherwiseProxy().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowContextConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowContextConfiguration.class */
    static class DelegatedAuthenticationWebflowContextConfiguration {
        DelegatedAuthenticationWebflowContextConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"delegatedClientAuthenticationConfigurationContext"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext(@Qualifier("defaultSingleLogoutRequestExecutor") SingleLogoutRequestExecutor singleLogoutRequestExecutor, @Qualifier("registeredServiceDelegatedAuthenticationPolicyAuditableEnforcer") AuditableExecution auditableExecution, @Qualifier("serviceTicketRequestWebflowEventResolver") CasWebflowEventResolver casWebflowEventResolver, @Qualifier("initialAuthenticationAttemptWebflowEventResolver") CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver, @Qualifier("adaptiveAuthenticationPolicy") AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy, CasConfigurationProperties casConfigurationProperties, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("delegatedIdentityProviders") DelegatedIdentityProviders delegatedIdentityProviders, @Qualifier("delegatedClientIdentityProviderConfigurationProducer") DelegatedClientIdentityProviderConfigurationProducer delegatedClientIdentityProviderConfigurationProducer, @Qualifier("delegatedClientIdentityProviderConfigurationPostProcessor") DelegatedClientIdentityProviderConfigurationPostProcessor delegatedClientIdentityProviderConfigurationPostProcessor, @Qualifier("delegatedClientDistributedSessionCookieGenerator") CasCookieBuilder casCookieBuilder, @Qualifier("centralAuthenticationService") CentralAuthenticationService centralAuthenticationService, @Qualifier("pac4jDelegatedClientNameExtractor") DelegatedClientNameExtractor delegatedClientNameExtractor, @Qualifier("defaultAuthenticationSystemSupport") AuthenticationSystemSupport authenticationSystemSupport, @Qualifier("argumentExtractor") ArgumentExtractor argumentExtractor, @Qualifier("ticketRegistry") TicketRegistry ticketRegistry, @Qualifier("delegatedClientDistributedSessionStore") SessionStore sessionStore, @Qualifier("defaultTicketFactory") TicketFactory ticketFactory, @Qualifier("registeredServiceAccessStrategyEnforcer") AuditableExecution auditableExecution2, @Qualifier("delegatedClientIdentityProviderRedirectionStrategy") DelegatedClientIdentityProviderRedirectionStrategy delegatedClientIdentityProviderRedirectionStrategy, @Qualifier("singleSignOnParticipationStrategy") SingleSignOnParticipationStrategy singleSignOnParticipationStrategy, @Qualifier("authenticationServiceSelectionPlan") AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, @Qualifier("delegatedAuthenticationCookieGenerator") CasCookieBuilder casCookieBuilder2, ObjectProvider<List<DelegatedAuthenticationCredentialExtractor>> objectProvider, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("logoutExecutionPlan") LogoutExecutionPlan logoutExecutionPlan, ObjectProvider<List<DelegatedClientAuthenticationRequestCustomizer>> objectProvider2, ObjectProvider<List<DelegatedClientIdentityProviderAuthorizer>> objectProvider3) {
            List list = (List) ((List) Optional.ofNullable((List) objectProvider2.getIfAvailable()).orElseGet(ArrayList::new)).stream().filter((v0) -> {
                return BeanSupplier.isNotProxy(v0);
            }).collect(Collectors.toList());
            return DelegatedClientAuthenticationConfigurationContext.builder().credentialExtractors(((List) objectProvider.getObject()).stream().filter((v0) -> {
                return BeanSupplier.isNotProxy(v0);
            }).toList()).initialAuthenticationAttemptWebflowEventResolver(casDelegatingWebflowEventResolver).serviceTicketRequestWebflowEventResolver(casWebflowEventResolver).adaptiveAuthenticationPolicy(adaptiveAuthenticationPolicy).identityProviders(delegatedIdentityProviders).ticketRegistry(ticketRegistry).applicationContext(configurableApplicationContext).servicesManager(servicesManager).delegatedAuthenticationPolicyEnforcer(auditableExecution).authenticationSystemSupport(authenticationSystemSupport).casProperties(casConfigurationProperties).centralAuthenticationService(centralAuthenticationService).authenticationRequestServiceSelectionStrategies(authenticationServiceSelectionPlan).singleSignOnParticipationStrategy(singleSignOnParticipationStrategy).sessionStore(sessionStore).argumentExtractor(argumentExtractor).ticketFactory(ticketFactory).delegatedClientIdentityProvidersProducer(delegatedClientIdentityProviderConfigurationProducer).delegatedClientIdentityProviderConfigurationPostProcessor(delegatedClientIdentityProviderConfigurationPostProcessor).delegatedClientCookieGenerator(casCookieBuilder2).delegatedClientDistributedSessionCookieGenerator(casCookieBuilder).registeredServiceAccessStrategyEnforcer(auditableExecution2).delegatedClientAuthenticationRequestCustomizers(list).delegatedClientNameExtractor(delegatedClientNameExtractor).delegatedClientIdentityProviderAuthorizers((List) ((List) Optional.ofNullable((List) objectProvider3.getIfAvailable()).orElseGet(ArrayList::new)).stream().filter((v0) -> {
                return BeanSupplier.isNotProxy(v0);
            }).collect(Collectors.toList())).delegatedClientIdentityProviderRedirectionStrategy(delegatedClientIdentityProviderRedirectionStrategy).singleLogoutRequestExecutor(singleLogoutRequestExecutor).logoutExecutionPlan(logoutExecutionPlan).build();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowEndpointsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowEndpointsConfiguration.class */
    static class DelegatedAuthenticationWebflowEndpointsConfiguration {
        private static final FlowExecutionListener[] FLOW_EXECUTION_LISTENERS = new FlowExecutionListener[0];

        DelegatedAuthenticationWebflowEndpointsConfiguration() {
        }

        @ConditionalOnAvailableEndpoint
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientsEndpoint delegatedClientsEndpoint(CasConfigurationProperties casConfigurationProperties, @Qualifier("pac4jDelegatedClientFactory") ObjectProvider<DelegatedIdentityProviderFactory> objectProvider, ObjectProvider<List<DelegatedClientsEndpointContributor>> objectProvider2) {
            return new DelegatedClientsEndpoint(casConfigurationProperties, objectProvider, objectProvider2);
        }

        @ConditionalOnMissingBean(name = {"defaultDelegatedAuthenticationNavigationController"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DefaultDelegatedAuthenticationNavigationController defaultDelegatedAuthenticationNavigationController(@Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext) {
            return new DefaultDelegatedAuthenticationNavigationController(delegatedClientAuthenticationConfigurationContext);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public FlowUrlHandler delegatedClientWebflowUrlHandler(List<CasWebflowIdExtractor> list) {
            return new CasDefaultFlowUrlHandler(list);
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public HandlerAdapter delegatedClientRedirectWebflowHandlerAdapter(@Qualifier("delegatedClientWebflowUrlHandler") FlowUrlHandler flowUrlHandler, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("casWebflowExecutionPlan") CasWebflowExecutionPlan casWebflowExecutionPlan, @Qualifier("delegatedClientRedirectFlowExecutor") FlowExecutor flowExecutor) {
            CasFlowHandlerAdapter casFlowHandlerAdapter = new CasFlowHandlerAdapter("clientredirect", casWebflowExecutionPlan);
            casFlowHandlerAdapter.setFlowExecutor(flowExecutor);
            casFlowHandlerAdapter.setFlowUrlHandler(flowUrlHandler);
            return casFlowHandlerAdapter;
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public HandlerMapping delegatedClientRedirectFlowHandlerMapping(@Qualifier("delegatedClientRedirectFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry) {
            CasFlowHandlerMapping casFlowHandlerMapping = new CasFlowHandlerMapping();
            casFlowHandlerMapping.setOrder(0);
            casFlowHandlerMapping.setFlowRegistry(flowDefinitionRegistry);
            return casFlowHandlerMapping;
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public FlowDefinitionRegistry delegatedClientRedirectFlowRegistry(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices, @Qualifier("flowBuilder") FlowBuilder flowBuilder) {
            FlowDefinitionRegistryBuilder flowDefinitionRegistryBuilder = new FlowDefinitionRegistryBuilder(configurableApplicationContext, flowBuilderServices);
            flowDefinitionRegistryBuilder.addFlowBuilder(flowBuilder, "clientredirect");
            return flowDefinitionRegistryBuilder.build();
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public FlowExecutor delegatedClientRedirectFlowExecutor(@Qualifier("delegatedClientWebflowUrlHandler") FlowUrlHandler flowUrlHandler, CasConfigurationProperties casConfigurationProperties, @Qualifier("delegatedClientRedirectFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("webflowCipherExecutor") CipherExecutor cipherExecutor) {
            return new WebflowExecutorFactory(casConfigurationProperties.getWebflow(), flowDefinitionRegistry, cipherExecutor, FLOW_EXECUTION_LISTENERS, flowUrlHandler).build();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class, WebProperties.class, WebMvcProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowErrorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowErrorConfiguration.class */
    static class DelegatedAuthenticationWebflowErrorConfiguration {
        DelegatedAuthenticationWebflowErrorConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationErrorViewResolver"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ErrorViewResolver delegatedAuthenticationErrorViewResolver(@Qualifier("delegatedClientAuthenticationFailureEvaluator") DelegatedClientAuthenticationFailureEvaluator delegatedClientAuthenticationFailureEvaluator, WebProperties webProperties, ConfigurableApplicationContext configurableApplicationContext) {
            MappedExceptionErrorViewResolver mappedExceptionErrorViewResolver = new MappedExceptionErrorViewResolver(configurableApplicationContext, webProperties.getResources(), Map.of(UnauthorizedServiceException.class, WebUtils.toModelAndView(HttpStatus.FORBIDDEN, "delegated-authn/casDelegatedAuthnErrorView"), UnknownTenantException.class, WebUtils.toModelAndView(HttpStatus.NOT_FOUND, "error/casUnknownTenantView")), errorContext -> {
                return delegatedClientAuthenticationFailureEvaluator.evaluate(errorContext.request(), errorContext.status().value());
            });
            mappedExceptionErrorViewResolver.setOrder(0);
            return mappedExceptionErrorViewResolver;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowExecutionPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowExecutionPlanConfiguration.class */
    static class DelegatedAuthenticationWebflowExecutionPlanConfiguration {
        DelegatedAuthenticationWebflowExecutionPlanConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"delegatedCasWebflowExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowExecutionPlanConfigurer delegatedCasWebflowExecutionPlanConfigurer(@Qualifier("delegatedAuthenticationCasWebflowLoginContextProvider") CasWebflowLoginContextProvider casWebflowLoginContextProvider, @Qualifier("delegatedAuthenticationWebflowConfigurer") CasWebflowConfigurer casWebflowConfigurer) {
            return casWebflowExecutionPlan -> {
                casWebflowExecutionPlan.registerWebflowConfigurer(casWebflowConfigurer);
                casWebflowExecutionPlan.registerWebflowLoginContextProvider(casWebflowLoginContextProvider);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowManagementConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowManagementConfiguration.class */
    static class DelegatedAuthenticationWebflowManagementConfiguration {
        DelegatedAuthenticationWebflowManagementConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"delegatedClientWebflowManager"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientAuthenticationWebflowManager delegatedClientWebflowManager(@Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext) {
            return new DefaultDelegatedClientAuthenticationWebflowManager(delegatedClientAuthenticationConfigurationContext);
        }

        @ConditionalOnMissingBean(name = {"defaultDelegatedClientAuthenticationWebflowStateContributor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientAuthenticationWebflowStateContributor defaultDelegatedClientAuthenticationWebflowStateContributor(@Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext) {
            return new DefaultDelegatedClientAuthenticationWebflowStateContributor(delegatedClientAuthenticationConfigurationContext);
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationCasMultifactorWebflowCustomizer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasMultifactorWebflowCustomizer delegatedAuthenticationCasMultifactorWebflowCustomizer() {
            return new CasMultifactorWebflowCustomizer(this) { // from class: org.apereo.cas.config.DelegatedAuthenticationWebflowConfiguration.DelegatedAuthenticationWebflowManagementConfiguration.1
                public Collection<String> getCandidateStatesForMultifactorAuthentication() {
                    return List.of("delegatedAuthentication");
                }
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowPlanConfiguration.class */
    static class DelegatedAuthenticationWebflowPlanConfiguration {
        DelegatedAuthenticationWebflowPlanConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationWebflowConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowConfigurer delegatedAuthenticationWebflowConfigurer(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("delegatedClientRedirectFlowRegistry") FlowDefinitionRegistry flowDefinitionRegistry, @Qualifier("flowDefinitionRegistry") FlowDefinitionRegistry flowDefinitionRegistry2, @Qualifier("flowBuilderServices") FlowBuilderServices flowBuilderServices) {
            return new DelegatedAuthenticationWebflowConfigurer(flowBuilderServices, flowDefinitionRegistry2, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "DelegatedAuthenticationWebflowUserInterfaceConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationWebflowConfiguration$DelegatedAuthenticationWebflowUserInterfaceConfiguration.class */
    static class DelegatedAuthenticationWebflowUserInterfaceConfiguration {
        DelegatedAuthenticationWebflowUserInterfaceConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"delegatedAuthenticationCasWebflowLoginContextProvider"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CasWebflowLoginContextProvider delegatedAuthenticationCasWebflowLoginContextProvider() {
            return new CasWebflowLoginContextProvider(this) { // from class: org.apereo.cas.config.DelegatedAuthenticationWebflowConfiguration.DelegatedAuthenticationWebflowUserInterfaceConfiguration.1
                public boolean isLoginFormViewable(RequestContext requestContext) {
                    return DelegationWebflowUtils.getDelegatedAuthenticationProviderPrimary(requestContext) == null;
                }
            };
        }
    }

    DelegatedAuthenticationWebflowConfiguration() {
    }
}
