package org.apereo.cas.oidc.config;

import com.github.benmanes.caffeine.cache.CacheLoader;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.LoadingCache;
import java.util.List;
import java.util.Optional;
import java.util.function.Supplier;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.oidc.OidcProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.configuration.support.CasFeatureModule;
import org.apereo.cas.oidc.jwks.OidcDefaultJsonWebKeyStoreListener;
import org.apereo.cas.oidc.jwks.OidcDefaultJsonWebKeystoreCacheLoader;
import org.apereo.cas.oidc.jwks.OidcJsonWebKeyCacheKey;
import org.apereo.cas.oidc.jwks.OidcJsonWebKeyStoreListener;
import org.apereo.cas.oidc.jwks.generator.OidcDefaultJsonWebKeystoreGeneratorService;
import org.apereo.cas.oidc.jwks.generator.OidcGroovyJsonWebKeystoreGeneratorService;
import org.apereo.cas.oidc.jwks.generator.OidcJsonWebKeystoreGeneratorService;
import org.apereo.cas.oidc.jwks.generator.OidcRestfulJsonWebKeystoreGeneratorService;
import org.apereo.cas.oidc.jwks.rotation.OidcDefaultJsonWebKeystoreRotationService;
import org.apereo.cas.oidc.jwks.rotation.OidcJsonWebKeystoreRotationService;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeature;
import org.jose4j.jwk.JsonWebKeySet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.scheduling.annotation.Scheduled;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "OidcJwksConfiguration", proxyBeanMethods = false)
@ConditionalOnFeature(feature = CasFeatureModule.FeatureCatalog.OpenIDConnect)
/* loaded from: input_file:org/apereo/cas/oidc/config/OidcJwksConfiguration.class */
public class OidcJwksConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "OidcEndpointsJwksGeneratorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/oidc/config/OidcJwksConfiguration$OidcEndpointsJwksGeneratorConfiguration.class */
    public static class OidcEndpointsJwksGeneratorConfiguration {
        @ConditionalOnMissingBean(name = {"oidcDefaultJsonWebKeystoreCacheLoader"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CacheLoader<OidcJsonWebKeyCacheKey, Optional<JsonWebKeySet>> oidcDefaultJsonWebKeystoreCacheLoader(@Qualifier("oidcJsonWebKeystoreGeneratorService") OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService) {
            return new OidcDefaultJsonWebKeystoreCacheLoader(oidcJsonWebKeystoreGeneratorService);
        }

        @ConditionalOnMissingBean(name = {"oidcJsonWebKeyStoreListener"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OidcJsonWebKeyStoreListener oidcJsonWebKeyStoreListener(@Qualifier("oidcDefaultJsonWebKeystoreCache") LoadingCache<OidcJsonWebKeyCacheKey, Optional<JsonWebKeySet>> loadingCache) {
            return new OidcDefaultJsonWebKeyStoreListener(loadingCache);
        }

        @ConditionalOnMissingBean(name = {"oidcDefaultJsonWebKeystoreCache"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public LoadingCache<OidcJsonWebKeyCacheKey, Optional<JsonWebKeySet>> oidcDefaultJsonWebKeystoreCache(@Qualifier("oidcDefaultJsonWebKeystoreCacheLoader") CacheLoader<OidcJsonWebKeyCacheKey, Optional<JsonWebKeySet>> cacheLoader, CasConfigurationProperties casConfigurationProperties) {
            return Caffeine.newBuilder().maximumSize(100L).expireAfterWrite(Beans.newDuration(casConfigurationProperties.getAuthn().getOidc().getJwks().getCore().getJwksCacheExpiration())).build(cacheLoader);
        }

        @ConditionalOnMissingBean(name = {"groovyOidcJsonWebKeystoreGeneratorService"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Supplier<OidcJsonWebKeystoreGeneratorService> groovyOidcJsonWebKeystoreGeneratorService(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            OidcProperties oidc = casConfigurationProperties.getAuthn().getOidc();
            return (Supplier) BeanSupplier.of(Supplier.class).when(BeanCondition.on("cas.authn.oidc.jwks.groovy.location").exists().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return () -> {
                    return new OidcGroovyJsonWebKeystoreGeneratorService(oidc.getJwks().getGroovy().getLocation());
                };
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"restOidcJsonWebKeystoreGeneratorService"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Supplier<OidcJsonWebKeystoreGeneratorService> restOidcJsonWebKeystoreGeneratorService(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext) {
            OidcProperties oidc = casConfigurationProperties.getAuthn().getOidc();
            return (Supplier) BeanSupplier.of(Supplier.class).when(BeanCondition.on("cas.authn.oidc.jwks.rest.url").isUrl().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return () -> {
                    return new OidcRestfulJsonWebKeystoreGeneratorService(oidc);
                };
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"oidcJsonWebKeystoreGeneratorService"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean(initMethod = "generate")
        public OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, List<Supplier<OidcJsonWebKeystoreGeneratorService>> list) {
            return list.stream().sorted(AnnotationAwareOrderComparator.INSTANCE).filter((v0) -> {
                return BeanSupplier.isNotProxy(v0);
            }).findFirst().orElse(() -> {
                return new OidcDefaultJsonWebKeystoreGeneratorService(casConfigurationProperties.getAuthn().getOidc(), configurableApplicationContext);
            }).get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "OidcEndpointsJwksRotationConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/oidc/config/OidcJwksConfiguration$OidcEndpointsJwksRotationConfiguration.class */
    public static class OidcEndpointsJwksRotationConfiguration {

        /* loaded from: input_file:org/apereo/cas/oidc/config/OidcJwksConfiguration$OidcEndpointsJwksRotationConfiguration$OidcJsonWebKeystoreRevocationScheduler.class */
        public static class OidcJsonWebKeystoreRevocationScheduler implements Runnable {

            @Generated
            private static final Logger LOGGER = LoggerFactory.getLogger(OidcJsonWebKeystoreRevocationScheduler.class);
            private final OidcJsonWebKeystoreRotationService rotationService;

            @Override // java.lang.Runnable
            @Scheduled(initialDelayString = "${cas.authn.oidc.jwks.revocation.schedule.start-delay:PT60S}", fixedDelayString = "${cas.authn.oidc.jwks.revocation.schedule.repeat-interval:P14D}")
            public void run() {
                FunctionUtils.doUnchecked(obj -> {
                    LOGGER.info("Starting to revoke keys in the OIDC keystore...");
                    this.rotationService.revoke();
                }, new Object[0]);
            }

            @Generated
            public OidcJsonWebKeystoreRevocationScheduler(OidcJsonWebKeystoreRotationService oidcJsonWebKeystoreRotationService) {
                this.rotationService = oidcJsonWebKeystoreRotationService;
            }
        }

        /* loaded from: input_file:org/apereo/cas/oidc/config/OidcJwksConfiguration$OidcEndpointsJwksRotationConfiguration$OidcJsonWebKeystoreRotationScheduler.class */
        public static class OidcJsonWebKeystoreRotationScheduler implements Runnable {

            @Generated
            private static final Logger LOGGER = LoggerFactory.getLogger(OidcJsonWebKeystoreRotationScheduler.class);
            private final OidcJsonWebKeystoreRotationService rotationService;

            @Override // java.lang.Runnable
            @Scheduled(initialDelayString = "${cas.authn.oidc.jwks.rotation.schedule.start-delay:PT60S}", fixedDelayString = "${cas.authn.oidc.jwks.rotation.schedule.repeat-interval:P90D}")
            public void run() {
                FunctionUtils.doUnchecked(obj -> {
                    LOGGER.info("Starting to rotate keys in the OIDC keystore...");
                    this.rotationService.rotate();
                }, new Object[0]);
            }

            @Generated
            public OidcJsonWebKeystoreRotationScheduler(OidcJsonWebKeystoreRotationService oidcJsonWebKeystoreRotationService) {
                this.rotationService = oidcJsonWebKeystoreRotationService;
            }
        }

        @ConditionalOnMissingBean(name = {"oidcJsonWebKeystoreRotationService"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OidcJsonWebKeystoreRotationService oidcJsonWebKeystoreRotationService(@Qualifier("oidcJsonWebKeystoreGeneratorService") OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService, CasConfigurationProperties casConfigurationProperties) {
            return new OidcDefaultJsonWebKeystoreRotationService(casConfigurationProperties.getAuthn().getOidc(), oidcJsonWebKeystoreGeneratorService);
        }

        @ConditionalOnMissingBean(name = {"oidcJsonWebKeystoreRotationScheduler"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Runnable oidcJsonWebKeystoreRotationScheduler(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("oidcJsonWebKeystoreRotationService") OidcJsonWebKeystoreRotationService oidcJsonWebKeystoreRotationService) throws Exception {
            return (Runnable) BeanSupplier.of(Runnable.class).when(BeanCondition.on("cas.authn.oidc.jwks.rotation.schedule").isTrue().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new OidcJsonWebKeystoreRotationScheduler(oidcJsonWebKeystoreRotationService);
            }).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"oidcJsonWebKeystoreRevocationScheduler"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Runnable oidcJsonWebKeystoreRevocationScheduler(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("oidcJsonWebKeystoreRotationService") OidcJsonWebKeystoreRotationService oidcJsonWebKeystoreRotationService) {
            return (Runnable) BeanSupplier.of(Runnable.class).when(BeanCondition.on("cas.authn.oidc.jwks.revocation.schedule.enabled").isTrue().given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new OidcJsonWebKeystoreRevocationScheduler(oidcJsonWebKeystoreRotationService);
            }).otherwiseProxy().get();
        }
    }
}
