package org.apereo.cas.config;

import com.hazelcast.core.HazelcastInstance;
import com.mongodb.client.MongoClient;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.CasSSLContext;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.support.JpaBeans;
import org.apereo.cas.jpa.JpaBeanFactory;
import org.apereo.cas.mongo.CasMongoOperations;
import org.apereo.cas.mongo.MongoDbConnectionFactory;
import org.apereo.cas.pac4j.client.DelegatedIdentityProviders;
import org.apereo.cas.support.pac4j.authentication.clients.DelegatedClientFactoryCustomizer;
import org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlIdPResponseCustomizer;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.saml2.DelegatedAuthenticationSamlIdPResponseCustomizer;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.config.SAML2Configuration;
import org.pac4j.saml.metadata.jdbc.SAML2JdbcMetadataGenerator;
import org.pac4j.saml.metadata.mongo.SAML2MongoMetadataGenerator;
import org.pac4j.saml.store.HazelcastSAMLMessageStoreFactory;
import org.pac4j.saml.store.SAMLMessageStoreFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.jdbc.core.JdbcTemplate;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "DelegatedAuthenticationSAMLConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.DelegatedAuthentication}, module = "saml")
/* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationSAMLConfiguration.class */
class DelegatedAuthenticationSAMLConfiguration {

    @ConditionalOnClass({SamlIdPResponseCustomizer.class})
    @Configuration(value = "DelegatedAuthenticationSAML2IdPConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationSAMLConfiguration$DelegatedAuthenticationSAML2IdPConfiguration.class */
    static class DelegatedAuthenticationSAML2IdPConfiguration {
        DelegatedAuthenticationSAML2IdPConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"delegatedSaml2IdPResponseCustomizer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SamlIdPResponseCustomizer delegatedSaml2IdPResponseCustomizer(@Qualifier("delegatedIdentityProviders") DelegatedIdentityProviders delegatedIdentityProviders) {
            return new DelegatedAuthenticationSamlIdPResponseCustomizer(delegatedIdentityProviders);
        }
    }

    @ConditionalOnClass({HazelcastInstance.class})
    @Configuration(value = "DelegatedAuthenticationSAMLHazelcastConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationSAMLConfiguration$DelegatedAuthenticationSAMLHazelcastConfiguration.class */
    static class DelegatedAuthenticationSAMLHazelcastConfiguration {
        DelegatedAuthenticationSAMLHazelcastConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"delegatedSaml2ClientSAMLMessageStoreFactory"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @ConditionalOnBean(name = {"casTicketRegistryHazelcastInstance"})
        @Bean
        public SAMLMessageStoreFactory delegatedSaml2ClientSAMLMessageStoreFactory(@Qualifier("casTicketRegistryHazelcastInstance") ObjectProvider<HazelcastInstance> objectProvider) {
            return new HazelcastSAMLMessageStoreFactory((HazelcastInstance) objectProvider.getObject());
        }
    }

    @Configuration(value = "DelegatedAuthenticationSAMLJdbcConfiguration", proxyBeanMethods = false)
    @ConditionalOnClass({JpaBeanFactory.class})
    @ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.DelegatedAuthentication}, module = "saml-jdbc", enabledByDefault = false)
    /* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationSAMLConfiguration$DelegatedAuthenticationSAMLJdbcConfiguration.class */
    static class DelegatedAuthenticationSAMLJdbcConfiguration {
        DelegatedAuthenticationSAMLJdbcConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"delegatedSaml2ClientJdbcMetadataCustomizer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientFactoryCustomizer delegatedSaml2ClientJdbcMetadataCustomizer(CasConfigurationProperties casConfigurationProperties) {
            return client -> {
                if (client instanceof SAML2Client) {
                    SAML2Configuration configuration = ((SAML2Client) client).getConfiguration();
                    casConfigurationProperties.getAuthn().getPac4j().getSaml().stream().map(pac4jSamlClientProperties -> {
                        return pac4jSamlClientProperties.getMetadata().getServiceProvider().getJdbc();
                    }).filter(pac4jSamlServiceProviderMetadataJdbcProperties -> {
                        return StringUtils.isNotBlank(pac4jSamlServiceProviderMetadataJdbcProperties.getUrl()) && StringUtils.isNotBlank(pac4jSamlServiceProviderMetadataJdbcProperties.getTableName());
                    }).forEach(pac4jSamlServiceProviderMetadataJdbcProperties2 -> {
                        SAML2JdbcMetadataGenerator sAML2JdbcMetadataGenerator = new SAML2JdbcMetadataGenerator(new JdbcTemplate(JpaBeans.newDataSource(pac4jSamlServiceProviderMetadataJdbcProperties2)), configuration.getServiceProviderEntityId());
                        sAML2JdbcMetadataGenerator.setTableName(pac4jSamlServiceProviderMetadataJdbcProperties2.getTableName());
                        configuration.setServiceProviderMetadataResource(ResourceUtils.NULL_RESOURCE);
                        configuration.setMetadataGenerator(sAML2JdbcMetadataGenerator);
                    });
                }
            };
        }
    }

    @Configuration(value = "DelegatedAuthenticationSAMLMongoDbConfiguration", proxyBeanMethods = false)
    @ConditionalOnClass({CasMongoOperations.class})
    @ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.DelegatedAuthentication}, module = "saml-mongodb", enabledByDefault = false)
    /* loaded from: input_file:org/apereo/cas/config/DelegatedAuthenticationSAMLConfiguration$DelegatedAuthenticationSAMLMongoDbConfiguration.class */
    static class DelegatedAuthenticationSAMLMongoDbConfiguration {
        DelegatedAuthenticationSAMLMongoDbConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"delegatedSaml2ClientMongoDbMetadataCustomizer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DelegatedClientFactoryCustomizer delegatedSaml2ClientMongoDbMetadataCustomizer(CasConfigurationProperties casConfigurationProperties, @Qualifier("casSslContext") CasSSLContext casSSLContext) {
            return client -> {
                if (client instanceof SAML2Client) {
                    SAML2Configuration configuration = ((SAML2Client) client).getConfiguration();
                    casConfigurationProperties.getAuthn().getPac4j().getSaml().stream().map(pac4jSamlClientProperties -> {
                        return pac4jSamlClientProperties.getMetadata().getServiceProvider().getMongo();
                    }).filter(pac4jSamlServiceProviderMetadataMongoDbProperties -> {
                        return StringUtils.isNotBlank(pac4jSamlServiceProviderMetadataMongoDbProperties.getCollection());
                    }).forEach(pac4jSamlServiceProviderMetadataMongoDbProperties2 -> {
                        MongoDbConnectionFactory mongoDbConnectionFactory = new MongoDbConnectionFactory(casSSLContext.getSslContext());
                        MongoClient buildMongoDbClient = mongoDbConnectionFactory.buildMongoDbClient(pac4jSamlServiceProviderMetadataMongoDbProperties2);
                        MongoDbConnectionFactory.createCollection(mongoDbConnectionFactory.buildMongoTemplate(buildMongoDbClient, pac4jSamlServiceProviderMetadataMongoDbProperties2), pac4jSamlServiceProviderMetadataMongoDbProperties2.getCollection(), pac4jSamlServiceProviderMetadataMongoDbProperties2.isDropCollection());
                        SAML2MongoMetadataGenerator sAML2MongoMetadataGenerator = new SAML2MongoMetadataGenerator(buildMongoDbClient, configuration.getServiceProviderEntityId());
                        sAML2MongoMetadataGenerator.setMetadataCollection(pac4jSamlServiceProviderMetadataMongoDbProperties2.getCollection());
                        sAML2MongoMetadataGenerator.setMetadataDatabase(pac4jSamlServiceProviderMetadataMongoDbProperties2.getDatabaseName());
                        configuration.setServiceProviderMetadataResource(ResourceUtils.NULL_RESOURCE);
                        configuration.setMetadataGenerator(sAML2MongoMetadataGenerator);
                    });
                }
            };
        }
    }

    DelegatedAuthenticationSAMLConfiguration() {
    }
}
