package org.apereo.cas.config;

import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.git.GitRepository;
import org.apereo.cas.git.GitRepositoryBuilder;
import org.apereo.cas.support.saml.idp.metadata.GitSamlIdPMetadataCipherExecutor;
import org.apereo.cas.support.saml.idp.metadata.GitSamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.GitSamlIdPMetadataLocator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGeneratorConfigurationContext;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator;
import org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("samlIdPGitIdPMetadataConfiguration")
@ConditionalOnProperty(prefix = "cas.authn.saml-idp.metadata.git", name = {"idp-metadata-enabled", "repository-url"})
/* loaded from: input_file:org/apereo/cas/config/SamlIdPGitIdPMetadataConfiguration.class */
public class SamlIdPGitIdPMetadataConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlIdPGitIdPMetadataConfiguration.class);

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("samlSelfSignedCertificateWriter")
    private ObjectProvider<SamlIdPCertificateAndKeyWriter> samlSelfSignedCertificateWriter;

    @ConditionalOnMissingBean(name = {"gitSamlIdPMetadataCipherExecutor"})
    @RefreshScope
    @Bean
    public CipherExecutor gitSamlIdPMetadataCipherExecutor() {
        EncryptionJwtSigningJwtCryptographyProperties crypto = this.casProperties.getAuthn().getSamlIdp().getMetadata().getGit().getCrypto();
        if (crypto.isEnabled()) {
            return CipherExecutorUtils.newStringCipherExecutor(crypto, GitSamlIdPMetadataCipherExecutor.class);
        }
        LOGGER.info("Git SAML IdP metadata encryption/signing is turned off and MAY NOT be safe in a production environment. Consider using other choices to handle encryption, signing and verification of metadata artifacts");
        return CipherExecutor.noOp();
    }

    @ConditionalOnMissingBean(name = {"gitIdPMetadataRepositoryInstance"})
    @RefreshScope
    @Bean
    public GitRepository gitIdPMetadataRepositoryInstance() {
        return GitRepositoryBuilder.newInstance(this.casProperties.getAuthn().getSamlIdp().getMetadata().getGit()).build();
    }

    @RefreshScope
    @Bean
    public SamlIdPMetadataGenerator samlIdPMetadataGenerator() {
        return new GitSamlIdPMetadataGenerator(SamlIdPMetadataGeneratorConfigurationContext.builder().samlIdPMetadataLocator(samlIdPMetadataLocator()).samlIdPCertificateAndKeyWriter((SamlIdPCertificateAndKeyWriter) this.samlSelfSignedCertificateWriter.getObject()).applicationContext(this.applicationContext).casProperties(this.casProperties).metadataCipherExecutor(gitSamlIdPMetadataCipherExecutor()).build(), gitIdPMetadataRepositoryInstance());
    }

    @RefreshScope
    @Bean
    public SamlIdPMetadataLocator samlIdPMetadataLocator() {
        return new GitSamlIdPMetadataLocator(gitIdPMetadataRepositoryInstance());
    }
}
