package org.apereo.cas.config;

import com.github.benmanes.caffeine.cache.Cache;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.git.GitRepository;
import org.apereo.cas.git.GitRepositoryBuilder;
import org.apereo.cas.support.saml.idp.metadata.GitSamlIdPMetadataCipherExecutor;
import org.apereo.cas.support.saml.idp.metadata.GitSamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.GitSamlIdPMetadataLocator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGeneratorConfigurationContext;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator;
import org.apereo.cas.support.saml.services.idp.metadata.SamlIdPMetadataDocument;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@ConditionalOnProperty(prefix = "cas.authn.saml-idp.metadata.git", name = {"idp-metadata-enabled", "repository-url"})
@Configuration(value = "samlIdPGitIdPMetadataConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:org/apereo/cas/config/SamlIdPGitIdPMetadataConfiguration.class */
public class SamlIdPGitIdPMetadataConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlIdPGitIdPMetadataConfiguration.class);

    @ConditionalOnMissingBean(name = {"gitSamlIdPMetadataCipherExecutor"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CipherExecutor samlIdPMetadataGeneratorCipherExecutor(CasConfigurationProperties casConfigurationProperties) {
        EncryptionJwtSigningJwtCryptographyProperties crypto = casConfigurationProperties.getAuthn().getSamlIdp().getMetadata().getGit().getCrypto();
        if (crypto.isEnabled()) {
            return CipherExecutorUtils.newStringCipherExecutor(crypto, GitSamlIdPMetadataCipherExecutor.class);
        }
        LOGGER.info("Git SAML IdP metadata encryption/signing is turned off and MAY NOT be safe in a production environment. Consider using other choices to handle encryption, signing and verification of metadata artifacts");
        return CipherExecutor.noOp();
    }

    @ConditionalOnMissingBean(name = {"gitIdPMetadataRepositoryInstance"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public GitRepository gitIdPMetadataRepositoryInstance(CasConfigurationProperties casConfigurationProperties) {
        return GitRepositoryBuilder.newInstance(casConfigurationProperties.getAuthn().getSamlIdp().getMetadata().getGit()).build();
    }

    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public SamlIdPMetadataGenerator samlIdPMetadataGenerator(@Qualifier("gitIdPMetadataRepositoryInstance") GitRepository gitRepository, @Qualifier("samlIdPMetadataGeneratorConfigurationContext") SamlIdPMetadataGeneratorConfigurationContext samlIdPMetadataGeneratorConfigurationContext) {
        return new GitSamlIdPMetadataGenerator(samlIdPMetadataGeneratorConfigurationContext, gitRepository);
    }

    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public SamlIdPMetadataLocator samlIdPMetadataLocator(@Qualifier("samlIdPMetadataCache") Cache<String, SamlIdPMetadataDocument> cache, @Qualifier("gitIdPMetadataRepositoryInstance") GitRepository gitRepository) {
        return new GitSamlIdPMetadataLocator(gitRepository, cache);
    }
}
