package org.apereo.cas.config;

import com.github.benmanes.caffeine.cache.Cache;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.git.GitRepository;
import org.apereo.cas.git.GitRepositoryBuilder;
import org.apereo.cas.support.saml.idp.metadata.GitSamlIdPMetadataCipherExecutor;
import org.apereo.cas.support.saml.idp.metadata.GitSamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.GitSamlIdPMetadataLocator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGeneratorConfigurationContext;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator;
import org.apereo.cas.support.saml.services.idp.metadata.SamlIdPMetadataDocument;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "SamlIdPGitIdPMetadataConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.SAMLIdentityProviderMetadata}, module = "git")
/* loaded from: input_file:org/apereo/cas/config/SamlIdPGitIdPMetadataConfiguration.class */
class SamlIdPGitIdPMetadataConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlIdPGitIdPMetadataConfiguration.class);
    private static final BeanCondition CONDITION_ENABLED = BeanCondition.on("cas.authn.saml-idp.metadata.git.idp-metadata-enabled").isTrue();
    private static final BeanCondition CONDITION_URL = BeanCondition.on("cas.authn.saml-idp.metadata.git.repository-url");

    SamlIdPGitIdPMetadataConfiguration() {
    }

    @ConditionalOnMissingBean(name = {"gitSamlIdPMetadataCipherExecutor"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CipherExecutor samlIdPMetadataGeneratorCipherExecutor(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (CipherExecutor) BeanSupplier.of(CipherExecutor.class).when(CONDITION_ENABLED.given(configurableApplicationContext.getEnvironment())).and(CONDITION_URL.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            EncryptionJwtSigningJwtCryptographyProperties crypto = casConfigurationProperties.getAuthn().getSamlIdp().getMetadata().getGit().getCrypto();
            if (crypto.isEnabled()) {
                return CipherExecutorUtils.newStringCipherExecutor(crypto, GitSamlIdPMetadataCipherExecutor.class);
            }
            LOGGER.info("Git SAML IdP metadata encryption/signing is turned off and MAY NOT be safe in a production environment. Consider using other choices to handle encryption, signing and verification of metadata artifacts");
            return CipherExecutor.noOp();
        }).otherwise(CipherExecutor::noOp).get();
    }

    @ConditionalOnMissingBean(name = {"gitIdPMetadataRepositoryInstance"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public GitRepository gitIdPMetadataRepositoryInstance(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (GitRepository) BeanSupplier.of(GitRepository.class).when(CONDITION_ENABLED.given(configurableApplicationContext.getEnvironment())).and(CONDITION_URL.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return GitRepositoryBuilder.newInstance(casConfigurationProperties.getAuthn().getSamlIdp().getMetadata().getGit()).build();
        }).otherwiseProxy().get();
    }

    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public SamlIdPMetadataGenerator samlIdPMetadataGenerator(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("gitIdPMetadataRepositoryInstance") GitRepository gitRepository, @Qualifier("samlIdPMetadataGeneratorConfigurationContext") SamlIdPMetadataGeneratorConfigurationContext samlIdPMetadataGeneratorConfigurationContext) {
        return (SamlIdPMetadataGenerator) BeanSupplier.of(SamlIdPMetadataGenerator.class).when(CONDITION_ENABLED.given(configurableApplicationContext.getEnvironment())).and(CONDITION_URL.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return new GitSamlIdPMetadataGenerator(samlIdPMetadataGeneratorConfigurationContext, gitRepository);
        }).otherwiseProxy().get();
    }

    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public SamlIdPMetadataLocator samlIdPMetadataLocator(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("samlIdPMetadataCache") Cache<String, SamlIdPMetadataDocument> cache, @Qualifier("gitIdPMetadataRepositoryInstance") GitRepository gitRepository) {
        return (SamlIdPMetadataLocator) BeanSupplier.of(SamlIdPMetadataLocator.class).when(CONDITION_ENABLED.given(configurableApplicationContext.getEnvironment())).and(CONDITION_URL.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return new GitSamlIdPMetadataLocator(gitRepository, cache);
        }).otherwiseProxy().get();
    }
}
