package org.apereo.cas.config;

import java.util.List;
import javax.persistence.EntityManagerFactory;
import javax.sql.DataSource;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.configuration.model.support.jpa.JpaConfigurationContext;
import org.apereo.cas.configuration.support.JpaBeans;
import org.apereo.cas.jpa.JpaBeanFactory;
import org.apereo.cas.support.saml.idp.metadata.JpaSamlIdPMetadataCipherExecutor;
import org.apereo.cas.support.saml.idp.metadata.JpaSamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.JpaSamlIdPMetadataLocator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGeneratorConfigurationContext;
import org.apereo.cas.support.saml.idp.metadata.jpa.JpaSamlIdPMetadataDocumentFactory;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator;
import org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.orm.jpa.JpaTransactionManager;
import org.springframework.orm.jpa.JpaVendorAdapter;
import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import org.springframework.transaction.support.TransactionTemplate;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("samlIdPJpaIdPMetadataConfiguration")
@EnableTransactionManagement(proxyTargetClass = true)
@ConditionalOnProperty(prefix = "cas.authn.saml-idp.metadata.jpa", name = {"idp-metadata-enabled"}, havingValue = "true")
/* loaded from: input_file:org/apereo/cas/config/SamlIdPJpaIdPMetadataConfiguration.class */
public class SamlIdPJpaIdPMetadataConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlIdPJpaIdPMetadataConfiguration.class);

    @Autowired
    @Qualifier("jpaBeanFactory")
    private ObjectProvider<JpaBeanFactory> jpaBeanFactory;

    @Autowired
    @Qualifier("samlSelfSignedCertificateWriter")
    private ObjectProvider<SamlIdPCertificateAndKeyWriter> samlSelfSignedCertificateWriter;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @RefreshScope
    @Bean
    public JpaVendorAdapter jpaSamlMetadataIdPVendorAdapter() {
        return ((JpaBeanFactory) this.jpaBeanFactory.getObject()).newJpaVendorAdapter(this.casProperties.getJdbc());
    }

    @ConditionalOnMissingBean(name = {"dataSourceSamlMetadataIdP"})
    @RefreshScope
    @Bean
    public DataSource dataSourceSamlMetadataIdP() {
        return JpaBeans.newDataSource(this.casProperties.getAuthn().getSamlIdp().getMetadata().getJpa());
    }

    @Bean
    public List<String> jpaSamlMetadataIdPPackagesToScan() {
        return CollectionUtils.wrapList(new String[]{new JpaSamlIdPMetadataDocumentFactory(this.casProperties.getAuthn().getSamlIdp().getMetadata().getJpa().getDialect()).getType().getPackage().getName()});
    }

    @Lazy
    @Bean
    public LocalContainerEntityManagerFactoryBean samlMetadataIdPEntityManagerFactory() {
        return ((JpaBeanFactory) this.jpaBeanFactory.getObject()).newEntityManagerFactoryBean(new JpaConfigurationContext(jpaSamlMetadataIdPVendorAdapter(), "jpaSamlMetadataIdPContext", jpaSamlMetadataIdPPackagesToScan(), dataSourceSamlMetadataIdP()), this.casProperties.getAuthn().getSamlIdp().getMetadata().getJpa());
    }

    @Autowired
    @Bean
    public PlatformTransactionManager transactionManagerSamlMetadataIdP(@Qualifier("samlMetadataIdPEntityManagerFactory") EntityManagerFactory entityManagerFactory) {
        JpaTransactionManager jpaTransactionManager = new JpaTransactionManager();
        jpaTransactionManager.setEntityManagerFactory(entityManagerFactory);
        return jpaTransactionManager;
    }

    @ConditionalOnMissingBean(name = {"jpaSamlIdPMetadataCipherExecutor"})
    @RefreshScope
    @Bean
    public CipherExecutor jpaSamlIdPMetadataCipherExecutor() {
        EncryptionJwtSigningJwtCryptographyProperties crypto = this.casProperties.getAuthn().getSamlIdp().getMetadata().getJpa().getCrypto();
        if (crypto.isEnabled()) {
            return CipherExecutorUtils.newStringCipherExecutor(crypto, JpaSamlIdPMetadataCipherExecutor.class);
        }
        LOGGER.info("JPA SAML IdP metadata encryption/signing is turned off and MAY NOT be safe in a production environment. Consider using other choices to handle encryption, signing and verification of metadata artifacts");
        return CipherExecutor.noOp();
    }

    @Autowired
    @Bean
    public SamlIdPMetadataGenerator samlIdPMetadataGenerator(@Qualifier("transactionManagerSamlMetadataIdP") PlatformTransactionManager platformTransactionManager) {
        return new JpaSamlIdPMetadataGenerator(SamlIdPMetadataGeneratorConfigurationContext.builder().samlIdPMetadataLocator(samlIdPMetadataLocator()).samlIdPCertificateAndKeyWriter((SamlIdPCertificateAndKeyWriter) this.samlSelfSignedCertificateWriter.getObject()).resourceLoader(this.applicationContext).casProperties(this.casProperties).metadataCipherExecutor(jpaSamlIdPMetadataCipherExecutor()).build(), new TransactionTemplate(platformTransactionManager));
    }

    @RefreshScope
    @Bean
    public SamlIdPMetadataLocator samlIdPMetadataLocator() {
        return new JpaSamlIdPMetadataLocator(jpaSamlIdPMetadataCipherExecutor());
    }
}
