package org.apereo.cas.support.saml.mdui.config;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter;
import org.apereo.cas.support.saml.mdui.ChainingMetadataResolverAdapter;
import org.apereo.cas.support.saml.mdui.DynamicMetadataResolverAdapter;
import org.apereo.cas.support.saml.mdui.MetadataResolverAdapter;
import org.apereo.cas.support.saml.mdui.StaticMetadataResolverAdapter;
import org.apereo.cas.support.saml.mdui.web.flow.SamlMetadataUIParserAction;
import org.apereo.cas.support.saml.mdui.web.flow.SamlMetadataUIWebflowConfigurer;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.jooq.lambda.Unchecked;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
import org.opensaml.saml.metadata.resolver.filter.impl.RequiredValidUntilFilter;
import org.opensaml.saml.metadata.resolver.filter.impl.SignatureValidationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("samlMetadataUIConfiguration")
/* loaded from: input_file:org/apereo/cas/support/saml/mdui/config/SamlMetadataUIConfiguration.class */
public class SamlMetadataUIConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlMetadataUIConfiguration.class);
    private static final String DEFAULT_SEPARATOR = "::";

    @Autowired
    @Qualifier("shibboleth.OpenSAMLConfig")
    private OpenSamlConfigBean openSamlConfigBean;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private ResourceLoader resourceLoader;

    @Autowired(required = false)
    @Qualifier("loginFlowRegistry")
    private FlowDefinitionRegistry loginFlowDefinitionRegistry;

    @Autowired(required = false)
    private FlowBuilderServices flowBuilderServices;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("webApplicationServiceFactory")
    private ServiceFactory<WebApplicationService> serviceFactory;

    @Autowired
    private ApplicationContext applicationContext;

    @ConditionalOnMissingBean(name = {"samlMetadataUIWebConfigurer"})
    @Bean
    public CasWebflowConfigurer samlMetadataUIWebConfigurer() {
        SamlMetadataUIWebflowConfigurer samlMetadataUIWebflowConfigurer = new SamlMetadataUIWebflowConfigurer(this.flowBuilderServices, this.loginFlowDefinitionRegistry, samlMetadataUIParserAction(), this.applicationContext, this.casProperties);
        samlMetadataUIWebflowConfigurer.initialize();
        return samlMetadataUIWebflowConfigurer;
    }

    @ConditionalOnMissingBean(name = {"samlMetadataUIParserAction"})
    @Bean
    public Action samlMetadataUIParserAction() {
        return new SamlMetadataUIParserAction((String) StringUtils.defaultIfEmpty(this.casProperties.getSamlMetadataUi().getParameter(), "entityId"), chainingSamlMetadataUIMetadataResolverAdapter(), this.serviceFactory, this.servicesManager);
    }

    @ConditionalOnMissingBean(name = {"chainingSamlMetadataUIMetadataResolverAdapter"})
    @Bean
    public MetadataResolverAdapter chainingSamlMetadataUIMetadataResolverAdapter() {
        return new ChainingMetadataResolverAdapter(CollectionUtils.wrapList(new MetadataResolverAdapter[]{getStaticMetadataResolverAdapter(), getDynamicMetadataResolverAdapter()}));
    }

    private MetadataResolverAdapter configureAdapter(AbstractMetadataResolverAdapter abstractMetadataResolverAdapter) {
        HashMap hashMap = new HashMap();
        MetadataFilterChain metadataFilterChain = new MetadataFilterChain();
        this.casProperties.getSamlMetadataUi().getResources().forEach(Unchecked.consumer(str -> {
            configureResource(hashMap, metadataFilterChain, str);
        }));
        abstractMetadataResolverAdapter.setRequireValidMetadata(this.casProperties.getSamlMetadataUi().isRequireValidMetadata());
        abstractMetadataResolverAdapter.setMetadataResources(hashMap);
        abstractMetadataResolverAdapter.setConfigBean(this.openSamlConfigBean);
        return abstractMetadataResolverAdapter;
    }

    private void configureResource(Map<Resource, MetadataFilterChain> map, MetadataFilterChain metadataFilterChain, String str) throws Exception {
        Arrays.stream(org.springframework.util.StringUtils.commaDelimitedListToStringArray(str)).forEach(Unchecked.consumer(str2 -> {
            String[] split = str2.split(DEFAULT_SEPARATOR);
            String str2 = split[0];
            String str3 = split.length > 1 ? split[1] : null;
            ArrayList arrayList = new ArrayList();
            if (this.casProperties.getSamlMetadataUi().getMaxValidity() > 0) {
                arrayList.add(new RequiredValidUntilFilter(this.casProperties.getSamlMetadataUi().getMaxValidity()));
            }
            boolean z = true;
            if (StringUtils.isNotBlank(str3)) {
                SignatureValidationFilter buildSignatureValidationFilter = SamlUtils.buildSignatureValidationFilter(this.resourceLoader, str3);
                if (buildSignatureValidationFilter != null) {
                    buildSignatureValidationFilter.setRequireSignedRoot(this.casProperties.getSamlMetadataUi().isRequireSignedRoot());
                    arrayList.add(buildSignatureValidationFilter);
                } else {
                    LOGGER.warn("Failed to locate the signing key [{}] for [{}]", str3, str2);
                    z = false;
                }
            }
            metadataFilterChain.setFilters(arrayList);
            Resource resource = this.resourceLoader.getResource(str2);
            if (z && ResourceUtils.doesResourceExist(resource)) {
                map.put(resource, metadataFilterChain);
            } else {
                LOGGER.warn("Skipping metadata [{}]; Either the resource cannot be retrieved or its signing key is missing", str2);
            }
        }));
    }

    private MetadataResolverAdapter getDynamicMetadataResolverAdapter() {
        DynamicMetadataResolverAdapter dynamicMetadataResolverAdapter = new DynamicMetadataResolverAdapter();
        configureAdapter(dynamicMetadataResolverAdapter);
        return dynamicMetadataResolverAdapter;
    }

    private MetadataResolverAdapter getStaticMetadataResolverAdapter() {
        StaticMetadataResolverAdapter staticMetadataResolverAdapter = new StaticMetadataResolverAdapter();
        configureAdapter(staticMetadataResolverAdapter);
        staticMetadataResolverAdapter.buildMetadataResolverAggregate();
        return staticMetadataResolverAdapter;
    }
}
