package org.apereo.cas.config;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.sts.STSPropertiesMBean;
import org.apache.cxf.sts.StaticSTSProperties;
import org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider;
import org.apache.cxf.sts.claims.ClaimsHandler;
import org.apache.cxf.sts.claims.ClaimsManager;
import org.apache.cxf.sts.event.map.EventMapper;
import org.apache.cxf.sts.event.map.MapEventLogger;
import org.apache.cxf.sts.operation.TokenIssueOperation;
import org.apache.cxf.sts.operation.TokenValidateOperation;
import org.apache.cxf.sts.service.StaticService;
import org.apache.cxf.sts.token.delegation.SAMLDelegationHandler;
import org.apache.cxf.sts.token.delegation.TokenDelegationHandler;
import org.apache.cxf.sts.token.provider.DefaultConditionsProvider;
import org.apache.cxf.sts.token.provider.DefaultSubjectProvider;
import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
import org.apache.cxf.sts.token.provider.SCTProvider;
import org.apache.cxf.sts.token.provider.TokenProvider;
import org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider;
import org.apache.cxf.sts.token.realm.RealmProperties;
import org.apache.cxf.sts.token.realm.Relationship;
import org.apache.cxf.sts.token.validator.SAMLTokenValidator;
import org.apache.cxf.sts.token.validator.SCTValidator;
import org.apache.cxf.sts.token.validator.TokenValidator;
import org.apache.cxf.sts.token.validator.X509TokenValidator;
import org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator;
import org.apache.cxf.transport.servlet.CXFServlet;
import org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider;
import org.apache.cxf.ws.security.sts.provider.operation.IssueOperation;
import org.apache.cxf.ws.security.sts.provider.operation.ValidateOperation;
import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.wss4j.dom.validate.Validator;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.CasSSLContext;
import org.apereo.cas.authentication.DefaultSecurityTokenServiceTokenFetcher;
import org.apereo.cas.authentication.SecurityTokenServiceClientBuilder;
import org.apereo.cas.authentication.SecurityTokenServiceTokenFetcher;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.wsfed.WsFederationIdentityProviderProperties;
import org.apereo.cas.configuration.model.support.wsfed.WsFederationSecurityTokenServiceProperties;
import org.apereo.cas.configuration.model.support.wsfed.WsFederationSecurityTokenServiceRealmProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.claims.CustomNamespaceWSFederationClaimsClaimsHandler;
import org.apereo.cas.support.claims.NonWSFederationClaimsClaimsHandler;
import org.apereo.cas.support.claims.WrappingSecurityTokenServiceClaimsHandler;
import org.apereo.cas.support.realm.RealmPasswordVerificationCallbackHandler;
import org.apereo.cas.support.realm.UriRealmParser;
import org.apereo.cas.support.util.CryptoUtils;
import org.apereo.cas.support.validation.CipheredCredentialsValidator;
import org.apereo.cas.support.validation.SecurityTokenServiceCredentialCipherExecutor;
import org.apereo.cas.support.x509.X509TokenDelegationHandler;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportResource;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@ImportResource(locations = {"classpath:jaxws-realms.xml"})
@Configuration(value = "CoreWsSecuritySecurityTokenServiceConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:org/apereo/cas/config/CoreWsSecuritySecurityTokenServiceConfiguration.class */
public class CoreWsSecuritySecurityTokenServiceConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecuritySecurityTokenServiceClaimsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecuritySecurityTokenServiceConfiguration$CoreWsSecuritySecurityTokenServiceClaimsConfiguration.class */
    public static class CoreWsSecuritySecurityTokenServiceClaimsConfiguration {
        @ConditionalOnMissingBean(name = {"wrappingSecurityTokenServiceClaimsHandler"})
        @Bean
        public ClaimsHandler wrappingSecurityTokenServiceClaimsHandler(CasConfigurationProperties casConfigurationProperties) {
            return new WrappingSecurityTokenServiceClaimsHandler(casConfigurationProperties.getAuthn().getWsfedIdp().getIdp().getRealmName(), casConfigurationProperties.getAuthn().getWsfedIdp().getSts().getRealm().getIssuer());
        }

        @ConditionalOnMissingBean(name = {"nonWSFederationClaimsClaimsHandler"})
        @Bean
        public ClaimsHandler nonWSFederationClaimsClaimsHandler(CasConfigurationProperties casConfigurationProperties) {
            return new NonWSFederationClaimsClaimsHandler(casConfigurationProperties.getAuthn().getWsfedIdp().getIdp().getRealmName(), casConfigurationProperties.getAuthn().getWsfedIdp().getSts().getRealm().getIssuer());
        }

        @ConditionalOnMissingBean(name = {"customNamespaceWSFederationClaimsClaimsHandler"})
        @Bean
        public ClaimsHandler customNamespaceWSFederationClaimsClaimsHandler(CasConfigurationProperties casConfigurationProperties) {
            WsFederationSecurityTokenServiceProperties sts = casConfigurationProperties.getAuthn().getWsfedIdp().getSts();
            return new CustomNamespaceWSFederationClaimsClaimsHandler(casConfigurationProperties.getAuthn().getWsfedIdp().getIdp().getRealmName(), sts.getRealm().getIssuer(), sts.getCustomClaims());
        }

        @ConditionalOnMissingBean(name = {"wsfedClaimsHandlers"})
        @Bean
        public List<ClaimsHandler> wsfedClaimsHandlers(@Qualifier("wrappingSecurityTokenServiceClaimsHandler") ClaimsHandler claimsHandler, @Qualifier("nonWSFederationClaimsClaimsHandler") ClaimsHandler claimsHandler2, @Qualifier("customNamespaceWSFederationClaimsClaimsHandler") ClaimsHandler claimsHandler3) {
            return CollectionUtils.wrapList(new ClaimsHandler[]{claimsHandler, claimsHandler2, claimsHandler3});
        }

        @ConditionalOnMissingBean(name = {"wsfedClaimsManager"})
        @Bean
        public ClaimsManager wsfedClaimsManager(@Qualifier("wsfedClaimsHandlers") List<ClaimsHandler> list) {
            ClaimsManager claimsManager = new ClaimsManager();
            claimsManager.setClaimHandlers(list);
            return claimsManager;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecuritySecurityTokenServiceClientConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecuritySecurityTokenServiceConfiguration$CoreWsSecuritySecurityTokenServiceClientConfiguration.class */
    public static class CoreWsSecuritySecurityTokenServiceClientConfiguration {
        @ConditionalOnMissingBean(name = {"securityTokenServiceClientBuilder"})
        @Bean
        public SecurityTokenServiceClientBuilder securityTokenServiceClientBuilder(CasConfigurationProperties casConfigurationProperties, @Qualifier("hostnameVerifier") HostnameVerifier hostnameVerifier, @Qualifier("casSslContext") CasSSLContext casSSLContext) {
            return new SecurityTokenServiceClientBuilder(casConfigurationProperties.getAuthn().getWsfedIdp(), casConfigurationProperties.getServer().getPrefix(), hostnameVerifier, casSSLContext);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecuritySecurityTokenServiceDelegationConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecuritySecurityTokenServiceConfiguration$CoreWsSecuritySecurityTokenServiceDelegationConfiguration.class */
    public static class CoreWsSecuritySecurityTokenServiceDelegationConfiguration {
        @ConditionalOnMissingBean(name = {"samlTokenDelegationHandler"})
        @Bean
        public TokenDelegationHandler samlTokenDelegationHandler() {
            return new SAMLDelegationHandler();
        }

        @ConditionalOnMissingBean(name = {"x509TokenDelegationHandler"})
        @Bean
        public TokenDelegationHandler x509TokenDelegationHandler() {
            return new X509TokenDelegationHandler();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecuritySecurityTokenServiceOperationeConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecuritySecurityTokenServiceConfiguration$CoreWsSecuritySecurityTokenServiceOperationeConfiguration.class */
    public static class CoreWsSecuritySecurityTokenServiceOperationeConfiguration {
        @ConditionalOnMissingBean(name = {"securityTokenServiceTokenFetcher"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public SecurityTokenServiceTokenFetcher securityTokenServiceTokenFetcher(@Qualifier("securityTokenServiceCredentialCipherExecutor") CipherExecutor cipherExecutor, @Qualifier("securityTokenServiceClientBuilder") SecurityTokenServiceClientBuilder securityTokenServiceClientBuilder, @Qualifier("wsFederationAuthenticationServiceSelectionStrategy") AuthenticationServiceSelectionStrategy authenticationServiceSelectionStrategy, @Qualifier("servicesManager") ServicesManager servicesManager) {
            return new DefaultSecurityTokenServiceTokenFetcher(servicesManager, authenticationServiceSelectionStrategy, cipherExecutor, securityTokenServiceClientBuilder);
        }

        @ConditionalOnMissingBean(name = {"transportIssueDelegate"})
        @Bean
        public IssueOperation transportIssueDelegate(CasConfigurationProperties casConfigurationProperties, List<TokenProvider> list, @Qualifier("transportService") StaticService staticService, @Qualifier("transportSTSProperties") STSPropertiesMBean sTSPropertiesMBean, @Qualifier("wsfedClaimsManager") ClaimsManager claimsManager, List<TokenValidator> list2, @Qualifier("loggerListener") EventMapper eventMapper, List<TokenDelegationHandler> list3, @Qualifier("securityTokenServiceTokenStore") TokenStore tokenStore) {
            WsFederationSecurityTokenServiceProperties sts = casConfigurationProperties.getAuthn().getWsfedIdp().getSts();
            TokenIssueOperation tokenIssueOperation = new TokenIssueOperation();
            tokenIssueOperation.setTokenProviders(list);
            tokenIssueOperation.setServices(CollectionUtils.wrap(staticService));
            tokenIssueOperation.setStsProperties(sTSPropertiesMBean);
            tokenIssueOperation.setClaimsManager(claimsManager);
            tokenIssueOperation.setTokenValidators(list2);
            tokenIssueOperation.setEventListener(eventMapper);
            tokenIssueOperation.setDelegationHandlers(list3);
            tokenIssueOperation.setEncryptIssuedToken(sts.isEncryptTokens());
            tokenIssueOperation.setTokenStore(tokenStore);
            return tokenIssueOperation;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecuritySecurityTokenServiceProvidersConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecuritySecurityTokenServiceConfiguration$CoreWsSecuritySecurityTokenServiceProvidersConfiguration.class */
    public static class CoreWsSecuritySecurityTokenServiceProvidersConfiguration {
        @ConditionalOnMissingBean(name = {"transportSecureContextTokenProvider"})
        @Bean
        public SCTProvider transportSecureContextTokenProvider() {
            return new SCTProvider();
        }

        @ConditionalOnMissingBean(name = {"transportJwtTokenProvider"})
        @Bean
        public JWTTokenProvider transportJwtTokenProvider(@Qualifier("securityTokenServiceRealms") Map<String, RealmProperties> map) {
            JWTTokenProvider jWTTokenProvider = new JWTTokenProvider();
            jWTTokenProvider.setRealmMap(map);
            jWTTokenProvider.setSignToken(true);
            return jWTTokenProvider;
        }

        @ConditionalOnMissingBean(name = {"transportSamlTokenProvider"})
        @Bean
        public SAMLTokenProvider transportSamlTokenProvider(CasConfigurationProperties casConfigurationProperties, @Qualifier("securityTokenServiceRealms") Map<String, RealmProperties> map) {
            WsFederationSecurityTokenServiceProperties sts = casConfigurationProperties.getAuthn().getWsfedIdp().getSts();
            DefaultSubjectProvider defaultSubjectProvider = new DefaultSubjectProvider();
            if (StringUtils.isNotBlank(sts.getSubjectNameQualifier())) {
                defaultSubjectProvider.setSubjectNameQualifier(sts.getSubjectNameQualifier());
            }
            String lowerCase = sts.getSubjectNameIdFormat().trim().toLowerCase();
            boolean z = -1;
            switch (lowerCase.hashCode()) {
                case -1626174665:
                    if (lowerCase.equals("unspecified")) {
                        z = 4;
                        break;
                    }
                    break;
                case -1298275357:
                    if (lowerCase.equals("entity")) {
                        z = true;
                        break;
                    }
                    break;
                case 96619420:
                    if (lowerCase.equals("email")) {
                        z = false;
                        break;
                    }
                    break;
                case 512462487:
                    if (lowerCase.equals("persistent")) {
                        z = 3;
                        break;
                    }
                    break;
                case 1052746378:
                    if (lowerCase.equals("transient")) {
                        z = 2;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    defaultSubjectProvider.setSubjectNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
                    break;
                case true:
                    defaultSubjectProvider.setSubjectNameIDFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
                    break;
                case true:
                    defaultSubjectProvider.setSubjectNameIDFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
                    break;
                case true:
                    defaultSubjectProvider.setSubjectNameIDFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
                    break;
                case true:
                default:
                    defaultSubjectProvider.setSubjectNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
                    break;
            }
            DefaultConditionsProvider defaultConditionsProvider = new DefaultConditionsProvider();
            defaultConditionsProvider.setAcceptClientLifetime(sts.isConditionsAcceptClientLifetime());
            defaultConditionsProvider.setFailLifetimeExceedance(sts.isConditionsFailLifetimeExceedance());
            defaultConditionsProvider.setFutureTimeToLive(Beans.newDuration(sts.getConditionsFutureTimeToLive()).toSeconds());
            defaultConditionsProvider.setLifetime(Beans.newDuration(sts.getConditionsLifetime()).toSeconds());
            defaultConditionsProvider.setMaxLifetime(Beans.newDuration(sts.getConditionsMaxLifetime()).toSeconds());
            SAMLTokenProvider sAMLTokenProvider = new SAMLTokenProvider();
            sAMLTokenProvider.setAttributeStatementProviders(CollectionUtils.wrap(new ClaimsAttributeStatementProvider()));
            sAMLTokenProvider.setRealmMap(map);
            sAMLTokenProvider.setConditionsProvider(defaultConditionsProvider);
            sAMLTokenProvider.setSubjectProvider(defaultSubjectProvider);
            sAMLTokenProvider.setSignToken(sts.isSignTokens());
            return sAMLTokenProvider;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecuritySecurityTokenServiceRealmsConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecuritySecurityTokenServiceConfiguration$CoreWsSecuritySecurityTokenServiceRealmsConfiguration.class */
    public static class CoreWsSecuritySecurityTokenServiceRealmsConfiguration {
        @ConditionalOnMissingBean(name = {"casRealm"})
        @Bean
        public RealmProperties casRealm(CasConfigurationProperties casConfigurationProperties) {
            WsFederationSecurityTokenServiceRealmProperties realm = casConfigurationProperties.getAuthn().getWsfedIdp().getSts().getRealm();
            RealmProperties realmProperties = new RealmProperties();
            String issuer = realm.getIssuer();
            if (StringUtils.isBlank(issuer)) {
                throw new BeanCreationException("Realm issuer for the secure token service cannot be undefined");
            }
            realmProperties.setIssuer(issuer);
            if (StringUtils.isBlank(realm.getKeystoreFile()) || StringUtils.isBlank(realm.getKeyPassword()) || StringUtils.isBlank(realm.getKeystoreAlias())) {
                throw new BeanCreationException("Keystore file, password or alias assigned to the realm must be defined");
            }
            realmProperties.setSignatureCryptoProperties(CryptoUtils.getSecurityProperties(realm.getKeystoreFile(), realm.getKeystorePassword(), realm.getKeystoreAlias()));
            realmProperties.setCallbackHandler(new RealmPasswordVerificationCallbackHandler(realm.getKeyPassword()));
            return realmProperties;
        }

        @ConditionalOnMissingBean(name = {"securityTokenServiceRealms"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public Map<String, RealmProperties> securityTokenServiceRealms(CasConfigurationProperties casConfigurationProperties, @Qualifier("casRealm") RealmProperties realmProperties) {
            WsFederationIdentityProviderProperties idp = casConfigurationProperties.getAuthn().getWsfedIdp().getIdp();
            HashMap hashMap = new HashMap();
            hashMap.put(idp.getRealmName(), realmProperties);
            return hashMap;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecuritySecurityTokenServiceTransportConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecuritySecurityTokenServiceConfiguration$CoreWsSecuritySecurityTokenServiceTransportConfiguration.class */
    public static class CoreWsSecuritySecurityTokenServiceTransportConfiguration {
        @ConditionalOnMissingBean(name = {"transportSTSProviderBean"})
        @Bean
        public SecurityTokenServiceProvider transportSTSProviderBean(@Qualifier("transportIssueDelegate") IssueOperation issueOperation, @Qualifier("transportValidateDelegate") ValidateOperation validateOperation) throws Exception {
            SecurityTokenServiceProvider securityTokenServiceProvider = new SecurityTokenServiceProvider();
            securityTokenServiceProvider.setIssueOperation(issueOperation);
            securityTokenServiceProvider.setValidateOperation(validateOperation);
            return securityTokenServiceProvider;
        }

        @ConditionalOnMissingBean(name = {"securityTokenServiceTokenStore"})
        @Bean
        public TokenStore securityTokenServiceTokenStore() {
            return new MemoryTokenStore();
        }

        @ConditionalOnMissingBean(name = {"transportValidateDelegate"})
        @Bean
        public ValidateOperation transportValidateDelegate(List<TokenValidator> list, @Qualifier("transportSTSProperties") STSPropertiesMBean sTSPropertiesMBean, @Qualifier("loggerListener") EventMapper eventMapper) {
            TokenValidateOperation tokenValidateOperation = new TokenValidateOperation();
            tokenValidateOperation.setTokenValidators(list);
            tokenValidateOperation.setStsProperties(sTSPropertiesMBean);
            tokenValidateOperation.setEventListener(eventMapper);
            return tokenValidateOperation;
        }

        @ConditionalOnMissingBean(name = {"securityTokenServiceCredentialCipherExecutor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CipherExecutor securityTokenServiceCredentialCipherExecutor(CasConfigurationProperties casConfigurationProperties) {
            return CipherExecutorUtils.newStringCipherExecutor(casConfigurationProperties.getAuthn().getWsfedIdp().getSts().getCrypto(), SecurityTokenServiceCredentialCipherExecutor.class);
        }

        @ConditionalOnMissingBean(name = {"transportUsernameTokenValidator"})
        @Bean
        public Validator transportUsernameTokenValidator(@Qualifier("securityTokenServiceCredentialCipherExecutor") CipherExecutor cipherExecutor) {
            return new CipheredCredentialsValidator(cipherExecutor);
        }

        @ConditionalOnMissingBean(name = {"transportService"})
        @Bean
        public StaticService transportService() {
            StaticService staticService = new StaticService();
            staticService.setEndpoints(CollectionUtils.wrap(".*"));
            return staticService;
        }

        @ConditionalOnMissingBean(name = {"transportSTSProperties"})
        @Bean
        public STSPropertiesMBean transportSTSProperties(CasConfigurationProperties casConfigurationProperties, @Qualifier("securityTokenServiceRealms") Map<String, RealmProperties> map) {
            WsFederationSecurityTokenServiceProperties sts = casConfigurationProperties.getAuthn().getWsfedIdp().getSts();
            WsFederationIdentityProviderProperties idp = casConfigurationProperties.getAuthn().getWsfedIdp().getIdp();
            StaticSTSProperties staticSTSProperties = new StaticSTSProperties();
            staticSTSProperties.setIssuer(getClass().getSimpleName());
            staticSTSProperties.setRealmParser(new UriRealmParser(map));
            staticSTSProperties.setSignatureCryptoProperties(CryptoUtils.getSecurityProperties(sts.getSigningKeystoreFile(), sts.getSigningKeystorePassword()));
            staticSTSProperties.setEncryptionCryptoProperties(CryptoUtils.getSecurityProperties(sts.getEncryptionKeystoreFile(), sts.getEncryptionKeystorePassword()));
            Relationship relationship = new Relationship();
            relationship.setType("FederatedIdentity");
            relationship.setSourceRealm(idp.getRealmName());
            relationship.setTargetRealm(idp.getRealmName());
            staticSTSProperties.setRelationships(CollectionUtils.wrap(relationship));
            return staticSTSProperties;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecuritySecurityTokenServiceValidatorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecuritySecurityTokenServiceConfiguration$CoreWsSecuritySecurityTokenServiceValidatorConfiguration.class */
    public static class CoreWsSecuritySecurityTokenServiceValidatorConfiguration {
        @ConditionalOnMissingBean(name = {"transportSamlTokenValidator"})
        @Bean
        public TokenValidator transportSamlTokenValidator() {
            return new SAMLTokenValidator();
        }

        @ConditionalOnMissingBean(name = {"transportJwtTokenValidator"})
        @Bean
        public TokenValidator transportJwtTokenValidator() {
            return new JWTTokenValidator();
        }

        @ConditionalOnMissingBean(name = {"transportSecureContextTokenValidator"})
        @Bean
        public TokenValidator transportSecureContextTokenValidator() {
            return new SCTValidator();
        }

        @ConditionalOnMissingBean(name = {"transportX509TokenValidator"})
        @Bean
        public TokenValidator transportX509TokenValidator() {
            return new X509TokenValidator();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CoreWsSecuritySecurityTokenServiceWebConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CoreWsSecuritySecurityTokenServiceConfiguration$CoreWsSecuritySecurityTokenServiceWebConfiguration.class */
    public static class CoreWsSecuritySecurityTokenServiceWebConfiguration {
        @ConditionalOnMissingBean(name = {"cxfServlet"})
        @Bean
        public ServletRegistrationBean<CXFServlet> cxfServlet() {
            ServletRegistrationBean<CXFServlet> servletRegistrationBean = new ServletRegistrationBean<>();
            servletRegistrationBean.setEnabled(true);
            servletRegistrationBean.setName("cxfServletSecurityTokenService");
            servletRegistrationBean.setServlet(new CXFServlet());
            servletRegistrationBean.setUrlMappings(CollectionUtils.wrap("/ws/sts/".concat("*")));
            servletRegistrationBean.setAsyncSupported(true);
            return servletRegistrationBean;
        }

        @ConditionalOnMissingBean(name = {"loggerListener"})
        @Bean
        public EventMapper loggerListener() {
            return new EventMapper(new MapEventLogger());
        }
    }
}
