package org.apereo.cas.validation.config;

import java.util.List;
import lombok.Generated;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.UniqueTicketIdGenerator;
import org.apereo.cas.ticket.proxy.ProxyHandler;
import org.apereo.cas.ticket.proxy.support.Cas10ProxyHandler;
import org.apereo.cas.ticket.proxy.support.Cas20ProxyHandler;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.validation.AbstractCasProtocolValidationSpecification;
import org.apereo.cas.validation.AuthenticationPolicyAwareServiceTicketValidationAuthorizer;
import org.apereo.cas.validation.CasProtocolValidationSpecification;
import org.apereo.cas.validation.DefaultCasProtocolValidationSpecification;
import org.apereo.cas.validation.DefaultServiceTicketValidationAuthorizersExecutionPlan;
import org.apereo.cas.validation.ServiceTicketValidationAuthorizer;
import org.apereo.cas.validation.ServiceTicketValidationAuthorizerConfigurer;
import org.apereo.cas.validation.ServiceTicketValidationAuthorizersExecutionPlan;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.Validation})
/* loaded from: input_file:org/apereo/cas/validation/config/CasCoreValidationConfiguration.class */
public class CasCoreValidationConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CasCoreValidationConfiguration.class);
    private static final BeanCondition CONDITION_PROXY_AUTHN = BeanCondition.on("cas.sso.proxy-authn-enabled").isTrue().evenIfMissing();

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasCoreValidationAuthorizerConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/validation/config/CasCoreValidationConfiguration$CasCoreValidationAuthorizerConfiguration.class */
    public static class CasCoreValidationAuthorizerConfiguration {
        @ConditionalOnMissingBean(name = {"casCoreServiceTicketValidationAuthorizerConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ServiceTicketValidationAuthorizerConfigurer casCoreServiceTicketValidationAuthorizerConfigurer(@Qualifier("authenticationPolicyAwareServiceTicketValidationAuthorizer") ServiceTicketValidationAuthorizer serviceTicketValidationAuthorizer) {
            return serviceTicketValidationAuthorizersExecutionPlan -> {
                serviceTicketValidationAuthorizersExecutionPlan.registerAuthorizer(serviceTicketValidationAuthorizer);
            };
        }

        @ConditionalOnMissingBean(name = {"authenticationPolicyAwareServiceTicketValidationAuthorizer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ServiceTicketValidationAuthorizer authenticationPolicyAwareServiceTicketValidationAuthorizer(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("servicesManager") ServicesManager servicesManager, @Qualifier("authenticationEventExecutionPlan") AuthenticationEventExecutionPlan authenticationEventExecutionPlan) {
            return new AuthenticationPolicyAwareServiceTicketValidationAuthorizer(servicesManager, authenticationEventExecutionPlan, configurableApplicationContext);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasCoreValidationExecutionPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/validation/config/CasCoreValidationConfiguration$CasCoreValidationExecutionPlanConfiguration.class */
    public static class CasCoreValidationExecutionPlanConfiguration {
        @ConditionalOnMissingBean(name = {"serviceValidationAuthorizers"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ServiceTicketValidationAuthorizersExecutionPlan serviceValidationAuthorizers(List<ServiceTicketValidationAuthorizerConfigurer> list) {
            DefaultServiceTicketValidationAuthorizersExecutionPlan defaultServiceTicketValidationAuthorizersExecutionPlan = new DefaultServiceTicketValidationAuthorizersExecutionPlan();
            list.forEach(serviceTicketValidationAuthorizerConfigurer -> {
                CasCoreValidationConfiguration.LOGGER.trace("Configuring service ticket validation authorizer execution plan [{}]", serviceTicketValidationAuthorizerConfigurer.getName());
                serviceTicketValidationAuthorizerConfigurer.configureAuthorizersExecutionPlan(defaultServiceTicketValidationAuthorizersExecutionPlan);
            });
            return defaultServiceTicketValidationAuthorizersExecutionPlan;
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasCoreValidationProxyConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/validation/config/CasCoreValidationConfiguration$CasCoreValidationProxyConfiguration.class */
    public static class CasCoreValidationProxyConfiguration {
        @ConditionalOnMissingBean(name = {"proxy10Handler"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ProxyHandler proxy10Handler(ConfigurableApplicationContext configurableApplicationContext) throws Exception {
            return (ProxyHandler) BeanSupplier.of(ProxyHandler.class).when(CasCoreValidationConfiguration.CONDITION_PROXY_AUTHN.given(configurableApplicationContext.getEnvironment())).supply(Cas10ProxyHandler::new).otherwiseProxy().get();
        }

        @ConditionalOnMissingBean(name = {"proxy20Handler"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ProxyHandler proxy20Handler(@Qualifier("proxy20TicketUniqueIdGenerator") UniqueTicketIdGenerator uniqueTicketIdGenerator, @Qualifier("supportsTrustStoreSslSocketFactoryHttpClient") HttpClient httpClient, ConfigurableApplicationContext configurableApplicationContext) throws Exception {
            return (ProxyHandler) BeanSupplier.of(ProxyHandler.class).when(CasCoreValidationConfiguration.CONDITION_PROXY_AUTHN.given(configurableApplicationContext.getEnvironment())).supply(() -> {
                return new Cas20ProxyHandler(httpClient, uniqueTicketIdGenerator);
            }).otherwiseProxy().get();
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasCoreValidationSpecificationConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/validation/config/CasCoreValidationConfiguration$CasCoreValidationSpecificationConfiguration.class */
    public static class CasCoreValidationSpecificationConfiguration {
        @ConditionalOnMissingBean(name = {"casSingleAuthenticationProtocolValidationSpecification"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Scope("prototype")
        @Bean
        public CasProtocolValidationSpecification casSingleAuthenticationProtocolValidationSpecification(@Qualifier("servicesManager") ServicesManager servicesManager) {
            return new DefaultCasProtocolValidationSpecification(servicesManager, AbstractCasProtocolValidationSpecification.ASSERTION_SINGLE_AUTHENTICATION);
        }

        @ConditionalOnMissingBean(name = {"casAlwaysSatisfiedProtocolValidationSpecification"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Scope("prototype")
        @Bean
        public CasProtocolValidationSpecification casAlwaysSatisfiedProtocolValidationSpecification(@Qualifier("servicesManager") ServicesManager servicesManager) {
            return new DefaultCasProtocolValidationSpecification(servicesManager, AbstractCasProtocolValidationSpecification.ASSERTION_ALWAYS_SATISFIED);
        }
    }
}
