package org.apereo.cas.config;

import com.google.errorprone.annotations.CanIgnoreReturnValue;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.multitenancy.DefaultTenantExtractor;
import org.apereo.cas.multitenancy.DefaultTenantsManager;
import org.apereo.cas.multitenancy.TenantExtractor;
import org.apereo.cas.multitenancy.TenantRoutingFilter;
import org.apereo.cas.multitenancy.TenantWebflowDecorator;
import org.apereo.cas.multitenancy.TenantsManager;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.apereo.cas.util.spring.beans.BeanCondition;
import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.cas.web.CasWebSecurityConfigurer;
import org.apereo.cas.web.flow.decorator.WebflowDecorator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.jdbc.datasource.init.ScriptUtils;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.Multitenancy})
/* loaded from: input_file:WEB-INF/lib/cas-server-core-multitenancy-7.3.0-RC2.jar:org/apereo/cas/config/CasCoreMultitenancyAutoConfiguration.class */
public class CasCoreMultitenancyAutoConfiguration {
    private static final BeanCondition CONDITION = BeanCondition.on("cas.multitenancy.core.enabled").isTrue();

    @ConditionalOnMissingBean(name = {TenantsManager.BEAN_NAME})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public TenantsManager tenantsManager(@Qualifier("casConfigurationCipherExecutor") CipherExecutor<String, String> cipherExecutor, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (TenantsManager) BeanSupplier.of(TenantsManager.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return new DefaultTenantsManager(JacksonObjectMapperFactory.builder().defaultTypingEnabled(true).applicationContext(configurableApplicationContext).build().toObjectMapper(), casConfigurationProperties.getMultitenancy().getJson().getLocation());
        }).otherwise(DefaultTenantsManager::new).get();
    }

    @ConditionalOnMissingBean(name = {TenantExtractor.BEAN_NAME})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public TenantExtractor tenantExtractor(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("tenantsManager") TenantsManager tenantsManager) {
        return new DefaultTenantExtractor(tenantsManager, configurableApplicationContext, casConfigurationProperties);
    }

    @ConditionalOnMissingBean(name = {"casMultitenancyEndpointConfigurer"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public CasWebSecurityConfigurer<HttpSecurity> casMultitenancyEndpointConfigurer() {
        return new CasWebSecurityConfigurer<HttpSecurity>(this) { // from class: org.apereo.cas.config.CasCoreMultitenancyAutoConfiguration.1
            @Override // org.apereo.cas.web.CasWebSecurityConfigurer
            @CanIgnoreReturnValue
            public CasWebSecurityConfigurer<HttpSecurity> configure(HttpSecurity httpSecurity) throws Exception {
                httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
                    authorizationManagerRequestMatcherRegistry.requestMatchers(PathPatternRequestMatcher.withDefaults().matcher("/tenants/**")).permitAll();
                });
                return this;
            }
        };
    }

    @ConditionalOnMissingBean(name = {"casMultitenancyWebflowDecorator"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public WebflowDecorator casMultitenancyWebflowDecorator(@Qualifier("tenantExtractor") TenantExtractor tenantExtractor, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        return (WebflowDecorator) BeanSupplier.of(WebflowDecorator.class).when(CONDITION.given(configurableApplicationContext.getEnvironment())).supply(() -> {
            return new TenantWebflowDecorator(tenantExtractor);
        }).otherwise(WebflowDecorator::noOp).get();
    }

    @ConditionalOnMissingBean(name = {"tenantRoutingFilter"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public FilterRegistrationBean<TenantRoutingFilter> tenantRoutingFilter(ConfigurableApplicationContext configurableApplicationContext, @Qualifier("tenantExtractor") TenantExtractor tenantExtractor) {
        FilterRegistrationBean<TenantRoutingFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter(new TenantRoutingFilter(tenantExtractor));
        filterRegistrationBean.addUrlPatterns(ScriptUtils.DEFAULT_BLOCK_COMMENT_START_DELIMITER);
        filterRegistrationBean.setOrder(-2147483646);
        filterRegistrationBean.setAsyncSupported(true);
        filterRegistrationBean.setName("tenantRoutingFilter");
        filterRegistrationBean.setEnabled(CONDITION.given(configurableApplicationContext).get().booleanValue());
        return filterRegistrationBean;
    }
}
