package org.apereo.cas.mgmt.config;

import com.google.common.base.Throwables;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.mgmt.services.web.ManageRegisteredServicesMultiActionController;
import org.apereo.cas.mgmt.services.web.RegisteredServiceSimpleFormController;
import org.apereo.cas.mgmt.services.web.factory.AccessStrategyMapper;
import org.apereo.cas.mgmt.services.web.factory.AttributeFilterMapper;
import org.apereo.cas.mgmt.services.web.factory.AttributeFormDataPopulator;
import org.apereo.cas.mgmt.services.web.factory.AttributeReleasePolicyMapper;
import org.apereo.cas.mgmt.services.web.factory.DefaultAccessStrategyMapper;
import org.apereo.cas.mgmt.services.web.factory.DefaultAttributeFilterMapper;
import org.apereo.cas.mgmt.services.web.factory.DefaultAttributeReleasePolicyMapper;
import org.apereo.cas.mgmt.services.web.factory.DefaultPrincipalAttributesRepositoryMapper;
import org.apereo.cas.mgmt.services.web.factory.DefaultProxyPolicyMapper;
import org.apereo.cas.mgmt.services.web.factory.DefaultRegisteredServiceFactory;
import org.apereo.cas.mgmt.services.web.factory.DefaultRegisteredServiceMapper;
import org.apereo.cas.mgmt.services.web.factory.DefaultUsernameAttributeProviderMapper;
import org.apereo.cas.mgmt.services.web.factory.FormDataPopulator;
import org.apereo.cas.mgmt.services.web.factory.PrincipalAttributesRepositoryMapper;
import org.apereo.cas.mgmt.services.web.factory.ProxyPolicyMapper;
import org.apereo.cas.mgmt.services.web.factory.RegisteredServiceFactory;
import org.apereo.cas.mgmt.services.web.factory.RegisteredServiceMapper;
import org.apereo.cas.mgmt.web.CasManagementRootController;
import org.apereo.cas.mgmt.web.CasManagementSecurityInterceptor;
import org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy;
import org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.UniqueTicketIdGenerator;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.pac4j.cas.client.direct.DirectCasClient;
import org.pac4j.cas.config.CasConfiguration;
import org.pac4j.core.authorization.authorizer.Authorizer;
import org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer;
import org.pac4j.core.authorization.generator.AuthorizationGenerator;
import org.pac4j.core.authorization.generator.FromAttributesAuthorizationGenerator;
import org.pac4j.core.authorization.generator.SpringSecurityPropertiesAuthorizationGenerator;
import org.pac4j.core.client.Client;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.profile.CommonProfile;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.CharacterEncodingFilter;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.handler.SimpleUrlHandlerMapping;
import org.springframework.web.servlet.i18n.CookieLocaleResolver;
import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
import org.springframework.web.servlet.mvc.Controller;
import org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter;
import org.springframework.web.servlet.mvc.UrlFilenameViewController;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casManagementWebAppConfiguration")
/* loaded from: input_file:WEB-INF/lib/cas-management-webapp-support-5.1.6.jar:org/apereo/cas/mgmt/config/CasManagementWebAppConfiguration.class */
public class CasManagementWebAppConfiguration extends WebMvcConfigurerAdapter {

    @Autowired(required = false)
    @Qualifier("formDataPopulators")
    private List formDataPopulators = new ArrayList();

    @Autowired
    private ServerProperties serverProperties;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("webApplicationServiceFactory")
    private ServiceFactory<WebApplicationService> webApplicationServiceFactory;

    /* loaded from: input_file:WEB-INF/lib/cas-management-webapp-support-5.1.6.jar:org/apereo/cas/mgmt/config/CasManagementWebAppConfiguration$PermitAllAuthorizationGenerator.class */
    public class PermitAllAuthorizationGenerator implements AuthorizationGenerator<CommonProfile> {
        public PermitAllAuthorizationGenerator() {
        }

        @Override // org.pac4j.core.authorization.generator.AuthorizationGenerator
        public CommonProfile generate(WebContext webContext, CommonProfile commonProfile) {
            commonProfile.addRoles(CasManagementWebAppConfiguration.this.casProperties.getMgmt().getAdminRoles());
            return commonProfile;
        }
    }

    @Bean
    public Filter characterEncodingFilter() {
        return new CharacterEncodingFilter(StandardCharsets.UTF_8.name(), true);
    }

    @Bean
    public Authorizer requireAnyRoleAuthorizer() {
        return new RequireAnyRoleAuthorizer(this.casProperties.getMgmt().getAdminRoles());
    }

    @ConditionalOnMissingBean(name = {"attributeRepository"})
    @RefreshScope
    @Bean
    public IPersonAttributeDao attributeRepository() {
        return Beans.newStubAttributeRepository(this.casProperties.getAuthn().getAttributeRepository());
    }

    @Bean
    public Client casClient() {
        DirectCasClient directCasClient = new DirectCasClient(new CasConfiguration(this.casProperties.getServer().getLoginUrl()));
        directCasClient.setAuthorizationGenerator(authorizationGenerator());
        directCasClient.setName("CasClient");
        return directCasClient;
    }

    @Bean
    public Config config() {
        Config config = new Config(getDefaultServiceUrl(), casClient());
        config.setAuthorizer(requireAnyRoleAuthorizer());
        return config;
    }

    @Bean
    public Controller rootController() {
        return new CasManagementRootController();
    }

    @Bean
    public SimpleUrlHandlerMapping handlerMappingC() {
        SimpleUrlHandlerMapping simpleUrlHandlerMapping = new SimpleUrlHandlerMapping();
        simpleUrlHandlerMapping.setOrder(1);
        simpleUrlHandlerMapping.setAlwaysUseFullPath(true);
        simpleUrlHandlerMapping.setRootHandler(rootController());
        Properties properties = new Properties();
        properties.put("/*.html", new UrlFilenameViewController());
        simpleUrlHandlerMapping.setMappings(properties);
        return simpleUrlHandlerMapping;
    }

    @Bean
    public HandlerInterceptorAdapter casManagementSecurityInterceptor() {
        return new CasManagementSecurityInterceptor(config());
    }

    @RefreshScope
    @Bean
    public Properties userProperties() {
        try {
            Properties properties = new Properties();
            properties.load(this.casProperties.getMgmt().getUserPropertiesFile().getInputStream());
            return properties;
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    @ConditionalOnMissingBean(name = {"authorizationGenerator"})
    @RefreshScope
    @Bean
    public AuthorizationGenerator authorizationGenerator() {
        List<String> authzAttributes = this.casProperties.getMgmt().getAuthzAttributes();
        return !authzAttributes.isEmpty() ? "*".equals(authzAttributes) ? new PermitAllAuthorizationGenerator() : new FromAttributesAuthorizationGenerator((String[]) authzAttributes.toArray(new String[0]), new String[0]) : new SpringSecurityPropertiesAuthorizationGenerator(userProperties());
    }

    @Bean
    public CookieLocaleResolver localeResolver() {
        return new CookieLocaleResolver() { // from class: org.apereo.cas.mgmt.config.CasManagementWebAppConfiguration.1
            @Override // org.springframework.web.servlet.i18n.CookieLocaleResolver
            protected Locale determineDefaultLocale(HttpServletRequest httpServletRequest) {
                Locale locale = httpServletRequest.getLocale();
                return (StringUtils.isEmpty(CasManagementWebAppConfiguration.this.casProperties.getMgmt().getDefaultLocale()) || !locale.getLanguage().equals(CasManagementWebAppConfiguration.this.casProperties.getMgmt().getDefaultLocale())) ? locale : new Locale(CasManagementWebAppConfiguration.this.casProperties.getMgmt().getDefaultLocale());
            }
        };
    }

    @RefreshScope
    @Bean
    public LocaleChangeInterceptor localeChangeInterceptor() {
        LocaleChangeInterceptor localeChangeInterceptor = new LocaleChangeInterceptor();
        localeChangeInterceptor.setParamName(this.casProperties.getLocale().getParamName());
        return localeChangeInterceptor;
    }

    @Override // org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter, org.springframework.web.servlet.config.annotation.WebMvcConfigurer
    public void addInterceptors(InterceptorRegistry interceptorRegistry) {
        interceptorRegistry.addInterceptor(localeChangeInterceptor());
        interceptorRegistry.addInterceptor(casManagementSecurityInterceptor()).addPathPatterns("/**").excludePathPatterns("/callback*", "/logout*", "/authorizationFailure");
    }

    @Bean
    public SimpleControllerHandlerAdapter simpleControllerHandlerAdapter() {
        return new SimpleControllerHandlerAdapter();
    }

    @Bean
    public AccessStrategyMapper defaultAccessStrategyMapper() {
        return new DefaultAccessStrategyMapper();
    }

    @Bean
    public RegisteredServiceFactory registeredServiceFactory() {
        this.formDataPopulators.add(attributeFormDataPopulator());
        return new DefaultRegisteredServiceFactory(defaultAccessStrategyMapper(), defaultAttributeReleasePolicyMapper(), defaultProxyPolicyMapper(), defaultRegisteredServiceMapper(), usernameAttributeProviderMapper(), this.formDataPopulators);
    }

    @Bean
    public AttributeReleasePolicyMapper defaultAttributeReleasePolicyMapper() {
        return new DefaultAttributeReleasePolicyMapper(defaultAttributeFilterMapper(), defaultPrincipalAttributesRepositoryMapper(), userDefinedScopeBasedAttributeReleasePolicies());
    }

    @Bean
    public FormDataPopulator attributeFormDataPopulator() {
        return new AttributeFormDataPopulator(attributeRepository());
    }

    @Bean
    public DefaultUsernameAttributeProviderMapper usernameAttributeProviderMapper() {
        return new DefaultUsernameAttributeProviderMapper();
    }

    @Bean
    public RegisteredServiceMapper defaultRegisteredServiceMapper() {
        return new DefaultRegisteredServiceMapper();
    }

    @Bean
    public ProxyPolicyMapper defaultProxyPolicyMapper() {
        return new DefaultProxyPolicyMapper();
    }

    @Bean
    public AttributeFilterMapper defaultAttributeFilterMapper() {
        return new DefaultAttributeFilterMapper();
    }

    @Bean
    public PrincipalAttributesRepositoryMapper defaultPrincipalAttributesRepositoryMapper() {
        return new DefaultPrincipalAttributesRepositoryMapper();
    }

    @Bean
    public ManageRegisteredServicesMultiActionController manageRegisteredServicesMultiActionController(@Qualifier("servicesManager") ServicesManager servicesManager) {
        return new ManageRegisteredServicesMultiActionController(servicesManager, registeredServiceFactory(), this.webApplicationServiceFactory, getDefaultServiceUrl());
    }

    @Bean
    public RegisteredServiceSimpleFormController registeredServiceSimpleFormController(@Qualifier("servicesManager") ServicesManager servicesManager) {
        return new RegisteredServiceSimpleFormController(servicesManager, registeredServiceFactory());
    }

    private String getDefaultServiceUrl() {
        return this.casProperties.getMgmt().getServerName().concat(this.serverProperties.getContextPath()).concat("/manage.html");
    }

    @Bean
    public List serviceFactoryList() {
        return new ArrayList();
    }

    @RefreshScope
    @Bean
    public Collection<BaseOidcScopeAttributeReleasePolicy> userDefinedScopeBasedAttributeReleasePolicies() {
        return (Collection) this.casProperties.getAuthn().getOidc().getUserDefinedScopes().entrySet().stream().map(entry -> {
            return new OidcCustomScopeAttributeReleasePolicy((String) entry.getKey(), Arrays.asList(((String) entry.getValue()).split(",")));
        }).collect(Collectors.toSet());
    }

    @Bean
    public Map<String, UniqueTicketIdGenerator> uniqueIdGeneratorsMap() {
        return new HashMap();
    }

    @Bean
    public List<AuthenticationMetaDataPopulator> authenticationMetadataPopulators() {
        return new ArrayList();
    }
}
