package org.apereo.cas.mgmt.config;

import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import org.apache.commons.lang3.ArrayUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.CasManagementConfigurationProperties;
import org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer;
import org.apereo.cas.mgmt.authz.CasSpringSecurityAuthorizationGenerator;
import org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator;
import org.apereo.cas.mgmt.authz.yaml.YamlResourceAuthorizationGenerator;
import org.pac4j.core.authorization.authorizer.Authorizer;
import org.pac4j.core.authorization.generator.AuthorizationGenerator;
import org.pac4j.core.authorization.generator.FromAttributesAuthorizationGenerator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;

@EnableConfigurationProperties({CasManagementConfigurationProperties.class, CasConfigurationProperties.class})
@Configuration("casManagementAuthorizationConfiguration")
/* loaded from: input_file:WEB-INF/lib/cas-mgmt-config-authz-6.3.10.jar:org/apereo/cas/mgmt/config/CasManagementAuthorizationConfiguration.class */
public class CasManagementAuthorizationConfiguration {

    @Autowired
    private CasManagementConfigurationProperties mgmtProperties;

    @ConditionalOnMissingBean(name = {"authorizationGenerator"})
    @Bean
    public AuthorizationGenerator authorizationGenerator() {
        List<String> authzAttributes = this.mgmtProperties.getAuthzAttributes();
        return !authzAttributes.isEmpty() ? authzAttributes.stream().anyMatch(str -> {
            return str.equals("*");
        }) ? staticAdminRolesAuthorizationGenerator() : new FromAttributesAuthorizationGenerator((String[]) authzAttributes.toArray(ArrayUtils.EMPTY_STRING_ARRAY), ArrayUtils.EMPTY_STRING_ARRAY) : springSecurityPropertiesAuthorizationGenerator();
    }

    @ConditionalOnMissingBean(name = {"staticAdminRolesAuthorizationGenerator"})
    @Bean
    public AuthorizationGenerator staticAdminRolesAuthorizationGenerator() {
        return (webContext, userProfile) -> {
            userProfile.addRoles(this.mgmtProperties.getAdminRoles());
            userProfile.addRoles(this.mgmtProperties.getUserRoles());
            return Optional.of(userProfile);
        };
    }

    @ConditionalOnMissingBean(name = {"managementWebappAuthorizer"})
    @Bean
    public Authorizer managementWebappAuthorizer() {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(this.mgmtProperties.getAdminRoles());
        arrayList.addAll(this.mgmtProperties.getUserRoles());
        return new CasRoleBasedAuthorizer(arrayList);
    }

    @ConditionalOnMissingBean(name = {"springSecurityPropertiesAuthorizationGenerator"})
    @ConditionalOnProperty(prefix = "mgmt", name = {"user-properties-file"})
    @Bean
    public AuthorizationGenerator springSecurityPropertiesAuthorizationGenerator() {
        Resource userPropertiesFile = this.mgmtProperties.getUserPropertiesFile();
        return userPropertiesFile.getFilename().endsWith("json") ? new JsonResourceAuthorizationGenerator(userPropertiesFile) : userPropertiesFile.getFilename().endsWith("yml") ? new YamlResourceAuthorizationGenerator(userPropertiesFile) : new CasSpringSecurityAuthorizationGenerator(userPropertiesFile);
    }
}
