package org.apereo.cas.mgmt.config;

import java.time.Duration;
import java.util.HashMap;
import javax.xml.XMLConstants;
import lombok.Generated;
import net.shibboleth.utilities.java.support.xml.BasicParserPool;
import org.apache.commons.lang3.ClassUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.CasManagementConfigurationProperties;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties;
import org.apereo.cas.mgmt.InCommonMetadataAggregateResolver;
import org.apereo.cas.mgmt.MetadataAggregateResolver;
import org.apereo.cas.mgmt.MgmtManagerFactory;
import org.apereo.cas.mgmt.SamlController;
import org.apereo.cas.mgmt.UrlMetadataResolver;
import org.apereo.cas.mgmt.factory.FormDataFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.ServicesManagerRegisteredServiceLocator;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.services.SamlIdPServicesManagerRegisteredServiceLocator;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceDefaultCachingMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceMetadataResolverCacheLoader;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.ClasspathResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.FileSystemResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.GroovyResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.JsonResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.MetadataQueryProtocolMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver;
import org.apereo.cas.support.saml.services.idp.metadata.plan.DefaultSamlRegisteredServiceMetadataResolutionPlan;
import org.apereo.cas.support.saml.services.idp.metadata.plan.SamlRegisteredServiceMetadataResolutionPlan;
import org.apereo.cas.support.saml.services.idp.metadata.plan.SamlRegisteredServiceMetadataResolutionPlanConfigurer;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.http.HttpClient;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
import org.opensaml.saml.metadata.resolver.filter.impl.SignatureValidationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({CasConfigurationProperties.class, CasManagementConfigurationProperties.class})
@Configuration(value = "casManagementSamlConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:WEB-INF/lib/cas-mgmt-config-saml-6.5.3.jar:org/apereo/cas/mgmt/config/CasManagementSamlConfiguration.class */
public class CasManagementSamlConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CasManagementSamlConfiguration.class);
    private static final int POOL_SIZE = 200;

    private static MetadataFilter getMetadataAggregateFilter(CasManagementConfigurationProperties casManagementConfigurationProperties) throws Exception {
        if (!ResourceUtils.doesResourceExist(casManagementConfigurationProperties.getInCommonCert())) {
            return (xMLObject, metadataFilterContext) -> {
                return xMLObject;
            };
        }
        SignatureValidationFilter buildSignatureValidationFilter = SamlUtils.buildSignatureValidationFilter(casManagementConfigurationProperties.getInCommonCert());
        buildSignatureValidationFilter.setRequireSignedRoot(false);
        return buildSignatureValidationFilter;
    }

    @Bean
    public SamlController samlController(@Qualifier("urlMetadataResolver") UrlMetadataResolver urlMetadataResolver, @Qualifier("metadataAggregateResolver") MetadataAggregateResolver metadataAggregateResolver, @Qualifier("managerFactory") MgmtManagerFactory<? extends ServicesManager> mgmtManagerFactory, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, CasManagementConfigurationProperties casManagementConfigurationProperties, @Qualifier("formDataFactory") FormDataFactory formDataFactory) {
        return new SamlController(mgmtManagerFactory, casManagementConfigurationProperties, formDataFactory.create(), openSamlConfigBean, metadataAggregateResolver, urlMetadataResolver);
    }

    @Bean
    public MetadataAggregateResolver metadataAggregateResolver(@Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, CasConfigurationProperties casConfigurationProperties, CasManagementConfigurationProperties casManagementConfigurationProperties) {
        return new InCommonMetadataAggregateResolver(casConfigurationProperties, casManagementConfigurationProperties, openSamlConfigBean, getMetadataAggregateFilter(casManagementConfigurationProperties));
    }

    @Bean
    public UrlMetadataResolver urlMetadataResolver(CasConfigurationProperties casConfigurationProperties) {
        return new UrlMetadataResolver(casConfigurationProperties);
    }

    @Bean(name = {OpenSamlConfigBean.DEFAULT_BEAN_NAME})
    public OpenSamlConfigBean openSamlConfigBean(@Qualifier("shibboleth.ParserPool") BasicParserPool basicParserPool) {
        return new OpenSamlConfigBean(basicParserPool);
    }

    @Bean(name = {"shibboleth.ParserPool"}, initMethod = "initialize")
    public BasicParserPool parserPool(CasConfigurationProperties casConfigurationProperties) {
        BasicParserPool basicParserPool = new BasicParserPool();
        basicParserPool.setMaxPoolSize(200);
        basicParserPool.setCoalescing(true);
        basicParserPool.setIgnoreComments(true);
        basicParserPool.setXincludeAware(false);
        basicParserPool.setExpandEntityReferences(false);
        basicParserPool.setIgnoreComments(true);
        basicParserPool.setNamespaceAware(true);
        HashMap hashMap = new HashMap();
        hashMap.put("http://apache.org/xml/properties/security-manager", ClassUtils.getClass(casConfigurationProperties.getSamlCore().getSecurityManager()).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]));
        basicParserPool.setBuilderAttributes(hashMap);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("http://apache.org/xml/features/disallow-doctype-decl", Boolean.TRUE);
        hashMap2.put("http://apache.org/xml/features/validation/schema/normalized-value", Boolean.FALSE);
        hashMap2.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
        hashMap2.put("http://xml.org/sax/features/external-general-entities", Boolean.FALSE);
        hashMap2.put("http://xml.org/sax/features/external-parameter-entities", Boolean.FALSE);
        basicParserPool.setBuilderFeatures(hashMap2);
        return basicParserPool;
    }

    @ConditionalOnMissingBean(name = {"samlRegisteredServiceMetadataResolvers"})
    @Bean
    public SamlRegisteredServiceMetadataResolutionPlan samlRegisteredServiceMetadataResolvers(@Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        DefaultSamlRegisteredServiceMetadataResolutionPlan defaultSamlRegisteredServiceMetadataResolutionPlan = new DefaultSamlRegisteredServiceMetadataResolutionPlan();
        SamlIdPProperties samlIdp = casConfigurationProperties.getAuthn().getSamlIdp();
        defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new MetadataQueryProtocolMetadataResolver(samlIdp, openSamlConfigBean));
        defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new JsonResourceMetadataResolver(samlIdp, openSamlConfigBean));
        defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new FileSystemResourceMetadataResolver(samlIdp, openSamlConfigBean));
        defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new UrlResourceMetadataResolver(samlIdp, openSamlConfigBean));
        defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new ClasspathResourceMetadataResolver(samlIdp, openSamlConfigBean));
        defaultSamlRegisteredServiceMetadataResolutionPlan.registerMetadataResolver(new GroovyResourceMetadataResolver(samlIdp, openSamlConfigBean));
        configurableApplicationContext.getBeansOfType(SamlRegisteredServiceMetadataResolutionPlanConfigurer.class, false, true).values().forEach(samlRegisteredServiceMetadataResolutionPlanConfigurer -> {
            LOGGER.trace("Configuring saml metadata resolution plan [{}]", samlRegisteredServiceMetadataResolutionPlanConfigurer.getName());
            samlRegisteredServiceMetadataResolutionPlanConfigurer.configureMetadataResolutionPlan(defaultSamlRegisteredServiceMetadataResolutionPlan);
        });
        return defaultSamlRegisteredServiceMetadataResolutionPlan;
    }

    @ConditionalOnMissingBean(name = {"chainingMetadataResolverCacheLoader"})
    @Bean
    public SamlRegisteredServiceMetadataResolverCacheLoader chainingMetadataResolverCacheLoader(@Qualifier("samlRegisteredServiceMetadataResolvers") SamlRegisteredServiceMetadataResolutionPlan samlRegisteredServiceMetadataResolutionPlan, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, @Qualifier("noRedirectHttpClient") HttpClient httpClient) {
        return new SamlRegisteredServiceMetadataResolverCacheLoader(openSamlConfigBean, httpClient, samlRegisteredServiceMetadataResolutionPlan);
    }

    @ConditionalOnMissingBean(name = {SamlRegisteredServiceCachingMetadataResolver.DEFAULT_BEAN_NAME})
    @Bean
    public SamlRegisteredServiceCachingMetadataResolver defaultSamlRegisteredServiceCachingMetadataResolver(@Qualifier("chainingMetadataResolverCacheLoader") SamlRegisteredServiceMetadataResolverCacheLoader samlRegisteredServiceMetadataResolverCacheLoader, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean, CasConfigurationProperties casConfigurationProperties) {
        return new SamlRegisteredServiceDefaultCachingMetadataResolver(Duration.parse(casConfigurationProperties.getAuthn().getSamlIdp().getMetadata().getCore().getCacheExpiration()), samlRegisteredServiceMetadataResolverCacheLoader, openSamlConfigBean);
    }

    @ConditionalOnMissingBean(name = {"samlIdPServicesManagerRegisteredServiceLocator"})
    @Bean
    public ServicesManagerRegisteredServiceLocator samlIdPServicesManagerRegisteredServiceLocator(@Qualifier("defaultSamlRegisteredServiceCachingMetadataResolver") SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver) {
        return new SamlIdPServicesManagerRegisteredServiceLocator(samlRegisteredServiceCachingMetadataResolver);
    }
}
