package org.apereo.cas.oidc.config;

import com.github.benmanes.caffeine.cache.CacheLoader;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.LoadingCache;
import java.util.Optional;
import javax.persistence.EntityManagerFactory;
import javax.sql.DataSource;
import lombok.Generated;
import org.apereo.cas.authentication.CasSSLContext;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.jpa.JpaConfigurationContext;
import org.apereo.cas.configuration.model.support.oidc.OidcProperties;
import org.apereo.cas.configuration.model.support.oidc.jwks.MongoDbOidcJsonWebKeystoreProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.configuration.support.JpaBeans;
import org.apereo.cas.jpa.JpaBeanFactory;
import org.apereo.cas.mongo.MongoDbConnectionFactory;
import org.apereo.cas.oidc.jwks.OidcDefaultJsonWebKeyStoreListener;
import org.apereo.cas.oidc.jwks.OidcDefaultJsonWebKeystoreCacheLoader;
import org.apereo.cas.oidc.jwks.OidcJsonWebKeyCacheKey;
import org.apereo.cas.oidc.jwks.generator.OidcDefaultJsonWebKeystoreGeneratorService;
import org.apereo.cas.oidc.jwks.generator.OidcGroovyJsonWebKeystoreGeneratorService;
import org.apereo.cas.oidc.jwks.generator.OidcJsonWebKeystoreEntity;
import org.apereo.cas.oidc.jwks.generator.OidcJsonWebKeystoreGeneratorService;
import org.apereo.cas.oidc.jwks.generator.OidcRestfulJsonWebKeystoreGeneratorService;
import org.apereo.cas.oidc.jwks.generator.jpa.OidcJpaJsonWebKeystoreGeneratorService;
import org.apereo.cas.oidc.jwks.generator.mongo.OidcMongoDbJsonWebKeystoreGeneratorService;
import org.apereo.cas.oidc.jwks.rotation.OidcDefaultJsonWebKeystoreRotationService;
import org.apereo.cas.oidc.jwks.rotation.OidcJsonWebKeystoreRotationService;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.spring.BeanContainer;
import org.apereo.cas.util.spring.CasEventListener;
import org.jose4j.jwk.JsonWebKeySet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.data.mongodb.core.MongoTemplate;
import org.springframework.orm.jpa.JpaTransactionManager;
import org.springframework.orm.jpa.JpaVendorAdapter;
import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.support.TransactionTemplate;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "OidcJwksConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:org/apereo/cas/oidc/config/OidcJwksConfiguration.class */
public class OidcJwksConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(OidcJwksConfiguration.class);

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "OidcEndpointsJwksGeneratorConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/oidc/config/OidcJwksConfiguration$OidcEndpointsJwksGeneratorConfiguration.class */
    public static class OidcEndpointsJwksGeneratorConfiguration {
        @ConditionalOnMissingBean(name = {"oidcDefaultJsonWebKeystoreCacheLoader"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CacheLoader<OidcJsonWebKeyCacheKey, Optional<JsonWebKeySet>> oidcDefaultJsonWebKeystoreCacheLoader(@Qualifier("oidcJsonWebKeystoreGeneratorService") OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService) {
            return new OidcDefaultJsonWebKeystoreCacheLoader(oidcJsonWebKeystoreGeneratorService);
        }

        @ConditionalOnMissingBean(name = {"oidcJsonWebKeyStoreListener"})
        @Bean
        public CasEventListener oidcJsonWebKeyStoreListener(@Qualifier("oidcDefaultJsonWebKeystoreCache") LoadingCache<OidcJsonWebKeyCacheKey, Optional<JsonWebKeySet>> loadingCache) {
            return new OidcDefaultJsonWebKeyStoreListener(loadingCache);
        }

        @ConditionalOnMissingBean(name = {"oidcDefaultJsonWebKeystoreCache"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public LoadingCache<OidcJsonWebKeyCacheKey, Optional<JsonWebKeySet>> oidcDefaultJsonWebKeystoreCache(@Qualifier("oidcDefaultJsonWebKeystoreCacheLoader") CacheLoader<OidcJsonWebKeyCacheKey, Optional<JsonWebKeySet>> cacheLoader, CasConfigurationProperties casConfigurationProperties) {
            return Caffeine.newBuilder().maximumSize(100L).expireAfterWrite(Beans.newDuration(casConfigurationProperties.getAuthn().getOidc().getJwks().getCore().getJwksCacheExpiration())).build(cacheLoader);
        }

        @ConditionalOnMissingBean(name = {"oidcJsonWebKeystoreGeneratorService"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean(initMethod = "generate")
        public OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
            return new OidcDefaultJsonWebKeystoreGeneratorService(casConfigurationProperties.getAuthn().getOidc(), configurableApplicationContext);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "OidcEndpointsJwksGroovyConfiguration", proxyBeanMethods = false)
    @ConditionalOnProperty(name = {"cas.authn.oidc.jwks.groovy.location"})
    /* loaded from: input_file:org/apereo/cas/oidc/config/OidcJwksConfiguration$OidcEndpointsJwksGroovyConfiguration.class */
    public static class OidcEndpointsJwksGroovyConfiguration {
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean(initMethod = "generate")
        public OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService(CasConfigurationProperties casConfigurationProperties) {
            return new OidcGroovyJsonWebKeystoreGeneratorService(casConfigurationProperties.getAuthn().getOidc().getJwks().getGroovy().getLocation());
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "OidcEndpointsJwksJpaConfiguration", proxyBeanMethods = false)
    @ConditionalOnClass({JpaBeanFactory.class})
    @ConditionalOnProperty(name = {"cas.authn.oidc.jwks.jpa.url"})
    /* loaded from: input_file:org/apereo/cas/oidc/config/OidcJwksConfiguration$OidcEndpointsJwksJpaConfiguration.class */
    public static class OidcEndpointsJwksJpaConfiguration {
        @Bean
        public PlatformTransactionManager transactionManagerOidcJwks(@Qualifier("oidcJwksEntityManagerFactory") EntityManagerFactory entityManagerFactory) {
            JpaTransactionManager jpaTransactionManager = new JpaTransactionManager();
            jpaTransactionManager.setEntityManagerFactory(entityManagerFactory);
            return jpaTransactionManager;
        }

        @Bean
        public LocalContainerEntityManagerFactoryBean oidcJwksEntityManagerFactory(@Qualifier("jpaOidcJwksVendorAdapter") JpaVendorAdapter jpaVendorAdapter, @Qualifier("dataSourceOidcJwks") DataSource dataSource, @Qualifier("jpaOidcJwksPackagesToScan") BeanContainer<String> beanContainer, @Qualifier("jpaBeanFactory") JpaBeanFactory jpaBeanFactory, CasConfigurationProperties casConfigurationProperties) {
            return jpaBeanFactory.newEntityManagerFactoryBean(JpaConfigurationContext.builder().jpaVendorAdapter(jpaVendorAdapter).persistenceUnitName("jpaOidcJwksContext").dataSource(dataSource).packagesToScan(beanContainer.toSet()).build(), casConfigurationProperties.getAuthn().getOidc().getJwks().getJpa());
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public JpaVendorAdapter jpaOidcJwksVendorAdapter(@Qualifier("jpaBeanFactory") JpaBeanFactory jpaBeanFactory, CasConfigurationProperties casConfigurationProperties) {
            return jpaBeanFactory.newJpaVendorAdapter(casConfigurationProperties.getJdbc());
        }

        @Bean
        public BeanContainer<String> jpaOidcJwksPackagesToScan() {
            return BeanContainer.of(CollectionUtils.wrapSet(OidcJsonWebKeystoreEntity.class.getPackage().getName()));
        }

        @ConditionalOnMissingBean(name = {"dataSourceOidcJwks"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public DataSource dataSourceOidcJwks(CasConfigurationProperties casConfigurationProperties) {
            return JpaBeans.newDataSource(casConfigurationProperties.getAuthn().getOidc().getJwks().getJpa());
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean(initMethod = "generate")
        public OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService(@Qualifier("transactionManagerOidcJwks") PlatformTransactionManager platformTransactionManager, CasConfigurationProperties casConfigurationProperties) {
            OidcProperties oidc = casConfigurationProperties.getAuthn().getOidc();
            OidcJwksConfiguration.LOGGER.info("Managing JWKS via a relational database at [{}]", oidc.getJwks().getJpa().getUrl());
            return new OidcJpaJsonWebKeystoreGeneratorService(oidc, new TransactionTemplate(platformTransactionManager));
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "OidcEndpointsJwksMongoDbConfiguration", proxyBeanMethods = false)
    @ConditionalOnClass({MongoTemplate.class})
    @ConditionalOnProperty(prefix = "cas.authn.oidc.jwks.mongo", name = {"host", "collection"})
    /* loaded from: input_file:org/apereo/cas/oidc/config/OidcJwksConfiguration$OidcEndpointsJwksMongoDbConfiguration.class */
    public static class OidcEndpointsJwksMongoDbConfiguration {
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public MongoTemplate mongoOidcJsonWebKeystoreTemplate(CasConfigurationProperties casConfigurationProperties, @Qualifier("casSslContext") CasSSLContext casSSLContext) {
            MongoDbOidcJsonWebKeystoreProperties mongo = casConfigurationProperties.getAuthn().getOidc().getJwks().getMongo();
            MongoTemplate buildMongoTemplate = new MongoDbConnectionFactory(casSSLContext.getSslContext()).buildMongoTemplate(mongo);
            MongoDbConnectionFactory.createCollection(buildMongoTemplate, mongo.getCollection(), mongo.isDropCollection());
            return buildMongoTemplate;
        }

        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService(CasConfigurationProperties casConfigurationProperties, @Qualifier("mongoOidcJsonWebKeystoreTemplate") MongoTemplate mongoTemplate) {
            return new OidcMongoDbJsonWebKeystoreGeneratorService(mongoTemplate, casConfigurationProperties.getAuthn().getOidc());
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "OidcEndpointsJwksRestConfiguration", proxyBeanMethods = false)
    @ConditionalOnProperty(name = {"cas.authn.oidc.jwks.rest.url"})
    /* loaded from: input_file:org/apereo/cas/oidc/config/OidcJwksConfiguration$OidcEndpointsJwksRestConfiguration.class */
    public static class OidcEndpointsJwksRestConfiguration {
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean(initMethod = "generate")
        public OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService(CasConfigurationProperties casConfigurationProperties) {
            return new OidcRestfulJsonWebKeystoreGeneratorService(casConfigurationProperties.getAuthn().getOidc());
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "OidcEndpointsJwksRotationConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/oidc/config/OidcJwksConfiguration$OidcEndpointsJwksRotationConfiguration.class */
    public static class OidcEndpointsJwksRotationConfiguration {

        /* loaded from: input_file:org/apereo/cas/oidc/config/OidcJwksConfiguration$OidcEndpointsJwksRotationConfiguration$OidcJsonWebKeystoreRevocationScheduler.class */
        public static class OidcJsonWebKeystoreRevocationScheduler implements Runnable {

            @Generated
            private static final Logger LOGGER = LoggerFactory.getLogger(OidcJsonWebKeystoreRevocationScheduler.class);
            private final OidcJsonWebKeystoreRotationService rotationService;

            @Override // java.lang.Runnable
            @Scheduled(initialDelayString = "${cas.authn.oidc.jwks.revocation.schedule.start-delay:PT60S}", fixedDelayString = "${cas.authn.oidc.jwks.revocation.schedule.repeat-interval:P14D}")
            public void run() {
                FunctionUtils.doUnchecked(obj -> {
                    LOGGER.info("Starting to revoke keys in the OIDC keystore...");
                    this.rotationService.revoke();
                }, new Object[0]);
            }

            @Generated
            public OidcJsonWebKeystoreRevocationScheduler(OidcJsonWebKeystoreRotationService oidcJsonWebKeystoreRotationService) {
                this.rotationService = oidcJsonWebKeystoreRotationService;
            }
        }

        /* loaded from: input_file:org/apereo/cas/oidc/config/OidcJwksConfiguration$OidcEndpointsJwksRotationConfiguration$OidcJsonWebKeystoreRotationScheduler.class */
        public static class OidcJsonWebKeystoreRotationScheduler implements Runnable {

            @Generated
            private static final Logger LOGGER = LoggerFactory.getLogger(OidcJsonWebKeystoreRotationScheduler.class);
            private final OidcJsonWebKeystoreRotationService rotationService;

            @Override // java.lang.Runnable
            @Scheduled(initialDelayString = "${cas.authn.oidc.jwks.rotation.schedule.start-delay:PT60S}", fixedDelayString = "${cas.authn.oidc.jwks.rotation.schedule.repeat-interval:P90D}")
            public void run() {
                FunctionUtils.doUnchecked(obj -> {
                    LOGGER.info("Starting to rotate keys in the OIDC keystore...");
                    this.rotationService.rotate();
                }, new Object[0]);
            }

            @Generated
            public OidcJsonWebKeystoreRotationScheduler(OidcJsonWebKeystoreRotationService oidcJsonWebKeystoreRotationService) {
                this.rotationService = oidcJsonWebKeystoreRotationService;
            }
        }

        @ConditionalOnMissingBean(name = {"oidcJsonWebKeystoreRotationService"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public OidcJsonWebKeystoreRotationService oidcJsonWebKeystoreRotationService(@Qualifier("oidcJsonWebKeystoreGeneratorService") OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService, CasConfigurationProperties casConfigurationProperties) {
            return new OidcDefaultJsonWebKeystoreRotationService(casConfigurationProperties.getAuthn().getOidc(), oidcJsonWebKeystoreGeneratorService);
        }

        @ConditionalOnMissingBean(name = {"oidcJsonWebKeystoreRotationScheduler"})
        @ConditionalOnProperty(prefix = "cas.authn.oidc.jwks.rotation.schedule", name = {"enabled"}, havingValue = "true", matchIfMissing = false)
        @Bean
        public Runnable oidcJsonWebKeystoreRotationScheduler(@Qualifier("oidcJsonWebKeystoreRotationService") OidcJsonWebKeystoreRotationService oidcJsonWebKeystoreRotationService) {
            return new OidcJsonWebKeystoreRotationScheduler(oidcJsonWebKeystoreRotationService);
        }

        @ConditionalOnMissingBean(name = {"oidcJsonWebKeystoreRevocationScheduler"})
        @ConditionalOnProperty(prefix = "cas.authn.oidc.jwks.revocation.schedule", name = {"enabled"}, havingValue = "true", matchIfMissing = false)
        @Bean
        public Runnable oidcJsonWebKeystoreRevocationScheduler(@Qualifier("oidcJsonWebKeystoreRotationService") OidcJsonWebKeystoreRotationService oidcJsonWebKeystoreRotationService) {
            return new OidcJsonWebKeystoreRevocationScheduler(oidcJsonWebKeystoreRotationService);
        }
    }
}
