package org.apereo.cas.config;

import jakarta.annotation.Nonnull;
import java.util.List;
import java.util.Objects;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.oidc.issuer.OidcIssuerService;
import org.apereo.cas.throttle.AuthenticationThrottlingExecutionPlan;
import org.apereo.cas.throttle.AuthenticationThrottlingExecutionPlanConfigurer;
import org.apereo.cas.throttle.ThrottledRequestFilter;
import org.apereo.cas.util.spring.RefreshableHandlerInterceptor;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.pac4j.jee.context.JEEContext;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration(value = "OidcThrottleConfiguration", proxyBeanMethods = false)
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.OpenIDConnect, CasFeatureModule.FeatureCatalog.Throttling})
/* loaded from: input_file:org/apereo/cas/config/OidcThrottleConfiguration.class */
class OidcThrottleConfiguration {

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "OidcThrottleExecutionPlanConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/OidcThrottleConfiguration$OidcThrottleExecutionPlanConfiguration.class */
    static class OidcThrottleExecutionPlanConfiguration {
        OidcThrottleExecutionPlanConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"oidcAuthenticationThrottlingExecutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuthenticationThrottlingExecutionPlanConfigurer oidcAuthenticationThrottlingExecutionPlanConfigurer(@Qualifier("oidcThrottledRequestFilter") ThrottledRequestFilter throttledRequestFilter) {
            return authenticationThrottlingExecutionPlan -> {
                authenticationThrottlingExecutionPlan.registerAuthenticationThrottleFilter(throttledRequestFilter);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "OidcThrottleFilterConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/OidcThrottleConfiguration$OidcThrottleFilterConfiguration.class */
    static class OidcThrottleFilterConfiguration {
        private static final List<String> THROTTLED_ENDPOINTS = List.of("oidcAccessToken", "oidcAuthorize", "oidcToken", "oidcProfile", "jwks", "clientConfig", "revoke", "introspect");

        OidcThrottleFilterConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"oidcThrottledRequestFilter"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ThrottledRequestFilter oidcThrottledRequestFilter(@Qualifier("oidcIssuerService") OidcIssuerService oidcIssuerService) {
            return (httpServletRequest, httpServletResponse) -> {
                JEEContext jEEContext = new JEEContext(httpServletRequest, httpServletResponse);
                return THROTTLED_ENDPOINTS.stream().anyMatch(str -> {
                    return oidcIssuerService.validateIssuer(jEEContext, str);
                });
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "OidcThrottleWebMvcConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/OidcThrottleConfiguration$OidcThrottleWebMvcConfiguration.class */
    static class OidcThrottleWebMvcConfiguration {
        OidcThrottleWebMvcConfiguration() {
        }

        @ConditionalOnMissingBean(name = {"oidcThrottleWebMvcConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public WebMvcConfigurer oidcThrottleWebMvcConfigurer(@Qualifier("authenticationThrottlingExecutionPlan") final ObjectProvider<AuthenticationThrottlingExecutionPlan> objectProvider) {
            return new WebMvcConfigurer(this) { // from class: org.apereo.cas.config.OidcThrottleConfiguration.OidcThrottleWebMvcConfiguration.1
                public void addInterceptors(@Nonnull InterceptorRegistry interceptorRegistry) {
                    objectProvider.ifAvailable(authenticationThrottlingExecutionPlan -> {
                        Objects.requireNonNull(authenticationThrottlingExecutionPlan);
                        interceptorRegistry.addInterceptor(new RefreshableHandlerInterceptor(authenticationThrottlingExecutionPlan::getAuthenticationThrottleInterceptors)).order(0).addPathPatterns(new String[]{"/oidc/**"});
                    });
                }
            };
        }
    }

    OidcThrottleConfiguration() {
    }
}
