package org.apereo.cas.mgmt.config;

import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableList;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.mgmt.services.audit.Pac4jAuditablePrincipalResolver;
import org.apereo.cas.mgmt.services.audit.ServiceManagementResourceResolver;
import org.apereo.cas.mgmt.services.web.ManageRegisteredServicesMultiActionController;
import org.apereo.cas.mgmt.services.web.RegisteredServiceSimpleFormController;
import org.apereo.cas.mgmt.services.web.factory.AccessStrategyMapper;
import org.apereo.cas.mgmt.services.web.factory.AttributeFilterMapper;
import org.apereo.cas.mgmt.services.web.factory.AttributeFormDataPopulator;
import org.apereo.cas.mgmt.services.web.factory.AttributeReleasePolicyMapper;
import org.apereo.cas.mgmt.services.web.factory.DefaultAccessStrategyMapper;
import org.apereo.cas.mgmt.services.web.factory.DefaultAttributeFilterMapper;
import org.apereo.cas.mgmt.services.web.factory.DefaultAttributeReleasePolicyMapper;
import org.apereo.cas.mgmt.services.web.factory.DefaultPrincipalAttributesRepositoryMapper;
import org.apereo.cas.mgmt.services.web.factory.DefaultProxyPolicyMapper;
import org.apereo.cas.mgmt.services.web.factory.DefaultRegisteredServiceFactory;
import org.apereo.cas.mgmt.services.web.factory.DefaultRegisteredServiceMapper;
import org.apereo.cas.mgmt.services.web.factory.DefaultUsernameAttributeProviderMapper;
import org.apereo.cas.mgmt.services.web.factory.FormDataPopulator;
import org.apereo.cas.mgmt.services.web.factory.PrincipalAttributesRepositoryMapper;
import org.apereo.cas.mgmt.services.web.factory.ProxyPolicyMapper;
import org.apereo.cas.mgmt.services.web.factory.RegisteredServiceFactory;
import org.apereo.cas.mgmt.services.web.factory.RegisteredServiceMapper;
import org.apereo.cas.services.ServicesManager;
import org.apereo.inspektr.audit.AuditTrailManagementAspect;
import org.apereo.inspektr.audit.AuditTrailManager;
import org.apereo.inspektr.audit.spi.AuditActionResolver;
import org.apereo.inspektr.audit.spi.AuditResourceResolver;
import org.apereo.inspektr.audit.spi.support.DefaultAuditActionResolver;
import org.apereo.inspektr.audit.spi.support.ObjectCreationAuditActionResolver;
import org.apereo.inspektr.audit.spi.support.ParametersAsStringResourceResolver;
import org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager;
import org.apereo.inspektr.common.spi.PrincipalResolver;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.pac4j.cas.client.CasClient;
import org.pac4j.core.authorization.authorizer.Authorizer;
import org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer;
import org.pac4j.core.authorization.generator.AuthorizationGenerator;
import org.pac4j.core.authorization.generator.FromAttributesAuthorizationGenerator;
import org.pac4j.core.authorization.generator.SpringSecurityPropertiesAuthorizationGenerator;
import org.pac4j.core.client.Client;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.engine.DefaultSecurityLogic;
import org.pac4j.core.exception.HttpAction;
import org.pac4j.springframework.web.SecurityInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.CharacterEncodingFilter;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.handler.SimpleUrlHandlerMapping;
import org.springframework.web.servlet.i18n.CookieLocaleResolver;
import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
import org.springframework.web.servlet.mvc.Controller;
import org.springframework.web.servlet.mvc.ParameterizableViewController;
import org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter;
import org.springframework.web.servlet.mvc.UrlFilenameViewController;
import org.springframework.web.servlet.view.RedirectView;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casManagementWebAppConfiguration")
/* loaded from: input_file:org/apereo/cas/mgmt/config/CasManagementWebAppConfiguration.class */
public class CasManagementWebAppConfiguration extends WebMvcConfigurerAdapter {
    private static final String AUDIT_ACTION_SUFFIX_FAILED = "_FAILED";
    private static final String AUDIT_ACTION_SUFFIX_SUCCESS = "_SUCCESS";

    @Autowired(required = false)
    @Qualifier("formDataPopulators")
    private List formDataPopulators = new ArrayList();

    @Autowired
    private ServerProperties serverProperties;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Bean
    public Filter characterEncodingFilter() {
        return new CharacterEncodingFilter(StandardCharsets.UTF_8.name(), true);
    }

    @Bean
    public Authorizer requireAnyRoleAuthorizer() {
        return new RequireAnyRoleAuthorizer(StringUtils.commaDelimitedListToSet(this.casProperties.getMgmt().getAdminRoles()));
    }

    @ConditionalOnMissingBean(name = {"attributeRepository"})
    @RefreshScope
    @Bean(name = {"stubAttributeRepository", "attributeRepository"})
    public IPersonAttributeDao stubAttributeRepository() {
        return Beans.newStubAttributeRepository(this.casProperties.getAuthn().getAttributeRepository());
    }

    @Bean
    public Client casClient() {
        CasClient casClient = new CasClient(this.casProperties.getServer().getLoginUrl());
        casClient.setAuthorizationGenerator(authorizationGenerator());
        return casClient;
    }

    @Bean
    public Config config() {
        Config config = new Config(getDefaultServiceUrl(), casClient());
        config.setAuthorizer(requireAnyRoleAuthorizer());
        return config;
    }

    @Bean
    protected Controller rootController() {
        return new ParameterizableViewController() { // from class: org.apereo.cas.mgmt.config.CasManagementWebAppConfiguration.1
            protected ModelAndView handleRequestInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
                return new ModelAndView(new RedirectView(httpServletResponse.encodeURL(httpServletRequest.getContextPath() + "/manage.html")));
            }
        };
    }

    @Bean
    public SimpleUrlHandlerMapping handlerMappingC() {
        SimpleUrlHandlerMapping simpleUrlHandlerMapping = new SimpleUrlHandlerMapping();
        simpleUrlHandlerMapping.setOrder(1);
        simpleUrlHandlerMapping.setAlwaysUseFullPath(true);
        simpleUrlHandlerMapping.setRootHandler(rootController());
        Properties properties = new Properties();
        properties.put("/*.html", new UrlFilenameViewController());
        simpleUrlHandlerMapping.setMappings(properties);
        return simpleUrlHandlerMapping;
    }

    @Bean
    public HandlerInterceptorAdapter casManagementSecurityInterceptor() {
        SecurityInterceptor securityInterceptor = new SecurityInterceptor(config(), "CasClient", "securityHeaders,csrfToken,RequireAnyRoleAuthorizer");
        securityInterceptor.setSecurityLogic(new DefaultSecurityLogic() { // from class: org.apereo.cas.mgmt.config.CasManagementWebAppConfiguration.2
            protected HttpAction forbidden(WebContext webContext, List list, List list2, String str) {
                return HttpAction.redirect("Authorization failed", webContext, "authorizationFailure");
            }
        });
        return securityInterceptor;
    }

    @Bean
    public ParametersAsStringResourceResolver saveServiceResourceResolver() {
        return new ParametersAsStringResourceResolver();
    }

    @Bean
    public AuditResourceResolver deleteServiceResourceResolver() {
        return new ServiceManagementResourceResolver();
    }

    @Bean
    public AuditActionResolver saveServiceActionResolver() {
        return new DefaultAuditActionResolver(AUDIT_ACTION_SUFFIX_SUCCESS, AUDIT_ACTION_SUFFIX_FAILED);
    }

    @Bean
    public AuditActionResolver deleteServiceActionResolver() {
        return new ObjectCreationAuditActionResolver(AUDIT_ACTION_SUFFIX_SUCCESS, AUDIT_ACTION_SUFFIX_FAILED);
    }

    @Bean
    public PrincipalResolver auditablePrincipalResolver() {
        return new Pac4jAuditablePrincipalResolver();
    }

    @Bean
    public AuditTrailManagementAspect auditTrailManagementAspect() {
        return new AuditTrailManagementAspect("CAS_Management", auditablePrincipalResolver(), ImmutableList.of(slf4jAuditTrailManager()), auditActionResolverMap(), auditResourceResolverMap());
    }

    @RefreshScope
    @Bean(name = {"slf4jAuditTrailManager", "auditTrailManager"})
    public AuditTrailManager slf4jAuditTrailManager() {
        return new Slf4jLoggingAuditTrailManager();
    }

    @RefreshScope
    @Bean
    public Properties userProperties() {
        try {
            Properties properties = new Properties();
            properties.load(this.casProperties.getMgmt().getUserPropertiesFile().getInputStream());
            return properties;
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    @ConditionalOnMissingBean(name = {"authorizationGenerator"})
    @RefreshScope
    @Bean
    public AuthorizationGenerator authorizationGenerator() {
        return StringUtils.hasText(this.casProperties.getMgmt().getAuthzAttributes()) ? "*".equals(this.casProperties.getMgmt().getAuthzAttributes()) ? commonProfile -> {
            commonProfile.addRoles(StringUtils.commaDelimitedListToSet(this.casProperties.getMgmt().getAdminRoles()));
        } : new FromAttributesAuthorizationGenerator(StringUtils.commaDelimitedListToStringArray(this.casProperties.getMgmt().getAuthzAttributes()), new String[0]) : new SpringSecurityPropertiesAuthorizationGenerator(userProperties());
    }

    @Bean
    public CookieLocaleResolver localeResolver() {
        return new CookieLocaleResolver() { // from class: org.apereo.cas.mgmt.config.CasManagementWebAppConfiguration.3
            protected Locale determineDefaultLocale(HttpServletRequest httpServletRequest) {
                Locale locale = httpServletRequest.getLocale();
                return (StringUtils.isEmpty(CasManagementWebAppConfiguration.this.casProperties.getMgmt().getDefaultLocale()) || !locale.getLanguage().equals(CasManagementWebAppConfiguration.this.casProperties.getMgmt().getDefaultLocale())) ? locale : new Locale(CasManagementWebAppConfiguration.this.casProperties.getMgmt().getDefaultLocale());
            }
        };
    }

    @RefreshScope
    @Bean
    public LocaleChangeInterceptor localeChangeInterceptor() {
        LocaleChangeInterceptor localeChangeInterceptor = new LocaleChangeInterceptor();
        localeChangeInterceptor.setParamName(this.casProperties.getLocale().getParamName());
        return localeChangeInterceptor;
    }

    @Bean
    public Map auditResourceResolverMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("DELETE_SERVICE_RESOURCE_RESOLVER", deleteServiceResourceResolver());
        hashMap.put("SAVE_SERVICE_RESOURCE_RESOLVER", saveServiceResourceResolver());
        return hashMap;
    }

    @Bean
    public Map auditActionResolverMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("DELETE_SERVICE_ACTION_RESOLVER", deleteServiceActionResolver());
        hashMap.put("SAVE_SERVICE_ACTION_RESOLVER", saveServiceActionResolver());
        return hashMap;
    }

    public void addInterceptors(InterceptorRegistry interceptorRegistry) {
        interceptorRegistry.addInterceptor(localeChangeInterceptor());
        interceptorRegistry.addInterceptor(casManagementSecurityInterceptor()).addPathPatterns(new String[]{"/**"}).excludePathPatterns(new String[]{"/callback*", "/logout*", "/authorizationFailure"});
    }

    @Bean
    public SimpleControllerHandlerAdapter simpleControllerHandlerAdapter() {
        return new SimpleControllerHandlerAdapter();
    }

    @Bean
    public static PropertySourcesPlaceholderConfigurer placeHolderConfigurer() {
        return new PropertySourcesPlaceholderConfigurer();
    }

    @Bean
    public AccessStrategyMapper defaultAccessStrategyMapper() {
        return new DefaultAccessStrategyMapper();
    }

    @Bean
    public RegisteredServiceFactory registeredServiceFactory() {
        DefaultRegisteredServiceFactory defaultRegisteredServiceFactory = new DefaultRegisteredServiceFactory();
        defaultRegisteredServiceFactory.setAccessStrategyMapper(defaultAccessStrategyMapper());
        defaultRegisteredServiceFactory.setAttributeReleasePolicyMapper(defaultAttributeReleasePolicyMapper());
        defaultRegisteredServiceFactory.setProxyPolicyMapper(defaultProxyPolicyMapper());
        defaultRegisteredServiceFactory.setRegisteredServiceMapper(defaultRegisteredServiceMapper());
        defaultRegisteredServiceFactory.setUsernameAttributeProviderMapper(usernameAttributeProviderMapper());
        this.formDataPopulators.add(attributeFormDataPopulator());
        defaultRegisteredServiceFactory.setFormDataPopulators(this.formDataPopulators);
        return defaultRegisteredServiceFactory;
    }

    @Bean
    public AttributeReleasePolicyMapper defaultAttributeReleasePolicyMapper() {
        DefaultAttributeReleasePolicyMapper defaultAttributeReleasePolicyMapper = new DefaultAttributeReleasePolicyMapper();
        defaultAttributeReleasePolicyMapper.setAttributeFilterMapper(defaultAttributeFilterMapper());
        defaultAttributeReleasePolicyMapper.setPrincipalAttributesRepositoryMapper(defaultPrincipalAttributesRepositoryMapper());
        return defaultAttributeReleasePolicyMapper;
    }

    @Bean
    public FormDataPopulator attributeFormDataPopulator() {
        return new AttributeFormDataPopulator(stubAttributeRepository());
    }

    @Bean
    public DefaultUsernameAttributeProviderMapper usernameAttributeProviderMapper() {
        return new DefaultUsernameAttributeProviderMapper();
    }

    @Bean
    public RegisteredServiceMapper defaultRegisteredServiceMapper() {
        return new DefaultRegisteredServiceMapper();
    }

    @Bean
    public ProxyPolicyMapper defaultProxyPolicyMapper() {
        return new DefaultProxyPolicyMapper();
    }

    @Bean
    public AttributeFilterMapper defaultAttributeFilterMapper() {
        return new DefaultAttributeFilterMapper();
    }

    @Bean
    public PrincipalAttributesRepositoryMapper defaultPrincipalAttributesRepositoryMapper() {
        return new DefaultPrincipalAttributesRepositoryMapper();
    }

    @Bean
    public ManageRegisteredServicesMultiActionController manageRegisteredServicesMultiActionController(@Qualifier("servicesManager") ServicesManager servicesManager) {
        return new ManageRegisteredServicesMultiActionController(servicesManager, registeredServiceFactory(), getDefaultServiceUrl());
    }

    @Bean
    public RegisteredServiceSimpleFormController registeredServiceSimpleFormController(@Qualifier("servicesManager") ServicesManager servicesManager) {
        return new RegisteredServiceSimpleFormController(servicesManager, registeredServiceFactory());
    }

    private String getDefaultServiceUrl() {
        return this.casProperties.getMgmt().getServerName().concat(this.serverProperties.getContextPath()).concat("/callback");
    }

    @Bean
    public List serviceFactoryList() {
        return new ArrayList();
    }

    @Bean
    public Map uniqueIdGeneratorsMap() {
        return new HashMap();
    }

    @Bean
    public List authenticationMetadataPopulators() {
        return new ArrayList();
    }
}
