package org.apereo.cas.config;

import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.authentication.PseudoPlatformTransactionManager;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.ticket.TicketGrantingTicketProperties;
import org.apereo.cas.configuration.model.core.ticket.registry.TicketRegistryProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.logout.LogoutManager;
import org.apereo.cas.ticket.DefaultTicketCatalog;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.ticket.ServiceTicketFactory;
import org.apereo.cas.ticket.TicketCatalog;
import org.apereo.cas.ticket.TicketCatalogConfigurer;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.TicketGrantingTicketFactory;
import org.apereo.cas.ticket.UniqueTicketIdGenerator;
import org.apereo.cas.ticket.factory.DefaultProxyGrantingTicketFactory;
import org.apereo.cas.ticket.factory.DefaultProxyTicketFactory;
import org.apereo.cas.ticket.factory.DefaultServiceTicketFactory;
import org.apereo.cas.ticket.factory.DefaultTicketFactory;
import org.apereo.cas.ticket.factory.DefaultTicketGrantingTicketFactory;
import org.apereo.cas.ticket.proxy.ProxyGrantingTicketFactory;
import org.apereo.cas.ticket.proxy.ProxyHandler;
import org.apereo.cas.ticket.proxy.ProxyTicketFactory;
import org.apereo.cas.ticket.proxy.support.Cas10ProxyHandler;
import org.apereo.cas.ticket.proxy.support.Cas20ProxyHandler;
import org.apereo.cas.ticket.registry.DefaultTicketRegistry;
import org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner;
import org.apereo.cas.ticket.registry.DefaultTicketRegistrySupport;
import org.apereo.cas.ticket.registry.NoOpLockingStrategy;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.registry.TicketRegistryCleaner;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.ticket.registry.support.LockingStrategy;
import org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy;
import org.apereo.cas.ticket.support.HardTimeoutExpirationPolicy;
import org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy;
import org.apereo.cas.ticket.support.NeverExpiresExpirationPolicy;
import org.apereo.cas.ticket.support.RememberMeDelegatingExpirationPolicy;
import org.apereo.cas.ticket.support.ThrottledUseAndTimeoutExpirationPolicy;
import org.apereo.cas.ticket.support.TicketGrantingTicketExpirationPolicy;
import org.apereo.cas.ticket.support.TimeoutExpirationPolicy;
import org.apereo.cas.util.HostNameBasedUniqueTicketIdGenerator;
import org.apereo.cas.util.cipher.NoOpCipherExecutor;
import org.apereo.cas.util.cipher.ProtocolTicketCipherExecutor;
import org.apereo.cas.util.http.HttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.scheduling.annotation.EnableAsync;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import org.springframework.transaction.annotation.TransactionManagementConfigurer;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@EnableScheduling
@Configuration("casCoreTicketsConfiguration")
@EnableAsync
@EnableTransactionManagement(proxyTargetClass = true)
@AutoConfigureAfter({CasCoreUtilConfiguration.class, CasCoreTicketIdGeneratorsConfiguration.class})
/* loaded from: input_file:org/apereo/cas/config/CasCoreTicketsConfiguration.class */
public class CasCoreTicketsConfiguration implements TransactionManagementConfigurer {
    private static final Logger LOGGER = LoggerFactory.getLogger(CasCoreTicketsConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Lazy
    @Qualifier("uniqueIdGeneratorsMap")
    private Map<String, UniqueTicketIdGenerator> uniqueIdGeneratorsMap;

    @Autowired
    @Qualifier("logoutManager")
    private LogoutManager logoutManager;

    @Autowired
    @Qualifier("ticketRegistry")
    private TicketRegistry ticketRegistry;

    @Autowired
    @Qualifier("supportsTrustStoreSslSocketFactoryHttpClient")
    private HttpClient httpClient;

    @ConditionalOnMissingBean(name = {"defaultProxyGrantingTicketFactory"})
    @Bean
    public ProxyGrantingTicketFactory defaultProxyGrantingTicketFactory() {
        return new DefaultProxyGrantingTicketFactory(ticketGrantingTicketUniqueIdGenerator(), grantingTicketExpirationPolicy(), protocolTicketCipherExecutor());
    }

    @ConditionalOnMissingBean(name = {"defaultProxyTicketFactory"})
    @RefreshScope
    @Bean
    @Lazy
    public ProxyTicketFactory defaultProxyTicketFactory() {
        return new DefaultProxyTicketFactory(proxyTicketExpirationPolicy(), this.uniqueIdGeneratorsMap, protocolTicketCipherExecutor(), this.casProperties.getTicket().getTgt().isOnlyTrackMostRecentSession());
    }

    @ConditionalOnMissingBean(name = {"ticketGrantingTicketUniqueIdGenerator"})
    @Bean
    public UniqueTicketIdGenerator ticketGrantingTicketUniqueIdGenerator() {
        return new HostNameBasedUniqueTicketIdGenerator.TicketGrantingTicketIdGenerator(this.casProperties.getTicket().getTgt().getMaxLength(), this.casProperties.getHost().getName());
    }

    @ConditionalOnMissingBean(name = {"proxy20TicketUniqueIdGenerator"})
    @Bean
    public UniqueTicketIdGenerator proxy20TicketUniqueIdGenerator() {
        return new HostNameBasedUniqueTicketIdGenerator.ProxyTicketIdGenerator(this.casProperties.getTicket().getPgt().getMaxLength(), this.casProperties.getHost().getName());
    }

    @ConditionalOnMissingBean(name = {"defaultServiceTicketFactory"})
    @Bean
    @Lazy
    public ServiceTicketFactory defaultServiceTicketFactory() {
        return new DefaultServiceTicketFactory(serviceTicketExpirationPolicy(), this.uniqueIdGeneratorsMap, this.casProperties.getTicket().getTgt().isOnlyTrackMostRecentSession(), protocolTicketCipherExecutor());
    }

    @ConditionalOnMissingBean(name = {"defaultTicketGrantingTicketFactory"})
    @Bean
    public TicketGrantingTicketFactory defaultTicketGrantingTicketFactory() {
        return new DefaultTicketGrantingTicketFactory(ticketGrantingTicketUniqueIdGenerator(), grantingTicketExpirationPolicy(), protocolTicketCipherExecutor());
    }

    @ConditionalOnMissingBean(name = {"defaultTicketFactory"})
    @Bean
    public TicketFactory defaultTicketFactory() {
        return new DefaultTicketFactory(defaultProxyGrantingTicketFactory(), defaultTicketGrantingTicketFactory(), defaultServiceTicketFactory(), defaultProxyTicketFactory());
    }

    @ConditionalOnMissingBean(name = {"proxy10Handler"})
    @Bean
    public ProxyHandler proxy10Handler() {
        return new Cas10ProxyHandler();
    }

    @ConditionalOnMissingBean(name = {"proxy20Handler"})
    @Bean
    public ProxyHandler proxy20Handler() {
        return new Cas20ProxyHandler(this.httpClient, proxy20TicketUniqueIdGenerator());
    }

    @ConditionalOnMissingBean(name = {"ticketRegistry"})
    @RefreshScope
    @Bean
    public TicketRegistry ticketRegistry() {
        LOGGER.warn("Runtime memory is used as the persistence storage for retrieving and managing tickets. Tickets that are issued during runtime will be LOST upon container restarts. This MAY impact SSO functionality.");
        TicketRegistryProperties.InMemory inMemory = this.casProperties.getTicket().getRegistry().getInMemory();
        return new DefaultTicketRegistry(inMemory.getInitialCapacity(), inMemory.getLoadFactor(), inMemory.getConcurrency(), Beans.newTicketRegistryCipherExecutor(inMemory.getCrypto()));
    }

    @ConditionalOnMissingBean(name = {"defaultTicketRegistrySupport"})
    @Bean
    public TicketRegistrySupport defaultTicketRegistrySupport() {
        return new DefaultTicketRegistrySupport(this.ticketRegistry);
    }

    @ConditionalOnMissingBean(name = {"grantingTicketExpirationPolicy"})
    @Bean
    public ExpirationPolicy grantingTicketExpirationPolicy() {
        TicketGrantingTicketProperties tgt = this.casProperties.getTicket().getTgt();
        if (!tgt.getRememberMe().isEnabled()) {
            return buildTicketGrantingTicketExpirationPolicy();
        }
        RememberMeDelegatingExpirationPolicy rememberMeDelegatingExpirationPolicy = new RememberMeDelegatingExpirationPolicy();
        rememberMeDelegatingExpirationPolicy.setRememberMeExpirationPolicy(new HardTimeoutExpirationPolicy(tgt.getRememberMe().getTimeToKillInSeconds()));
        rememberMeDelegatingExpirationPolicy.setSessionExpirationPolicy(buildTicketGrantingTicketExpirationPolicy());
        return rememberMeDelegatingExpirationPolicy;
    }

    @ConditionalOnMissingBean(name = {"serviceTicketExpirationPolicy"})
    @Bean
    public ExpirationPolicy serviceTicketExpirationPolicy() {
        return new MultiTimeUseOrTimeoutExpirationPolicy.ServiceTicketExpirationPolicy(this.casProperties.getTicket().getSt().getNumberOfUses(), this.casProperties.getTicket().getSt().getTimeToKillInSeconds());
    }

    @ConditionalOnMissingBean(name = {"proxyTicketExpirationPolicy"})
    @Bean
    public ExpirationPolicy proxyTicketExpirationPolicy() {
        return new MultiTimeUseOrTimeoutExpirationPolicy.ProxyTicketExpirationPolicy(this.casProperties.getTicket().getPt().getNumberOfUses(), this.casProperties.getTicket().getPt().getTimeToKillInSeconds());
    }

    @ConditionalOnMissingBean(name = {"lockingStrategy"})
    @Bean
    public LockingStrategy lockingStrategy() {
        return new NoOpLockingStrategy();
    }

    @ConditionalOnMissingBean(name = {"ticketRegistryCleaner"})
    @Bean
    public TicketRegistryCleaner ticketRegistryCleaner() {
        return new DefaultTicketRegistryCleaner(lockingStrategy(), this.logoutManager, this.ticketRegistry, this.casProperties.getTicket().getRegistry().getCleaner().isEnabled());
    }

    @ConditionalOnMissingBean(name = {"ticketTransactionManager"})
    @Bean
    public PlatformTransactionManager ticketTransactionManager() {
        return new PseudoPlatformTransactionManager();
    }

    @ConditionalOnMissingBean(name = {"protocolTicketCipherExecutor"})
    @RefreshScope
    @Bean
    public CipherExecutor protocolTicketCipherExecutor() {
        if (this.casProperties.getTicket().getSecurity().isCipherEnabled()) {
            return new ProtocolTicketCipherExecutor(this.casProperties.getTicket().getSecurity().getEncryptionKey(), this.casProperties.getTicket().getSecurity().getSigningKey());
        }
        LOGGER.debug("Protocol tickets generated by CAS are not signed/encrypted.");
        return NoOpCipherExecutor.getInstance();
    }

    private ExpirationPolicy buildTicketGrantingTicketExpirationPolicy() {
        TicketGrantingTicketProperties tgt = this.casProperties.getTicket().getTgt();
        if (tgt.getMaxTimeToLiveInSeconds() < 0 && tgt.getTimeToKillInSeconds() < 0) {
            LOGGER.warn("Ticket-granting ticket expiration policy is set to NEVER expire tickets.");
            return new NeverExpiresExpirationPolicy();
        }
        if (tgt.getTimeout().getMaxTimeToLiveInSeconds() > 0) {
            LOGGER.debug("Ticket-granting ticket expiration policy is based on a timeout of [{}] seconds", Integer.valueOf(tgt.getTimeout().getMaxTimeToLiveInSeconds()));
            return new TimeoutExpirationPolicy(tgt.getTimeout().getMaxTimeToLiveInSeconds());
        }
        if (tgt.getMaxTimeToLiveInSeconds() > 0 && tgt.getTimeToKillInSeconds() > 0) {
            LOGGER.debug("Ticket-granting ticket expiration policy is based on hard/idle timeouts of [{}]/[{}] seconds", Integer.valueOf(tgt.getMaxTimeToLiveInSeconds()), Integer.valueOf(tgt.getTimeToKillInSeconds()));
            return new TicketGrantingTicketExpirationPolicy(tgt.getMaxTimeToLiveInSeconds(), tgt.getTimeToKillInSeconds());
        }
        if (tgt.getThrottledTimeout().getTimeInBetweenUsesInSeconds() <= 0 || tgt.getThrottledTimeout().getTimeToKillInSeconds() <= 0) {
            if (tgt.getHardTimeout().getTimeToKillInSeconds() > 0) {
                LOGGER.debug("Ticket-granting ticket expiration policy is based on a hard timeout of [{}] seconds", Long.valueOf(tgt.getHardTimeout().getTimeToKillInSeconds()));
                return new HardTimeoutExpirationPolicy(tgt.getHardTimeout().getTimeToKillInSeconds());
            }
            LOGGER.warn("Ticket-granting ticket expiration policy is set to ALWAYS expire tickets.");
            return new AlwaysExpiresExpirationPolicy();
        }
        ThrottledUseAndTimeoutExpirationPolicy throttledUseAndTimeoutExpirationPolicy = new ThrottledUseAndTimeoutExpirationPolicy();
        throttledUseAndTimeoutExpirationPolicy.setTimeToKillInSeconds(tgt.getThrottledTimeout().getTimeToKillInSeconds());
        throttledUseAndTimeoutExpirationPolicy.setTimeInBetweenUsesInSeconds(tgt.getThrottledTimeout().getTimeInBetweenUsesInSeconds());
        LOGGER.debug("Ticket-granting ticket expiration policy is based on throttled timeouts");
        return throttledUseAndTimeoutExpirationPolicy;
    }

    public PlatformTransactionManager annotationDrivenTransactionManager() {
        return ticketTransactionManager();
    }

    @ConditionalOnMissingBean(name = {"ticketCatalog"})
    @Autowired
    @Bean
    public TicketCatalog ticketCatalog(List<TicketCatalogConfigurer> list) {
        DefaultTicketCatalog defaultTicketCatalog = new DefaultTicketCatalog();
        list.forEach(ticketCatalogConfigurer -> {
            LOGGER.debug("Configuring ticket metadata registration plan [{}]", StringUtils.removePattern(ticketCatalogConfigurer.getClass().getSimpleName(), "\\$.+"));
            ticketCatalogConfigurer.configureTicketCatalog(defaultTicketCatalog);
        });
        return defaultTicketCatalog;
    }
}
