package org.apereo.cas.web.config;

import org.apereo.cas.CipherExecutor;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.cookie.CookieProperties;
import org.apereo.cas.util.cipher.NoOpCipherExecutor;
import org.apereo.cas.util.cipher.TicketGrantingCookieCipherExecutor;
import org.apereo.cas.web.WarningCookieRetrievingCookieGenerator;
import org.apereo.cas.web.support.CookieRetrievingCookieGenerator;
import org.apereo.cas.web.support.CookieValueManager;
import org.apereo.cas.web.support.DefaultCasCookieValueManager;
import org.apereo.cas.web.support.NoOpCookieValueManager;
import org.apereo.cas.web.support.TGCCookieRetrievingCookieGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casCookieConfiguration")
/* loaded from: input_file:org/apereo/cas/web/config/CasCookieConfiguration.class */
public class CasCookieConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger(CasCookieConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @RefreshScope
    @Bean
    public CookieRetrievingCookieGenerator warnCookieGenerator() {
        return configureCookieGenerator(new WarningCookieRetrievingCookieGenerator(), this.casProperties.getWarningCookie());
    }

    @Bean(name = {"defaultCookieValueManager", "cookieValueManager"})
    public CookieValueManager defaultCookieValueManager() {
        return this.casProperties.getTgc().isCipherEnabled() ? new DefaultCasCookieValueManager(tgcCipherExecutor()) : new NoOpCookieValueManager();
    }

    @RefreshScope
    @Bean(name = {"tgcCipherExecutor", "cookieCipherExecutor"})
    public CipherExecutor tgcCipherExecutor() {
        if (this.casProperties.getTgc().isCipherEnabled()) {
            return new TicketGrantingCookieCipherExecutor(this.casProperties.getTgc().getEncryptionKey(), this.casProperties.getTgc().getSigningKey());
        }
        LOGGER.info("Ticket-granting cookie encryption/signing is turned off and MAY NOT be safe in a production environment. Consider using other choices to handle encryption, signing and verification of ticket-granting cookies.");
        return new NoOpCipherExecutor();
    }

    @RefreshScope
    @Bean
    public CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator() {
        CookieRetrievingCookieGenerator configureCookieGenerator = configureCookieGenerator(new TGCCookieRetrievingCookieGenerator(defaultCookieValueManager()), this.casProperties.getTgc());
        configureCookieGenerator.setCookieDomain(this.casProperties.getTgc().getDomain());
        configureCookieGenerator.setRememberMeMaxAge(this.casProperties.getTgc().getRememberMeMaxAge());
        return configureCookieGenerator;
    }

    private static CookieRetrievingCookieGenerator configureCookieGenerator(CookieRetrievingCookieGenerator cookieRetrievingCookieGenerator, CookieProperties cookieProperties) {
        cookieRetrievingCookieGenerator.setCookieName(cookieProperties.getName());
        cookieRetrievingCookieGenerator.setCookiePath(cookieProperties.getPath());
        cookieRetrievingCookieGenerator.setCookieMaxAge(Integer.valueOf(cookieProperties.getMaxAge()));
        cookieRetrievingCookieGenerator.setCookieSecure(cookieProperties.isSecure());
        cookieRetrievingCookieGenerator.setCookieHttpOnly(cookieProperties.isHttpOnly());
        return cookieRetrievingCookieGenerator;
    }
}
