package org.apereo.cas.config;

import java.util.HashMap;
import java.util.Map;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.ticket.TicketGrantingTicketProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.logout.LogoutManager;
import org.apereo.cas.ticket.DefaultProxyGrantingTicketFactory;
import org.apereo.cas.ticket.DefaultProxyTicketFactory;
import org.apereo.cas.ticket.DefaultServiceTicketFactory;
import org.apereo.cas.ticket.DefaultTicketFactory;
import org.apereo.cas.ticket.DefaultTicketGrantingTicketFactory;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.ticket.ServiceTicketFactory;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.TicketGrantingTicketFactory;
import org.apereo.cas.ticket.UniqueTicketIdGenerator;
import org.apereo.cas.ticket.proxy.ProxyGrantingTicketFactory;
import org.apereo.cas.ticket.proxy.ProxyHandler;
import org.apereo.cas.ticket.proxy.ProxyTicketFactory;
import org.apereo.cas.ticket.proxy.support.Cas10ProxyHandler;
import org.apereo.cas.ticket.proxy.support.Cas20ProxyHandler;
import org.apereo.cas.ticket.registry.DefaultTicketRegistry;
import org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner;
import org.apereo.cas.ticket.registry.DefaultTicketRegistrySupport;
import org.apereo.cas.ticket.registry.NoOpLockingStrategy;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.registry.TicketRegistryCleaner;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.ticket.registry.support.LockingStrategy;
import org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy;
import org.apereo.cas.ticket.support.HardTimeoutExpirationPolicy;
import org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy;
import org.apereo.cas.ticket.support.NeverExpiresExpirationPolicy;
import org.apereo.cas.ticket.support.RememberMeDelegatingExpirationPolicy;
import org.apereo.cas.ticket.support.ThrottledUseAndTimeoutExpirationPolicy;
import org.apereo.cas.ticket.support.TicketGrantingTicketExpirationPolicy;
import org.apereo.cas.ticket.support.TimeoutExpirationPolicy;
import org.apereo.cas.util.HostNameBasedUniqueTicketIdGenerator;
import org.apereo.cas.util.cipher.NoOpCipherExecutor;
import org.apereo.cas.util.cipher.ProtocolTicketCipherExecutor;
import org.apereo.cas.util.http.HttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.integration.transaction.PseudoTransactionManager;
import org.springframework.scheduling.annotation.EnableAsync;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.annotation.EnableTransactionManagement;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@EnableScheduling
@Configuration("casCoreTicketsConfiguration")
@EnableAsync
@EnableTransactionManagement
/* loaded from: input_file:WEB-INF/lib/cas-server-core-tickets-5.0.3.1.jar:org/apereo/cas/config/CasCoreTicketsConfiguration.class */
public class CasCoreTicketsConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CasCoreTicketsConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("logoutManager")
    private LogoutManager logoutManager;

    @Autowired
    @Qualifier("ticketRegistry")
    private TicketRegistry ticketRegistry;

    @Autowired
    @Qualifier("supportsTrustStoreSslSocketFactoryHttpClient")
    private HttpClient httpClient;

    @ConditionalOnMissingBean(name = {"defaultProxyGrantingTicketFactory"})
    @Bean
    public ProxyGrantingTicketFactory defaultProxyGrantingTicketFactory() {
        DefaultProxyGrantingTicketFactory defaultProxyGrantingTicketFactory = new DefaultProxyGrantingTicketFactory();
        defaultProxyGrantingTicketFactory.setTicketGrantingTicketExpirationPolicy(grantingTicketExpirationPolicy());
        defaultProxyGrantingTicketFactory.setTicketGrantingTicketUniqueTicketIdGenerator(ticketGrantingTicketUniqueIdGenerator());
        return defaultProxyGrantingTicketFactory;
    }

    @ConditionalOnMissingBean(name = {"defaultProxyTicketFactory"})
    @RefreshScope
    @Bean
    public ProxyTicketFactory defaultProxyTicketFactory() {
        DefaultProxyTicketFactory defaultProxyTicketFactory = new DefaultProxyTicketFactory();
        defaultProxyTicketFactory.setProxyTicketExpirationPolicy(proxyTicketExpirationPolicy());
        defaultProxyTicketFactory.setUniqueTicketIdGeneratorsForService(uniqueIdGeneratorsMap());
        defaultProxyTicketFactory.setCipherExecutor(protocolTicketCipherExecutor());
        return defaultProxyTicketFactory;
    }

    @ConditionalOnMissingBean(name = {"defaultServiceTicketFactory"})
    @Bean
    public ServiceTicketFactory defaultServiceTicketFactory() {
        DefaultServiceTicketFactory defaultServiceTicketFactory = new DefaultServiceTicketFactory();
        defaultServiceTicketFactory.setServiceTicketExpirationPolicy(serviceTicketExpirationPolicy());
        defaultServiceTicketFactory.setUniqueTicketIdGeneratorsForService(uniqueIdGeneratorsMap());
        defaultServiceTicketFactory.setTrackMostRecentSession(this.casProperties.getTicket().getTgt().isOnlyTrackMostRecentSession());
        defaultServiceTicketFactory.setCipherExecutor(protocolTicketCipherExecutor());
        return defaultServiceTicketFactory;
    }

    @ConditionalOnMissingBean(name = {"defaultTicketFactory"})
    @Bean
    public TicketFactory defaultTicketFactory() {
        DefaultTicketFactory defaultTicketFactory = new DefaultTicketFactory();
        defaultTicketFactory.setProxyGrantingTicketFactory(defaultProxyGrantingTicketFactory());
        defaultTicketFactory.setTicketGrantingTicketFactory(defaultTicketGrantingTicketFactory());
        defaultTicketFactory.setServiceTicketFactory(defaultServiceTicketFactory());
        defaultTicketFactory.setProxyTicketFactory(defaultProxyTicketFactory());
        return defaultTicketFactory;
    }

    @ConditionalOnMissingBean(name = {"defaultTicketGrantingTicketFactory"})
    @Bean
    public TicketGrantingTicketFactory defaultTicketGrantingTicketFactory() {
        DefaultTicketGrantingTicketFactory defaultTicketGrantingTicketFactory = new DefaultTicketGrantingTicketFactory();
        defaultTicketGrantingTicketFactory.setTicketGrantingTicketExpirationPolicy(grantingTicketExpirationPolicy());
        defaultTicketGrantingTicketFactory.setTicketGrantingTicketUniqueTicketIdGenerator(ticketGrantingTicketUniqueIdGenerator());
        return defaultTicketGrantingTicketFactory;
    }

    @ConditionalOnMissingBean(name = {"proxy10Handler"})
    @Bean
    public ProxyHandler proxy10Handler() {
        return new Cas10ProxyHandler();
    }

    @ConditionalOnMissingBean(name = {"proxy20Handler"})
    @Bean
    public ProxyHandler proxy20Handler() {
        Cas20ProxyHandler cas20ProxyHandler = new Cas20ProxyHandler();
        cas20ProxyHandler.setHttpClient(this.httpClient);
        cas20ProxyHandler.setUniqueTicketIdGenerator(proxy20TicketUniqueIdGenerator());
        return cas20ProxyHandler;
    }

    @ConditionalOnMissingBean(name = {"ticketRegistry"})
    @RefreshScope
    @Bean(name = {"defaultTicketRegistry", "ticketRegistry"})
    public TicketRegistry defaultTicketRegistry() {
        DefaultTicketRegistry defaultTicketRegistry = new DefaultTicketRegistry(this.casProperties.getTicket().getRegistry().getInMemory().getInitialCapacity(), this.casProperties.getTicket().getRegistry().getInMemory().getLoadFactor(), this.casProperties.getTicket().getRegistry().getInMemory().getConcurrency());
        defaultTicketRegistry.setCipherExecutor(Beans.newTicketRegistryCipherExecutor(this.casProperties.getTicket().getRegistry().getInMemory().getCrypto()));
        return defaultTicketRegistry;
    }

    @ConditionalOnMissingBean(name = {"defaultTicketRegistrySupport"})
    @Bean
    public TicketRegistrySupport defaultTicketRegistrySupport() {
        DefaultTicketRegistrySupport defaultTicketRegistrySupport = new DefaultTicketRegistrySupport();
        defaultTicketRegistrySupport.setTicketRegistry(this.ticketRegistry);
        return defaultTicketRegistrySupport;
    }

    @ConditionalOnMissingBean(name = {"ticketGrantingTicketUniqueIdGenerator"})
    @Bean
    public UniqueTicketIdGenerator ticketGrantingTicketUniqueIdGenerator() {
        return new HostNameBasedUniqueTicketIdGenerator.TicketGrantingTicketIdGenerator(this.casProperties.getTicket().getTgt().getMaxLength(), this.casProperties.getHost().getName());
    }

    @ConditionalOnMissingBean(name = {"serviceTicketUniqueIdGenerator"})
    @Bean
    public UniqueTicketIdGenerator serviceTicketUniqueIdGenerator() {
        return new HostNameBasedUniqueTicketIdGenerator.ServiceTicketIdGenerator(this.casProperties.getTicket().getSt().getMaxLength(), this.casProperties.getHost().getName());
    }

    @ConditionalOnMissingBean(name = {"proxy20TicketUniqueIdGenerator"})
    @Bean
    public UniqueTicketIdGenerator proxy20TicketUniqueIdGenerator() {
        return new HostNameBasedUniqueTicketIdGenerator.ProxyTicketIdGenerator(this.casProperties.getTicket().getPgt().getMaxLength(), this.casProperties.getHost().getName());
    }

    @ConditionalOnMissingBean(name = {"grantingTicketExpirationPolicy"})
    @Bean
    public ExpirationPolicy grantingTicketExpirationPolicy() {
        TicketGrantingTicketProperties tgt = this.casProperties.getTicket().getTgt();
        if (!tgt.getRememberMe().isEnabled()) {
            return buildTicketGrantingTicketExpirationPolicy();
        }
        RememberMeDelegatingExpirationPolicy rememberMeDelegatingExpirationPolicy = new RememberMeDelegatingExpirationPolicy();
        rememberMeDelegatingExpirationPolicy.setRememberMeExpirationPolicy(new HardTimeoutExpirationPolicy(tgt.getRememberMe().getTimeToKillInSeconds()));
        rememberMeDelegatingExpirationPolicy.setSessionExpirationPolicy(buildTicketGrantingTicketExpirationPolicy());
        return rememberMeDelegatingExpirationPolicy;
    }

    private ExpirationPolicy buildTicketGrantingTicketExpirationPolicy() {
        TicketGrantingTicketProperties tgt = this.casProperties.getTicket().getTgt();
        if (tgt.getMaxTimeToLiveInSeconds() < 0 && tgt.getTimeToKillInSeconds() < 0) {
            LOGGER.warn("Ticket-granting ticket expiration policy is set to NEVER expire tickets.");
            return new NeverExpiresExpirationPolicy();
        }
        if (tgt.getTimeout().getMaxTimeToLiveInSeconds() > 0) {
            LOGGER.debug("Ticket-granting ticket expiration policy is based on a timeout");
            return new TimeoutExpirationPolicy(tgt.getTimeout().getMaxTimeToLiveInSeconds());
        }
        if (tgt.getMaxTimeToLiveInSeconds() > 0 && tgt.getTimeToKillInSeconds() > 0) {
            LOGGER.debug("Ticket-granting ticket expiration policy is based on hard/idle timeouts");
            return new TicketGrantingTicketExpirationPolicy(tgt.getMaxTimeToLiveInSeconds(), tgt.getTimeToKillInSeconds());
        }
        if (tgt.getThrottledTimeout().getTimeInBetweenUsesInSeconds() <= 0 || tgt.getThrottledTimeout().getTimeToKillInSeconds() <= 0) {
            if (tgt.getHardTimeout().getTimeToKillInSeconds() > 0) {
                LOGGER.debug("Ticket-granting ticket expiration policy is based on a hard timeout");
                return new HardTimeoutExpirationPolicy(tgt.getHardTimeout().getTimeToKillInSeconds());
            }
            LOGGER.warn("Ticket-granting ticket expiration policy is set to ALWAYS expire tickets.");
            return new AlwaysExpiresExpirationPolicy();
        }
        ThrottledUseAndTimeoutExpirationPolicy throttledUseAndTimeoutExpirationPolicy = new ThrottledUseAndTimeoutExpirationPolicy();
        throttledUseAndTimeoutExpirationPolicy.setTimeToKillInSeconds(tgt.getThrottledTimeout().getTimeToKillInSeconds());
        throttledUseAndTimeoutExpirationPolicy.setTimeInBetweenUsesInSeconds(tgt.getThrottledTimeout().getTimeInBetweenUsesInSeconds());
        LOGGER.debug("Ticket-granting ticket expiration policy is based on a throttled timeouts");
        return throttledUseAndTimeoutExpirationPolicy;
    }

    @ConditionalOnMissingBean(name = {"serviceTicketExpirationPolicy"})
    @Bean
    public ExpirationPolicy serviceTicketExpirationPolicy() {
        return new MultiTimeUseOrTimeoutExpirationPolicy.ServiceTicketExpirationPolicy(this.casProperties.getTicket().getSt().getNumberOfUses(), this.casProperties.getTicket().getSt().getTimeToKillInSeconds());
    }

    @ConditionalOnMissingBean(name = {"proxyTicketExpirationPolicy"})
    @Bean
    public ExpirationPolicy proxyTicketExpirationPolicy() {
        return new MultiTimeUseOrTimeoutExpirationPolicy.ProxyTicketExpirationPolicy(this.casProperties.getTicket().getPt().getNumberOfUses(), this.casProperties.getTicket().getPt().getTimeToKillInSeconds());
    }

    @ConditionalOnMissingBean(name = {"uniqueIdGeneratorsMap"})
    @Bean
    public Map uniqueIdGeneratorsMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl", serviceTicketUniqueIdGenerator());
        return hashMap;
    }

    @ConditionalOnMissingBean(name = {"lockingStrategy"})
    @Bean
    public LockingStrategy lockingStrategy() {
        return new NoOpLockingStrategy();
    }

    @ConditionalOnMissingBean(name = {"ticketRegistryCleaner"})
    @Bean
    public TicketRegistryCleaner ticketRegistryCleaner() {
        DefaultTicketRegistryCleaner defaultTicketRegistryCleaner = new DefaultTicketRegistryCleaner();
        defaultTicketRegistryCleaner.setLockingStrategy(lockingStrategy());
        defaultTicketRegistryCleaner.setLogoutManager(this.logoutManager);
        defaultTicketRegistryCleaner.setTicketRegistry(this.ticketRegistry);
        return defaultTicketRegistryCleaner;
    }

    @ConditionalOnMissingBean(name = {"ticketTransactionManager"})
    @Bean
    public PlatformTransactionManager ticketTransactionManager() {
        return new PseudoTransactionManager();
    }

    @RefreshScope
    @Bean
    public CipherExecutor protocolTicketCipherExecutor() {
        if (this.casProperties.getTicket().getSecurity().isCipherEnabled()) {
            return new ProtocolTicketCipherExecutor(this.casProperties.getTicket().getSecurity().getEncryptionKey(), this.casProperties.getTicket().getSecurity().getSigningKey());
        }
        LOGGER.info("Protocol tickets generated by CAS are not signed/encrypted.");
        return new NoOpCipherExecutor();
    }
}
