package org.apereo.cas.configuration.support;

import com.google.common.base.Throwables;
import com.google.common.collect.Lists;
import com.zaxxer.hikari.HikariDataSource;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.time.Duration;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Properties;
import java.util.stream.Collectors;
import org.apache.commons.lang3.ClassUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.authentication.handler.PrincipalNameTransformer;
import org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties;
import org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesProperties;
import org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties;
import org.apereo.cas.configuration.model.core.util.CryptographyProperties;
import org.apereo.cas.configuration.model.support.jpa.AbstractJpaProperties;
import org.apereo.cas.configuration.model.support.jpa.DatabaseProperties;
import org.apereo.cas.configuration.model.support.jpa.JpaConfigDataHolder;
import org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties;
import org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties;
import org.apereo.cas.util.cipher.DefaultTicketCipherExecutor;
import org.apereo.cas.util.cipher.NoOpCipherExecutor;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.apereo.services.persondir.support.NamedStubPersonAttributeDao;
import org.hibernate.cfg.AvailableSettings;
import org.ldaptive.BindConnectionInitializer;
import org.ldaptive.BindRequest;
import org.ldaptive.ConnectionConfig;
import org.ldaptive.Credential;
import org.ldaptive.DefaultConnectionFactory;
import org.ldaptive.ReturnAttributes;
import org.ldaptive.SearchExecutor;
import org.ldaptive.SearchFilter;
import org.ldaptive.SearchRequest;
import org.ldaptive.SearchScope;
import org.ldaptive.ad.extended.FastBindOperation;
import org.ldaptive.auth.EntryResolver;
import org.ldaptive.auth.PooledSearchEntryResolver;
import org.ldaptive.pool.BindPassivator;
import org.ldaptive.pool.BlockingConnectionPool;
import org.ldaptive.pool.ClosePassivator;
import org.ldaptive.pool.ConnectionPool;
import org.ldaptive.pool.IdlePruneStrategy;
import org.ldaptive.pool.PoolConfig;
import org.ldaptive.pool.PooledConnectionFactory;
import org.ldaptive.pool.SearchValidator;
import org.ldaptive.provider.Provider;
import org.ldaptive.sasl.CramMd5Config;
import org.ldaptive.sasl.DigestMd5Config;
import org.ldaptive.sasl.ExternalConfig;
import org.ldaptive.sasl.GssApiConfig;
import org.ldaptive.sasl.SaslConfig;
import org.ldaptive.ssl.KeyStoreCredentialConfig;
import org.ldaptive.ssl.SslConfig;
import org.ldaptive.ssl.X509CredentialConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean;
import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter;
import org.springframework.scheduling.concurrent.ThreadPoolExecutorFactoryBean;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.StandardPasswordEncoder;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-configuration-5.0.4.jar:org/apereo/cas/configuration/support/Beans.class */
public class Beans {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) Beans.class);

    protected Beans() {
    }

    public static HikariDataSource newHickariDataSource(AbstractJpaProperties abstractJpaProperties) {
        try {
            HikariDataSource hikariDataSource = new HikariDataSource();
            hikariDataSource.setDriverClassName(abstractJpaProperties.getDriverClass());
            hikariDataSource.setJdbcUrl(abstractJpaProperties.getUrl());
            hikariDataSource.setUsername(abstractJpaProperties.getUser());
            hikariDataSource.setPassword(abstractJpaProperties.getPassword());
            hikariDataSource.setMaximumPoolSize(abstractJpaProperties.getPool().getMaxSize());
            hikariDataSource.setMinimumIdle(abstractJpaProperties.getPool().getMinSize());
            hikariDataSource.setIdleTimeout(abstractJpaProperties.getIdleTimeout());
            hikariDataSource.setLeakDetectionThreshold(abstractJpaProperties.getLeakThreshold());
            hikariDataSource.setInitializationFailFast(abstractJpaProperties.isFailFast());
            hikariDataSource.setIsolateInternalQueries(abstractJpaProperties.isIsolateInternalQueries());
            hikariDataSource.setConnectionTestQuery(abstractJpaProperties.getHealthQuery());
            hikariDataSource.setAllowPoolSuspension(abstractJpaProperties.getPool().isSuspension());
            hikariDataSource.setAutoCommit(abstractJpaProperties.isAutocommit());
            hikariDataSource.setLoginTimeout(abstractJpaProperties.getPool().getMaxWait());
            hikariDataSource.setValidationTimeout(abstractJpaProperties.getPool().getMaxWait());
            return hikariDataSource;
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    public static HibernateJpaVendorAdapter newHibernateJpaVendorAdapter(DatabaseProperties databaseProperties) {
        HibernateJpaVendorAdapter hibernateJpaVendorAdapter = new HibernateJpaVendorAdapter();
        hibernateJpaVendorAdapter.setGenerateDdl(databaseProperties.isGenDdl());
        hibernateJpaVendorAdapter.setShowSql(databaseProperties.isShowSql());
        return hibernateJpaVendorAdapter;
    }

    public static ThreadPoolExecutorFactoryBean newThreadPoolExecutorFactoryBean(ConnectionPoolingProperties connectionPoolingProperties) {
        ThreadPoolExecutorFactoryBean threadPoolExecutorFactoryBean = new ThreadPoolExecutorFactoryBean();
        threadPoolExecutorFactoryBean.setCorePoolSize(connectionPoolingProperties.getMinSize());
        threadPoolExecutorFactoryBean.setMaxPoolSize(connectionPoolingProperties.getMaxSize());
        threadPoolExecutorFactoryBean.setKeepAliveSeconds(connectionPoolingProperties.getMaxWait());
        return threadPoolExecutorFactoryBean;
    }

    public static LocalContainerEntityManagerFactoryBean newEntityManagerFactoryBean(JpaConfigDataHolder jpaConfigDataHolder, AbstractJpaProperties abstractJpaProperties) {
        LocalContainerEntityManagerFactoryBean localContainerEntityManagerFactoryBean = new LocalContainerEntityManagerFactoryBean();
        localContainerEntityManagerFactoryBean.setJpaVendorAdapter(jpaConfigDataHolder.getJpaVendorAdapter());
        if (StringUtils.isNotEmpty(jpaConfigDataHolder.getPersistenceUnitName())) {
            localContainerEntityManagerFactoryBean.setPersistenceUnitName(jpaConfigDataHolder.getPersistenceUnitName());
        }
        localContainerEntityManagerFactoryBean.setPackagesToScan(jpaConfigDataHolder.getPackagesToScan());
        localContainerEntityManagerFactoryBean.setDataSource(jpaConfigDataHolder.getDataSource());
        Properties properties = new Properties();
        properties.put(AvailableSettings.DIALECT, abstractJpaProperties.getDialect());
        properties.put(AvailableSettings.HBM2DDL_AUTO, abstractJpaProperties.getDdlAuto());
        properties.put(AvailableSettings.STATEMENT_BATCH_SIZE, abstractJpaProperties.getBatchSize());
        if (StringUtils.isNotBlank(abstractJpaProperties.getDefaultCatalog())) {
            properties.put(AvailableSettings.DEFAULT_CATALOG, abstractJpaProperties.getDefaultCatalog());
        }
        if (StringUtils.isNotBlank(abstractJpaProperties.getDefaultSchema())) {
            properties.put(AvailableSettings.DEFAULT_SCHEMA, abstractJpaProperties.getDefaultSchema());
        }
        localContainerEntityManagerFactoryBean.setJpaProperties(properties);
        return localContainerEntityManagerFactoryBean;
    }

    public static IPersonAttributeDao newStubAttributeRepository(PrincipalAttributesProperties principalAttributesProperties) {
        try {
            NamedStubPersonAttributeDao namedStubPersonAttributeDao = new NamedStubPersonAttributeDao();
            HashMap hashMap = new HashMap();
            principalAttributesProperties.getAttributes().entrySet().forEach(entry -> {
                hashMap.put(entry.getKey(), Lists.newArrayList(org.springframework.util.StringUtils.commaDelimitedListToStringArray((String) entry.getValue())));
            });
            namedStubPersonAttributeDao.setBackingMap(hashMap);
            return namedStubPersonAttributeDao;
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    public static PasswordEncoder newPasswordEncoder(PasswordEncoderProperties passwordEncoderProperties) {
        switch (passwordEncoderProperties.getType()) {
            case NONE:
                return NoOpPasswordEncoder.getInstance();
            case DEFAULT:
                return new DefaultPasswordEncoder(passwordEncoderProperties.getEncodingAlgorithm(), passwordEncoderProperties.getCharacterEncoding());
            case STANDARD:
                return new StandardPasswordEncoder(passwordEncoderProperties.getSecret());
            default:
                LOGGER.debug("Creating BCRYPT password encoder given the strength [{}] and secret in the configuration", Integer.valueOf(passwordEncoderProperties.getStrength()));
                if (StringUtils.isBlank(passwordEncoderProperties.getSecret())) {
                    LOGGER.debug("Creating BCRYPT encoder without secret");
                    return new BCryptPasswordEncoder(passwordEncoderProperties.getStrength());
                }
                LOGGER.debug("Creating BCRYPT encoder with secret");
                return new BCryptPasswordEncoder(passwordEncoderProperties.getStrength(), new SecureRandom(passwordEncoderProperties.getSecret().getBytes(StandardCharsets.UTF_8)));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19, types: [org.apereo.cas.authentication.handler.PrincipalNameTransformer] */
    public static PrincipalNameTransformer newPrincipalNameTransformer(PrincipalTransformationProperties principalTransformationProperties) {
        PrefixSuffixPrincipalNameTransformer prefixSuffixPrincipalNameTransformer;
        if (StringUtils.isNotBlank(principalTransformationProperties.getPrefix()) || StringUtils.isNotBlank(principalTransformationProperties.getSuffix())) {
            PrefixSuffixPrincipalNameTransformer prefixSuffixPrincipalNameTransformer2 = new PrefixSuffixPrincipalNameTransformer();
            prefixSuffixPrincipalNameTransformer2.setPrefix(principalTransformationProperties.getPrefix());
            prefixSuffixPrincipalNameTransformer2.setSuffix(principalTransformationProperties.getSuffix());
            prefixSuffixPrincipalNameTransformer = prefixSuffixPrincipalNameTransformer2;
        } else {
            prefixSuffixPrincipalNameTransformer = str -> {
                return str;
            };
        }
        switch (principalTransformationProperties.getCaseConversion()) {
            case UPPERCASE:
                ConvertCasePrincipalNameTransformer convertCasePrincipalNameTransformer = new ConvertCasePrincipalNameTransformer(prefixSuffixPrincipalNameTransformer);
                convertCasePrincipalNameTransformer.setToUpperCase(true);
                return convertCasePrincipalNameTransformer;
            case LOWERCASE:
                ConvertCasePrincipalNameTransformer convertCasePrincipalNameTransformer2 = new ConvertCasePrincipalNameTransformer(prefixSuffixPrincipalNameTransformer);
                convertCasePrincipalNameTransformer2.setToUpperCase(false);
                return convertCasePrincipalNameTransformer2;
            default:
                return prefixSuffixPrincipalNameTransformer;
        }
    }

    public static EntryResolver newSearchEntryResolver(LdapAuthenticationProperties ldapAuthenticationProperties) {
        PooledSearchEntryResolver pooledSearchEntryResolver = new PooledSearchEntryResolver();
        pooledSearchEntryResolver.setBaseDn(ldapAuthenticationProperties.getBaseDn());
        pooledSearchEntryResolver.setUserFilter(ldapAuthenticationProperties.getUserFilter());
        pooledSearchEntryResolver.setSubtreeSearch(ldapAuthenticationProperties.isSubtreeSearch());
        pooledSearchEntryResolver.setConnectionFactory(newPooledConnectionFactory(ldapAuthenticationProperties));
        return pooledSearchEntryResolver;
    }

    public static ConnectionConfig newConnectionConfig(AbstractLdapProperties abstractLdapProperties) {
        SaslConfig gssApiConfig;
        ConnectionConfig connectionConfig = new ConnectionConfig();
        String str = (String) Arrays.stream(abstractLdapProperties.getLdapUrl().split(",")).collect(Collectors.joining(" "));
        LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", abstractLdapProperties.getLdapUrl(), str);
        connectionConfig.setLdapUrl(str);
        connectionConfig.setUseSSL(abstractLdapProperties.isUseSsl());
        connectionConfig.setUseStartTLS(abstractLdapProperties.isUseStartTls());
        connectionConfig.setConnectTimeout(newDuration(abstractLdapProperties.getConnectTimeout()));
        if (abstractLdapProperties.getTrustCertificates() != null) {
            X509CredentialConfig x509CredentialConfig = new X509CredentialConfig();
            x509CredentialConfig.setTrustCertificates(abstractLdapProperties.getTrustCertificates());
            connectionConfig.setSslConfig(new SslConfig(x509CredentialConfig));
        } else if (abstractLdapProperties.getKeystore() != null) {
            KeyStoreCredentialConfig keyStoreCredentialConfig = new KeyStoreCredentialConfig();
            keyStoreCredentialConfig.setKeyStore(abstractLdapProperties.getKeystore());
            keyStoreCredentialConfig.setKeyStorePassword(abstractLdapProperties.getKeystorePassword());
            keyStoreCredentialConfig.setKeyStoreType(abstractLdapProperties.getKeystoreType());
            connectionConfig.setSslConfig(new SslConfig(keyStoreCredentialConfig));
        } else {
            connectionConfig.setSslConfig(new SslConfig());
        }
        if (abstractLdapProperties.getSaslMechanism() != null) {
            BindConnectionInitializer bindConnectionInitializer = new BindConnectionInitializer();
            switch (abstractLdapProperties.getSaslMechanism()) {
                case DIGEST_MD5:
                    gssApiConfig = new DigestMd5Config();
                    ((DigestMd5Config) gssApiConfig).setRealm(abstractLdapProperties.getSaslRealm());
                    break;
                case CRAM_MD5:
                    gssApiConfig = new CramMd5Config();
                    break;
                case EXTERNAL:
                    gssApiConfig = new ExternalConfig();
                    break;
                case GSSAPI:
                    gssApiConfig = new GssApiConfig();
                    ((GssApiConfig) gssApiConfig).setRealm(abstractLdapProperties.getSaslRealm());
                    break;
                default:
                    throw new IllegalArgumentException("Unknown SASL mechanism " + abstractLdapProperties.getSaslMechanism().name());
            }
            gssApiConfig.setAuthorizationId(abstractLdapProperties.getSaslAuthorizationId());
            gssApiConfig.setMutualAuthentication(abstractLdapProperties.getSaslMutualAuth());
            gssApiConfig.setQualityOfProtection(abstractLdapProperties.getSaslQualityOfProtection());
            gssApiConfig.setSecurityStrength(abstractLdapProperties.getSaslSecurityStrength());
            bindConnectionInitializer.setBindSaslConfig(gssApiConfig);
            connectionConfig.setConnectionInitializer(bindConnectionInitializer);
        } else if (StringUtils.equals(abstractLdapProperties.getBindCredential(), "*") && StringUtils.equals(abstractLdapProperties.getBindDn(), "*")) {
            connectionConfig.setConnectionInitializer(new FastBindOperation.FastBindConnectionInitializer());
        } else if (StringUtils.isNotBlank(abstractLdapProperties.getBindDn()) && StringUtils.isNotBlank(abstractLdapProperties.getBindCredential())) {
            connectionConfig.setConnectionInitializer(new BindConnectionInitializer(abstractLdapProperties.getBindDn(), new Credential(abstractLdapProperties.getBindCredential())));
        }
        return connectionConfig;
    }

    public static PoolConfig newPoolConfig(AbstractLdapProperties abstractLdapProperties) {
        PoolConfig poolConfig = new PoolConfig();
        poolConfig.setMinPoolSize(abstractLdapProperties.getMinPoolSize());
        poolConfig.setMaxPoolSize(abstractLdapProperties.getMaxPoolSize());
        poolConfig.setValidateOnCheckOut(abstractLdapProperties.isValidateOnCheckout());
        poolConfig.setValidatePeriodically(abstractLdapProperties.isValidatePeriodically());
        poolConfig.setValidatePeriod(newDuration(abstractLdapProperties.getValidatePeriod()));
        return poolConfig;
    }

    public static DefaultConnectionFactory newConnectionFactory(AbstractLdapProperties abstractLdapProperties) {
        DefaultConnectionFactory defaultConnectionFactory = new DefaultConnectionFactory(newConnectionConfig(abstractLdapProperties));
        if (abstractLdapProperties.getProviderClass() != null) {
            try {
                defaultConnectionFactory.setProvider((Provider) Provider.class.cast(ClassUtils.getClass(abstractLdapProperties.getProviderClass()).newInstance()));
            } catch (Exception e) {
                LOGGER.error(e.getMessage(), (Throwable) e);
            }
        }
        return defaultConnectionFactory;
    }

    public static ConnectionPool newBlockingConnectionPool(AbstractLdapProperties abstractLdapProperties) {
        DefaultConnectionFactory newConnectionFactory = newConnectionFactory(abstractLdapProperties);
        PoolConfig newPoolConfig = newPoolConfig(abstractLdapProperties);
        BlockingConnectionPool blockingConnectionPool = new BlockingConnectionPool(newPoolConfig, newConnectionFactory);
        blockingConnectionPool.setBlockWaitTime(newDuration(abstractLdapProperties.getBlockWaitTime()));
        blockingConnectionPool.setPoolConfig(newPoolConfig);
        IdlePruneStrategy idlePruneStrategy = new IdlePruneStrategy();
        idlePruneStrategy.setIdleTime(newDuration(abstractLdapProperties.getIdleTime()));
        idlePruneStrategy.setPrunePeriod(newDuration(abstractLdapProperties.getPrunePeriod()));
        blockingConnectionPool.setPruneStrategy(idlePruneStrategy);
        blockingConnectionPool.setValidator(new SearchValidator());
        blockingConnectionPool.setFailFastInitialize(abstractLdapProperties.isFailFast());
        if (StringUtils.isNotBlank(abstractLdapProperties.getPoolPassivator())) {
            switch (AbstractLdapProperties.LdapConnectionPoolPassivator.valueOf(abstractLdapProperties.getPoolPassivator().toUpperCase())) {
                case CLOSE:
                    blockingConnectionPool.setPassivator(new ClosePassivator());
                    break;
                case BIND:
                    LOGGER.debug("Creating a bind passivator instance for the connection pool");
                    BindRequest bindRequest = new BindRequest();
                    bindRequest.setDn(abstractLdapProperties.getBindDn());
                    bindRequest.setCredential(new Credential(abstractLdapProperties.getBindCredential()));
                    blockingConnectionPool.setPassivator(new BindPassivator(bindRequest));
                    break;
            }
        }
        LOGGER.debug("Initializing ldap connection pool for {} and bindDn {}", abstractLdapProperties.getLdapUrl(), abstractLdapProperties.getBindDn());
        blockingConnectionPool.initialize();
        return blockingConnectionPool;
    }

    public static PooledConnectionFactory newPooledConnectionFactory(AbstractLdapProperties abstractLdapProperties) {
        return new PooledConnectionFactory(newBlockingConnectionPool(abstractLdapProperties));
    }

    public static Duration newDuration(long j) {
        return Duration.ofSeconds(j);
    }

    public static CipherExecutor newTicketRegistryCipherExecutor(CryptographyProperties cryptographyProperties) {
        if (StringUtils.isNotBlank(cryptographyProperties.getEncryption().getKey()) && StringUtils.isNotBlank(cryptographyProperties.getEncryption().getKey())) {
            return new DefaultTicketCipherExecutor(cryptographyProperties.getEncryption().getKey(), cryptographyProperties.getSigning().getKey(), cryptographyProperties.getAlg(), cryptographyProperties.getSigning().getKeySize(), cryptographyProperties.getEncryption().getKeySize());
        }
        LOGGER.info("Ticket registry encryption/signing is turned off. This MAY NOT be safe in a clustered production environment. Consider using other choices to handle encryption, signing and verification of ticket registry tickets, and verify the chosen ticket registry does support this behavior.");
        return new NoOpCipherExecutor();
    }

    public static SearchRequest newSearchRequest(String str, SearchFilter searchFilter) {
        SearchRequest searchRequest = new SearchRequest(str, searchFilter);
        searchRequest.setBinaryAttributes(ReturnAttributes.ALL_USER.value());
        searchRequest.setReturnAttributes(ReturnAttributes.ALL_USER.value());
        searchRequest.setSearchScope(SearchScope.SUBTREE);
        return searchRequest;
    }

    public static SearchFilter newSearchFilter(String str, String... strArr) {
        SearchFilter searchFilter = new SearchFilter();
        searchFilter.setFilter(str);
        if (strArr != null) {
            for (int i = 0; i < strArr.length; i++) {
                if (searchFilter.getFilter().contains("{" + i + "}")) {
                    searchFilter.setParameter(i, strArr[i]);
                } else {
                    searchFilter.setParameter("user", strArr[i]);
                }
            }
        }
        LOGGER.debug("Constructed LDAP search filter [{}]", searchFilter.format());
        return searchFilter;
    }

    public static SearchExecutor newSearchExecutor(String str, String str2, String... strArr) {
        SearchExecutor searchExecutor = new SearchExecutor();
        searchExecutor.setBaseDn(str);
        searchExecutor.setSearchFilter(newSearchFilter(str2, strArr));
        searchExecutor.setReturnAttributes(ReturnAttributes.ALL.value());
        searchExecutor.setSearchScope(SearchScope.SUBTREE);
        return searchExecutor;
    }
}
