package org.apereo.cas.support.pac4j.config.support.authentication;

import com.github.scribejava.core.model.Verb;
import com.nimbusds.jose.JWSAlgorithm;
import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationMetaDataPopulator;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.pac4j.authentication.ClientAuthenticationMetaDataPopulator;
import org.apereo.cas.support.pac4j.authentication.handler.support.ClientAuthenticationHandler;
import org.apereo.cas.support.pac4j.web.flow.SAML2ClientLogoutAction;
import org.pac4j.cas.client.CasClient;
import org.pac4j.cas.config.CasConfiguration;
import org.pac4j.cas.config.CasProtocol;
import org.pac4j.core.client.BaseClient;
import org.pac4j.core.client.Clients;
import org.pac4j.oauth.client.BitbucketClient;
import org.pac4j.oauth.client.DropBoxClient;
import org.pac4j.oauth.client.FacebookClient;
import org.pac4j.oauth.client.FoursquareClient;
import org.pac4j.oauth.client.GenericOAuth20Client;
import org.pac4j.oauth.client.GitHubClient;
import org.pac4j.oauth.client.Google2Client;
import org.pac4j.oauth.client.LinkedIn2Client;
import org.pac4j.oauth.client.PayPalClient;
import org.pac4j.oauth.client.TwitterClient;
import org.pac4j.oauth.client.WindowsLiveClient;
import org.pac4j.oauth.client.WordPressClient;
import org.pac4j.oauth.client.YahooClient;
import org.pac4j.oidc.client.AzureAdClient;
import org.pac4j.oidc.client.GoogleOidcClient;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.client.SAML2ClientConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.webflow.execution.Action;

@Configuration("pac4jAuthenticationEventExecutionPlanConfiguration")
/* loaded from: input_file:org/apereo/cas/support/pac4j/config/support/authentication/Pac4jAuthenticationEventExecutionPlanConfiguration.class */
public class Pac4jAuthenticationEventExecutionPlanConfiguration implements AuthenticationEventExecutionPlanConfigurer {
    private static final Logger LOGGER = LoggerFactory.getLogger(Pac4jAuthenticationEventExecutionPlanConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("personDirectoryPrincipalResolver")
    private PrincipalResolver personDirectoryPrincipalResolver;

    private void configureGithubClient(Collection<BaseClient> collection) {
        Pac4jProperties.Github github = this.casProperties.getAuthn().getPac4j().getGithub();
        if (StringUtils.isNotBlank(github.getId()) && StringUtils.isNotBlank(github.getSecret())) {
            GitHubClient gitHubClient = new GitHubClient(github.getId(), github.getSecret());
            if (StringUtils.isNotBlank(github.getClientName())) {
                gitHubClient.setName(github.getClientName());
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", gitHubClient.getName(), gitHubClient.getKey());
            collection.add(gitHubClient);
        }
    }

    private void configureDropboxClient(Collection<BaseClient> collection) {
        Pac4jProperties.Dropbox dropbox = this.casProperties.getAuthn().getPac4j().getDropbox();
        if (StringUtils.isNotBlank(dropbox.getId()) && StringUtils.isNotBlank(dropbox.getSecret())) {
            DropBoxClient dropBoxClient = new DropBoxClient(dropbox.getId(), dropbox.getSecret());
            if (StringUtils.isNotBlank(dropbox.getClientName())) {
                dropBoxClient.setName(dropbox.getClientName());
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", dropBoxClient.getName(), dropBoxClient.getKey());
            collection.add(dropBoxClient);
        }
    }

    private void configureWindowsLiveClient(Collection<BaseClient> collection) {
        Pac4jProperties.WindowsLive windowsLive = this.casProperties.getAuthn().getPac4j().getWindowsLive();
        if (StringUtils.isNotBlank(windowsLive.getId()) && StringUtils.isNotBlank(windowsLive.getSecret())) {
            WindowsLiveClient windowsLiveClient = new WindowsLiveClient(windowsLive.getId(), windowsLive.getSecret());
            if (StringUtils.isNotBlank(windowsLive.getClientName())) {
                windowsLiveClient.setName(windowsLive.getClientName());
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", windowsLiveClient.getName(), windowsLiveClient.getKey());
            collection.add(windowsLiveClient);
        }
    }

    private void configureYahooClient(Collection<BaseClient> collection) {
        Pac4jProperties.Yahoo yahoo = this.casProperties.getAuthn().getPac4j().getYahoo();
        if (StringUtils.isNotBlank(yahoo.getId()) && StringUtils.isNotBlank(yahoo.getSecret())) {
            YahooClient yahooClient = new YahooClient(yahoo.getId(), yahoo.getSecret());
            if (StringUtils.isNotBlank(yahoo.getClientName())) {
                yahooClient.setName(yahoo.getClientName());
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", yahooClient.getName(), yahooClient.getKey());
            collection.add(yahooClient);
        }
    }

    private void configureFoursquareClient(Collection<BaseClient> collection) {
        Pac4jProperties.Foursquare foursquare = this.casProperties.getAuthn().getPac4j().getFoursquare();
        if (StringUtils.isNotBlank(foursquare.getId()) && StringUtils.isNotBlank(foursquare.getSecret())) {
            FoursquareClient foursquareClient = new FoursquareClient(foursquare.getId(), foursquare.getSecret());
            if (StringUtils.isNotBlank(foursquare.getClientName())) {
                foursquareClient.setName(foursquare.getClientName());
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", foursquareClient.getName(), foursquareClient.getKey());
            collection.add(foursquareClient);
        }
    }

    private void configureGoogleClient(Collection<BaseClient> collection) {
        Pac4jProperties.Google google = this.casProperties.getAuthn().getPac4j().getGoogle();
        Google2Client google2Client = new Google2Client(google.getId(), google.getSecret());
        if (StringUtils.isNotBlank(google.getId()) && StringUtils.isNotBlank(google.getSecret())) {
            if (StringUtils.isNotBlank(google.getClientName())) {
                google2Client.setName(google.getClientName());
            }
            if (StringUtils.isNotBlank(google.getScope())) {
                google2Client.setScope(Google2Client.Google2Scope.valueOf(google.getScope().toUpperCase()));
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", google2Client.getName(), google2Client.getKey());
            collection.add(google2Client);
        }
    }

    private void configureFacebookClient(Collection<BaseClient> collection) {
        Pac4jProperties.Facebook facebook = this.casProperties.getAuthn().getPac4j().getFacebook();
        if (StringUtils.isNotBlank(facebook.getId()) && StringUtils.isNotBlank(facebook.getSecret())) {
            FacebookClient facebookClient = new FacebookClient(facebook.getId(), facebook.getSecret());
            if (StringUtils.isNotBlank(facebook.getClientName())) {
                facebookClient.setName(facebook.getClientName());
            }
            if (StringUtils.isNotBlank(facebook.getScope())) {
                facebookClient.setScope(facebook.getScope());
            }
            if (StringUtils.isNotBlank(facebook.getFields())) {
                facebookClient.setFields(facebook.getFields());
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", facebookClient.getName(), facebookClient.getKey());
            collection.add(facebookClient);
        }
    }

    private void configureLinkedInClient(Collection<BaseClient> collection) {
        Pac4jProperties.LinkedIn linkedIn = this.casProperties.getAuthn().getPac4j().getLinkedIn();
        if (StringUtils.isNotBlank(linkedIn.getId()) && StringUtils.isNotBlank(linkedIn.getSecret())) {
            LinkedIn2Client linkedIn2Client = new LinkedIn2Client(linkedIn.getId(), linkedIn.getSecret());
            if (StringUtils.isNotBlank(linkedIn.getClientName())) {
                linkedIn2Client.setName(linkedIn.getClientName());
            }
            if (StringUtils.isNotBlank(linkedIn.getScope())) {
                linkedIn2Client.setScope(linkedIn.getScope());
            }
            if (StringUtils.isNotBlank(linkedIn.getFields())) {
                linkedIn2Client.setFields(linkedIn.getFields());
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", linkedIn2Client.getName(), linkedIn2Client.getKey());
            collection.add(linkedIn2Client);
        }
    }

    private void configureTwitterClient(Collection<BaseClient> collection) {
        Pac4jProperties.Twitter twitter = this.casProperties.getAuthn().getPac4j().getTwitter();
        if (StringUtils.isNotBlank(twitter.getId()) && StringUtils.isNotBlank(twitter.getSecret())) {
            TwitterClient twitterClient = new TwitterClient(twitter.getId(), twitter.getSecret());
            if (StringUtils.isNotBlank(twitter.getClientName())) {
                twitterClient.setName(twitter.getClientName());
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", twitterClient.getName(), twitterClient.getKey());
            collection.add(twitterClient);
        }
    }

    private void configureWordpressClient(Collection<BaseClient> collection) {
        Pac4jProperties.Wordpress wordpress = this.casProperties.getAuthn().getPac4j().getWordpress();
        if (StringUtils.isNotBlank(wordpress.getId()) && StringUtils.isNotBlank(wordpress.getSecret())) {
            WordPressClient wordPressClient = new WordPressClient(wordpress.getId(), wordpress.getSecret());
            if (StringUtils.isNotBlank(wordpress.getClientName())) {
                wordPressClient.setName(wordpress.getClientName());
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", wordPressClient.getName(), wordPressClient.getKey());
            collection.add(wordPressClient);
        }
    }

    private void configureBitbucketClient(Collection<BaseClient> collection) {
        Pac4jProperties.Bitbucket bitbucket = this.casProperties.getAuthn().getPac4j().getBitbucket();
        if (StringUtils.isNotBlank(bitbucket.getId()) && StringUtils.isNotBlank(bitbucket.getSecret())) {
            BitbucketClient bitbucketClient = new BitbucketClient(bitbucket.getId(), bitbucket.getSecret());
            if (StringUtils.isNotBlank(bitbucket.getClientName())) {
                bitbucketClient.setName(bitbucket.getClientName());
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", bitbucketClient.getName(), bitbucketClient.getKey());
            collection.add(bitbucketClient);
        }
    }

    private void configurePaypalClient(Collection<BaseClient> collection) {
        Pac4jProperties.Paypal paypal = this.casProperties.getAuthn().getPac4j().getPaypal();
        if (StringUtils.isNotBlank(paypal.getId()) && StringUtils.isNotBlank(paypal.getSecret())) {
            PayPalClient payPalClient = new PayPalClient(paypal.getId(), paypal.getSecret());
            if (StringUtils.isNotBlank(paypal.getClientName())) {
                payPalClient.setName(paypal.getClientName());
            }
            LOGGER.debug("Created client [{}] with identifier [{}]", payPalClient.getName(), payPalClient.getKey());
            collection.add(payPalClient);
        }
    }

    private void configureCasClient(Collection<BaseClient> collection) {
        AtomicInteger atomicInteger = new AtomicInteger();
        this.casProperties.getAuthn().getPac4j().getCas().stream().filter(cas -> {
            return StringUtils.isNotBlank(cas.getLoginUrl());
        }).forEach(cas2 -> {
            CasClient casClient = new CasClient(new CasConfiguration(cas2.getLoginUrl(), CasProtocol.valueOf(cas2.getProtocol().toUpperCase())));
            int intValue = atomicInteger.intValue();
            if (StringUtils.isNotBlank(cas2.getClientName())) {
                casClient.setName(cas2.getClientName());
            } else if (intValue > 0) {
                casClient.setName(casClient.getClass().getSimpleName() + intValue);
            }
            atomicInteger.incrementAndGet();
            LOGGER.debug("Created client [{}]", casClient);
            collection.add(casClient);
        });
    }

    private void configureSamlClient(Collection<BaseClient> collection) {
        AtomicInteger atomicInteger = new AtomicInteger();
        this.casProperties.getAuthn().getPac4j().getSaml().stream().filter(saml -> {
            return StringUtils.isNotBlank(saml.getKeystorePath()) && StringUtils.isNotBlank(saml.getIdentityProviderMetadataPath());
        }).forEach(saml2 -> {
            SAML2ClientConfiguration sAML2ClientConfiguration = new SAML2ClientConfiguration(saml2.getKeystorePath(), saml2.getKeystorePassword(), saml2.getPrivateKeyPassword(), saml2.getIdentityProviderMetadataPath());
            sAML2ClientConfiguration.setMaximumAuthenticationLifetime(saml2.getMaximumAuthenticationLifetime());
            sAML2ClientConfiguration.setServiceProviderEntityId(saml2.getServiceProviderEntityId());
            sAML2ClientConfiguration.setServiceProviderMetadataPath(saml2.getServiceProviderMetadataPath());
            sAML2ClientConfiguration.setDestinationBindingType("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
            SAML2Client sAML2Client = new SAML2Client(sAML2ClientConfiguration);
            int intValue = atomicInteger.intValue();
            if (StringUtils.isNotBlank(saml2.getClientName())) {
                sAML2Client.setName(saml2.getClientName());
            } else if (intValue > 0) {
                sAML2Client.setName(sAML2Client.getClass().getSimpleName() + intValue);
            }
            atomicInteger.incrementAndGet();
            LOGGER.debug("Created client [{}]", sAML2Client);
            collection.add(sAML2Client);
        });
    }

    private void configureOAuth20Client(Collection<BaseClient> collection) {
        AtomicInteger atomicInteger = new AtomicInteger();
        this.casProperties.getAuthn().getPac4j().getOauth2().stream().filter(oAuth20 -> {
            return StringUtils.isNotBlank(oAuth20.getId()) && StringUtils.isNotBlank(oAuth20.getSecret());
        }).forEach(oAuth202 -> {
            GenericOAuth20Client genericOAuth20Client = new GenericOAuth20Client();
            genericOAuth20Client.setKey(oAuth202.getId());
            genericOAuth20Client.setSecret(oAuth202.getSecret());
            genericOAuth20Client.setProfileAttrs(oAuth202.getProfileAttrs());
            genericOAuth20Client.setProfileNodePath(oAuth202.getProfilePath());
            genericOAuth20Client.setProfileUrl(oAuth202.getProfileUrl());
            genericOAuth20Client.setProfileVerb(Verb.valueOf(oAuth202.getProfileVerb().toUpperCase()));
            genericOAuth20Client.setTokenUrl(oAuth202.getTokenUrl());
            genericOAuth20Client.setAuthUrl(oAuth202.getAuthUrl());
            genericOAuth20Client.setCustomParams(oAuth202.getCustomParams());
            int intValue = atomicInteger.intValue();
            if (StringUtils.isNotBlank(oAuth202.getClientName())) {
                genericOAuth20Client.setName(oAuth202.getClientName());
            } else if (intValue > 0) {
                genericOAuth20Client.setName(genericOAuth20Client.getClass().getSimpleName() + intValue);
            }
            atomicInteger.incrementAndGet();
            LOGGER.debug("Created client [{}]", genericOAuth20Client);
            collection.add(genericOAuth20Client);
        });
    }

    private void configureOidcClient(Collection<BaseClient> collection) {
        AtomicInteger atomicInteger = new AtomicInteger();
        this.casProperties.getAuthn().getPac4j().getOidc().stream().filter(oidc -> {
            return StringUtils.isNotBlank(oidc.getId()) && StringUtils.isNotBlank(oidc.getSecret());
        }).forEach(oidc2 -> {
            GoogleOidcClient oidcClient;
            OidcConfiguration oidcConfiguration = new OidcConfiguration();
            if (StringUtils.isNotBlank(oidc2.getScope())) {
                oidcConfiguration.setScope(oidc2.getScope());
            }
            oidcConfiguration.setUseNonce(oidc2.isUseNonce());
            oidcConfiguration.setSecret(oidc2.getSecret());
            oidcConfiguration.setClientId(oidc2.getId());
            if (StringUtils.isNotBlank(oidc2.getPreferredJwsAlgorithm())) {
                oidcConfiguration.setPreferredJwsAlgorithm(JWSAlgorithm.parse(oidc2.getPreferredJwsAlgorithm().toUpperCase()));
            }
            oidcConfiguration.setMaxClockSkew(oidc2.getMaxClockSkew());
            oidcConfiguration.setDiscoveryURI(oidc2.getDiscoveryUri());
            oidcConfiguration.setCustomParams(oidc2.getCustomParams());
            String upperCase = oidc2.getType().toUpperCase();
            boolean z = -1;
            switch (upperCase.hashCode()) {
                case 62794351:
                    if (upperCase.equals("AZURE")) {
                        z = true;
                        break;
                    }
                    break;
                case 637834679:
                    if (upperCase.equals("GENERIC")) {
                        z = 2;
                        break;
                    }
                    break;
                case 2108052025:
                    if (upperCase.equals("GOOGLE")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    oidcClient = new GoogleOidcClient(oidcConfiguration);
                    break;
                case true:
                    oidcClient = new AzureAdClient(oidcConfiguration);
                    break;
                case true:
                default:
                    oidcClient = new OidcClient(oidcConfiguration);
                    break;
            }
            int intValue = atomicInteger.intValue();
            if (StringUtils.isNotBlank(oidc2.getClientName())) {
                oidcClient.setName(oidc2.getClientName());
            } else if (intValue > 0) {
                oidcClient.setName(oidcClient.getClass().getSimpleName() + intValue);
            }
            atomicInteger.incrementAndGet();
            LOGGER.debug("Created client [{}]", oidcClient);
            collection.add(oidcClient);
        });
    }

    @RefreshScope
    @Bean
    public Clients builtClients() {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        configureCasClient(linkedHashSet);
        configureFacebookClient(linkedHashSet);
        configureOidcClient(linkedHashSet);
        configureOAuth20Client(linkedHashSet);
        configureSamlClient(linkedHashSet);
        configureTwitterClient(linkedHashSet);
        configureDropboxClient(linkedHashSet);
        configureFoursquareClient(linkedHashSet);
        configureGithubClient(linkedHashSet);
        configureGoogleClient(linkedHashSet);
        configureWindowsLiveClient(linkedHashSet);
        configureYahooClient(linkedHashSet);
        configureLinkedInClient(linkedHashSet);
        configurePaypalClient(linkedHashSet);
        configureWordpressClient(linkedHashSet);
        configureBitbucketClient(linkedHashSet);
        LOGGER.debug("The following clients are built: [{}]", linkedHashSet);
        if (linkedHashSet.isEmpty()) {
            LOGGER.warn("No delegated authentication clients are defined/configured");
        }
        LOGGER.info("Located and prepared [{}] delegated authentication client(s)", Integer.valueOf(linkedHashSet.size()));
        return new Clients(this.casProperties.getServer().getLoginUrl(), new ArrayList(linkedHashSet));
    }

    @ConditionalOnMissingBean(name = {"clientPrincipalFactory"})
    @Bean
    public PrincipalFactory clientPrincipalFactory() {
        return new DefaultPrincipalFactory();
    }

    @Bean
    public AuthenticationMetaDataPopulator clientAuthenticationMetaDataPopulator() {
        return new ClientAuthenticationMetaDataPopulator();
    }

    @Bean
    public Action saml2ClientLogoutAction() {
        return new SAML2ClientLogoutAction(builtClients());
    }

    @RefreshScope
    @Bean
    public AuthenticationHandler clientAuthenticationHandler() {
        ClientAuthenticationHandler clientAuthenticationHandler = new ClientAuthenticationHandler(this.casProperties.getAuthn().getPac4j().getName(), this.servicesManager, clientPrincipalFactory(), builtClients());
        clientAuthenticationHandler.setTypedIdUsed(this.casProperties.getAuthn().getPac4j().isTypedIdUsed());
        return clientAuthenticationHandler;
    }

    public void configureAuthenticationExecutionPlan(AuthenticationEventExecutionPlan authenticationEventExecutionPlan) {
        if (builtClients().findAllClients().isEmpty()) {
            return;
        }
        LOGGER.info("Registering delegated authentication clients...");
        authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(clientAuthenticationHandler(), this.personDirectoryPrincipalResolver);
        authenticationEventExecutionPlan.registerMetadataPopulator(clientAuthenticationMetaDataPopulator());
    }
}
