package org.apereo.cas.config;

import lombok.Generated;
import org.apereo.cas.audit.AuditTrailRecordResolutionPlanConfigurer;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.consent.AttributeConsentReportEndpoint;
import org.apereo.cas.consent.AttributeReleaseConsentCipherExecutor;
import org.apereo.cas.consent.ConsentDecisionBuilder;
import org.apereo.cas.consent.ConsentEngine;
import org.apereo.cas.consent.ConsentRepository;
import org.apereo.cas.consent.DefaultConsentDecisionBuilder;
import org.apereo.cas.consent.DefaultConsentEngine;
import org.apereo.cas.consent.GroovyConsentRepository;
import org.apereo.cas.consent.InMemoryConsentRepository;
import org.apereo.cas.consent.JsonConsentRepository;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.inspektr.audit.spi.AuditActionResolver;
import org.apereo.inspektr.audit.spi.AuditResourceResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnAvailableEndpoint;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casConsentCoreConfiguration")
/* loaded from: input_file:org/apereo/cas/config/CasConsentCoreConfiguration.class */
public class CasConsentCoreConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CasConsentCoreConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("authenticationActionResolver")
    private ObjectProvider<AuditActionResolver> authenticationActionResolver;

    @Autowired
    @Qualifier("returnValueResourceResolver")
    private ObjectProvider<AuditResourceResolver> returnValueResourceResolver;

    @ConditionalOnMissingBean(name = {"consentEngine"})
    @RefreshScope
    @Bean
    public ConsentEngine consentEngine() {
        return new DefaultConsentEngine(consentRepository(), consentDecisionBuilder());
    }

    @ConditionalOnMissingBean(name = {"consentCipherExecutor"})
    @RefreshScope
    @Bean
    public CipherExecutor consentCipherExecutor() {
        EncryptionJwtSigningJwtCryptographyProperties crypto = this.casProperties.getConsent().getCrypto();
        if (crypto.isEnabled()) {
            return new AttributeReleaseConsentCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey(), crypto.getAlg(), crypto.getSigning().getKeySize(), crypto.getEncryption().getKeySize());
        }
        LOGGER.debug("Consent attributes stored by CAS are not signed/encrypted.");
        return CipherExecutor.noOp();
    }

    @ConditionalOnMissingBean(name = {"consentDecisionBuilder"})
    @RefreshScope
    @Bean
    public ConsentDecisionBuilder consentDecisionBuilder() {
        return new DefaultConsentDecisionBuilder(consentCipherExecutor());
    }

    @ConditionalOnMissingBean(name = {"consentRepository"})
    @RefreshScope
    @Bean
    public ConsentRepository consentRepository() {
        Resource location = this.casProperties.getConsent().getJson().getLocation();
        if (location != null) {
            LOGGER.warn("Storing consent records in [{}]. This MAY NOT be appropriate in production. Consider choosing an alternative repository format for storing consent decisions", location);
            return new JsonConsentRepository(location);
        }
        Resource location2 = this.casProperties.getConsent().getGroovy().getLocation();
        if (location2 != null) {
            return new GroovyConsentRepository(location2);
        }
        LOGGER.warn("Storing consent records in memory. This option is ONLY relevant for demos and testing purposes.");
        return new InMemoryConsentRepository();
    }

    @Bean
    public AuditTrailRecordResolutionPlanConfigurer casConsentAuditTrailRecordResolutionPlanConfigurer() {
        return auditTrailRecordResolutionPlan -> {
            auditTrailRecordResolutionPlan.registerAuditActionResolver("SAVE_CONSENT_ACTION_RESOLVER", (AuditActionResolver) this.authenticationActionResolver.getIfAvailable());
            auditTrailRecordResolutionPlan.registerAuditResourceResolver("SAVE_CONSENT_RESOURCE_RESOLVER", (AuditResourceResolver) this.returnValueResourceResolver.getIfAvailable());
        };
    }

    @ConditionalOnAvailableEndpoint
    @Bean
    public AttributeConsentReportEndpoint attributeConsentReportEndpoint() {
        return new AttributeConsentReportEndpoint(this.casProperties, consentRepository(), consentEngine());
    }
}
