package org.apereo.cas.config;

import java.util.List;
import lombok.Generated;
import org.apereo.cas.audit.AuditTrailRecordResolutionPlanConfigurer;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties;
import org.apereo.cas.consent.AttributeConsentReportEndpoint;
import org.apereo.cas.consent.AttributeReleaseConsentCipherExecutor;
import org.apereo.cas.consent.ConsentActivationStrategy;
import org.apereo.cas.consent.ConsentDecisionBuilder;
import org.apereo.cas.consent.ConsentEngine;
import org.apereo.cas.consent.ConsentRepository;
import org.apereo.cas.consent.ConsentableAttributeBuilder;
import org.apereo.cas.consent.DefaultConsentActivationStrategy;
import org.apereo.cas.consent.DefaultConsentDecisionBuilder;
import org.apereo.cas.consent.DefaultConsentEngine;
import org.apereo.cas.consent.GroovyConsentActivationStrategy;
import org.apereo.cas.consent.GroovyConsentRepository;
import org.apereo.cas.consent.InMemoryConsentRepository;
import org.apereo.cas.consent.JsonConsentRepository;
import org.apereo.cas.util.cipher.CipherExecutorUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.nativex.CasRuntimeHintsRegistrar;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.inspektr.audit.spi.AuditActionResolver;
import org.apereo.inspektr.audit.spi.AuditResourceResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnAvailableEndpoint;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.core.io.Resource;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.Consent})
/* loaded from: input_file:org/apereo/cas/config/CasConsentCoreConfiguration.class */
public class CasConsentCoreConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CasConsentCoreConfiguration.class);

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasConsentCoreActivationConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasConsentCoreConfiguration$CasConsentCoreActivationConfiguration.class */
    public static class CasConsentCoreActivationConfiguration {
        @ConditionalOnMissingBean(name = {"consentActivationStrategy"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ConsentActivationStrategy consentActivationStrategy(@Qualifier("consentEngine") ConsentEngine consentEngine, CasConfigurationProperties casConfigurationProperties) {
            Resource location = casConfigurationProperties.getConsent().getActivationStrategyGroovyScript().getLocation();
            return (location == null || !CasRuntimeHintsRegistrar.notInNativeImage()) ? new DefaultConsentActivationStrategy(consentEngine, casConfigurationProperties) : new GroovyConsentActivationStrategy(location, consentEngine, casConfigurationProperties);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasConsentCoreAuditConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasConsentCoreConfiguration$CasConsentCoreAuditConfiguration.class */
    public static class CasConsentCoreAuditConfiguration {
        @ConditionalOnMissingBean(name = {"casConsentAuditTrailRecordResolutionPlanConfigurer"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AuditTrailRecordResolutionPlanConfigurer casConsentAuditTrailRecordResolutionPlanConfigurer(@Qualifier("authenticationActionResolver") AuditActionResolver auditActionResolver, @Qualifier("returnValueResourceResolver") AuditResourceResolver auditResourceResolver) {
            return auditTrailRecordResolutionPlan -> {
                auditTrailRecordResolutionPlan.registerAuditActionResolver("SAVE_CONSENT_ACTION_RESOLVER", auditActionResolver);
                auditTrailRecordResolutionPlan.registerAuditActionResolver("VERIFY_CONSENT_ACTION_RESOLVER", auditActionResolver);
                auditTrailRecordResolutionPlan.registerAuditResourceResolver("SAVE_CONSENT_RESOURCE_RESOLVER", auditResourceResolver);
                auditTrailRecordResolutionPlan.registerAuditResourceResolver("VERIFY_CONSENT_RESOURCE_RESOLVER", auditResourceResolver);
            };
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasConsentCoreBuilderConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasConsentCoreConfiguration$CasConsentCoreBuilderConfiguration.class */
    public static class CasConsentCoreBuilderConfiguration {
        @ConditionalOnMissingBean(name = {"defaultConsentableAttributeBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ConsentableAttributeBuilder defaultConsentableAttributeBuilder() {
            return ConsentableAttributeBuilder.noOp();
        }

        @ConditionalOnMissingBean(name = {"consentCipherExecutor"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public CipherExecutor consentCipherExecutor(CasConfigurationProperties casConfigurationProperties) {
            EncryptionJwtSigningJwtCryptographyProperties crypto = casConfigurationProperties.getConsent().getCore().getCrypto();
            if (crypto.isEnabled()) {
                return CipherExecutorUtils.newStringCipherExecutor(crypto, AttributeReleaseConsentCipherExecutor.class);
            }
            CasConsentCoreConfiguration.LOGGER.debug("Consent attributes stored by CAS are not signed/encrypted.");
            return CipherExecutor.noOp();
        }

        @ConditionalOnMissingBean(name = {"consentDecisionBuilder"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ConsentDecisionBuilder consentDecisionBuilder(@Qualifier("consentCipherExecutor") CipherExecutor cipherExecutor) {
            return new DefaultConsentDecisionBuilder(cipherExecutor);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasConsentCoreEngineConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasConsentCoreConfiguration$CasConsentCoreEngineConfiguration.class */
    public static class CasConsentCoreEngineConfiguration {
        @ConditionalOnMissingBean(name = {"consentEngine"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ConsentEngine consentEngine(ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, @Qualifier("consentDecisionBuilder") ConsentDecisionBuilder consentDecisionBuilder, List<ConsentableAttributeBuilder> list, @Qualifier("consentRepository") ConsentRepository consentRepository) {
            AnnotationAwareOrderComparator.sortIfNecessary(list);
            return new DefaultConsentEngine(consentRepository, consentDecisionBuilder, casConfigurationProperties, list, configurableApplicationContext);
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasConsentCoreRepositoryConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasConsentCoreConfiguration$CasConsentCoreRepositoryConfiguration.class */
    public static class CasConsentCoreRepositoryConfiguration {
        @ConditionalOnMissingBean(name = {"consentRepository"})
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public ConsentRepository consentRepository(CasConfigurationProperties casConfigurationProperties) {
            return (ConsentRepository) FunctionUtils.doUnchecked(() -> {
                Resource location = casConfigurationProperties.getConsent().getJson().getLocation();
                if (location != null) {
                    CasConsentCoreConfiguration.LOGGER.warn("Storing consent records in [{}]. This MAY NOT be appropriate in production. Consider choosing an alternative repository format for storing consent decisions", location);
                    return new JsonConsentRepository(location);
                }
                Resource location2 = casConfigurationProperties.getConsent().getGroovy().getLocation();
                if (location2 != null && CasRuntimeHintsRegistrar.notInNativeImage()) {
                    return new GroovyConsentRepository(location2);
                }
                CasConsentCoreConfiguration.LOGGER.warn("Storing consent records in memory. This option is ONLY relevant for demos and testing purposes.");
                return new InMemoryConsentRepository();
            });
        }
    }

    @EnableConfigurationProperties({CasConfigurationProperties.class})
    @Configuration(value = "CasConsentCoreWebConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/config/CasConsentCoreConfiguration$CasConsentCoreWebConfiguration.class */
    public static class CasConsentCoreWebConfiguration {
        @ConditionalOnAvailableEndpoint
        @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
        @Bean
        public AttributeConsentReportEndpoint attributeConsentReportEndpoint(@Qualifier("consentEngine") ObjectProvider<ConsentEngine> objectProvider, @Qualifier("consentRepository") ObjectProvider<ConsentRepository> objectProvider2, CasConfigurationProperties casConfigurationProperties) {
            return new AttributeConsentReportEndpoint(casConfigurationProperties, objectProvider2, objectProvider);
        }
    }
}
