package be.atbash.ee.security.octopus.cas.config;

import be.atbash.config.AbstractConfiguration;
import be.atbash.config.logging.ConfigEntry;
import be.atbash.config.logging.ModuleConfig;
import be.atbash.config.logging.ModuleConfigName;
import be.atbash.config.logging.StartupLogging;
import be.atbash.ee.security.octopus.config.exception.ConfigurationException;
import be.atbash.util.StringUtils;
import be.atbash.util.exception.AtbashUnexpectedException;
import be.atbash.util.reflection.CDICheck;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.enterprise.context.ApplicationScoped;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ApplicationScoped
@ModuleConfigName("Octopus CAS Configuration")
/* loaded from: input_file:be/atbash/ee/security/octopus/cas/config/OctopusCasConfiguration.class */
public class OctopusCasConfiguration extends AbstractConfiguration implements ModuleConfig {
    private String casService;
    private static OctopusCasConfiguration INSTANCE;
    private static final Logger LOGGER = LoggerFactory.getLogger(OctopusCasConfiguration.class);
    private static final Object LOCK = new Object();

    @ConfigEntry
    public String getCASEmailProperty() {
        return (String) getOptionalValue("CAS.property.email", "email", String.class);
    }

    @ConfigEntry
    public String getSSOServer() {
        String str = (String) getOptionalValue("CAS.SSO.server", String.class);
        if (StringUtils.isEmpty(str)) {
            throw new ConfigurationException("A value for 'CAS.SSO.server' is required.");
        }
        return str;
    }

    @ConfigEntry
    public CASProtocol getCASProtocol() {
        String str = (String) getOptionalValue("CAS.protocol", "CAS", String.class);
        CASProtocol fromValue = CASProtocol.fromValue(str);
        if (fromValue == null) {
            throw new ConfigurationException(String.format("Invalid value for parameter CAS.protocol specified : %s (CAS or SAML allowed)", str));
        }
        return fromValue;
    }

    @ConfigEntry
    public String getCASService() {
        if (this.casService == null) {
            this.casService = (String) getOptionalValue("CAS.service", String.class);
        }
        return this.casService;
    }

    public void setCasService(String str) {
        this.casService = str;
    }

    @ConfigEntry
    public boolean isSSLCheckDisabled() {
        Boolean bool = (Boolean) getOptionalValue("CAS.SSL.disabled", Boolean.FALSE, Boolean.class);
        if (bool.booleanValue()) {
            disableSSLChecks();
        }
        return bool.booleanValue();
    }

    private void disableSSLChecks() {
        try {
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: be.atbash.ee.security.octopus.cas.config.OctopusCasConfiguration.1
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            });
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(new KeyManager[0], new TrustManager[]{new NOOPTrustManager()}, new SecureRandom());
            SSLContext.setDefault(sSLContext);
            LOGGER.warn("The SSL checks are disabled for CAS access.This means no DNS and Certificate checks are performed when accessing CAS endpoints. This is a huge risk and only acceptable for DEV environment");
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new AtbashUnexpectedException(e);
        }
    }

    public static OctopusCasConfiguration getInstance() {
        if (INSTANCE == null) {
            synchronized (LOCK) {
                if (INSTANCE == null) {
                    INSTANCE = new OctopusCasConfiguration();
                    if (!CDICheck.withinContainer()) {
                        StartupLogging.logConfiguration(INSTANCE);
                    }
                }
            }
        }
        return INSTANCE;
    }
}
