package com.supwisdom.institute.cas.site.token;

import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.token.TokenTicketBuilder;
import org.apereo.cas.validation.CasProtocolAttributesRenderer;
import org.apereo.cas.web.support.ArgumentExtractor;
import org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator;
import org.jasig.cas.client.validation.TicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfigureOrder;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("tokenConfiguration")
@AutoConfigureOrder(Integer.MIN_VALUE)
/* loaded from: input_file:com/supwisdom/institute/cas/site/token/TokenConfiguration.class */
public class TokenConfiguration {
    private static final Logger log = LoggerFactory.getLogger(TokenConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("centralAuthenticationService")
    private CentralAuthenticationService centralAuthenticationService;

    @Autowired
    @Qualifier("argumentExtractor")
    private ObjectProvider<ArgumentExtractor> argumentExtractor;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("grantingTicketExpirationPolicy")
    private ExpirationPolicy grantingTicketExpirationPolicy;

    @Autowired
    @Qualifier("cas3ProtocolAttributesRenderer")
    private CasProtocolAttributesRenderer cas3ProtocolAttributesRenderer;

    @Autowired
    @Qualifier("webApplicationServiceFactory")
    private ServiceFactory webApplicationServiceFactory;

    @Autowired
    @Qualifier("casClientTicketValidator")
    private AbstractUrlBasedTicketValidator casClientTicketValidator;

    @Autowired
    @Qualifier("tokenCipherExecutor")
    private CipherExecutor tokenCipherExecutor;

    @Bean
    public TicketValidator jwtTokenTicketValidator() {
        JWTTokenTicketValidator jWTTokenTicketValidator = new JWTTokenTicketValidator(StringUtils.defaultString(this.casProperties.getClient().getPrefix(), this.casProperties.getServer().getPrefix()), this.centralAuthenticationService, this.webApplicationServiceFactory, this.cas3ProtocolAttributesRenderer);
        log.info("use JWTTokenTicketValidator to validate service ticket.");
        return jWTTokenTicketValidator;
    }

    @RefreshScope
    @ConditionalOnProperty(name = {"cas-server-site.token.ticket.validator.enabled"}, havingValue = "false", matchIfMissing = true)
    @Bean(name = {"tokenTicketBuilder"})
    public TokenTicketBuilder casTokenTicketBuilder() {
        return new CasServerJWTTokenTicketBuilder(this.casClientTicketValidator, this.casProperties.getServer().getPrefix(), this.tokenCipherExecutor, this.grantingTicketExpirationPolicy, this.servicesManager);
    }

    @RefreshScope
    @ConditionalOnProperty(name = {"cas-server-site.token.ticket.validator.enabled"}, havingValue = "true", matchIfMissing = false)
    @Bean(name = {"tokenTicketBuilder"})
    public TokenTicketBuilder jwtTokenTicketBuilder() {
        return new CasServerJWTTokenTicketBuilder(jwtTokenTicketValidator(), this.casProperties.getServer().getPrefix(), this.tokenCipherExecutor, this.grantingTicketExpirationPolicy, this.servicesManager);
    }
}
