package com.evolveum.midpoint.web.boot;

import org.apache.commons.lang3.StringUtils;
import org.jasig.cas.client.validation.TicketValidator;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.core.userdetails.UserDetailsService;

@Profile({"cas"})
@Configuration
/* loaded from: input_file:com/evolveum/midpoint/web/boot/CasSecurityConfig.class */
public class CasSecurityConfig {

    @Value("${auth.cas.midpoint.url}")
    private String casMidpointUrl;

    @Value("${auth.cas.server.url}")
    private String casServerUrl;

    @Value("${auth.cas.ticketValidator}")
    private String ticketValidator;

    @Bean
    public ServiceProperties serviceProperties() {
        ServiceProperties serviceProperties = new ServiceProperties();
        serviceProperties.setService(this.casMidpointUrl + "/login/cas");
        serviceProperties.setSendRenew(false);
        return serviceProperties;
    }

    @Bean
    public CasAuthenticationEntryPoint authenticationEntryPoint() {
        CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
        casAuthenticationEntryPoint.setLoginUrl(this.casServerUrl + "/login");
        casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
        return casAuthenticationEntryPoint;
    }

    @Profile({"cas"})
    @Bean
    public AuthenticationProvider midPointAuthenticationProvider(UserDetailsService userDetailsService) throws Exception {
        CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
        casAuthenticationProvider.setAuthenticationUserDetailsService(new UserDetailsByNameServiceWrapper(userDetailsService));
        casAuthenticationProvider.setServiceProperties(serviceProperties());
        casAuthenticationProvider.setTicketValidator(createTicketValidatorInstance());
        casAuthenticationProvider.setKey("CAS_ID");
        return casAuthenticationProvider;
    }

    private TicketValidator createTicketValidatorInstance() throws Exception {
        if (!StringUtils.contains(this.ticketValidator, "\\.")) {
            this.ticketValidator = "org.jasig.cas.client.validation." + this.ticketValidator;
        }
        return (TicketValidator) Class.forName(this.ticketValidator).getConstructor(String.class).newInstance(this.casServerUrl);
    }
}
