package org.apache.shiro.spring.boot;

import java.util.List;
import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;
import org.apache.shiro.biz.realm.AuthorizingRealmListener;
import org.apache.shiro.biz.web.filter.authc.listener.LogoutListener;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.boot.ShiroCasProperties;
import org.apache.shiro.spring.boot.cas.CasPrincipalRepository;
import org.apache.shiro.spring.boot.cas.ShiroCasFilterFactoryBean;
import org.apache.shiro.spring.boot.cas.filter.CasAuthenticatingFilter;
import org.apache.shiro.spring.boot.cas.filter.CasLogoutFilter;
import org.apache.shiro.spring.boot.cas.realm.CasStatefulAuthorizingRealm;
import org.apache.shiro.spring.boot.utils.CasUrlUtils;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.spring.web.config.AbstractShiroWebFilterConfiguration;
import org.apache.shiro.web.servlet.AbstractShiroFilter;
import org.jasig.cas.client.Protocol;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.authentication.Saml11AuthenticationFilter;
import org.jasig.cas.client.configuration.ConfigurationKeys;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.util.AssertionThreadLocalFilter;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.AbstractTicketValidationFilter;
import org.jasig.cas.client.validation.Cas10TicketValidationFilter;
import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
import org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter;
import org.jasig.cas.client.validation.Saml11TicketValidationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.StringUtils;

@AutoConfigureBefore(name = {"org.apache.shiro.spring.config.web.autoconfigure.ShiroWebFilterConfiguration", "org.apache.shiro.spring.boot.ShiroBizWebFilterConfiguration"})
@EnableConfigurationProperties({ShiroCasProperties.class, ShiroBizProperties.class, ServerProperties.class})
@Configuration
@ConditionalOnClass({AuthenticationFilter.class})
@ConditionalOnProperty(prefix = ShiroCasProperties.PREFIX, value = {"enabled"}, havingValue = "true")
@ConditionalOnWebApplication
/* loaded from: input_file:org/apache/shiro/spring/boot/ShiroCasWebFilterConfiguration.class */
public class ShiroCasWebFilterConfiguration extends AbstractShiroWebFilterConfiguration {

    @Autowired
    private ShiroCasProperties casProperties;

    @Autowired
    private ShiroBizProperties bizProperties;

    @Autowired
    private ServerProperties serverProperties;

    @Bean
    public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() {
        ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> servletListenerRegistrationBean = new ServletListenerRegistrationBean<>(new SingleSignOutHttpSessionListener());
        servletListenerRegistrationBean.setOrder(1);
        return servletListenerRegistrationBean;
    }

    @Bean
    public FilterRegistrationBean<AbstractTicketValidationFilter> ticketValidationFilter() {
        FilterRegistrationBean<AbstractTicketValidationFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setEnabled(this.casProperties.isEnabled());
        if (Protocol.CAS1.equals(this.casProperties.getProtocol())) {
            filterRegistrationBean.setFilter(new Cas10TicketValidationFilter());
        } else if (Protocol.CAS2.equals(this.casProperties.getProtocol())) {
            filterRegistrationBean.setFilter(new Cas20ProxyReceivingTicketValidationFilter());
            filterRegistrationBean.addInitParameter(ConfigurationKeys.ACCEPT_ANY_PROXY.getName(), Boolean.toString(this.casProperties.isAcceptAnyProxy()));
            if (StringUtils.hasText(this.casProperties.getAllowedProxyChains())) {
                filterRegistrationBean.addInitParameter(ConfigurationKeys.ALLOWED_PROXY_CHAINS.getName(), this.casProperties.getAllowedProxyChains());
            }
            filterRegistrationBean.addInitParameter(ConfigurationKeys.ARTIFACT_PARAMETER_OVER_POST.getName(), Boolean.toString(this.casProperties.isArtifactParameterOverPost()));
            if (StringUtils.hasText(this.casProperties.getArtifactParameterName())) {
                filterRegistrationBean.addInitParameter(ConfigurationKeys.ARTIFACT_PARAMETER_NAME.getName(), this.casProperties.getArtifactParameterName());
            }
            if (StringUtils.hasText(this.casProperties.getAuthenticationRedirectStrategyClass())) {
                filterRegistrationBean.addInitParameter(ConfigurationKeys.AUTHENTICATION_REDIRECT_STRATEGY_CLASS.getName(), this.casProperties.getAuthenticationRedirectStrategyClass());
            }
            if (StringUtils.hasText(this.casProperties.getCipherAlgorithm())) {
                filterRegistrationBean.addInitParameter(ConfigurationKeys.CIPHER_ALGORITHM.getName(), this.casProperties.getCipherAlgorithm());
            }
            filterRegistrationBean.addInitParameter(ConfigurationKeys.EAGERLY_CREATE_SESSIONS.getName(), Boolean.toString(this.casProperties.isEagerlyCreateSessions()));
            filterRegistrationBean.addInitParameter(ConfigurationKeys.GATEWAY.getName(), Boolean.toString(this.casProperties.isGateway()));
            if (StringUtils.hasText(this.casProperties.getGatewayStorageClass())) {
                filterRegistrationBean.addInitParameter(ConfigurationKeys.GATEWAY_STORAGE_CLASS.getName(), this.casProperties.getGatewayStorageClass());
            }
            filterRegistrationBean.addInitParameter(ConfigurationKeys.IGNORE_CASE.getName(), Boolean.toString(this.casProperties.isIgnoreCase()));
            if (StringUtils.hasText(this.casProperties.getIgnorePattern())) {
                filterRegistrationBean.addInitParameter(ConfigurationKeys.IGNORE_PATTERN.getName(), this.casProperties.getIgnorePattern());
            }
            filterRegistrationBean.addInitParameter(ConfigurationKeys.IGNORE_URL_PATTERN_TYPE.getName(), this.casProperties.getIgnoreUrlPatternType().toString());
            if (StringUtils.hasText(this.casProperties.getLogoutParameterName())) {
                filterRegistrationBean.addInitParameter(ConfigurationKeys.LOGOUT_PARAMETER_NAME.getName(), this.casProperties.getLogoutParameterName());
            }
            filterRegistrationBean.addInitParameter(ConfigurationKeys.MILLIS_BETWEEN_CLEAN_UPS.getName(), Long.toString(this.casProperties.getMillisBetweenCleanUps()));
            if (StringUtils.hasText(this.casProperties.getProxyReceptorUrl())) {
                filterRegistrationBean.addInitParameter(ConfigurationKeys.PROXY_RECEPTOR_URL.getName(), this.casProperties.getProxyReceptorUrl());
            }
            if (StringUtils.hasText(this.casProperties.getProxyCallbackUrl())) {
                filterRegistrationBean.addInitParameter(ConfigurationKeys.PROXY_CALLBACK_URL.getName(), this.casProperties.getProxyCallbackUrl());
            }
            if (StringUtils.hasText(this.casProperties.getProxyGrantingTicketStorageClass())) {
                filterRegistrationBean.addInitParameter(ConfigurationKeys.PROXY_GRANTING_TICKET_STORAGE_CLASS.getName(), this.casProperties.getProxyGrantingTicketStorageClass());
            }
            if (StringUtils.hasText(this.casProperties.getRelayStateParameterName())) {
                filterRegistrationBean.addInitParameter(ConfigurationKeys.RELAY_STATE_PARAMETER_NAME.getName(), this.casProperties.getRelayStateParameterName());
            }
            if (StringUtils.hasText(this.casProperties.getRoleAttribute())) {
                filterRegistrationBean.addInitParameter(ConfigurationKeys.ROLE_ATTRIBUTE.getName(), this.casProperties.getRoleAttribute());
            }
            if (StringUtils.hasText(this.casProperties.getSecretKey())) {
                filterRegistrationBean.addInitParameter(ConfigurationKeys.SECRET_KEY.getName(), this.casProperties.getSecretKey());
            }
            if (StringUtils.hasText(this.casProperties.getTicketValidatorClass())) {
                filterRegistrationBean.addInitParameter(ConfigurationKeys.TICKET_VALIDATOR_CLASS.getName(), this.casProperties.getTicketValidatorClass());
            }
            filterRegistrationBean.addInitParameter(ConfigurationKeys.TOLERANCE.getName(), Long.toString(this.casProperties.getTolerance()));
        } else if (Protocol.CAS3.equals(this.casProperties.getProtocol())) {
            filterRegistrationBean.setFilter(new Cas30ProxyReceivingTicketValidationFilter());
        } else if (Protocol.SAML11.equals(this.casProperties.getProtocol())) {
            filterRegistrationBean.setFilter(new Saml11TicketValidationFilter());
            filterRegistrationBean.addInitParameter(ConfigurationKeys.TOLERANCE.getName(), Long.toString(this.casProperties.getTolerance()));
        }
        filterRegistrationBean.addInitParameter(ConfigurationKeys.ENCODE_SERVICE_URL.getName(), Boolean.toString(this.casProperties.isEncodeServiceUrl()));
        if (StringUtils.hasText(this.casProperties.getEncoding())) {
            filterRegistrationBean.addInitParameter(ConfigurationKeys.ENCODING.getName(), this.casProperties.getEncoding());
        }
        filterRegistrationBean.addInitParameter(ConfigurationKeys.EXCEPTION_ON_VALIDATION_FAILURE.getName(), Boolean.toString(this.casProperties.isExceptionOnValidationFailure()));
        filterRegistrationBean.addInitParameter(ConfigurationKeys.CAS_SERVER_LOGIN_URL.getName(), this.casProperties.getCasServerLoginUrl());
        filterRegistrationBean.addInitParameter(ConfigurationKeys.CAS_SERVER_URL_PREFIX.getName(), this.casProperties.getCasServerUrlPrefix());
        if (StringUtils.hasText(this.casProperties.getHostnameVerifier())) {
            filterRegistrationBean.addInitParameter(ConfigurationKeys.HOSTNAME_VERIFIER.getName(), this.casProperties.getHostnameVerifier());
        }
        if (StringUtils.hasText(this.casProperties.getHostnameVerifierConfig())) {
            filterRegistrationBean.addInitParameter(ConfigurationKeys.HOSTNAME_VERIFIER_CONFIG.getName(), this.casProperties.getHostnameVerifierConfig());
        }
        filterRegistrationBean.addInitParameter(ConfigurationKeys.REDIRECT_AFTER_VALIDATION.getName(), Boolean.toString(this.casProperties.isRedirectAfterValidation()));
        if (StringUtils.hasText(this.casProperties.getServerName())) {
            filterRegistrationBean.addInitParameter(ConfigurationKeys.SERVER_NAME.getName(), this.casProperties.getServerName());
        } else if (StringUtils.hasText(this.casProperties.getService())) {
            filterRegistrationBean.addInitParameter(ConfigurationKeys.SERVICE.getName(), this.casProperties.getService());
        }
        if (StringUtils.hasText(this.casProperties.getSslConfigFile())) {
            filterRegistrationBean.addInitParameter(ConfigurationKeys.SSL_CONFIG_FILE.getName(), this.casProperties.getSslConfigFile());
        }
        filterRegistrationBean.addInitParameter(ConfigurationKeys.USE_SESSION.getName(), Boolean.toString(this.casProperties.isUseSession()));
        filterRegistrationBean.addUrlPatterns(this.casProperties.getTicketValidationFilterUrlPatterns());
        filterRegistrationBean.setOrder(3);
        return filterRegistrationBean;
    }

    @Bean
    public FilterRegistrationBean<AbstractCasFilter> authenticationFilter() {
        FilterRegistrationBean<AbstractCasFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        if (Protocol.SAML11.equals(this.casProperties.getProtocol())) {
            filterRegistrationBean.setFilter(new Saml11AuthenticationFilter());
        } else {
            filterRegistrationBean.setFilter(new AuthenticationFilter());
        }
        if (StringUtils.hasText(this.casProperties.getAuthenticationRedirectStrategyClass())) {
            filterRegistrationBean.addInitParameter(ConfigurationKeys.AUTHENTICATION_REDIRECT_STRATEGY_CLASS.getName(), this.casProperties.getAuthenticationRedirectStrategyClass());
        }
        filterRegistrationBean.addInitParameter(ConfigurationKeys.CAS_SERVER_LOGIN_URL.getName(), this.casProperties.getCasServerLoginUrl());
        filterRegistrationBean.addInitParameter(ConfigurationKeys.ENCODE_SERVICE_URL.getName(), Boolean.toString(this.casProperties.isEncodeServiceUrl()));
        filterRegistrationBean.addInitParameter(ConfigurationKeys.GATEWAY.getName(), Boolean.toString(this.casProperties.isGateway()));
        if (StringUtils.hasText(this.casProperties.getGatewayStorageClass())) {
            filterRegistrationBean.addInitParameter(ConfigurationKeys.GATEWAY_STORAGE_CLASS.getName(), this.casProperties.getGatewayStorageClass());
        }
        if (StringUtils.hasText(this.casProperties.getIgnorePattern())) {
            filterRegistrationBean.addInitParameter(ConfigurationKeys.IGNORE_PATTERN.getName(), this.casProperties.getIgnorePattern());
        }
        filterRegistrationBean.addInitParameter(ConfigurationKeys.IGNORE_URL_PATTERN_TYPE.getName(), this.casProperties.getIgnoreUrlPatternType().toString());
        if (StringUtils.hasText(this.casProperties.getServerName())) {
            filterRegistrationBean.addInitParameter(ConfigurationKeys.SERVER_NAME.getName(), this.casProperties.getServerName());
        } else if (StringUtils.hasText(this.casProperties.getService())) {
            filterRegistrationBean.addInitParameter(ConfigurationKeys.SERVICE.getName(), this.casProperties.getService());
        }
        filterRegistrationBean.addUrlPatterns(this.casProperties.getAuthenticationFilterUrlPatterns());
        filterRegistrationBean.setOrder(4);
        return filterRegistrationBean;
    }

    @Bean
    public FilterRegistrationBean<HttpServletRequestWrapperFilter> requestWrapperFilter() {
        FilterRegistrationBean<HttpServletRequestWrapperFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter(new HttpServletRequestWrapperFilter());
        filterRegistrationBean.setEnabled(this.casProperties.isEnabled());
        filterRegistrationBean.addInitParameter(ConfigurationKeys.IGNORE_CASE.getName(), String.valueOf(this.casProperties.isIgnoreCase()));
        if (StringUtils.hasText(this.casProperties.getRoleAttribute())) {
            filterRegistrationBean.addInitParameter(ConfigurationKeys.ROLE_ATTRIBUTE.getName(), this.casProperties.getRoleAttribute());
        }
        filterRegistrationBean.addUrlPatterns(this.casProperties.getRequestWrapperFilterUrlPatterns());
        filterRegistrationBean.setOrder(5);
        return filterRegistrationBean;
    }

    @Bean
    public FilterRegistrationBean<AssertionThreadLocalFilter> assertionThreadLocalFilter() {
        FilterRegistrationBean<AssertionThreadLocalFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter(new AssertionThreadLocalFilter());
        filterRegistrationBean.setEnabled(this.casProperties.isEnabled());
        filterRegistrationBean.addUrlPatterns(this.casProperties.getAssertionThreadLocalFilterUrlPatterns());
        filterRegistrationBean.setOrder(6);
        return filterRegistrationBean;
    }

    @ConditionalOnMissingBean(name = {"logout"})
    @Bean({"logout"})
    public FilterRegistrationBean<CasLogoutFilter> logoutFilter(List<LogoutListener> list) {
        FilterRegistrationBean<CasLogoutFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        CasLogoutFilter casLogoutFilter = new CasLogoutFilter();
        if (ShiroCasProperties.CaMode.sso.compareTo(this.casProperties.getCaMode()) == 0) {
            casLogoutFilter.setRedirectUrl(CasUrlUtils.constructLogoutRedirectUrl(this.casProperties, this.serverProperties.getServlet().getContextPath(), this.bizProperties.getLoginUrl()));
        } else {
            casLogoutFilter.setRedirectUrl(this.bizProperties.getLoginUrl());
        }
        filterRegistrationBean.setFilter(casLogoutFilter);
        casLogoutFilter.setLogoutListeners(list);
        filterRegistrationBean.setEnabled(false);
        return filterRegistrationBean;
    }

    @ConditionalOnMissingBean(name = {"cas"})
    @Bean({"cas"})
    public FilterRegistrationBean<CasAuthenticatingFilter> casFilter(ShiroCasProperties shiroCasProperties) {
        FilterRegistrationBean<CasAuthenticatingFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        CasAuthenticatingFilter casAuthenticatingFilter = new CasAuthenticatingFilter();
        casAuthenticatingFilter.setFailureUrl(this.bizProperties.getFailureUrl());
        casAuthenticatingFilter.setSuccessUrl(this.bizProperties.getSuccessUrl());
        filterRegistrationBean.setFilter(casAuthenticatingFilter);
        filterRegistrationBean.setEnabled(false);
        return filterRegistrationBean;
    }

    @Bean
    public Realm casRealm(@Qualifier("casRepository") CasPrincipalRepository casPrincipalRepository, List<AuthorizingRealmListener> list) {
        CasStatefulAuthorizingRealm casStatefulAuthorizingRealm = new CasStatefulAuthorizingRealm(this.casProperties);
        casStatefulAuthorizingRealm.setRepository(casPrincipalRepository);
        casStatefulAuthorizingRealm.setCredentialsMatcher(new AllowAllCredentialsMatcher());
        casStatefulAuthorizingRealm.setRealmsListeners(list);
        casStatefulAuthorizingRealm.setCachingEnabled(this.bizProperties.isCachingEnabled());
        casStatefulAuthorizingRealm.setAuthenticationCachingEnabled(this.bizProperties.isAuthenticationCachingEnabled());
        casStatefulAuthorizingRealm.setAuthenticationCacheName(this.bizProperties.getAuthenticationCacheName());
        casStatefulAuthorizingRealm.setAuthorizationCachingEnabled(this.bizProperties.isAuthorizationCachingEnabled());
        casStatefulAuthorizingRealm.setAuthorizationCacheName(this.bizProperties.getAuthorizationCacheName());
        return casStatefulAuthorizingRealm;
    }

    @Bean
    protected ShiroFilterFactoryBean shiroFilterFactoryBean() {
        ShiroCasFilterFactoryBean shiroCasFilterFactoryBean = new ShiroCasFilterFactoryBean();
        shiroCasFilterFactoryBean.setLoginUrl(CasUrlUtils.constructLoginRedirectUrl(this.casProperties, this.serverProperties.getServlet().getContextPath(), this.casProperties.getServerCallbackUrl()));
        shiroCasFilterFactoryBean.setSuccessUrl(this.bizProperties.getSuccessUrl());
        shiroCasFilterFactoryBean.setUnauthorizedUrl(this.bizProperties.getUnauthorizedUrl());
        shiroCasFilterFactoryBean.setSecurityManager(this.securityManager);
        shiroCasFilterFactoryBean.setFilterChainDefinitionMap(this.shiroFilterChainDefinition.getFilterChainMap());
        return shiroCasFilterFactoryBean;
    }

    @Bean(name = {"filterShiroFilterRegistrationBean"})
    protected FilterRegistrationBean<AbstractShiroFilter> filterShiroFilterRegistrationBean() throws Exception {
        FilterRegistrationBean<AbstractShiroFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter((AbstractShiroFilter) shiroFilterFactoryBean().getObject());
        filterRegistrationBean.setOrder(Integer.MAX_VALUE);
        return filterRegistrationBean;
    }
}
