package org.apache.syncope.sra.security.cas;

import org.apache.syncope.sra.ApplicationContextUtils;
import org.apache.syncope.sra.security.LogoutRouteMatcher;
import org.apache.syncope.sra.security.PublicRouteMatcher;
import org.jasig.cas.client.Protocol;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cache.CacheManager;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.authentication.logout.LogoutWebFilter;
import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/apache/syncope/sra/security/cas/CASSecurityConfigUtils.class */
public final class CASSecurityConfigUtils {
    private static final Logger LOG = LoggerFactory.getLogger(CASSecurityConfigUtils.class);

    private static ReactiveAuthenticationManager authenticationManager() {
        return authentication -> {
            return Mono.just(authentication).filter((v0) -> {
                return v0.isAuthenticated();
            });
        };
    }

    public static void forLogin(ServerHttpSecurity serverHttpSecurity, Protocol protocol, String str, PublicRouteMatcher publicRouteMatcher) {
        ReactiveAuthenticationManager authenticationManager = authenticationManager();
        serverHttpSecurity.addFilterAt(new CASAuthenticationRequestWebFilter(publicRouteMatcher, protocol, str), SecurityWebFiltersOrder.HTTP_BASIC);
        CASAuthenticationWebFilter cASAuthenticationWebFilter = new CASAuthenticationWebFilter(authenticationManager, protocol, str);
        cASAuthenticationWebFilter.setAuthenticationFailureHandler((webFilterExchange, authenticationException) -> {
            return Mono.error(authenticationException);
        });
        cASAuthenticationWebFilter.setSecurityContextRepository(new WebSessionServerSecurityContextRepository());
        serverHttpSecurity.addFilterAt(cASAuthenticationWebFilter, SecurityWebFiltersOrder.AUTHENTICATION);
    }

    public static void forLogout(ServerHttpSecurity.AuthorizeExchangeSpec authorizeExchangeSpec, CacheManager cacheManager, String str, LogoutRouteMatcher logoutRouteMatcher, ConfigurableApplicationContext configurableApplicationContext) {
        LogoutWebFilter logoutWebFilter = new LogoutWebFilter();
        logoutWebFilter.setRequiresLogoutMatcher(logoutRouteMatcher);
        logoutWebFilter.setLogoutHandler(new CASServerLogoutHandler(cacheManager, str));
        try {
            logoutWebFilter.setLogoutSuccessHandler((CASServerLogoutSuccessHandler) ApplicationContextUtils.getOrCreateBean(configurableApplicationContext, CASServerLogoutSuccessHandler.class.getName(), CASServerLogoutSuccessHandler.class));
        } catch (ClassNotFoundException e) {
            LOG.error("While creating instance of {}", CASServerLogoutSuccessHandler.class.getName(), e);
        }
        authorizeExchangeSpec.and().addFilterAt(logoutWebFilter, SecurityWebFiltersOrder.LOGOUT);
    }

    private CASSecurityConfigUtils() {
    }
}
