package org.jenkinsci.plugins.cas.spring;

import hudson.security.ChainedServletFilter;
import hudson.security.HttpSessionContextIntegrationFilter2;
import hudson.security.SecurityRealm;
import javax.servlet.Filter;
import org.jasig.cas.client.session.HashMapBackedSessionMappingStorage;
import org.jasig.cas.client.session.SessionMappingStorage;
import org.jasig.cas.client.session.SingleSignOutHandler;
import org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator;
import org.jasig.cas.client.validation.TicketValidator;
import org.jenkinsci.plugins.cas.CasProtocol;
import org.jenkinsci.plugins.cas.CasSecurityRealm;
import org.jenkinsci.plugins.cas.spring.security.CasAuthenticationEntryPoint;
import org.jenkinsci.plugins.cas.spring.security.CasRestAuthenticator;
import org.jenkinsci.plugins.cas.spring.security.CasSingleSignOutFilter;
import org.jenkinsci.plugins.cas.spring.security.CasUserDetailsService;
import org.jenkinsci.plugins.cas.spring.security.DynamicServiceAuthenticationDetailsSource;
import org.jenkinsci.plugins.cas.spring.security.SessionUrlAuthenticationSuccessHandler;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;

@Configuration(proxyBeanMethods = false)
/* loaded from: input_file:org/jenkinsci/plugins/cas/spring/CasConfigurationContext.class */
public class CasConfigurationContext {
    @Bean
    public AuthenticationEventPublisher authenticationEventPublisher() {
        return new DefaultAuthenticationEventPublisher();
    }

    @Bean
    public CasEventListener casEventListener(CasProtocol casProtocol) {
        CasEventListener casEventListener = new CasEventListener();
        casEventListener.setFullNameAttribute(casProtocol.getFullNameAttribute());
        casEventListener.setEmailAttribute(casProtocol.getEmailAttribute());
        return casEventListener;
    }

    @Bean
    public ServiceProperties casServiceProperties(CasSecurityRealm casSecurityRealm, CasProtocol casProtocol) {
        ServiceProperties createServiceProperties = casProtocol.createServiceProperties();
        createServiceProperties.setSendRenew(casSecurityRealm.forceRenewal.booleanValue());
        createServiceProperties.setService(CasSecurityRealm.getFinishLoginUrl());
        return createServiceProperties;
    }

    @Bean
    public TicketValidator casTicketValidator(CasSecurityRealm casSecurityRealm, CasProtocol casProtocol) {
        AbstractUrlBasedTicketValidator createTicketValidator = casProtocol.createTicketValidator(casSecurityRealm.casServerUrl);
        if (createTicketValidator instanceof AbstractUrlBasedTicketValidator) {
            createTicketValidator.setRenew(casSecurityRealm.forceRenewal.booleanValue());
        }
        return createTicketValidator;
    }

    @Bean
    public CasUserDetailsService casUserDetailsService(CasProtocol casProtocol) {
        CasUserDetailsService casUserDetailsService = new CasUserDetailsService();
        casUserDetailsService.setAttributes(casProtocol.getAuthoritiesAttributes());
        casUserDetailsService.setConvertToUpperCase(false);
        casUserDetailsService.setDefaultAuthorities(new String[]{SecurityRealm.AUTHENTICATED_AUTHORITY2.getAuthority()});
        return casUserDetailsService;
    }

    @Bean
    public CasAuthenticationProvider casAuthenticationProvider(TicketValidator ticketValidator, CasUserDetailsService casUserDetailsService) {
        CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
        casAuthenticationProvider.setTicketValidator(ticketValidator);
        casAuthenticationProvider.setAuthenticationUserDetailsService(casUserDetailsService);
        casAuthenticationProvider.setKey("cas_auth_provider");
        return casAuthenticationProvider;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Bean
    public AuthenticationManager casAuthenticationManager(CasAuthenticationProvider casAuthenticationProvider, AuthenticationEventPublisher authenticationEventPublisher) {
        ProviderManager providerManager = new ProviderManager(new AuthenticationProvider[]{casAuthenticationProvider});
        providerManager.setAuthenticationEventPublisher(authenticationEventPublisher);
        return providerManager;
    }

    @Bean
    public CasAuthenticationEntryPoint casAuthenticationEntryPoint(CasSecurityRealm casSecurityRealm, ServiceProperties serviceProperties) {
        CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
        casAuthenticationEntryPoint.setLoginUrl(casSecurityRealm.casServerUrl + "login");
        casAuthenticationEntryPoint.setServiceProperties(serviceProperties);
        casAuthenticationEntryPoint.setTargetUrlParameter("from");
        casAuthenticationEntryPoint.setTargetUrlSessionAttribute(SessionUrlAuthenticationSuccessHandler.DEFAULT_TARGET_URL_SESSION_ATTRIBUTE);
        return casAuthenticationEntryPoint;
    }

    @Bean
    public DynamicServiceAuthenticationDetailsSource casAuthenticationDetailsSource(ServiceProperties serviceProperties) {
        return new DynamicServiceAuthenticationDetailsSource(serviceProperties);
    }

    @Bean
    public SessionMappingStorage casSessionMappingStorage() {
        return new HashMapBackedSessionMappingStorage();
    }

    @Bean
    public HttpSessionContextIntegrationFilter2 httpSessionContextIntegrationFilter() {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        httpSessionSecurityContextRepository.setAllowSessionCreation(false);
        return new HttpSessionContextIntegrationFilter2(httpSessionSecurityContextRepository);
    }

    @Bean
    public SingleSignOutHandler casSingleSignOutHandler(CasProtocol casProtocol, SessionMappingStorage sessionMappingStorage) {
        SingleSignOutHandler singleSignOutHandler = new SingleSignOutHandler();
        singleSignOutHandler.setArtifactParameterName(casProtocol.getArtifactParameter());
        singleSignOutHandler.setSessionMappingStorage(sessionMappingStorage);
        return singleSignOutHandler;
    }

    @Bean
    public CasSingleSignOutFilter casSingleSignOutFilter(CasSecurityRealm casSecurityRealm, SingleSignOutHandler singleSignOutHandler) {
        CasSingleSignOutFilter casSingleSignOutFilter = new CasSingleSignOutFilter();
        casSingleSignOutFilter.setEnabled(casSecurityRealm.enableSingleSignOut.booleanValue());
        casSingleSignOutFilter.setFilterProcessesUrl("/" + CasSecurityRealm.getFinishLoginUrl());
        casSingleSignOutFilter.setSingleSignOutHandler(singleSignOutHandler);
        return casSingleSignOutFilter;
    }

    @Bean
    public CasAuthenticationFilter casAuthenticationFilter(AuthenticationManager authenticationManager, DynamicServiceAuthenticationDetailsSource dynamicServiceAuthenticationDetailsSource, ServiceProperties serviceProperties) {
        CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
        casAuthenticationFilter.setFilterProcessesUrl("/" + CasSecurityRealm.getFinishLoginUrl());
        casAuthenticationFilter.setAuthenticationManager(authenticationManager);
        casAuthenticationFilter.setAuthenticationDetailsSource(dynamicServiceAuthenticationDetailsSource);
        casAuthenticationFilter.setServiceProperties(serviceProperties);
        casAuthenticationFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/" + CasSecurityRealm.getFailedLoginUrl()));
        casAuthenticationFilter.setAuthenticationSuccessHandler(new SessionUrlAuthenticationSuccessHandler("/"));
        casAuthenticationFilter.setContinueChainBeforeSuccessfulAuthentication(true);
        return casAuthenticationFilter;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Bean
    public ChainedServletFilter casFilter(HttpSessionContextIntegrationFilter2 httpSessionContextIntegrationFilter2, CasSingleSignOutFilter casSingleSignOutFilter, CasAuthenticationFilter casAuthenticationFilter) {
        return new ChainedServletFilter(new Filter[]{httpSessionContextIntegrationFilter2, casSingleSignOutFilter, casAuthenticationFilter});
    }

    @Bean
    public CasRestAuthenticator casRestAuthenticator(CasSecurityRealm casSecurityRealm, AuthenticationManager authenticationManager, DynamicServiceAuthenticationDetailsSource dynamicServiceAuthenticationDetailsSource) {
        CasRestAuthenticator casRestAuthenticator = new CasRestAuthenticator();
        casRestAuthenticator.setCasServerUrl(casSecurityRealm.casServerUrl);
        casRestAuthenticator.setAuthenticationManager(authenticationManager);
        casRestAuthenticator.setAuthenticationDetailsSource(dynamicServiceAuthenticationDetailsSource);
        return casRestAuthenticator;
    }
}
