package org.apereo.cas.support.pac4j.authentication.clients;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.scribejava.core.model.Verb;
import com.nimbusds.jose.JWSAlgorithm;
import java.security.interfaces.ECPrivateKey;
import java.time.Period;
import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.ClassUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.CasSSLContext;
import org.apereo.cas.authentication.principal.ClientCustomPropertyConstants;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jBaseClientProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationBitBucketProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationDropboxProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationFacebookProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationFoursquareProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationGitHubProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationGoogleProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationHiOrgServerProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationLinkedInProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationPayPalProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationTwitterProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationWindowsLiveProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationWordpressProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationYahooProperties;
import org.apereo.cas.configuration.model.support.pac4j.oidc.BasePac4jOidcClientProperties;
import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jOidcClientProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.crypto.PrivateKeyFactoryBean;
import org.apereo.cas.util.function.FunctionUtils;
import org.pac4j.cas.client.CasClient;
import org.pac4j.cas.config.CasConfiguration;
import org.pac4j.cas.config.CasProtocol;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.http.callback.NoParameterCallbackUrlResolver;
import org.pac4j.core.http.callback.PathParameterCallbackUrlResolver;
import org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver;
import org.pac4j.core.profile.converter.AttributeConverter;
import org.pac4j.oauth.client.BitbucketClient;
import org.pac4j.oauth.client.DropBoxClient;
import org.pac4j.oauth.client.FacebookClient;
import org.pac4j.oauth.client.FoursquareClient;
import org.pac4j.oauth.client.GenericOAuth20Client;
import org.pac4j.oauth.client.GitHubClient;
import org.pac4j.oauth.client.Google2Client;
import org.pac4j.oauth.client.HiOrgServerClient;
import org.pac4j.oauth.client.LinkedIn2Client;
import org.pac4j.oauth.client.PayPalClient;
import org.pac4j.oauth.client.TwitterClient;
import org.pac4j.oauth.client.WindowsLiveClient;
import org.pac4j.oauth.client.WordPressClient;
import org.pac4j.oauth.client.YahooClient;
import org.pac4j.oidc.client.AppleClient;
import org.pac4j.oidc.client.AzureAdClient;
import org.pac4j.oidc.client.GoogleOidcClient;
import org.pac4j.oidc.client.KeycloakOidcClient;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.AppleOidcConfiguration;
import org.pac4j.oidc.config.AzureAdOidcConfiguration;
import org.pac4j.oidc.config.KeycloakOidcConfiguration;
import org.pac4j.oidc.config.OidcConfiguration;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.config.SAML2Configuration;
import org.pac4j.saml.metadata.DefaultSAML2MetadataSigner;
import org.pac4j.saml.metadata.SAML2MetadataSigner;
import org.pac4j.saml.metadata.SAML2ServiceProviderRequestedAttribute;
import org.pac4j.saml.metadata.XMLSecSAML2MetadataSigner;
import org.pac4j.saml.store.EmptyStoreFactory;
import org.pac4j.saml.store.HttpSessionStoreFactory;
import org.pac4j.saml.store.SAMLMessageStoreFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.web.server.session.HeaderWebSessionIdResolver;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-pac4j-core-clients-6.6.15.jar:org/apereo/cas/support/pac4j/authentication/clients/BaseDelegatedClientFactory.class */
public abstract class BaseDelegatedClientFactory implements DelegatedClientFactory {

    @Generated
    private final Object $lock = new Object[0];
    protected final CasConfigurationProperties casProperties;
    private final Collection<DelegatedClientFactoryCustomizer> customizers;
    private final CasSSLContext casSSLContext;
    private final ObjectProvider<SAMLMessageStoreFactory> samlMessageStoreFactory;
    private final Cache<String, Collection<IndirectClient>> clientsCache;

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) BaseDelegatedClientFactory.class);
    private static final Pattern PATTERN_LOGIN_URL = Pattern.compile("/login$");

    protected abstract Collection<IndirectClient> loadClients();

    @Override // org.apereo.cas.support.pac4j.authentication.clients.DelegatedClientFactory
    public final Collection<IndirectClient> build() {
        Collection<IndirectClient> loadClients;
        synchronized (this.$lock) {
            loadClients = (getCachedClients().isEmpty() || !this.casProperties.getAuthn().getPac4j().getCore().isLazyInit()) ? loadClients() : getCachedClients();
            this.clientsCache.put(this.casProperties.getServer().getName(), loadClients);
        }
        return loadClients;
    }

    @Override // org.apereo.cas.support.pac4j.authentication.clients.DelegatedClientFactory
    public Collection<IndirectClient> rebuild() {
        this.clientsCache.invalidateAll();
        return build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<IndirectClient> getCachedClients() {
        return (Collection) ObjectUtils.defaultIfNull(this.clientsCache.getIfPresent(this.casProperties.getServer().getName()), new ArrayList());
    }

    protected void configureClient(IndirectClient indirectClient, Pac4jBaseClientProperties pac4jBaseClientProperties, CasConfigurationProperties casConfigurationProperties) {
        String clientName = pac4jBaseClientProperties.getClientName();
        if (StringUtils.isNotBlank(clientName)) {
            indirectClient.setName(clientName);
        } else {
            String simpleName = indirectClient.getClass().getSimpleName();
            String concat = simpleName.concat(RandomUtils.randomNumeric(4));
            indirectClient.setName(concat);
            LOGGER.warn("Client name for [{}] is set to a generated value of [{}]. Consider defining an explicit name for the delegated provider", simpleName, concat);
        }
        Map<String, Object> customProperties = indirectClient.getCustomProperties();
        customProperties.put(ClientCustomPropertyConstants.CLIENT_CUSTOM_PROPERTY_AUTO_REDIRECT_TYPE, pac4jBaseClientProperties.getAutoRedirectType());
        if (StringUtils.isNotBlank(pac4jBaseClientProperties.getPrincipalAttributeId())) {
            customProperties.put(ClientCustomPropertyConstants.CLIENT_CUSTOM_PROPERTY_PRINCIPAL_ATTRIBUTE_ID, pac4jBaseClientProperties.getPrincipalAttributeId());
        }
        if (StringUtils.isNotBlank(pac4jBaseClientProperties.getCssClass())) {
            customProperties.put(ClientCustomPropertyConstants.CLIENT_CUSTOM_PROPERTY_CSS_CLASS, pac4jBaseClientProperties.getCssClass());
        }
        if (StringUtils.isNotBlank(pac4jBaseClientProperties.getDisplayName())) {
            customProperties.put(ClientCustomPropertyConstants.CLIENT_CUSTOM_PROPERTY_AUTO_DISPLAY_NAME, pac4jBaseClientProperties.getDisplayName());
        }
        String defaultString = StringUtils.defaultString(pac4jBaseClientProperties.getCallbackUrl(), this.casProperties.getServer().getLoginUrl());
        indirectClient.setCallbackUrl(defaultString);
        LOGGER.trace("Client [{}] will use the callback URL [{}]", indirectClient.getName(), defaultString);
        switch (pac4jBaseClientProperties.getCallbackUrlType()) {
            case PATH_PARAMETER:
                indirectClient.setCallbackUrlResolver(new PathParameterCallbackUrlResolver());
                break;
            case NONE:
                indirectClient.setCallbackUrlResolver(new NoParameterCallbackUrlResolver());
                break;
            case QUERY_PARAMETER:
            default:
                indirectClient.setCallbackUrlResolver(new QueryParameterCallbackUrlResolver());
                break;
        }
        this.customizers.forEach(delegatedClientFactoryCustomizer -> {
            delegatedClientFactoryCustomizer.customize(indirectClient);
        });
        if (casConfigurationProperties.getAuthn().getPac4j().getCore().isLazyInit()) {
            return;
        }
        indirectClient.init();
    }

    protected Collection<IndirectClient> buildFoursquareIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationFoursquareProperties foursquare = casConfigurationProperties.getAuthn().getPac4j().getFoursquare();
        if (!foursquare.isEnabled() || !StringUtils.isNotBlank(foursquare.getId()) || !StringUtils.isNotBlank(foursquare.getSecret())) {
            return List.of();
        }
        FoursquareClient foursquareClient = new FoursquareClient(foursquare.getId(), foursquare.getSecret());
        configureClient(foursquareClient, foursquare, casConfigurationProperties);
        LOGGER.debug("Created client [{}] with identifier [{}]", foursquareClient.getName(), foursquareClient.getKey());
        return List.of(foursquareClient);
    }

    protected Collection<IndirectClient> buildGoogleIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationGoogleProperties google = casConfigurationProperties.getAuthn().getPac4j().getGoogle();
        if (!google.isEnabled() || !StringUtils.isNotBlank(google.getId()) || !StringUtils.isNotBlank(google.getSecret())) {
            return List.of();
        }
        Google2Client google2Client = new Google2Client(google.getId(), google.getSecret());
        configureClient(google2Client, google, casConfigurationProperties);
        if (StringUtils.isNotBlank(google.getScope())) {
            google2Client.setScope(Google2Client.Google2Scope.valueOf(google.getScope().toUpperCase()));
        }
        LOGGER.debug("Created client [{}] with identifier [{}]", google2Client.getName(), google2Client.getKey());
        return List.of(google2Client);
    }

    protected Collection<IndirectClient> buildFacebookIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationFacebookProperties facebook = casConfigurationProperties.getAuthn().getPac4j().getFacebook();
        if (!facebook.isEnabled() || !StringUtils.isNotBlank(facebook.getId()) || !StringUtils.isNotBlank(facebook.getSecret())) {
            return List.of();
        }
        FacebookClient facebookClient = new FacebookClient(facebook.getId(), facebook.getSecret());
        configureClient(facebookClient, facebook, casConfigurationProperties);
        if (StringUtils.isNotBlank(facebook.getScope())) {
            facebookClient.setScope(facebook.getScope());
        }
        if (StringUtils.isNotBlank(facebook.getFields())) {
            facebookClient.setFields(facebook.getFields());
        }
        LOGGER.debug("Created client [{}] with identifier [{}]", facebookClient.getName(), facebookClient.getKey());
        return List.of(facebookClient);
    }

    protected Collection<IndirectClient> buildLinkedInIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationLinkedInProperties linkedIn = casConfigurationProperties.getAuthn().getPac4j().getLinkedIn();
        if (!linkedIn.isEnabled() || !StringUtils.isNotBlank(linkedIn.getId()) || !StringUtils.isNotBlank(linkedIn.getSecret())) {
            return List.of();
        }
        LinkedIn2Client linkedIn2Client = new LinkedIn2Client(linkedIn.getId(), linkedIn.getSecret());
        configureClient(linkedIn2Client, linkedIn, casConfigurationProperties);
        if (StringUtils.isNotBlank(linkedIn.getScope())) {
            linkedIn2Client.setScope(linkedIn.getScope());
        }
        LOGGER.debug("Created client [{}] with identifier [{}]", linkedIn2Client.getName(), linkedIn2Client.getKey());
        return List.of(linkedIn2Client);
    }

    protected Collection<IndirectClient> buildGitHubIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationGitHubProperties github = casConfigurationProperties.getAuthn().getPac4j().getGithub();
        if (!github.isEnabled() || !StringUtils.isNotBlank(github.getId()) || !StringUtils.isNotBlank(github.getSecret())) {
            return List.of();
        }
        GitHubClient gitHubClient = new GitHubClient(github.getId(), github.getSecret());
        configureClient(gitHubClient, github, casConfigurationProperties);
        if (StringUtils.isNotBlank(github.getScope())) {
            gitHubClient.setScope(github.getScope());
        }
        LOGGER.debug("Created client [{}] with identifier [{}]", gitHubClient.getName(), gitHubClient.getKey());
        return List.of(gitHubClient);
    }

    protected Collection<IndirectClient> buildDropBoxIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationDropboxProperties dropbox = casConfigurationProperties.getAuthn().getPac4j().getDropbox();
        if (!dropbox.isEnabled() || !StringUtils.isNotBlank(dropbox.getId()) || !StringUtils.isNotBlank(dropbox.getSecret())) {
            return List.of();
        }
        DropBoxClient dropBoxClient = new DropBoxClient(dropbox.getId(), dropbox.getSecret());
        configureClient(dropBoxClient, dropbox, casConfigurationProperties);
        LOGGER.debug("Created client [{}] with identifier [{}]", dropBoxClient.getName(), dropBoxClient.getKey());
        return List.of(dropBoxClient);
    }

    protected Collection<IndirectClient> buildWindowsLiveIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationWindowsLiveProperties windowsLive = casConfigurationProperties.getAuthn().getPac4j().getWindowsLive();
        if (!windowsLive.isEnabled() || !StringUtils.isNotBlank(windowsLive.getId()) || !StringUtils.isNotBlank(windowsLive.getSecret())) {
            return List.of();
        }
        WindowsLiveClient windowsLiveClient = new WindowsLiveClient(windowsLive.getId(), windowsLive.getSecret());
        configureClient(windowsLiveClient, windowsLive, casConfigurationProperties);
        LOGGER.debug("Created client [{}] with identifier [{}]", windowsLiveClient.getName(), windowsLiveClient.getKey());
        return List.of(windowsLiveClient);
    }

    protected Collection<IndirectClient> buildYahooIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationYahooProperties yahoo = casConfigurationProperties.getAuthn().getPac4j().getYahoo();
        if (!yahoo.isEnabled() || !StringUtils.isNotBlank(yahoo.getId()) || !StringUtils.isNotBlank(yahoo.getSecret())) {
            return List.of();
        }
        YahooClient yahooClient = new YahooClient(yahoo.getId(), yahoo.getSecret());
        configureClient(yahooClient, yahoo, casConfigurationProperties);
        LOGGER.debug("Created client [{}] with identifier [{}]", yahooClient.getName(), yahooClient.getKey());
        return List.of(yahooClient);
    }

    protected Collection<IndirectClient> buildHiOrgServerIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationHiOrgServerProperties hiOrgServer = casConfigurationProperties.getAuthn().getPac4j().getHiOrgServer();
        if (!hiOrgServer.isEnabled() || !StringUtils.isNotBlank(hiOrgServer.getId()) || !StringUtils.isNotBlank(hiOrgServer.getSecret())) {
            return List.of();
        }
        HiOrgServerClient hiOrgServerClient = new HiOrgServerClient(hiOrgServer.getId(), hiOrgServer.getSecret());
        configureClient(hiOrgServerClient, hiOrgServer, casConfigurationProperties);
        if (StringUtils.isNotBlank(hiOrgServer.getScope())) {
            hiOrgServerClient.getConfiguration().setScope(hiOrgServer.getScope());
        }
        LOGGER.debug("Created client [{}] with identifier [{}]", hiOrgServerClient.getName(), hiOrgServerClient.getKey());
        return List.of(hiOrgServerClient);
    }

    protected Collection<IndirectClient> buildOAuth20IdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationProperties pac4j = casConfigurationProperties.getAuthn().getPac4j();
        return (Collection) pac4j.getOauth2().stream().filter(pac4jOAuth20ClientProperties -> {
            return pac4jOAuth20ClientProperties.isEnabled() && StringUtils.isNotBlank(pac4jOAuth20ClientProperties.getId()) && StringUtils.isNotBlank(pac4jOAuth20ClientProperties.getSecret());
        }).map(pac4jOAuth20ClientProperties2 -> {
            GenericOAuth20Client genericOAuth20Client = new GenericOAuth20Client();
            genericOAuth20Client.setProfileId((String) StringUtils.defaultIfBlank(pac4jOAuth20ClientProperties2.getPrincipalAttributeId(), pac4j.getCore().getPrincipalAttributeId()));
            genericOAuth20Client.setKey(pac4jOAuth20ClientProperties2.getId());
            genericOAuth20Client.setSecret(pac4jOAuth20ClientProperties2.getSecret());
            genericOAuth20Client.setProfileAttrs(pac4jOAuth20ClientProperties2.getProfileAttrs());
            genericOAuth20Client.setProfileNodePath(pac4jOAuth20ClientProperties2.getProfilePath());
            genericOAuth20Client.setProfileUrl(pac4jOAuth20ClientProperties2.getProfileUrl());
            genericOAuth20Client.setProfileVerb(Verb.valueOf(pac4jOAuth20ClientProperties2.getProfileVerb().toUpperCase()));
            genericOAuth20Client.setTokenUrl(pac4jOAuth20ClientProperties2.getTokenUrl());
            genericOAuth20Client.setAuthUrl(pac4jOAuth20ClientProperties2.getAuthUrl());
            genericOAuth20Client.setScope(pac4jOAuth20ClientProperties2.getScope());
            genericOAuth20Client.setCustomParams(pac4jOAuth20ClientProperties2.getCustomParams());
            genericOAuth20Client.setWithState(pac4jOAuth20ClientProperties2.isWithState());
            String clientAuthenticationMethod = pac4jOAuth20ClientProperties2.getClientAuthenticationMethod();
            if (StringUtils.isNotBlank(clientAuthenticationMethod)) {
                genericOAuth20Client.setClientAuthenticationMethod(clientAuthenticationMethod);
            }
            genericOAuth20Client.getConfiguration().setResponseType(pac4jOAuth20ClientProperties2.getResponseType());
            configureClient(genericOAuth20Client, pac4jOAuth20ClientProperties2, casConfigurationProperties);
            LOGGER.debug("Created client [{}]", genericOAuth20Client);
            return genericOAuth20Client;
        }).collect(Collectors.toList());
    }

    protected Collection<IndirectClient> buildOidcIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        return (Collection) casConfigurationProperties.getAuthn().getPac4j().getOidc().stream().map(pac4jOidcClientProperties -> {
            return getOidcClientFrom(pac4jOidcClientProperties, casConfigurationProperties);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }

    protected Collection<IndirectClient> buildWordpressIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationWordpressProperties wordpress = casConfigurationProperties.getAuthn().getPac4j().getWordpress();
        if (!wordpress.isEnabled() || !StringUtils.isNotBlank(wordpress.getId()) || !StringUtils.isNotBlank(wordpress.getSecret())) {
            return List.of();
        }
        WordPressClient wordPressClient = new WordPressClient(wordpress.getId(), wordpress.getSecret());
        configureClient(wordPressClient, wordpress, casConfigurationProperties);
        LOGGER.debug("Created client [{}] with identifier [{}]", wordPressClient.getName(), wordPressClient.getKey());
        return List.of(wordPressClient);
    }

    protected Collection<IndirectClient> buildTwitterIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationTwitterProperties twitter = casConfigurationProperties.getAuthn().getPac4j().getTwitter();
        if (!twitter.isEnabled() || !StringUtils.isNotBlank(twitter.getId()) || !StringUtils.isNotBlank(twitter.getSecret())) {
            return List.of();
        }
        TwitterClient twitterClient = new TwitterClient(twitter.getId(), twitter.getSecret(), twitter.isIncludeEmail());
        configureClient(twitterClient, twitter, casConfigurationProperties);
        LOGGER.debug("Created client [{}] with identifier [{}]", twitterClient.getName(), twitterClient.getKey());
        return List.of(twitterClient);
    }

    private OidcClient getOidcClientFrom(Pac4jOidcClientProperties pac4jOidcClientProperties, CasConfigurationProperties casConfigurationProperties) {
        if (pac4jOidcClientProperties.getAzure().isEnabled() && StringUtils.isNotBlank(pac4jOidcClientProperties.getAzure().getId())) {
            LOGGER.debug("Building OpenID Connect client for Azure AD...");
            AzureAdOidcConfiguration azureAdOidcConfiguration = (AzureAdOidcConfiguration) getOidcConfigurationForClient(pac4jOidcClientProperties.getAzure(), AzureAdOidcConfiguration.class);
            azureAdOidcConfiguration.setTenant(pac4jOidcClientProperties.getAzure().getTenant());
            AzureAdClient azureAdClient = new AzureAdClient(new AzureAdOidcConfiguration(azureAdOidcConfiguration));
            configureClient(azureAdClient, pac4jOidcClientProperties.getAzure(), casConfigurationProperties);
            return azureAdClient;
        }
        if (pac4jOidcClientProperties.getGoogle().isEnabled() && StringUtils.isNotBlank(pac4jOidcClientProperties.getGoogle().getId())) {
            LOGGER.debug("Building OpenID Connect client for Google...");
            GoogleOidcClient googleOidcClient = new GoogleOidcClient(getOidcConfigurationForClient(pac4jOidcClientProperties.getGoogle(), OidcConfiguration.class));
            configureClient(googleOidcClient, pac4jOidcClientProperties.getGoogle(), casConfigurationProperties);
            return googleOidcClient;
        }
        if (pac4jOidcClientProperties.getKeycloak().isEnabled() && StringUtils.isNotBlank(pac4jOidcClientProperties.getKeycloak().getId())) {
            LOGGER.debug("Building OpenID Connect client for KeyCloak...");
            KeycloakOidcConfiguration keycloakOidcConfiguration = (KeycloakOidcConfiguration) getOidcConfigurationForClient(pac4jOidcClientProperties.getKeycloak(), KeycloakOidcConfiguration.class);
            keycloakOidcConfiguration.setRealm(pac4jOidcClientProperties.getKeycloak().getRealm());
            keycloakOidcConfiguration.setBaseUri(pac4jOidcClientProperties.getKeycloak().getBaseUri());
            KeycloakOidcClient keycloakOidcClient = new KeycloakOidcClient(keycloakOidcConfiguration);
            configureClient(keycloakOidcClient, pac4jOidcClientProperties.getKeycloak(), casConfigurationProperties);
            return keycloakOidcClient;
        }
        if (!pac4jOidcClientProperties.getApple().isEnabled() || !StringUtils.isNotBlank(pac4jOidcClientProperties.getApple().getPrivateKey())) {
            if (!pac4jOidcClientProperties.getGeneric().isEnabled()) {
                return null;
            }
            LOGGER.debug("Building generic OpenID Connect client...");
            OidcClient oidcClient = new OidcClient(getOidcConfigurationForClient(pac4jOidcClientProperties.getGeneric(), OidcConfiguration.class));
            configureClient(oidcClient, pac4jOidcClientProperties.getGeneric(), casConfigurationProperties);
            return oidcClient;
        }
        LOGGER.debug("Building OpenID Connect client for Apple...");
        AppleOidcConfiguration appleOidcConfiguration = (AppleOidcConfiguration) getOidcConfigurationForClient(pac4jOidcClientProperties.getApple(), AppleOidcConfiguration.class);
        FunctionUtils.doUnchecked(obj -> {
            PrivateKeyFactoryBean privateKeyFactoryBean = new PrivateKeyFactoryBean();
            privateKeyFactoryBean.setAlgorithm("EC");
            privateKeyFactoryBean.setSingleton(false);
            privateKeyFactoryBean.setLocation(ResourceUtils.getResourceFrom(pac4jOidcClientProperties.getApple().getPrivateKey()));
            appleOidcConfiguration.setPrivateKey((ECPrivateKey) privateKeyFactoryBean.getObject2());
        }, new Object[0]);
        appleOidcConfiguration.setPrivateKeyID(pac4jOidcClientProperties.getApple().getPrivateKeyId());
        appleOidcConfiguration.setTeamID(pac4jOidcClientProperties.getApple().getTeamId());
        appleOidcConfiguration.setTimeout(Beans.newDuration(pac4jOidcClientProperties.getApple().getTimeout()));
        AppleClient appleClient = new AppleClient(appleOidcConfiguration);
        configureClient(appleClient, pac4jOidcClientProperties.getApple(), casConfigurationProperties);
        return appleClient;
    }

    protected Collection<IndirectClient> buildPaypalIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationPayPalProperties paypal = casConfigurationProperties.getAuthn().getPac4j().getPaypal();
        if (!paypal.isEnabled() || !StringUtils.isNotBlank(paypal.getId()) || !StringUtils.isNotBlank(paypal.getSecret())) {
            return List.of();
        }
        PayPalClient payPalClient = new PayPalClient(paypal.getId(), paypal.getSecret());
        configureClient(payPalClient, paypal, casConfigurationProperties);
        LOGGER.debug("Created client [{}] with identifier [{}]", payPalClient.getName(), payPalClient.getKey());
        return List.of(payPalClient);
    }

    private static <T extends OidcConfiguration> T getOidcConfigurationForClient(BasePac4jOidcClientProperties basePac4jOidcClientProperties, Class<T> cls) {
        T t = (T) FunctionUtils.doUnchecked(() -> {
            return (OidcConfiguration) cls.getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
        });
        if (StringUtils.isNotBlank(basePac4jOidcClientProperties.getScope())) {
            t.setScope(basePac4jOidcClientProperties.getScope());
        }
        t.setUseNonce(basePac4jOidcClientProperties.isUseNonce());
        t.setDisablePkce(basePac4jOidcClientProperties.isDisablePkce());
        t.setSecret(basePac4jOidcClientProperties.getSecret());
        t.setClientId(basePac4jOidcClientProperties.getId());
        t.setReadTimeout((int) Beans.newDuration(basePac4jOidcClientProperties.getReadTimeout()).toMillis());
        t.setConnectTimeout((int) Beans.newDuration(basePac4jOidcClientProperties.getConnectTimeout()).toMillis());
        if (StringUtils.isNotBlank(basePac4jOidcClientProperties.getPreferredJwsAlgorithm())) {
            t.setPreferredJwsAlgorithm(JWSAlgorithm.parse(basePac4jOidcClientProperties.getPreferredJwsAlgorithm().toUpperCase()));
        }
        t.setMaxClockSkew(Long.valueOf(Beans.newDuration(basePac4jOidcClientProperties.getMaxClockSkew()).toSeconds()).intValue());
        t.setDiscoveryURI(basePac4jOidcClientProperties.getDiscoveryUri());
        t.setCustomParams(basePac4jOidcClientProperties.getCustomParams());
        t.setLogoutUrl(basePac4jOidcClientProperties.getLogoutUrl());
        t.setAllowUnsignedIdTokens(basePac4jOidcClientProperties.isAllowUnsignedIdTokens());
        t.setIncludeAccessTokenClaimsInProfile(basePac4jOidcClientProperties.isIncludeAccessTokenClaims());
        t.setExpireSessionWithToken(basePac4jOidcClientProperties.isExpireSessionWithToken());
        if (StringUtils.isNotBlank(basePac4jOidcClientProperties.getTokenExpirationAdvance())) {
            t.setTokenExpirationAdvance((int) Beans.newDuration(basePac4jOidcClientProperties.getTokenExpirationAdvance()).toSeconds());
        }
        if (StringUtils.isNotBlank(basePac4jOidcClientProperties.getResponseMode())) {
            t.setResponseMode(basePac4jOidcClientProperties.getResponseMode());
        }
        if (StringUtils.isNotBlank(basePac4jOidcClientProperties.getResponseType())) {
            t.setResponseType(basePac4jOidcClientProperties.getResponseType());
        }
        if (!basePac4jOidcClientProperties.getMappedClaims().isEmpty()) {
            t.setMappedClaims(CollectionUtils.convertDirectedListToMap(basePac4jOidcClientProperties.getMappedClaims()));
        }
        return t;
    }

    protected Collection<IndirectClient> buildSaml2IdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        return (Collection) casConfigurationProperties.getAuthn().getPac4j().getSaml().stream().filter(pac4jSamlClientProperties -> {
            return pac4jSamlClientProperties.isEnabled() && StringUtils.isNotBlank(pac4jSamlClientProperties.getKeystorePath()) && StringUtils.isNotBlank(pac4jSamlClientProperties.getIdentityProviderMetadataPath()) && StringUtils.isNotBlank(pac4jSamlClientProperties.getServiceProviderEntityId()) && StringUtils.isNotBlank(pac4jSamlClientProperties.getServiceProviderMetadataPath());
        }).map(pac4jSamlClientProperties2 -> {
            SAML2Configuration sAML2Configuration = new SAML2Configuration(pac4jSamlClientProperties2.getKeystorePath(), pac4jSamlClientProperties2.getKeystorePassword(), pac4jSamlClientProperties2.getPrivateKeyPassword(), pac4jSamlClientProperties2.getIdentityProviderMetadataPath());
            sAML2Configuration.setForceKeystoreGeneration(pac4jSamlClientProperties2.isForceKeystoreGeneration());
            if (pac4jSamlClientProperties2.getCertificateExpirationDays() > 0) {
                sAML2Configuration.setCertificateExpirationPeriod(Period.ofDays(pac4jSamlClientProperties2.getCertificateExpirationDays()));
            }
            String certificateSignatureAlg = pac4jSamlClientProperties2.getCertificateSignatureAlg();
            Objects.requireNonNull(sAML2Configuration);
            FunctionUtils.doIfNotNull(certificateSignatureAlg, sAML2Configuration::setCertificateSignatureAlg);
            sAML2Configuration.setCertificateNameToAppend((String) StringUtils.defaultIfBlank(pac4jSamlClientProperties2.getCertificateNameToAppend(), pac4jSamlClientProperties2.getClientName()));
            sAML2Configuration.setMaximumAuthenticationLifetime(Beans.newDuration(pac4jSamlClientProperties2.getMaximumAuthenticationLifetime()).toSeconds());
            sAML2Configuration.setServiceProviderEntityId(pac4jSamlClientProperties2.getServiceProviderEntityId());
            sAML2Configuration.setServiceProviderMetadataPath(pac4jSamlClientProperties2.getServiceProviderMetadataPath());
            sAML2Configuration.setAuthnRequestBindingType(pac4jSamlClientProperties2.getDestinationBinding());
            sAML2Configuration.setSpLogoutRequestBindingType(pac4jSamlClientProperties2.getLogoutRequestBinding());
            sAML2Configuration.setForceAuth(pac4jSamlClientProperties2.isForceAuth());
            sAML2Configuration.setPassive(pac4jSamlClientProperties2.isPassive());
            sAML2Configuration.setSignMetadata(pac4jSamlClientProperties2.isSignServiceProviderMetadata());
            sAML2Configuration.setMetadataSigner((SAML2MetadataSigner) FunctionUtils.doIf(StringUtils.equalsIgnoreCase(pac4jSamlClientProperties2.getMetadataSignerStrategy(), "default"), () -> {
                return new DefaultSAML2MetadataSigner(sAML2Configuration);
            }, () -> {
                return new XMLSecSAML2MetadataSigner(sAML2Configuration);
            }).get());
            sAML2Configuration.setAuthnRequestSigned(pac4jSamlClientProperties2.isSignAuthnRequest());
            sAML2Configuration.setSpLogoutRequestSigned(pac4jSamlClientProperties2.isSignServiceProviderLogoutRequest());
            sAML2Configuration.setAcceptedSkew(Beans.newDuration(pac4jSamlClientProperties2.getAcceptedSkew()).toSeconds());
            sAML2Configuration.setSslSocketFactory(this.casSSLContext.getSslContext().getSocketFactory());
            sAML2Configuration.setHostnameVerifier(this.casSSLContext.getHostnameVerifier());
            if (StringUtils.isNotBlank(pac4jSamlClientProperties2.getPrincipalIdAttribute())) {
                sAML2Configuration.setAttributeAsId(pac4jSamlClientProperties2.getPrincipalIdAttribute());
            }
            sAML2Configuration.setWantsAssertionsSigned(pac4jSamlClientProperties2.isWantsAssertionsSigned());
            sAML2Configuration.setWantsResponsesSigned(pac4jSamlClientProperties2.isWantsResponsesSigned());
            sAML2Configuration.setAllSignatureValidationDisabled(pac4jSamlClientProperties2.isAllSignatureValidationDisabled());
            sAML2Configuration.setUseNameQualifier(pac4jSamlClientProperties2.isUseNameQualifier());
            sAML2Configuration.setAttributeConsumingServiceIndex(pac4jSamlClientProperties2.getAttributeConsumingServiceIndex());
            Optional ofNullable = Optional.ofNullable(this.samlMessageStoreFactory.getIfAvailable());
            Objects.requireNonNull(sAML2Configuration);
            ofNullable.ifPresentOrElse(sAML2Configuration::setSamlMessageStoreFactory, () -> {
                FunctionUtils.doIf(pac4jSamlClientProperties2.getMessageStoreFactory().equalsIgnoreCase("EMPTY"), obj -> {
                    sAML2Configuration.setSamlMessageStoreFactory(new EmptyStoreFactory());
                }).accept(pac4jSamlClientProperties2);
                FunctionUtils.doIf(pac4jSamlClientProperties2.getMessageStoreFactory().equalsIgnoreCase(HeaderWebSessionIdResolver.DEFAULT_HEADER_NAME), obj2 -> {
                    sAML2Configuration.setSamlMessageStoreFactory(new HttpSessionStoreFactory());
                }).accept(pac4jSamlClientProperties2);
                if (pac4jSamlClientProperties2.getMessageStoreFactory().contains(".")) {
                    FunctionUtils.doAndHandle(obj3 -> {
                        sAML2Configuration.setSamlMessageStoreFactory((SAMLMessageStoreFactory) ClassUtils.getClass(getClass().getClassLoader(), pac4jSamlClientProperties2.getMessageStoreFactory()).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]));
                    });
                }
            });
            if (pac4jSamlClientProperties2.getAssertionConsumerServiceIndex() >= 0) {
                sAML2Configuration.setAssertionConsumerServiceIndex(pac4jSamlClientProperties2.getAssertionConsumerServiceIndex());
            }
            if (!pac4jSamlClientProperties2.getAuthnContextClassRef().isEmpty()) {
                sAML2Configuration.setComparisonType(pac4jSamlClientProperties2.getAuthnContextComparisonType().toUpperCase());
                sAML2Configuration.setAuthnContextClassRefs(pac4jSamlClientProperties2.getAuthnContextClassRef());
            }
            if (StringUtils.isNotBlank(pac4jSamlClientProperties2.getKeystoreAlias())) {
                sAML2Configuration.setKeystoreAlias(pac4jSamlClientProperties2.getKeystoreAlias());
            }
            if (StringUtils.isNotBlank(pac4jSamlClientProperties2.getNameIdPolicyFormat())) {
                sAML2Configuration.setNameIdPolicyFormat(pac4jSamlClientProperties2.getNameIdPolicyFormat());
            }
            if (!pac4jSamlClientProperties2.getRequestedAttributes().isEmpty()) {
                pac4jSamlClientProperties2.getRequestedAttributes().stream().map(serviceProviderRequestedAttribute -> {
                    return new SAML2ServiceProviderRequestedAttribute(serviceProviderRequestedAttribute.getName(), serviceProviderRequestedAttribute.getFriendlyName(), serviceProviderRequestedAttribute.getNameFormat(), serviceProviderRequestedAttribute.isRequired());
                }).forEach(sAML2ServiceProviderRequestedAttribute -> {
                    sAML2Configuration.getRequestedServiceProviderAttributes().add(sAML2ServiceProviderRequestedAttribute);
                });
            }
            if (!pac4jSamlClientProperties2.getBlockedSignatureSigningAlgorithms().isEmpty()) {
                sAML2Configuration.setBlackListedSignatureSigningAlgorithms(pac4jSamlClientProperties2.getBlockedSignatureSigningAlgorithms());
            }
            if (!pac4jSamlClientProperties2.getSignatureAlgorithms().isEmpty()) {
                sAML2Configuration.setSignatureAlgorithms(pac4jSamlClientProperties2.getSignatureAlgorithms());
            }
            if (!pac4jSamlClientProperties2.getSignatureReferenceDigestMethods().isEmpty()) {
                sAML2Configuration.setSignatureReferenceDigestMethods(pac4jSamlClientProperties2.getSignatureReferenceDigestMethods());
            }
            if (!StringUtils.isNotBlank(pac4jSamlClientProperties2.getSignatureCanonicalizationAlgorithm())) {
                sAML2Configuration.setSignatureCanonicalizationAlgorithm(pac4jSamlClientProperties2.getSignatureCanonicalizationAlgorithm());
            }
            sAML2Configuration.setProviderName(pac4jSamlClientProperties2.getProviderName());
            sAML2Configuration.setNameIdPolicyAllowCreate(pac4jSamlClientProperties2.getNameIdPolicyAllowCreate().toBoolean());
            if (StringUtils.isNotBlank(pac4jSamlClientProperties2.getSaml2AttributeConverter())) {
                FunctionUtils.doAndHandle(obj -> {
                    sAML2Configuration.setSamlAttributeConverter((AttributeConverter) ClassUtils.getClass(getClass().getClassLoader(), pac4jSamlClientProperties2.getSaml2AttributeConverter()).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]));
                });
            }
            List<String> mappedAttributes = pac4jSamlClientProperties2.getMappedAttributes();
            if (!mappedAttributes.isEmpty()) {
                sAML2Configuration.setMappedAttributes(CollectionUtils.convertDirectedListToMap(mappedAttributes));
            }
            SAML2Client sAML2Client = new SAML2Client(sAML2Configuration);
            configureClient(sAML2Client, pac4jSamlClientProperties2, casConfigurationProperties);
            LOGGER.debug("Created delegated client [{}]", sAML2Client);
            return sAML2Client;
        }).collect(Collectors.toList());
    }

    protected Collection<IndirectClient> buildBitBucketIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        Pac4jDelegatedAuthenticationBitBucketProperties bitbucket = casConfigurationProperties.getAuthn().getPac4j().getBitbucket();
        if (!bitbucket.isEnabled() || !StringUtils.isNotBlank(bitbucket.getId()) || !StringUtils.isNotBlank(bitbucket.getSecret())) {
            return List.of();
        }
        BitbucketClient bitbucketClient = new BitbucketClient(bitbucket.getId(), bitbucket.getSecret());
        configureClient(bitbucketClient, bitbucket, casConfigurationProperties);
        LOGGER.debug("Created client [{}] with identifier [{}]", bitbucketClient.getName(), bitbucketClient.getKey());
        return List.of(bitbucketClient);
    }

    protected Collection<IndirectClient> buildCasIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        return (Collection) casConfigurationProperties.getAuthn().getPac4j().getCas().stream().filter(pac4jCasClientProperties -> {
            return pac4jCasClientProperties.isEnabled() && StringUtils.isNotBlank(pac4jCasClientProperties.getLoginUrl());
        }).map(pac4jCasClientProperties2 -> {
            CasConfiguration casConfiguration = new CasConfiguration(pac4jCasClientProperties2.getLoginUrl(), CasProtocol.valueOf(pac4jCasClientProperties2.getProtocol()));
            casConfiguration.setPrefixUrl(StringUtils.appendIfMissing(PATTERN_LOGIN_URL.matcher(pac4jCasClientProperties2.getLoginUrl()).replaceFirst("/"), "/", new CharSequence[0]));
            casConfiguration.setHostnameVerifier(this.casSSLContext.getHostnameVerifier());
            casConfiguration.setSslSocketFactory(this.casSSLContext.getSslContext().getSocketFactory());
            CasClient casClient = new CasClient(casConfiguration);
            configureClient(casClient, pac4jCasClientProperties2, casConfigurationProperties);
            LOGGER.debug("Created client [{}]", casClient);
            return casClient;
        }).collect(Collectors.toList());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<IndirectClient> buildAllIdentityProviders(CasConfigurationProperties casConfigurationProperties) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.addAll(buildCasIdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildFacebookIdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildOidcIdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildOAuth20IdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildSaml2IdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildTwitterIdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildDropBoxIdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildFoursquareIdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildGitHubIdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildGoogleIdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildWindowsLiveIdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildYahooIdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildLinkedInIdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildPaypalIdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildWordpressIdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildBitBucketIdentityProviders(casConfigurationProperties));
        linkedHashSet.addAll(buildHiOrgServerIdentityProviders(casConfigurationProperties));
        return linkedHashSet;
    }

    @Generated
    public BaseDelegatedClientFactory(CasConfigurationProperties casConfigurationProperties, Collection<DelegatedClientFactoryCustomizer> collection, CasSSLContext casSSLContext, ObjectProvider<SAMLMessageStoreFactory> objectProvider, Cache<String, Collection<IndirectClient>> cache) {
        this.casProperties = casConfigurationProperties;
        this.customizers = collection;
        this.casSSLContext = casSSLContext;
        this.samlMessageStoreFactory = objectProvider;
        this.clientsCache = cache;
    }
}
