package com.appiancorp.security.auth.saml;

import com.appiancorp.common.config.AdminServicesProvider;
import com.appiancorp.common.config.AppianAdminServicesSpringConfig;
import com.appiancorp.common.config.AppianSharedSpringConfig;
import com.appiancorp.features.internal.FeatureToggleDefinition;
import com.appiancorp.record.RecordSpringConfig;
import com.appiancorp.record.ui.OpaqueUrlBuilder;
import com.appiancorp.security.auth.AppianAuthenticationSuccessHandler;
import com.appiancorp.security.auth.BaseAuthenticationSpringConfig;
import com.appiancorp.security.auth.ProxyUrlRepairUtil;
import com.appiancorp.security.auth.UserSyncer;
import com.appiancorp.security.auth.mobile.InAppBrowserClientRequestMatcher;
import com.appiancorp.security.auth.mobile.MobileAuthSpringConfig;
import com.appiancorp.security.auth.oidc.OidcAuthProviderQueryStringGenerator;
import com.appiancorp.security.auth.oidc.OidcConfiguration;
import com.appiancorp.security.auth.oidc.OidcConfigurationSpringConfig;
import com.appiancorp.security.auth.oidc.persistence.service.OidcSettingsService;
import com.appiancorp.security.auth.rememberme.RememberMeSettings;
import com.appiancorp.security.auth.rememberme.RememberMeSettingsSpringConfig;
import com.appiancorp.security.auth.saml.functions.AllowEncryptedAssertionsSupplier;
import com.appiancorp.security.auth.saml.redirecter.AppianLogoutRedirecter;
import com.appiancorp.security.auth.saml.redirecter.IdpRedirectHandler;
import com.appiancorp.security.auth.saml.redirecter.IdpSelfSelectionRedirectHandler;
import com.appiancorp.security.auth.saml.redirecter.SamlAuthProviderQueryStringGenerator;
import com.appiancorp.security.auth.saml.redirecter.SamlIdpRedirecter;
import com.appiancorp.security.auth.saml.rememberidp.RememberIdpService;
import com.appiancorp.security.auth.saml.rememberidp.RememberIdpSpringConfig;
import com.appiancorp.security.auth.saml.selfselection.SelfSelectionLinkGenerator;
import com.appiancorp.security.auth.saml.service.SamlSettingsService;
import com.appiancorp.security.auth.saml.storage.SamlMemoryStorageService;
import com.appiancorp.security.ssl.CertificateService;
import com.appiancorp.security.ssl.SslSpringConfig;
import com.appiancorp.security.symmetric.SymmetricKeyConstants;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.FeatureToggleConfiguration;
import com.appiancorp.suite.cfg.SamlConfiguration;
import com.appiancorp.suiteapi.common.spring.security.CompositeSessionAuthenticationStrategy;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.crypto.Cipher;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.net.URIComparator;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.messaging.handler.MessageHandler;
import org.opensaml.messaging.handler.MessageHandlerChain;
import org.opensaml.messaging.handler.impl.BasicMessageHandlerChain;
import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler;
import org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler;
import org.opensaml.saml.saml2.assertion.SAML20AssertionValidator;
import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
import org.opensaml.security.credential.CredentialResolver;
import org.opensaml.storage.ReplayCache;
import org.opensaml.storage.StorageService;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;

@Configuration
@Import({AppianAdminServicesSpringConfig.class, AppianSharedSpringConfig.class, BaseAuthenticationSpringConfig.class, MobileAuthSpringConfig.class, OidcConfigurationSpringConfig.class, RememberMeSettingsSpringConfig.class, SamlBindingSpringConfig.class, SamlSharedSpringConfig.class, SamlReactionSpringConfig.class, SslSpringConfig.class, RecordSpringConfig.class, RememberIdpSpringConfig.class})
/* loaded from: input_file:com/appiancorp/security/auth/saml/SamlSpringConfig.class */
public class SamlSpringConfig {

    @Autowired
    @Lazy
    @Qualifier("oidcSettingsServiceAdminContextDecorator")
    OidcSettingsService oidcSettingsServiceAdminContextDecorator;

    @Bean
    @Lazy
    public IssuerGenerator issuerGenerator(SamlConfiguration samlConfiguration, XMLObjectBuilderFactory xMLObjectBuilderFactory) {
        return new IssuerGenerator(samlConfiguration, xMLObjectBuilderFactory);
    }

    @Bean
    @Lazy
    public SamlRequestGenerator authnRequestGenerator(SamlConfiguration samlConfiguration, IssuerGenerator issuerGenerator, XMLObjectBuilderFactory xMLObjectBuilderFactory, SamlSpServiceUrlGenerator samlSpServiceUrlGenerator, FeatureToggleConfiguration featureToggleConfiguration) {
        return new SamlRequestGenerator(samlConfiguration, issuerGenerator, xMLObjectBuilderFactory, samlSpServiceUrlGenerator, featureToggleConfiguration);
    }

    @Bean
    @Lazy
    public SamlResponseGenerator samlResponseGenerator(IssuerGenerator issuerGenerator, SamlConfiguration samlConfiguration) {
        return new SamlResponseGenerator(issuerGenerator, samlConfiguration);
    }

    @Bean
    public StorageService storageService() throws ComponentInitializationException {
        SamlMemoryStorageService samlMemoryStorageService = new SamlMemoryStorageService();
        samlMemoryStorageService.setId(SamlMemoryStorageService.class.getSimpleName());
        samlMemoryStorageService.initialize();
        return samlMemoryStorageService;
    }

    @Bean
    public ReplayCache replayCache(StorageService storageService) {
        ReplayCache replayCache = new ReplayCache();
        replayCache.setStorage(storageService);
        return replayCache;
    }

    @Bean
    @Lazy
    public URIComparator appianSamlUrlComparator(SamlSpServiceUrlGenerator samlSpServiceUrlGenerator) {
        return new AppianSamlUrlComparator(samlSpServiceUrlGenerator);
    }

    @Bean
    public ReceivedEndpointSecurityHandlerFactory receivedEndpointSecurityHandlerFactory(URIComparator uRIComparator) {
        return new ReceivedEndpointSecurityHandlerFactory(uRIComparator);
    }

    @Bean
    public MessageHandler messageReplaySecurityHandler(ReplayCache replayCache) {
        MessageReplaySecurityHandler messageReplaySecurityHandler = new MessageReplaySecurityHandler();
        messageReplaySecurityHandler.setReplayCache(replayCache);
        return messageReplaySecurityHandler;
    }

    @Bean
    public MessageHandler messageLifetimeSecurityHandler() {
        MessageLifetimeSecurityHandler messageLifetimeSecurityHandler = new MessageLifetimeSecurityHandler();
        messageLifetimeSecurityHandler.setClockSkew(180000L);
        messageLifetimeSecurityHandler.setMessageLifetime(300000L);
        messageLifetimeSecurityHandler.setRequiredRule(false);
        return messageLifetimeSecurityHandler;
    }

    @Bean
    public MessageHandlerChain basicMessageHandlerChain(List<MessageHandler> list) {
        BasicMessageHandlerChain basicMessageHandlerChain = new BasicMessageHandlerChain();
        basicMessageHandlerChain.setHandlers(list);
        return basicMessageHandlerChain;
    }

    @Bean
    @Lazy
    public ExplicitKeySignatureTrustEngine explicitKeySignatureTrustEngine(CredentialResolver credentialResolver, KeyInfoCredentialResolver keyInfoCredentialResolver) {
        return new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoCredentialResolver);
    }

    @Bean
    @Lazy
    public SamlSignatureValidator samlSignatureValidator(SAMLSignatureProfileValidator sAMLSignatureProfileValidator, ExplicitKeySignatureTrustEngine explicitKeySignatureTrustEngine) {
        return new SamlSignatureValidator(sAMLSignatureProfileValidator, explicitKeySignatureTrustEngine);
    }

    @Bean
    @Lazy
    public SamlAuthenticator samlAuthenticator(AdminServicesProvider adminServicesProvider, SamlMessageValidator samlMessageValidator, SamlConfiguration samlConfiguration, UserSyncer userSyncer) {
        return new SamlAuthenticator(adminServicesProvider.userProfileService(), samlMessageValidator, samlConfiguration, userSyncer);
    }

    @Bean
    @Lazy
    public SamlTestValidator samlTestValidator(SamlAuthenticator samlAuthenticator, SamlConfiguration samlConfiguration, SamlTestStateManager samlTestStateManager, SamlSettingsSelector samlSettingsSelector) {
        return new SamlTestValidator(samlAuthenticator, samlConfiguration, samlTestStateManager, samlSettingsSelector);
    }

    @Bean
    @Lazy
    public SamlAssertionValidator samlAssertionValidator(ReplayCache replayCache) {
        return new SamlAssertionValidator(replayCache);
    }

    @Bean
    @Lazy
    public SamlMessageValidator samlMessageValidator(MessageHandlerChain messageHandlerChain, SamlConfiguration samlConfiguration, SamlSignatureValidator samlSignatureValidator, ReceivedEndpointSecurityHandlerFactory receivedEndpointSecurityHandlerFactory, SAML20AssertionValidator sAML20AssertionValidator, FeatureToggleConfiguration featureToggleConfiguration) {
        return new SamlMessageValidator(messageHandlerChain, samlConfiguration, samlSignatureValidator, receivedEndpointSecurityHandlerFactory, sAML20AssertionValidator, featureToggleConfiguration);
    }

    @Bean
    @Lazy
    public IdentityProviderManager identityProviderManager(SamlMessageRetrieverAdapter samlMessageRetrieverAdapter, SamlMessageSenderAdapter samlMessageSenderAdapter, SamlRequestGenerator samlRequestGenerator, SamlResponseGenerator samlResponseGenerator, SamlConfiguration samlConfiguration, XMLObjectBuilderFactory xMLObjectBuilderFactory) {
        return new IdentityProviderManager(samlMessageRetrieverAdapter, samlMessageSenderAdapter, samlRequestGenerator, samlResponseGenerator, samlConfiguration, xMLObjectBuilderFactory);
    }

    @Bean
    @Lazy
    public SamlFilterPredicate samlFilterPredicate(SamlConfiguration samlConfiguration, IdentityProviderManager identityProviderManager, SamlSettingsService samlSettingsService, RememberIdpService rememberIdpService, InAppBrowserClientRequestMatcher inAppBrowserClientRequestMatcher, OidcConfiguration oidcConfiguration) {
        return new SamlFilterPredicate(samlConfiguration, identityProviderManager, samlSettingsService, rememberIdpService, inAppBrowserClientRequestMatcher, oidcConfiguration);
    }

    @Bean
    @Lazy
    public AuthenticationFailureHandler samlAuthenticationFailureHandler() {
        return new SamlAuthenticationFailureHandler();
    }

    @Bean
    @Lazy
    public SamlFilter samlFilter(AuthenticationManager authenticationManager, IdentityProviderManager identityProviderManager, AppianAuthenticationSuccessHandler appianAuthenticationSuccessHandler, CompositeSessionAuthenticationStrategy compositeSessionAuthenticationStrategy, SamlIdpRedirecter samlIdpRedirecter, SamlSessionTracker samlSessionTracker, SamlFilterPredicate samlFilterPredicate, AuthenticationFailureHandler authenticationFailureHandler, RememberMeSettings rememberMeSettings, RememberMeServices rememberMeServices) {
        return new SamlFilter(authenticationManager, identityProviderManager, appianAuthenticationSuccessHandler, compositeSessionAuthenticationStrategy, samlIdpRedirecter, samlSessionTracker, samlFilterPredicate, authenticationFailureHandler, rememberMeSettings, rememberMeServices);
    }

    @Bean
    public IdpSelfSelectionRedirectHandler idpSelfSelectionRedirectHandler(SamlConfiguration samlConfiguration, SamlSessionTracker samlSessionTracker) {
        return new IdpSelfSelectionRedirectHandler(samlConfiguration, samlSessionTracker);
    }

    @Bean
    public IdpRedirectHandler idpRedirectHandler(IdentityProviderManager identityProviderManager, ProxyUrlRepairUtil proxyUrlRepairUtil, SamlSessionTracker samlSessionTracker, SamlConfiguration samlConfiguration) {
        return new IdpRedirectHandler(identityProviderManager, proxyUrlRepairUtil, samlSessionTracker, samlConfiguration);
    }

    @Bean
    public SamlIdpRedirecter samlRedirecter(IdpSelfSelectionRedirectHandler idpSelfSelectionRedirectHandler, IdpRedirectHandler idpRedirectHandler) {
        return new SamlIdpRedirecter(idpSelfSelectionRedirectHandler, idpRedirectHandler);
    }

    @Bean
    @Lazy
    public SamlLogoutRequestConsumer samlLogoutRequestHandler(SecurityContextLogoutHandler securityContextLogoutHandler, IdentityProviderManager identityProviderManager, SamlMessageValidator samlMessageValidator, SamlSettingsSelector samlSettingsSelector, SamlConfiguration samlConfiguration) {
        return new SamlLogoutRequestConsumer(securityContextLogoutHandler, samlMessageValidator, identityProviderManager, samlSettingsSelector, samlConfiguration);
    }

    @Bean
    public SamlLogoutResponseConsumer samlLogoutResponseHandler(AppianLogoutRedirecter appianLogoutRedirecter, SamlAuthProviderQueryStringGenerator samlAuthProviderQueryStringGenerator) {
        return new SamlLogoutResponseConsumer(appianLogoutRedirecter, samlAuthProviderQueryStringGenerator);
    }

    @Bean
    public AppianLogoutRedirecter appianLogoutRedirecter(SuiteConfiguration suiteConfiguration) {
        return new AppianLogoutRedirecter(suiteConfiguration.getBaseUri());
    }

    @Bean
    @Lazy
    public SAMLSignatureProfileValidator samlSignatureProfileValidator() {
        return new SAMLSignatureProfileValidator();
    }

    @Bean
    public SamlLogoutHandler samlLogoutHandler(SamlSessionTracker samlSessionTracker) {
        return new SamlLogoutHandler(samlSessionTracker);
    }

    @Bean
    public SamlSpMetadataGenerator samlSpMetadataGenerator(CertificateService certificateService, SamlSpServiceUrlGenerator samlSpServiceUrlGenerator, AllowEncryptedAssertionsSupplier allowEncryptedAssertionsSupplier) {
        return new SamlSpMetadataGenerator(certificateService, samlSpServiceUrlGenerator, allowEncryptedAssertionsSupplier);
    }

    @Bean
    public AllowEncryptedAssertionsSupplier allowEncryptedAssertions() {
        int i;
        try {
            i = Cipher.getMaxAllowedKeyLength(SymmetricKeyConstants.SYMMETRIC_KEY_ALGORITHM);
        } catch (NoSuchAlgorithmException e) {
            i = 0;
        }
        return new AllowEncryptedAssertionsSupplier(i);
    }

    @Bean
    public SamlSpMetadataLinkGenerator samlSpMetadataLinkGenerator(AdminServicesProvider adminServicesProvider, SuiteConfiguration suiteConfiguration, OpaqueUrlBuilder opaqueUrlBuilder) {
        return new SamlSpMetadataLinkGenerator(adminServicesProvider.contentService(), suiteConfiguration, opaqueUrlBuilder);
    }

    @Bean
    public SamlAuthProviderQueryStringGenerator samlAuthProviderQueryStringGenerator(SamlSettingsService samlSettingsService, SamlConfiguration samlConfiguration) {
        return new SamlAuthProviderQueryStringGenerator(samlSettingsService, samlConfiguration);
    }

    @Bean
    public OidcAuthProviderQueryStringGenerator oidcAuthProviderQueryStringGenerator(OidcConfiguration oidcConfiguration) {
        return new OidcAuthProviderQueryStringGenerator(this.oidcSettingsServiceAdminContextDecorator, oidcConfiguration);
    }

    @Bean
    public SelfSelectionLinkGenerator selfSelectionLinkGenerator(SamlAuthProviderQueryStringGenerator samlAuthProviderQueryStringGenerator, OidcAuthProviderQueryStringGenerator oidcAuthProviderQueryStringGenerator, SamlConfiguration samlConfiguration) {
        return new SelfSelectionLinkGenerator(samlAuthProviderQueryStringGenerator, oidcAuthProviderQueryStringGenerator, samlConfiguration);
    }

    @Bean
    public FeatureToggleDefinition removeSha1FeatureToggle() {
        return new FeatureToggleDefinition("ae.iam.remove-sha1-for-saml", true);
    }
}
