package org.apereo.cas.mgmt.config;

import java.util.ArrayList;
import java.util.List;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.CasManagementConfigurationProperties;
import org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer;
import org.apereo.cas.mgmt.authz.CasSpringSecurityAuthorizationGenerator;
import org.apereo.cas.mgmt.authz.json.JsonResourceAuthorizationGenerator;
import org.apereo.cas.mgmt.authz.yaml.YamlResourceAuthorizationGenerator;
import org.pac4j.core.authorization.authorizer.Authorizer;
import org.pac4j.core.authorization.generator.AuthorizationGenerator;
import org.pac4j.core.authorization.generator.FromAttributesAuthorizationGenerator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;

@EnableConfigurationProperties({CasManagementConfigurationProperties.class, CasConfigurationProperties.class})
@Configuration("casManagementAuthorizationConfiguration")
/* loaded from: input_file:WEB-INF/lib/cas-management-webapp-support-5.3.6.jar:org/apereo/cas/mgmt/config/CasManagementAuthorizationConfiguration.class */
public class CasManagementAuthorizationConfiguration {

    @Autowired
    private CasManagementConfigurationProperties casProperties;

    @ConditionalOnMissingBean(name = {"authorizationGenerator"})
    @RefreshScope
    @Bean
    public AuthorizationGenerator authorizationGenerator() {
        List<String> authzAttributes = this.casProperties.getAuthzAttributes();
        return !authzAttributes.isEmpty() ? authzAttributes.stream().anyMatch(str -> {
            return str.equals("*");
        }) ? staticAdminRolesAuthorizationGenerator() : new FromAttributesAuthorizationGenerator((String[]) authzAttributes.toArray(new String[0]), new String[0]) : springSecurityPropertiesAuthorizationGenerator();
    }

    @ConditionalOnMissingBean(name = {"staticAdminRolesAuthorizationGenerator"})
    @RefreshScope
    @Bean
    public AuthorizationGenerator staticAdminRolesAuthorizationGenerator() {
        return (webContext, commonProfile) -> {
            commonProfile.addRoles(this.casProperties.getAdminRoles());
            commonProfile.addRoles(this.casProperties.getUserRoles());
            return commonProfile;
        };
    }

    @ConditionalOnMissingBean(name = {"managementWebappAuthorizer"})
    @RefreshScope
    @Bean
    public Authorizer managementWebappAuthorizer() {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(this.casProperties.getAdminRoles());
        arrayList.addAll(this.casProperties.getUserRoles());
        return new CasRoleBasedAuthorizer(arrayList);
    }

    @ConditionalOnMissingBean(name = {"springSecurityPropertiesAuthorizationGenerator"})
    @RefreshScope
    @Bean
    public AuthorizationGenerator springSecurityPropertiesAuthorizationGenerator() {
        try {
            Resource userPropertiesFile = this.casProperties.getUserPropertiesFile();
            return userPropertiesFile.getFilename().endsWith("json") ? new JsonResourceAuthorizationGenerator(userPropertiesFile) : userPropertiesFile.getFilename().endsWith("yml") ? new YamlResourceAuthorizationGenerator(userPropertiesFile) : new CasSpringSecurityAuthorizationGenerator(userPropertiesFile);
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }
}
