package org.springframework.security.saml.provider.identity;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder;
import org.opensaml.saml.saml2.ecp.RelayState;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.saml.SamlException;
import org.springframework.security.saml.SamlMessageStore;
import org.springframework.security.saml.SamlRequestMatcher;
import org.springframework.security.saml.provider.SamlFilter;
import org.springframework.security.saml.provider.provisioning.SamlProviderProvisioning;
import org.springframework.security.saml.saml2.Saml2Object;
import org.springframework.security.saml.saml2.authentication.Assertion;
import org.springframework.security.saml.saml2.authentication.AuthenticationRequest;
import org.springframework.security.saml.saml2.authentication.Response;
import org.springframework.security.saml.saml2.metadata.Binding;
import org.springframework.security.saml.saml2.metadata.Endpoint;
import org.springframework.security.saml.saml2.metadata.NameId;
import org.springframework.security.saml.saml2.metadata.ServiceProviderMetadata;
import org.springframework.util.StringUtils;
import org.springframework.web.util.HtmlUtils;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;

/* loaded from: input_file:WEB-INF/lib/spring-security-saml2-core-2.0.0.M30.jar:org/springframework/security/saml/provider/identity/IdpInitiatedLoginFilter.class */
public class IdpInitiatedLoginFilter extends SamlFilter<IdentityProviderService> {
    private static Log logger = LogFactory.getLog(IdpInitiatedLoginFilter.class);
    private final SamlRequestMatcher requestMatcher;
    private final SamlMessageStore<Assertion, HttpServletRequest> assertionStore;
    private String postBindingTemplate;

    public IdpInitiatedLoginFilter(SamlProviderProvisioning<IdentityProviderService> samlProviderProvisioning, SamlMessageStore<Assertion, HttpServletRequest> samlMessageStore) {
        this(samlProviderProvisioning, samlMessageStore, new SamlRequestMatcher(samlProviderProvisioning, SAMLConstants.SAML20MDRI_PREFIX));
    }

    public IdpInitiatedLoginFilter(SamlProviderProvisioning<IdentityProviderService> samlProviderProvisioning, SamlMessageStore<Assertion, HttpServletRequest> samlMessageStore, SamlRequestMatcher samlRequestMatcher) {
        super(samlProviderProvisioning);
        this.postBindingTemplate = HTTPPostEncoder.DEFAULT_TEMPLATE_ID;
        this.requestMatcher = samlRequestMatcher;
        this.assertionStore = samlMessageStore;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!this.requestMatcher.matches(httpServletRequest) || authentication == null || !authentication.isAuthenticated()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        IdentityProviderService hostedProvider = getProvisioning().getHostedProvider();
        ServiceProviderMetadata targetProvider = getTargetProvider(httpServletRequest);
        AuthenticationRequest authenticationRequest = getAuthenticationRequest(httpServletRequest);
        Assertion assertion = getAssertion(authentication, authenticationRequest, hostedProvider, targetProvider);
        this.assertionStore.addMessage(httpServletRequest, assertion.getId(), assertion);
        Response response = hostedProvider.response(authenticationRequest, assertion, targetProvider);
        Endpoint preferredEndpoint = hostedProvider.getPreferredEndpoint(targetProvider.getServiceProvider().getAssertionConsumerService(), Binding.POST, -1);
        logger.debug(String.format("Sending assertion for SP:%s to URL:%s using Binding:%s", targetProvider.getEntityId(), preferredEndpoint.getLocation(), preferredEndpoint.getBinding()));
        String parameter = httpServletRequest.getParameter(RelayState.DEFAULT_ELEMENT_LOCAL_NAME);
        if (preferredEndpoint.getBinding() == Binding.REDIRECT) {
            String encodedXml = hostedProvider.toEncodedXml((Saml2Object) response, true);
            UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(preferredEndpoint.getLocation());
            fromUriString.queryParam("SAMLRequest", UriUtils.encode(encodedXml, StandardCharsets.UTF_8.name()));
            if (StringUtils.hasText(parameter)) {
                fromUriString.queryParam(RelayState.DEFAULT_ELEMENT_LOCAL_NAME, UriUtils.encode(parameter, StandardCharsets.UTF_8.name()));
            }
            httpServletResponse.sendRedirect(fromUriString.build(true).toUriString());
            return;
        }
        if (preferredEndpoint.getBinding() != Binding.POST) {
            throw new SamlException("Unsupported binding:" + preferredEndpoint.getBinding());
        }
        String encodedXml2 = hostedProvider.toEncodedXml((Saml2Object) response, false);
        HashMap hashMap = new HashMap();
        hashMap.put("action", preferredEndpoint.getLocation());
        hashMap.put("SAMLResponse", encodedXml2);
        if (StringUtils.hasText(parameter)) {
            hashMap.put(RelayState.DEFAULT_ELEMENT_LOCAL_NAME, HtmlUtils.htmlEscape(parameter));
        }
        processHtml(httpServletRequest, httpServletResponse, getPostBindingTemplate(), hashMap);
    }

    protected ServiceProviderMetadata getTargetProvider(HttpServletRequest httpServletRequest) {
        return getProvisioning().getHostedProvider().getRemoteProvider(httpServletRequest.getParameter("sp"));
    }

    protected AuthenticationRequest getAuthenticationRequest(HttpServletRequest httpServletRequest) {
        return null;
    }

    protected Assertion getAssertion(Authentication authentication, AuthenticationRequest authenticationRequest, IdentityProviderService identityProviderService, ServiceProviderMetadata serviceProviderMetadata) {
        return identityProviderService.assertion(serviceProviderMetadata, authenticationRequest, authentication.getName(), NameId.PERSISTENT);
    }

    public String getPostBindingTemplate() {
        return this.postBindingTemplate;
    }

    public IdpInitiatedLoginFilter setPostBindingTemplate(String str) {
        this.postBindingTemplate = str;
        return this;
    }
}
