package org.springframework.security.saml.provider.identity;

import com.evolveum.midpoint.repo.sqale.qmodel.system.QSecurityPolicyMapping;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.saml.SamlRequestMatcher;
import org.springframework.security.saml.provider.SamlFilter;
import org.springframework.security.saml.provider.config.ExternalProviderConfiguration;
import org.springframework.security.saml.provider.provisioning.SamlProviderProvisioning;
import org.springframework.security.saml.provider.service.ModelProvider;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;

/* loaded from: input_file:WEB-INF/lib/spring-security-saml2-core-2.0.0.M30.jar:org/springframework/security/saml/provider/identity/SelectServiceProviderFilter.class */
public class SelectServiceProviderFilter extends SamlFilter<IdentityProviderService> {
    private static Log logger = LogFactory.getLog(SelectServiceProviderFilter.class);
    private final RequestMatcher requestMatcher;
    private String selectTemplate;

    public SelectServiceProviderFilter(SamlProviderProvisioning<IdentityProviderService> samlProviderProvisioning) {
        this(samlProviderProvisioning, new SamlRequestMatcher(samlProviderProvisioning, "select"));
    }

    public SelectServiceProviderFilter(SamlProviderProvisioning<IdentityProviderService> samlProviderProvisioning, RequestMatcher requestMatcher) {
        super(samlProviderProvisioning);
        this.selectTemplate = "/templates/spi/select-provider.vm";
        this.requestMatcher = requestMatcher;
    }

    public String getSelectTemplate() {
        return this.selectTemplate;
    }

    public SelectServiceProviderFilter setSelectTemplate(String str) {
        this.selectTemplate = str;
        return this;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!this.requestMatcher.matches(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        LinkedList linkedList = new LinkedList();
        ((IdentityProviderService) getProvisioning().getHostedProvider()).getConfiguration().getProviders().stream().forEach(externalServiceProviderConfiguration -> {
            try {
                linkedList.add(new ModelProvider().setLinkText(externalServiceProviderConfiguration.getLinktext()).setRedirect(getIdpInitUrl(httpServletRequest, externalServiceProviderConfiguration)));
            } catch (Exception e) {
                logger.debug(String.format("Unable to retrieve metadata for provider:%s with message:", externalServiceProviderConfiguration.getMetadata(), e.getMessage()));
            }
        });
        Map<String, Object> hashMap = new HashMap<>();
        hashMap.put("title", "Select a Service Provider");
        hashMap.put("providers", linkedList);
        processHtml(httpServletRequest, httpServletResponse, this.selectTemplate, hashMap);
    }

    protected String getIdpInitUrl(HttpServletRequest httpServletRequest, ExternalProviderConfiguration externalProviderConfiguration) throws UnsupportedEncodingException {
        UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(getProvisioning().getHostedProvider().getConfiguration().getBasePath());
        fromUriString.pathSegment(getInitPath(httpServletRequest));
        fromUriString.queryParam(QSecurityPolicyMapping.DEFAULT_ALIAS_NAME, UriUtils.encode(getProvisioning().getHostedProvider().getRemoteProvider(externalProviderConfiguration).getEntityId(), StandardCharsets.UTF_8.toString()));
        return fromUriString.build().toUriString();
    }

    private String getInitPath(HttpServletRequest httpServletRequest) {
        String contextPath = httpServletRequest.getContextPath();
        String requestURI = httpServletRequest.getRequestURI();
        if (StringUtils.hasText(contextPath)) {
            requestURI = requestURI.substring(contextPath.length());
        }
        return org.springframework.security.saml.util.StringUtils.stripStartingSlashes(requestURI.replace("/select", "/init"));
    }
}
