package com.evolveum.midpoint.authentication.impl.module.configurer;

import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.impl.filter.saml.MidpointMetadataRelyingPartyRegistrationResolver;
import com.evolveum.midpoint.authentication.impl.filter.saml.MidpointSaml2LoginConfigurer;
import com.evolveum.midpoint.authentication.impl.filter.saml.MidpointSaml2LogoutRequestResolver;
import com.evolveum.midpoint.authentication.impl.filter.saml.MidpointSaml2LogoutRequestSuccessHandler;
import com.evolveum.midpoint.authentication.impl.handler.MidPointAuthenticationSuccessHandler;
import com.evolveum.midpoint.authentication.impl.handler.MidpointAuthenticationFailureHandler;
import com.evolveum.midpoint.authentication.impl.module.configuration.SamlModuleWebSecurityConfiguration;
import com.evolveum.midpoint.model.api.ModelAuditRecorder;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.Saml2AuthenticationModuleType;
import jakarta.servlet.Filter;
import jakarta.servlet.ServletRequest;
import java.util.Collections;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken;
import org.springframework.security.saml2.provider.service.metadata.OpenSamlMetadataResolver;
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter;
import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter;
import org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2RelyingPartyInitiatedLogoutSuccessHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.10-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/module/configurer/SamlModuleWebSecurityConfigurer.class */
public class SamlModuleWebSecurityConfigurer extends RemoteModuleWebSecurityConfigurer<SamlModuleWebSecurityConfiguration, Saml2AuthenticationModuleType> {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) SamlModuleWebSecurityConfigurer.class);
    public static final String SAML_LOGIN_PATH = "/saml2/select";

    @Autowired
    private ModelAuditRecorder auditProvider;

    public SamlModuleWebSecurityConfigurer(Saml2AuthenticationModuleType saml2AuthenticationModuleType, String str, AuthenticationChannel authenticationChannel, ObjectPostProcessor<Object> objectPostProcessor, ServletRequest servletRequest, AuthenticationProvider authenticationProvider) {
        super(saml2AuthenticationModuleType, str, authenticationChannel, objectPostProcessor, servletRequest, authenticationProvider);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.module.configurer.ModuleWebSecurityConfigurer
    public SamlModuleWebSecurityConfiguration buildConfiguration(Saml2AuthenticationModuleType saml2AuthenticationModuleType, String str, AuthenticationChannel authenticationChannel, ServletRequest servletRequest) {
        SamlModuleWebSecurityConfiguration build = SamlModuleWebSecurityConfiguration.build(saml2AuthenticationModuleType, str, getPublicUrlPrefix(servletRequest), servletRequest);
        build.setSequenceSuffix(str);
        return build;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.evolveum.midpoint.authentication.impl.module.configurer.RemoteModuleWebSecurityConfigurer, com.evolveum.midpoint.authentication.impl.module.configurer.ModuleWebSecurityConfigurer
    public void configure(HttpSecurity httpSecurity) throws Exception {
        super.configure(httpSecurity);
        MidpointSaml2LoginConfigurer midpointSaml2LoginConfigurer = new MidpointSaml2LoginConfigurer(this.auditProvider);
        midpointSaml2LoginConfigurer.relyingPartyRegistrationRepository(relyingPartyRegistrations()).loginProcessingUrl(((SamlModuleWebSecurityConfiguration) getConfiguration()).getPrefixOfModule() + "/SSO/alias/{registrationId}").successHandler((AuthenticationSuccessHandler) getObjectPostProcessor().postProcess(new MidPointAuthenticationSuccessHandler())).failureHandler(new MidpointAuthenticationFailureHandler());
        try {
            midpointSaml2LoginConfigurer.authenticationManager(new ProviderManager(Collections.emptyList(), authenticationManager()));
        } catch (Exception e) {
            LOGGER.error("Couldn't initialize authentication manager for saml2 module");
        }
        getOrApply(httpSecurity, midpointSaml2LoginConfigurer);
        Saml2MetadataFilter saml2MetadataFilter = new Saml2MetadataFilter(new MidpointMetadataRelyingPartyRegistrationResolver(relyingPartyRegistrations()), new OpenSamlMetadataResolver());
        saml2MetadataFilter.setRequestMatcher(new AntPathRequestMatcher(((SamlModuleWebSecurityConfiguration) getConfiguration()).getPrefixOfModule() + "/metadata/*"));
        httpSecurity.addFilterAfter((Filter) saml2MetadataFilter, Saml2WebSsoAuthenticationFilter.class);
    }

    @Override // com.evolveum.midpoint.authentication.impl.module.configurer.RemoteModuleWebSecurityConfigurer
    protected String getAuthEntryPointUrl() {
        return SAML_LOGIN_PATH;
    }

    @Override // com.evolveum.midpoint.authentication.impl.module.configurer.RemoteModuleWebSecurityConfigurer
    protected LogoutSuccessHandler getLogoutRequestSuccessHandler() {
        return (LogoutSuccessHandler) getObjectPostProcessor().postProcess(new MidpointSaml2LogoutRequestSuccessHandler(new Saml2RelyingPartyInitiatedLogoutSuccessHandler(new MidpointSaml2LogoutRequestResolver(relyingPartyRegistrations()))));
    }

    @Override // com.evolveum.midpoint.authentication.impl.module.configurer.RemoteModuleWebSecurityConfigurer
    protected Class<? extends Authentication> getAuthTokenClass() {
        return Saml2AuthenticationToken.class;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private InMemoryRelyingPartyRegistrationRepository relyingPartyRegistrations() {
        return ((SamlModuleWebSecurityConfiguration) getConfiguration()).getRelyingPartyRegistrationRepository();
    }
}
