package org.springframework.security.saml2.provider.service.servlet.filter;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.core.Version;
import org.springframework.security.saml2.core.Saml2ParameterNames;
import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory;
import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest;
import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
import org.springframework.security.saml2.provider.service.web.DefaultSaml2AuthenticationRequestContextResolver;
import org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository;
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestContextResolver;
import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository;
import org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.HtmlUtils;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-5.7.3.jar:org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.class */
public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter {
    private final Saml2AuthenticationRequestResolver authenticationRequestResolver;
    private Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-5.7.3.jar:org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter$FactorySaml2AuthenticationRequestResolver.class */
    private static class FactorySaml2AuthenticationRequestResolver implements Saml2AuthenticationRequestResolver {
        private final Saml2AuthenticationRequestContextResolver authenticationRequestContextResolver;
        private RequestMatcher redirectMatcher = new AntPathRequestMatcher("/saml2/authenticate/{registrationId}");
        private Saml2AuthenticationRequestFactory authenticationRequestFactory;

        FactorySaml2AuthenticationRequestResolver(Saml2AuthenticationRequestContextResolver saml2AuthenticationRequestContextResolver, Saml2AuthenticationRequestFactory saml2AuthenticationRequestFactory) {
            Assert.notNull(saml2AuthenticationRequestContextResolver, "authenticationRequestContextResolver cannot be null");
            Assert.notNull(saml2AuthenticationRequestFactory, "authenticationRequestFactory cannot be null");
            this.authenticationRequestContextResolver = saml2AuthenticationRequestContextResolver;
            this.authenticationRequestFactory = saml2AuthenticationRequestFactory;
        }

        @Override // org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver
        public AbstractSaml2AuthenticationRequest resolve(HttpServletRequest httpServletRequest) {
            Saml2AuthenticationRequestContext resolve;
            if (this.redirectMatcher.matcher(httpServletRequest).isMatch() && (resolve = this.authenticationRequestContextResolver.resolve(httpServletRequest)) != null) {
                return resolve.getRelyingPartyRegistration().getAssertingPartyDetails().getSingleSignOnServiceBinding() == Saml2MessageBinding.REDIRECT ? this.authenticationRequestFactory.createRedirectAuthenticationRequest(resolve) : this.authenticationRequestFactory.createPostAuthenticationRequest(resolve);
            }
            return null;
        }
    }

    @Deprecated
    public Saml2WebSsoAuthenticationRequestFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
        this(new DefaultSaml2AuthenticationRequestContextResolver((RelyingPartyRegistrationResolver) new DefaultRelyingPartyRegistrationResolver(relyingPartyRegistrationRepository)), requestFactory());
    }

    private static Saml2AuthenticationRequestFactory requestFactory() {
        try {
            return (Saml2AuthenticationRequestFactory) ClassUtils.forName(Version.getVersion().startsWith("4") ? "org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationRequestFactory" : "org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationRequestFactory", null).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    public Saml2WebSsoAuthenticationRequestFilter(Saml2AuthenticationRequestContextResolver saml2AuthenticationRequestContextResolver, Saml2AuthenticationRequestFactory saml2AuthenticationRequestFactory) {
        this(new FactorySaml2AuthenticationRequestResolver(saml2AuthenticationRequestContextResolver, saml2AuthenticationRequestFactory));
    }

    public Saml2WebSsoAuthenticationRequestFilter(Saml2AuthenticationRequestResolver saml2AuthenticationRequestResolver) {
        this.authenticationRequestRepository = new HttpSessionSaml2AuthenticationRequestRepository();
        Assert.notNull(saml2AuthenticationRequestResolver, "authenticationRequestResolver cannot be null");
        this.authenticationRequestResolver = saml2AuthenticationRequestResolver;
    }

    @Deprecated
    public void setAuthenticationRequestFactory(Saml2AuthenticationRequestFactory saml2AuthenticationRequestFactory) {
        Assert.notNull(saml2AuthenticationRequestFactory, "authenticationRequestFactory cannot be null");
        Assert.isInstanceOf((Class<?>) FactorySaml2AuthenticationRequestResolver.class, this.authenticationRequestResolver, "You cannot supply both a Saml2AuthenticationRequestResolver and a Saml2AuthenticationRequestFactory");
        ((FactorySaml2AuthenticationRequestResolver) this.authenticationRequestResolver).authenticationRequestFactory = saml2AuthenticationRequestFactory;
    }

    @Deprecated
    public void setRedirectMatcher(RequestMatcher requestMatcher) {
        Assert.notNull(requestMatcher, "redirectMatcher cannot be null");
        Assert.isInstanceOf((Class<?>) FactorySaml2AuthenticationRequestResolver.class, this.authenticationRequestResolver, "You cannot supply a Saml2AuthenticationRequestResolver and a redirect matcher");
        ((FactorySaml2AuthenticationRequestResolver) this.authenticationRequestResolver).redirectMatcher = requestMatcher;
    }

    public void setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> saml2AuthenticationRequestRepository) {
        Assert.notNull(saml2AuthenticationRequestRepository, "authenticationRequestRepository cannot be null");
        this.authenticationRequestRepository = saml2AuthenticationRequestRepository;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.web.filter.OncePerRequestFilter
    public void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        AbstractSaml2AuthenticationRequest resolve = this.authenticationRequestResolver.resolve(httpServletRequest);
        if (resolve == null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else if (resolve instanceof Saml2RedirectAuthenticationRequest) {
            sendRedirect(httpServletRequest, httpServletResponse, (Saml2RedirectAuthenticationRequest) resolve);
        } else {
            sendPost(httpServletRequest, httpServletResponse, (Saml2PostAuthenticationRequest) resolve);
        }
    }

    private void sendRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Saml2RedirectAuthenticationRequest saml2RedirectAuthenticationRequest) throws IOException {
        this.authenticationRequestRepository.saveAuthenticationRequest(saml2RedirectAuthenticationRequest, httpServletRequest, httpServletResponse);
        UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(saml2RedirectAuthenticationRequest.getAuthenticationRequestUri());
        addParameter(Saml2ParameterNames.SAML_REQUEST, saml2RedirectAuthenticationRequest.getSamlRequest(), fromUriString);
        addParameter("RelayState", saml2RedirectAuthenticationRequest.getRelayState(), fromUriString);
        addParameter(Saml2ParameterNames.SIG_ALG, saml2RedirectAuthenticationRequest.getSigAlg(), fromUriString);
        addParameter("Signature", saml2RedirectAuthenticationRequest.getSignature(), fromUriString);
        httpServletResponse.sendRedirect(fromUriString.build(true).toUriString());
    }

    private void addParameter(String str, String str2, UriComponentsBuilder uriComponentsBuilder) {
        Assert.hasText(str, "name cannot be empty or null");
        if (StringUtils.hasText(str2)) {
            uriComponentsBuilder.queryParam(UriUtils.encode(str, StandardCharsets.ISO_8859_1), UriUtils.encode(str2, StandardCharsets.ISO_8859_1));
        }
    }

    private void sendPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Saml2PostAuthenticationRequest saml2PostAuthenticationRequest) throws IOException {
        this.authenticationRequestRepository.saveAuthenticationRequest(saml2PostAuthenticationRequest, httpServletRequest, httpServletResponse);
        String createSamlPostRequestFormData = createSamlPostRequestFormData(saml2PostAuthenticationRequest);
        httpServletResponse.setContentType("text/html");
        httpServletResponse.getWriter().write(createSamlPostRequestFormData);
    }

    private String createSamlPostRequestFormData(Saml2PostAuthenticationRequest saml2PostAuthenticationRequest) {
        String authenticationRequestUri = saml2PostAuthenticationRequest.getAuthenticationRequestUri();
        String relayState = saml2PostAuthenticationRequest.getRelayState();
        String samlRequest = saml2PostAuthenticationRequest.getSamlRequest();
        StringBuilder sb = new StringBuilder();
        sb.append("<!DOCTYPE html>\n");
        sb.append("<html>\n").append("    <head>\n");
        sb.append("        <meta charset=\"utf-8\" />\n");
        sb.append("    </head>\n");
        sb.append("    <body onload=\"document.forms[0].submit()\">\n");
        sb.append("        <noscript>\n");
        sb.append("            <p>\n");
        sb.append("                <strong>Note:</strong> Since your browser does not support JavaScript,\n");
        sb.append("                you must press the Continue button once to proceed.\n");
        sb.append("            </p>\n");
        sb.append("        </noscript>\n");
        sb.append("        \n");
        sb.append("        <form action=\"");
        sb.append(authenticationRequestUri);
        sb.append("\" method=\"post\">\n");
        sb.append("            <div>\n");
        sb.append("                <input type=\"hidden\" name=\"SAMLRequest\" value=\"");
        sb.append(HtmlUtils.htmlEscape(samlRequest));
        sb.append("\"/>\n");
        if (StringUtils.hasText(relayState)) {
            sb.append("                <input type=\"hidden\" name=\"RelayState\" value=\"");
            sb.append(HtmlUtils.htmlEscape(relayState));
            sb.append("\"/>\n");
        }
        sb.append("            </div>\n");
        sb.append("            <noscript>\n");
        sb.append("                <div>\n");
        sb.append("                    <input type=\"submit\" value=\"Continue\"/>\n");
        sb.append("                </div>\n");
        sb.append("            </noscript>\n");
        sb.append("        </form>\n");
        sb.append("        \n");
        sb.append("    </body>\n");
        sb.append("</html>");
        return sb.toString();
    }
}
