package org.springframework.security.saml2.provider.service.web.authentication;

import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.UUID;
import java.util.function.BiConsumer;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder;
import org.opensaml.saml.saml2.core.impl.AuthnRequestMarshaller;
import org.opensaml.saml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml.saml2.core.impl.NameIDBuilder;
import org.opensaml.saml.saml2.core.impl.NameIDPolicyBuilder;
import org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver;
import org.springframework.security.saml2.Saml2Exception;
import org.springframework.security.saml2.core.OpenSamlInitializationService;
import org.springframework.security.saml2.core.Saml2ParameterNames;
import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest;
import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-5.7.10.jar:org/springframework/security/saml2/provider/service/web/authentication/OpenSamlAuthenticationRequestResolver.class */
class OpenSamlAuthenticationRequestResolver {
    private final RequestMatcher requestMatcher = new AntPathRequestMatcher("/saml2/authenticate/{registrationId}");
    private final RelyingPartyRegistrationResolver relyingPartyRegistrationResolver;
    private final AuthnRequestBuilder authnRequestBuilder;
    private final AuthnRequestMarshaller marshaller;
    private final IssuerBuilder issuerBuilder;
    private final NameIDBuilder nameIdBuilder;
    private final NameIDPolicyBuilder nameIdPolicyBuilder;

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSamlAuthenticationRequestResolver(RelyingPartyRegistrationResolver relyingPartyRegistrationResolver) {
        Assert.notNull(relyingPartyRegistrationResolver, "relyingPartyRegistrationResolver cannot be null");
        this.relyingPartyRegistrationResolver = relyingPartyRegistrationResolver;
        XMLObjectProviderRegistry xMLObjectProviderRegistry = (XMLObjectProviderRegistry) ConfigurationService.get(XMLObjectProviderRegistry.class);
        this.marshaller = (AuthnRequestMarshaller) xMLObjectProviderRegistry.getMarshallerFactory().getMarshaller(AuthnRequest.DEFAULT_ELEMENT_NAME);
        Assert.notNull(this.marshaller, "logoutRequestMarshaller must be configured in OpenSAML");
        this.authnRequestBuilder = (AuthnRequestBuilder) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
        Assert.notNull(this.authnRequestBuilder, "authnRequestBuilder must be configured in OpenSAML");
        this.issuerBuilder = (IssuerBuilder) xMLObjectProviderRegistry.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
        Assert.notNull(this.issuerBuilder, "issuerBuilder must be configured in OpenSAML");
        this.nameIdBuilder = (NameIDBuilder) xMLObjectProviderRegistry.getBuilderFactory().getBuilder(NameID.DEFAULT_ELEMENT_NAME);
        Assert.notNull(this.nameIdBuilder, "nameIdBuilder must be configured in OpenSAML");
        this.nameIdPolicyBuilder = (NameIDPolicyBuilder) xMLObjectProviderRegistry.getBuilderFactory().getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME);
        Assert.notNull(this.nameIdPolicyBuilder, "nameIdPolicyBuilder must be configured in OpenSAML");
    }

    <T extends AbstractSaml2AuthenticationRequest> T resolve(HttpServletRequest httpServletRequest) {
        return (T) resolve(httpServletRequest, (relyingPartyRegistration, authnRequest) -> {
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public <T extends AbstractSaml2AuthenticationRequest> T resolve(HttpServletRequest httpServletRequest, BiConsumer<RelyingPartyRegistration, AuthnRequest> biConsumer) {
        RequestMatcher.MatchResult matcher = this.requestMatcher.matcher(httpServletRequest);
        if (!matcher.isMatch()) {
            return null;
        }
        RelyingPartyRegistration resolve = this.relyingPartyRegistrationResolver.resolve(httpServletRequest, matcher.getVariables().get(DefaultServerOAuth2AuthorizationRequestResolver.DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME));
        if (resolve == null) {
            return null;
        }
        AuthnRequest mo14915buildObject = this.authnRequestBuilder.mo14915buildObject();
        mo14915buildObject.setForceAuthn(Boolean.FALSE);
        mo14915buildObject.setIsPassive(Boolean.FALSE);
        mo14915buildObject.setProtocolBinding(resolve.getAssertionConsumerServiceBinding().getUrn());
        Issuer mo14915buildObject2 = this.issuerBuilder.mo14915buildObject();
        mo14915buildObject2.setValue(resolve.getEntityId());
        mo14915buildObject.setIssuer(mo14915buildObject2);
        mo14915buildObject.setDestination(resolve.getAssertingPartyDetails().getSingleSignOnServiceLocation());
        mo14915buildObject.setAssertionConsumerServiceURL(resolve.getAssertionConsumerServiceLocation());
        if (resolve.getNameIdFormat() != null) {
            NameIDPolicy mo14915buildObject3 = this.nameIdPolicyBuilder.mo14915buildObject();
            mo14915buildObject3.setFormat(resolve.getNameIdFormat());
            mo14915buildObject.setNameIDPolicy(mo14915buildObject3);
        }
        biConsumer.accept(resolve, mo14915buildObject);
        if (mo14915buildObject.getID() == null) {
            mo14915buildObject.setID("ARQ" + UUID.randomUUID().toString().substring(1));
        }
        String uuid = UUID.randomUUID().toString();
        if (resolve.getAssertingPartyDetails().getSingleSignOnServiceBinding() == Saml2MessageBinding.POST) {
            if (resolve.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
                OpenSamlSigningUtils.sign(mo14915buildObject, resolve);
            }
            return Saml2PostAuthenticationRequest.withRelyingPartyRegistration(resolve).samlRequest(Saml2Utils.samlEncode(serialize(mo14915buildObject).getBytes(StandardCharsets.UTF_8))).relayState(uuid).build();
        }
        String samlEncode = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(serialize(mo14915buildObject)));
        Saml2RedirectAuthenticationRequest.Builder relayState = Saml2RedirectAuthenticationRequest.withRelyingPartyRegistration(resolve).samlRequest(samlEncode).relayState(uuid);
        if (resolve.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
            Map<String, String> parameters = OpenSamlSigningUtils.sign(resolve).param(Saml2ParameterNames.SAML_REQUEST, samlEncode).param("RelayState", uuid).parameters();
            relayState.sigAlg(parameters.get(Saml2ParameterNames.SIG_ALG)).signature(parameters.get("Signature"));
        }
        return relayState.build();
    }

    private String serialize(AuthnRequest authnRequest) {
        try {
            return SerializeSupport.nodeToString(this.marshaller.marshall(authnRequest));
        } catch (MarshallingException e) {
            throw new Saml2Exception(e);
        }
    }

    static {
        OpenSamlInitializationService.initialize();
    }
}
