package com.evolveum.midpoint.authentication.impl.factory.module;

import com.evolveum.midpoint.authentication.api.AuthModule;
import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.IdentityProvider;
import com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl;
import com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl;
import com.evolveum.midpoint.authentication.impl.module.configuration.SamlModuleWebSecurityConfiguration;
import com.evolveum.midpoint.authentication.impl.module.configurer.SamlModuleWebSecurityConfigurer;
import com.evolveum.midpoint.authentication.impl.provider.Saml2Provider;
import com.evolveum.midpoint.authentication.impl.util.AuthModuleImpl;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModulesType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.Saml2AuthenticationModuleType;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.ServletRequest;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/evolveum/midpoint/authentication/impl/factory/module/Saml2ModuleFactory.class */
public class Saml2ModuleFactory extends RemoteModuleFactory {
    private static final Trace LOGGER = TraceManager.getTrace(Saml2ModuleFactory.class);

    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    public boolean match(AbstractAuthenticationModuleType abstractAuthenticationModuleType, AuthenticationChannel authenticationChannel) {
        return abstractAuthenticationModuleType instanceof Saml2AuthenticationModuleType;
    }

    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    public AuthModule createModuleFilter(AbstractAuthenticationModuleType abstractAuthenticationModuleType, String str, ServletRequest servletRequest, Map<Class<?>, Object> map, AuthenticationModulesType authenticationModulesType, CredentialsPolicyType credentialsPolicyType, AuthenticationChannel authenticationChannel, AuthenticationSequenceModuleType authenticationSequenceModuleType) throws Exception {
        if (!(abstractAuthenticationModuleType instanceof Saml2AuthenticationModuleType)) {
            LOGGER.error("This factory support only Saml2AuthenticationModuleType, but modelType is " + abstractAuthenticationModuleType);
            return null;
        }
        isSupportedChannel(authenticationChannel);
        SamlModuleWebSecurityConfiguration build = SamlModuleWebSecurityConfiguration.build((Saml2AuthenticationModuleType) abstractAuthenticationModuleType, str, getPublicUrlPrefix(servletRequest), servletRequest);
        build.setSequenceSuffix(str);
        build.addAuthenticationProvider((AuthenticationProvider) getObjectObjectPostProcessor().postProcess(new Saml2Provider()));
        SamlModuleWebSecurityConfigurer samlModuleWebSecurityConfigurer = (SamlModuleWebSecurityConfigurer) getObjectObjectPostProcessor().postProcess(new SamlModuleWebSecurityConfigurer(build));
        HttpSecurity newHttpSecurity = getNewHttpSecurity(samlModuleWebSecurityConfigurer);
        setSharedObjects(newHttpSecurity, map);
        ModuleAuthenticationImpl createEmptyModuleAuthentication = createEmptyModuleAuthentication(build, authenticationSequenceModuleType, servletRequest);
        createEmptyModuleAuthentication.setFocusType(abstractAuthenticationModuleType.getFocusType());
        SecurityFilterChain securityFilterChain = (SecurityFilterChain) newHttpSecurity.build();
        Iterator it = securityFilterChain.getFilters().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Saml2WebSsoAuthenticationRequestFilter saml2WebSsoAuthenticationRequestFilter = (Filter) it.next();
            if (saml2WebSsoAuthenticationRequestFilter instanceof Saml2WebSsoAuthenticationRequestFilter) {
                saml2WebSsoAuthenticationRequestFilter.setRedirectMatcher(new AntPathRequestMatcher(samlModuleWebSecurityConfigurer.getPrefix() + "/authenticate/{registrationId}"));
                break;
            }
        }
        return AuthModuleImpl.build(securityFilterChain, build, createEmptyModuleAuthentication);
    }

    public ModuleAuthenticationImpl createEmptyModuleAuthentication(SamlModuleWebSecurityConfiguration samlModuleWebSecurityConfiguration, AuthenticationSequenceModuleType authenticationSequenceModuleType, ServletRequest servletRequest) {
        Saml2ModuleAuthenticationImpl saml2ModuleAuthenticationImpl = new Saml2ModuleAuthenticationImpl(authenticationSequenceModuleType);
        ArrayList arrayList = new ArrayList();
        samlModuleWebSecurityConfiguration.getRelyingPartyRegistrationRepository().forEach(relyingPartyRegistration -> {
            String str = servletRequest.getServletContext().getContextPath() + samlModuleWebSecurityConfiguration.getPrefixOfModule() + "/authenticate/{registrationId}";
            arrayList.add(new IdentityProvider().setLinkText(samlModuleWebSecurityConfiguration.getAdditionalConfiguration().get(relyingPartyRegistration.getRegistrationId()).getLinkText()).setRedirectLink(str.replace("{registrationId}", relyingPartyRegistration.getRegistrationId())));
        });
        saml2ModuleAuthenticationImpl.setProviders(arrayList);
        saml2ModuleAuthenticationImpl.setAdditionalConfiguration(samlModuleWebSecurityConfiguration.getAdditionalConfiguration());
        saml2ModuleAuthenticationImpl.setNameOfModule(samlModuleWebSecurityConfiguration.getNameOfModule());
        saml2ModuleAuthenticationImpl.setPrefix(samlModuleWebSecurityConfiguration.getPrefixOfModule());
        return saml2ModuleAuthenticationImpl;
    }
}
