package org.springframework.security.saml2.provider.service.authentication;

import java.time.Duration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.xml.namespace.QName;
import org.opensaml.saml.common.assertion.AssertionValidationException;
import org.opensaml.saml.common.assertion.ValidationContext;
import org.opensaml.saml.common.assertion.ValidationResult;
import org.opensaml.saml.saml2.assertion.ConditionValidator;
import org.opensaml.saml.saml2.assertion.SAML20AssertionValidator;
import org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters;
import org.opensaml.saml.saml2.assertion.StatementValidator;
import org.opensaml.saml.saml2.assertion.SubjectConfirmationValidator;
import org.opensaml.saml.saml2.assertion.impl.AudienceRestrictionConditionValidator;
import org.opensaml.saml.saml2.assertion.impl.BearerSubjectConfirmationValidator;
import org.opensaml.saml.saml2.assertion.impl.DelegationRestrictionConditionValidator;
import org.opensaml.saml.saml2.assertion.impl.ProxyRestrictionConditionValidator;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Condition;
import org.opensaml.saml.saml2.core.OneTimeUse;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.core.SubjectConfirmationData;
import org.opensaml.xmlsec.signature.support.SignaturePrevalidator;
import org.opensaml.xmlsec.signature.support.SignatureTrustEngine;
import org.springframework.core.convert.converter.Converter;
import org.springframework.lang.NonNull;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.saml2.core.Saml2Error;
import org.springframework.security.saml2.core.Saml2ErrorCodes;
import org.springframework.security.saml2.core.Saml2ResponseValidatorResult;
import org.springframework.security.saml2.provider.service.authentication.BaseOpenSamlAuthenticationProvider;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.1.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.class */
public final class OpenSaml5AuthenticationProvider implements AuthenticationProvider {
    private final BaseOpenSamlAuthenticationProvider delegate = new BaseOpenSamlAuthenticationProvider(new OpenSaml5Template());

    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.1.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider$AssertionToken.class */
    public static class AssertionToken {
        private final Saml2AuthenticationToken token;
        private final Assertion assertion;

        AssertionToken(Assertion assertion, Saml2AuthenticationToken saml2AuthenticationToken) {
            this.token = saml2AuthenticationToken;
            this.assertion = assertion;
        }

        AssertionToken(BaseOpenSamlAuthenticationProvider.AssertionToken assertionToken) {
            this.token = assertionToken.getToken();
            this.assertion = assertionToken.getAssertion();
        }

        public Assertion getAssertion() {
            return this.assertion;
        }

        public Saml2AuthenticationToken getToken() {
            return this.token;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.1.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider$AssertionValidator.class */
    public static final class AssertionValidator implements Converter<AssertionToken, Saml2ResponseValidatorResult> {
        private final SAML20AssertionValidator assertionValidator;
        private Consumer<Map<String, Object>> paramsConsumer = map -> {
        };

        /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.1.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider$AssertionValidator$Builder.class */
        public static final class Builder {
            private final List<ConditionValidator> conditions = new ArrayList();
            private final List<SubjectConfirmationValidator> subjects = new ArrayList();
            private final Map<String, Object> validationParameters = new HashMap();

            private Builder() {
                this.conditions.add(new AudienceRestrictionConditionValidator());
                this.conditions.add(new DelegationRestrictionConditionValidator());
                this.conditions.add(new ValidConditionValidator(OneTimeUse.DEFAULT_ELEMENT_NAME));
                this.conditions.add(new ProxyRestrictionConditionValidator());
                this.subjects.add(new BearerSubjectConfirmationValidator());
                this.validationParameters.put(SAML2AssertionValidationParameters.CLOCK_SKEW, Duration.ofMinutes(5L));
            }

            public Builder clockSkew(Duration duration) {
                this.validationParameters.put(SAML2AssertionValidationParameters.CLOCK_SKEW, duration);
                return this;
            }

            public Builder validationContextParameters(Consumer<Map<String, Object>> consumer) {
                consumer.accept(this.validationParameters);
                return this;
            }

            public Builder conditionValidators(Consumer<List<ConditionValidator>> consumer) {
                consumer.accept(this.conditions);
                return this;
            }

            public Builder subjectValidators(Consumer<List<SubjectConfirmationValidator>> consumer) {
                consumer.accept(this.subjects);
                return this;
            }

            public AssertionValidator build() {
                AssertionValidator assertionValidator = new AssertionValidator(new ValidSignatureAssertionValidator(this.conditions, this.subjects, List.of(), null, null, null));
                assertionValidator.setValidationContextParameters(map -> {
                    map.putAll(this.validationParameters);
                });
                return assertionValidator;
            }
        }

        /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.1.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider$AssertionValidator$ValidConditionValidator.class */
        private static final class ValidConditionValidator implements ConditionValidator {
            private final QName name;

            private ValidConditionValidator(QName qName) {
                this.name = qName;
            }

            @Override // org.opensaml.saml.saml2.assertion.ConditionValidator
            @Nonnull
            public QName getServicedCondition() {
                return this.name;
            }

            @Override // org.opensaml.saml.saml2.assertion.ConditionValidator
            @Nonnull
            public ValidationResult validate(@Nonnull Condition condition, @Nonnull Assertion assertion, @Nonnull ValidationContext validationContext) {
                return ValidationResult.VALID;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.1.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider$AssertionValidator$ValidSignatureAssertionValidator.class */
        public static final class ValidSignatureAssertionValidator extends SAML20AssertionValidator {
            private ValidSignatureAssertionValidator(@Nullable Collection<ConditionValidator> collection, @Nullable Collection<SubjectConfirmationValidator> collection2, @Nullable Collection<StatementValidator> collection3, @Nullable org.opensaml.saml.saml2.assertion.AssertionValidator assertionValidator, @Nullable SignatureTrustEngine signatureTrustEngine, @Nullable SignaturePrevalidator signaturePrevalidator) {
                super(collection, collection2, collection3, assertionValidator, signatureTrustEngine, signaturePrevalidator);
            }

            @Override // org.opensaml.saml.saml2.assertion.SAML20AssertionValidator
            @Nonnull
            protected ValidationResult validateSignature(@Nonnull Assertion assertion, @Nonnull ValidationContext validationContext) throws AssertionValidationException {
                return ValidationResult.VALID;
            }
        }

        public AssertionValidator(SAML20AssertionValidator sAML20AssertionValidator) {
            this.assertionValidator = sAML20AssertionValidator;
        }

        @Override // org.springframework.core.convert.converter.Converter
        public Saml2ResponseValidatorResult convert(AssertionToken assertionToken) {
            Assertion assertion = assertionToken.getAssertion();
            ValidationContext createValidationContext = createValidationContext(assertionToken);
            try {
                return this.assertionValidator.validate(assertion, createValidationContext) == ValidationResult.VALID ? Saml2ResponseValidatorResult.success() : Saml2ResponseValidatorResult.failure(new Saml2Error(Saml2ErrorCodes.INVALID_ASSERTION, String.format("Invalid assertion [%s] for SAML response [%s]: %s", assertion.getID(), ((Response) assertion.getParent()).getID(), createValidationContext.getValidationFailureMessages())));
            } catch (Exception e) {
                return Saml2ResponseValidatorResult.failure(new Saml2Error(Saml2ErrorCodes.INVALID_ASSERTION, String.format("Invalid assertion [%s] for SAML response [%s]: %s", assertion.getID(), ((Response) assertion.getParent()).getID(), e.getMessage())));
            }
        }

        public Saml2ResponseValidatorResult validate(AssertionToken assertionToken) {
            return convert(assertionToken);
        }

        public void setValidationContextParameters(Consumer<Map<String, Object>> consumer) {
            this.paramsConsumer = consumer;
        }

        private ValidationContext createValidationContext(AssertionToken assertionToken) {
            Saml2AuthenticationToken token = assertionToken.getToken();
            RelyingPartyRegistration relyingPartyRegistration = token.getRelyingPartyRegistration();
            String entityId = relyingPartyRegistration.getEntityId();
            String assertionConsumerServiceLocation = relyingPartyRegistration.getAssertionConsumerServiceLocation();
            String entityId2 = relyingPartyRegistration.getAssertingPartyMetadata().getEntityId();
            HashMap hashMap = new HashMap();
            if (assertionContainsInResponseTo(assertionToken.getAssertion())) {
                hashMap.put(SAML2AssertionValidationParameters.SC_VALID_IN_RESPONSE_TO, getAuthnRequestId(token.getAuthenticationRequest()));
            }
            hashMap.put(SAML2AssertionValidationParameters.COND_VALID_AUDIENCES, Collections.singleton(entityId));
            hashMap.put(SAML2AssertionValidationParameters.SC_VALID_RECIPIENTS, Collections.singleton(assertionConsumerServiceLocation));
            hashMap.put(SAML2AssertionValidationParameters.VALID_ISSUERS, Collections.singleton(entityId2));
            hashMap.put(SAML2AssertionValidationParameters.SC_CHECK_ADDRESS, false);
            this.paramsConsumer.accept(hashMap);
            return new ValidationContext(hashMap);
        }

        private static boolean assertionContainsInResponseTo(Assertion assertion) {
            if (assertion.getSubject() == null) {
                return false;
            }
            Iterator<SubjectConfirmation> it = assertion.getSubject().getSubjectConfirmations().iterator();
            while (it.hasNext()) {
                SubjectConfirmationData subjectConfirmationData = it.next().getSubjectConfirmationData();
                if (subjectConfirmationData != null && StringUtils.hasText(subjectConfirmationData.getInResponseTo())) {
                    return true;
                }
            }
            return false;
        }

        private static String getAuthnRequestId(AbstractSaml2AuthenticationRequest abstractSaml2AuthenticationRequest) {
            if (abstractSaml2AuthenticationRequest != null) {
                return abstractSaml2AuthenticationRequest.getId();
            }
            return null;
        }

        public static AssertionValidator withDefaults() {
            return new Builder().build();
        }

        public static Builder builder() {
            return new Builder();
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.1.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider$DestinationValidator.class */
    public static final class DestinationValidator implements Converter<ResponseToken, Saml2ResponseValidatorResult> {
        @Override // org.springframework.core.convert.converter.Converter
        @NonNull
        public Saml2ResponseValidatorResult convert(ResponseToken responseToken) {
            Response response = responseToken.getResponse();
            Saml2AuthenticationToken token = responseToken.getToken();
            String destination = response.getDestination();
            return (!StringUtils.hasText(destination) || destination.equals(token.getRelyingPartyRegistration().getAssertionConsumerServiceLocation())) ? Saml2ResponseValidatorResult.success() : Saml2ResponseValidatorResult.failure(new Saml2Error(Saml2ErrorCodes.INVALID_DESTINATION, "Invalid destination [" + destination + "] for SAML response [" + response.getID() + "]"));
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.1.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider$InResponseToValidator.class */
    public static final class InResponseToValidator implements Converter<ResponseToken, Saml2ResponseValidatorResult> {
        @Override // org.springframework.core.convert.converter.Converter
        @NonNull
        public Saml2ResponseValidatorResult convert(ResponseToken responseToken) {
            return BaseOpenSamlAuthenticationProvider.validateInResponseTo(responseToken.getToken().getAuthenticationRequest(), responseToken.getResponse().getInResponseTo());
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.1.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider$IssuerValidator.class */
    public static final class IssuerValidator implements Converter<ResponseToken, Saml2ResponseValidatorResult> {
        @Override // org.springframework.core.convert.converter.Converter
        @NonNull
        public Saml2ResponseValidatorResult convert(ResponseToken responseToken) {
            Response response = responseToken.getResponse();
            Saml2AuthenticationToken token = responseToken.getToken();
            String value = response.getIssuer().getValue();
            return (StringUtils.hasText(value) && value.equals(token.getRelyingPartyRegistration().getAssertingPartyMetadata().getEntityId())) ? Saml2ResponseValidatorResult.success() : Saml2ResponseValidatorResult.failure(new Saml2Error(Saml2ErrorCodes.INVALID_ISSUER, String.format("Invalid issuer [%s] for SAML response [%s]", value, response.getID())));
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.1.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider$ResponseAuthenticationConverter.class */
    public static final class ResponseAuthenticationConverter implements Converter<ResponseToken, Saml2Authentication> {
        private Converter<Assertion, String> principalNameConverter = ResponseAuthenticationConverter::authenticatedPrincipal;
        private Converter<Assertion, Collection<GrantedAuthority>> grantedAuthoritiesConverter = ResponseAuthenticationConverter::grantedAuthorities;

        @Override // org.springframework.core.convert.converter.Converter
        public Saml2Authentication convert(ResponseToken responseToken) {
            Response response = responseToken.response;
            Saml2AuthenticationToken saml2AuthenticationToken = responseToken.token;
            Assertion assertion = (Assertion) CollectionUtils.firstElement(response.getAssertions());
            DefaultSaml2AuthenticatedPrincipal defaultSaml2AuthenticatedPrincipal = new DefaultSaml2AuthenticatedPrincipal(this.principalNameConverter.convert(assertion), BaseOpenSamlAuthenticationProvider.getAssertionAttributes(assertion), BaseOpenSamlAuthenticationProvider.getSessionIndexes(assertion));
            defaultSaml2AuthenticatedPrincipal.setRelyingPartyRegistrationId(responseToken.token.getRelyingPartyRegistration().getRegistrationId());
            return new Saml2Authentication(defaultSaml2AuthenticatedPrincipal, saml2AuthenticationToken.getSaml2Response(), this.grantedAuthoritiesConverter.convert(assertion));
        }

        public void setPrincipalNameConverter(Converter<Assertion, String> converter) {
            Assert.notNull(converter, "principalNameConverter cannot be null");
            this.principalNameConverter = converter;
        }

        public void setGrantedAuthoritiesConverter(Converter<Assertion, Collection<GrantedAuthority>> converter) {
            Assert.notNull(converter, "grantedAuthoritiesConverter cannot be null");
            this.grantedAuthoritiesConverter = converter;
        }

        private static String authenticatedPrincipal(Assertion assertion) {
            if (BaseOpenSamlAuthenticationProvider.hasName(assertion)) {
                return assertion.getSubject().getNameID().getValue();
            }
            throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.SUBJECT_NOT_FOUND, "Assertion [" + assertion.getID() + "] is missing a subject"));
        }

        private static Collection<GrantedAuthority> grantedAuthorities(Assertion assertion) {
            return AuthorityUtils.createAuthorityList("ROLE_USER");
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.1.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider$ResponseToken.class */
    public static class ResponseToken {
        private final Saml2AuthenticationToken token;
        private final Response response;

        ResponseToken(Response response, Saml2AuthenticationToken saml2AuthenticationToken) {
            this.token = saml2AuthenticationToken;
            this.response = response;
        }

        ResponseToken(BaseOpenSamlAuthenticationProvider.ResponseToken responseToken) {
            this.token = responseToken.getToken();
            this.response = responseToken.getResponse();
        }

        public Response getResponse() {
            return this.response;
        }

        public Saml2AuthenticationToken getToken() {
            return this.token;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.1.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider$ResponseValidator.class */
    public static final class ResponseValidator implements Converter<ResponseToken, Saml2ResponseValidatorResult> {
        private static final List<Converter<ResponseToken, Saml2ResponseValidatorResult>> DEFAULTS = List.of(new InResponseToValidator(), new DestinationValidator(), new IssuerValidator());
        private final List<Converter<ResponseToken, Saml2ResponseValidatorResult>> validators;

        @SafeVarargs
        public ResponseValidator(Converter<ResponseToken, Saml2ResponseValidatorResult>... converterArr) {
            this.validators = List.of((Object[]) converterArr);
            Assert.notEmpty(this.validators, "validators cannot be empty");
        }

        public static ResponseValidator withDefaults() {
            return new ResponseValidator(new InResponseToValidator(), new DestinationValidator(), new IssuerValidator());
        }

        @SafeVarargs
        public static ResponseValidator withDefaults(Converter<ResponseToken, Saml2ResponseValidatorResult>... converterArr) {
            ArrayList arrayList = new ArrayList(DEFAULTS);
            arrayList.addAll(List.of((Object[]) converterArr));
            return new ResponseValidator((Converter[]) arrayList.toArray(i -> {
                return new Converter[i];
            }));
        }

        @Override // org.springframework.core.convert.converter.Converter
        public Saml2ResponseValidatorResult convert(ResponseToken responseToken) {
            Response response = responseToken.getResponse();
            ArrayList arrayList = new ArrayList();
            List<String> statusCodes = BaseOpenSamlAuthenticationProvider.getStatusCodes(response);
            if (!BaseOpenSamlAuthenticationProvider.isSuccess(statusCodes)) {
                Iterator<String> it = statusCodes.iterator();
                while (it.hasNext()) {
                    arrayList.add(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, String.format("Invalid status [%s] for SAML response [%s]", it.next(), response.getID())));
                }
            }
            Iterator<Converter<ResponseToken, Saml2ResponseValidatorResult>> it2 = this.validators.iterator();
            while (it2.hasNext()) {
                arrayList.addAll(it2.next().convert(responseToken).getErrors());
            }
            if (response.getAssertions().isEmpty()) {
                arrayList.add(new Saml2Error(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, "No assertions found in response."));
            }
            return Saml2ResponseValidatorResult.failure(arrayList);
        }
    }

    public OpenSaml5AuthenticationProvider() {
        setResponseValidator(ResponseValidator.withDefaults());
        setAssertionValidator(AssertionValidator.withDefaults());
        setResponseAuthenticationConverter(new ResponseAuthenticationConverter());
    }

    public void setResponseElementsDecrypter(Consumer<ResponseToken> consumer) {
        Assert.notNull(consumer, "responseElementsDecrypter cannot be null");
        this.delegate.setResponseElementsDecrypter(responseToken -> {
            consumer.accept(new ResponseToken(responseToken));
        });
    }

    public void setResponseValidator(Converter<ResponseToken, Saml2ResponseValidatorResult> converter) {
        Assert.notNull(converter, "responseValidator cannot be null");
        this.delegate.setResponseValidator(responseToken -> {
            return (Saml2ResponseValidatorResult) converter.convert(new ResponseToken(responseToken));
        });
    }

    public void setAssertionValidator(Converter<AssertionToken, Saml2ResponseValidatorResult> converter) {
        Assert.notNull(converter, "assertionValidator cannot be null");
        this.delegate.setAssertionValidator(assertionToken -> {
            return (Saml2ResponseValidatorResult) converter.convert(new AssertionToken(assertionToken));
        });
    }

    public void setAssertionElementsDecrypter(Consumer<AssertionToken> consumer) {
        Assert.notNull(consumer, "assertionDecrypter cannot be null");
        this.delegate.setAssertionElementsDecrypter(assertionToken -> {
            consumer.accept(new AssertionToken(assertionToken));
        });
    }

    public void setResponseAuthenticationConverter(Converter<ResponseToken, ? extends AbstractAuthenticationToken> converter) {
        Assert.notNull(converter, "responseAuthenticationConverter cannot be null");
        this.delegate.setResponseAuthenticationConverter(responseToken -> {
            return (AbstractAuthenticationToken) converter.convert(new ResponseToken(responseToken));
        });
    }

    public void setValidateResponseAfterAssertions(boolean z) {
        this.delegate.setValidateResponseAfterAssertions(z);
    }

    @Deprecated
    public static Converter<ResponseToken, Saml2ResponseValidatorResult> createDefaultResponseValidator() {
        return ResponseValidator.withDefaults();
    }

    @Deprecated
    public static Converter<AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionValidator() {
        return AssertionValidator.withDefaults();
    }

    @Deprecated
    public static Converter<AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionValidator(Converter<AssertionToken, ValidationContext> converter) {
        return assertionToken -> {
            Assertion assertion = assertionToken.getAssertion();
            SAML20AssertionValidator sAML20AssertionValidator = BaseOpenSamlAuthenticationProvider.SAML20AssertionValidators.attributeValidator;
            ValidationContext validationContext = (ValidationContext) converter.convert(assertionToken);
            try {
                return sAML20AssertionValidator.validate(assertion, validationContext) == ValidationResult.VALID ? Saml2ResponseValidatorResult.success() : Saml2ResponseValidatorResult.failure(new Saml2Error(Saml2ErrorCodes.INVALID_ASSERTION, String.format("Invalid assertion [%s] for SAML response [%s]: %s", assertion.getID(), ((Response) assertion.getParent()).getID(), validationContext.getValidationFailureMessages())));
            } catch (Exception e) {
                return Saml2ResponseValidatorResult.failure(new Saml2Error(Saml2ErrorCodes.INVALID_ASSERTION, String.format("Invalid assertion [%s] for SAML response [%s]: %s", assertion.getID(), ((Response) assertion.getParent()).getID(), e.getMessage())));
            }
        };
    }

    @Deprecated
    public static Converter<AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionValidatorWithParameters(Consumer<Map<String, Object>> consumer) {
        return AssertionValidator.builder().validationContextParameters(consumer).build();
    }

    @Deprecated
    public static Converter<ResponseToken, Saml2Authentication> createDefaultResponseAuthenticationConverter() {
        return new ResponseAuthenticationConverter();
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        return this.delegate.authenticate(authentication);
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return cls != null && Saml2AuthenticationToken.class.isAssignableFrom(cls);
    }
}
