package org.springframework.security.saml2.provider.service.web.authentication;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.saml2.core.Saml2Error;
import org.springframework.security.saml2.core.Saml2ErrorCodes;
import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
import org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository;
import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository;
import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy;
import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.1.jar:org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilter.class */
public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    public static final String DEFAULT_FILTER_PROCESSES_URI = "/login/saml2/sso/{registrationId}";
    private static final RequestMatcher DEFAULT_REQUEST_MATCHER = new OrRequestMatcher(PathPatternRequestMatcher.withDefaults().matcher(DEFAULT_FILTER_PROCESSES_URI), PathPatternRequestMatcher.withDefaults().matcher("/login/saml2/sso"));
    private final AuthenticationConverter authenticationConverter;
    private Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository;
    private boolean continueChainWhenNoRelyingPartyRegistrationFound;

    public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
        this(relyingPartyRegistrationRepository, DEFAULT_FILTER_PROCESSES_URI);
        setRequiresAuthenticationRequestMatcher(PathPatternRequestMatcher.withDefaults().matcher(DEFAULT_FILTER_PROCESSES_URI));
    }

    public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository, String str) {
        this(new Saml2AuthenticationTokenConverter(new DefaultRelyingPartyRegistrationResolver(relyingPartyRegistrationRepository)), str);
        Assert.isTrue(str.contains("{registrationId}"), "filterProcessesUrl must contain a {registrationId} match variable");
    }

    public Saml2WebSsoAuthenticationFilter(AuthenticationConverter authenticationConverter) {
        super(DEFAULT_REQUEST_MATCHER);
        this.authenticationRequestRepository = new HttpSessionSaml2AuthenticationRequestRepository();
        this.continueChainWhenNoRelyingPartyRegistrationFound = false;
        Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
        this.authenticationConverter = authenticationConverter;
        setAllowSessionCreation(true);
        setSessionAuthenticationStrategy(new ChangeSessionIdAuthenticationStrategy());
        setAuthenticationConverter(authenticationConverter);
    }

    public Saml2WebSsoAuthenticationFilter(AuthenticationConverter authenticationConverter, String str) {
        super(str);
        this.authenticationRequestRepository = new HttpSessionSaml2AuthenticationRequestRepository();
        this.continueChainWhenNoRelyingPartyRegistrationFound = false;
        Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
        Assert.hasText(str, "filterProcessesUrl must contain a URL pattern");
        this.authenticationConverter = authenticationConverter;
        setAllowSessionCreation(true);
        setSessionAuthenticationStrategy(new ChangeSessionIdAuthenticationStrategy());
        setAuthenticationConverter(authenticationConverter);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return super.requiresAuthentication(httpServletRequest, httpServletResponse);
    }

    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        Authentication convert = this.authenticationConverter.convert(httpServletRequest);
        if (convert == null) {
            if (this.continueChainWhenNoRelyingPartyRegistrationFound) {
                return null;
            }
            throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "No relying party registration found"));
        }
        setDetails(httpServletRequest, convert);
        this.authenticationRequestRepository.removeAuthenticationRequest(httpServletRequest, httpServletResponse);
        return getAuthenticationManager().authenticate(convert);
    }

    public void setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> saml2AuthenticationRequestRepository) {
        Assert.notNull(saml2AuthenticationRequestRepository, "authenticationRequestRepository cannot be null");
        this.authenticationRequestRepository = saml2AuthenticationRequestRepository;
        setAuthenticationRequestRepositoryIntoAuthenticationConverter(saml2AuthenticationRequestRepository);
    }

    private void setAuthenticationRequestRepositoryIntoAuthenticationConverter(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> saml2AuthenticationRequestRepository) {
        AuthenticationConverter authenticationConverter = this.authenticationConverter;
        if (authenticationConverter instanceof Saml2AuthenticationTokenConverter) {
            ((Saml2AuthenticationTokenConverter) authenticationConverter).setAuthenticationRequestRepository(saml2AuthenticationRequestRepository);
        }
    }

    private void setDetails(HttpServletRequest httpServletRequest, Authentication authentication) {
        if (authentication.getDetails() == null && (authentication instanceof AbstractAuthenticationToken)) {
            ((AbstractAuthenticationToken) authentication).setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
        }
    }

    public void setContinueChainWhenNoRelyingPartyRegistrationFound(boolean z) {
        this.continueChainWhenNoRelyingPartyRegistrationFound = z;
    }
}
