package org.springframework.security.saml2.provider.service.web;

import jakarta.servlet.http.HttpServletRequest;
import java.io.ByteArrayOutputStream;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.Objects;
import java.util.function.Function;
import java.util.zip.Inflater;
import java.util.zip.InflaterOutputStream;
import org.springframework.http.HttpMethod;
import org.springframework.security.saml2.core.Saml2Error;
import org.springframework.security.saml2.core.Saml2ErrorCodes;
import org.springframework.security.saml2.core.Saml2ParameterNames;
import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.3.6.jar:org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.class */
public final class Saml2AuthenticationTokenConverter implements AuthenticationConverter {
    private static final Base64.Decoder BASE64 = Base64.getMimeDecoder();
    private static final Base64Checker BASE_64_CHECKER = new Base64Checker();
    private final RelyingPartyRegistrationResolver relyingPartyRegistrationResolver;
    private Function<HttpServletRequest, AbstractSaml2AuthenticationRequest> loader;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.3.6.jar:org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter$Base64Checker.class */
    public static class Base64Checker {
        private static final int[] values = genValueMapping();

        Base64Checker() {
        }

        private static int[] genValueMapping() {
            byte[] bytes = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".getBytes(StandardCharsets.ISO_8859_1);
            int[] iArr = new int[256];
            Arrays.fill(iArr, -1);
            for (int i = 0; i < bytes.length; i++) {
                iArr[bytes[i] & 255] = i;
            }
            return iArr;
        }

        boolean isAcceptable(String str) {
            int i = 0;
            int i2 = -1;
            for (int i3 = 0; i3 < str.length(); i3++) {
                int i4 = values[255 & str.charAt(i3)];
                if (i4 != -1) {
                    i2 = i4;
                    i++;
                }
            }
            switch (i % 4) {
                case 0:
                    return true;
                case 1:
                default:
                    return false;
                case 2:
                    return (i2 & 15) == 0;
                case 3:
                    return (i2 & 3) == 0;
            }
        }

        void checkAcceptable(String str) {
            if (!isAcceptable(str)) {
                throw new IllegalArgumentException("Unaccepted Encoding");
            }
        }
    }

    public Saml2AuthenticationTokenConverter(RelyingPartyRegistrationResolver relyingPartyRegistrationResolver) {
        Assert.notNull(relyingPartyRegistrationResolver, "relyingPartyRegistrationResolver cannot be null");
        this.relyingPartyRegistrationResolver = relyingPartyRegistrationResolver;
        HttpSessionSaml2AuthenticationRequestRepository httpSessionSaml2AuthenticationRequestRepository = new HttpSessionSaml2AuthenticationRequestRepository();
        this.loader = httpSessionSaml2AuthenticationRequestRepository::loadAuthenticationRequest;
    }

    @Override // org.springframework.security.web.authentication.AuthenticationConverter
    public Saml2AuthenticationToken convert(HttpServletRequest httpServletRequest) {
        String parameter;
        AbstractSaml2AuthenticationRequest loadAuthenticationRequest = loadAuthenticationRequest(httpServletRequest);
        RelyingPartyRegistration resolve = this.relyingPartyRegistrationResolver.resolve(httpServletRequest, loadAuthenticationRequest != null ? loadAuthenticationRequest.getRelyingPartyRegistrationId() : null);
        if (resolve == null || (parameter = httpServletRequest.getParameter(Saml2ParameterNames.SAML_RESPONSE)) == null) {
            return null;
        }
        return new Saml2AuthenticationToken(resolve, inflateIfRequired(httpServletRequest, samlDecode(parameter)), loadAuthenticationRequest);
    }

    public void setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> saml2AuthenticationRequestRepository) {
        Assert.notNull(saml2AuthenticationRequestRepository, "authenticationRequestRepository cannot be null");
        Objects.requireNonNull(saml2AuthenticationRequestRepository);
        this.loader = saml2AuthenticationRequestRepository::loadAuthenticationRequest;
    }

    private AbstractSaml2AuthenticationRequest loadAuthenticationRequest(HttpServletRequest httpServletRequest) {
        return this.loader.apply(httpServletRequest);
    }

    private String inflateIfRequired(HttpServletRequest httpServletRequest, byte[] bArr) {
        return HttpMethod.GET.matches(httpServletRequest.getMethod()) ? samlInflate(bArr) : new String(bArr, StandardCharsets.UTF_8);
    }

    private byte[] samlDecode(String str) {
        try {
            BASE_64_CHECKER.checkAcceptable(str);
            return BASE64.decode(str);
        } catch (Exception e) {
            throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, "Failed to decode SAMLResponse"), e);
        }
    }

    private String samlInflate(byte[] bArr) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            InflaterOutputStream inflaterOutputStream = new InflaterOutputStream(byteArrayOutputStream, new Inflater(true));
            inflaterOutputStream.write(bArr);
            inflaterOutputStream.finish();
            return byteArrayOutputStream.toString(StandardCharsets.UTF_8.name());
        } catch (Exception e) {
            throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, "Unable to inflate string"), e);
        }
    }
}
