package org.springframework.security.extensions.saml2.config;

import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Timer;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.httpclient.HttpClient;
import org.opensaml.Configuration;
import org.opensaml.PaosBootstrap;
import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.parse.ParserPool;
import org.opensaml.xml.parse.StaticBasicParserPool;
import org.opensaml.xml.parse.XMLParserException;
import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.springframework.core.io.DefaultResourceLoader;
import org.springframework.core.io.Resource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.saml.SAMLAuthenticationProvider;
import org.springframework.security.saml.SAMLDiscovery;
import org.springframework.security.saml.SAMLEntryPoint;
import org.springframework.security.saml.SAMLProcessingFilter;
import org.springframework.security.saml.context.SAMLContextProvider;
import org.springframework.security.saml.context.SAMLContextProviderLB;
import org.springframework.security.saml.key.JKSKeyManager;
import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.log.SAMLDefaultLogger;
import org.springframework.security.saml.metadata.CachingMetadataManager;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.security.saml.metadata.MetadataDisplayFilter;
import org.springframework.security.saml.metadata.MetadataGenerator;
import org.springframework.security.saml.metadata.MetadataGeneratorFilter;
import org.springframework.security.saml.processor.HTTPPostBinding;
import org.springframework.security.saml.processor.HTTPRedirectDeflateBinding;
import org.springframework.security.saml.processor.SAMLProcessor;
import org.springframework.security.saml.processor.SAMLProcessorImpl;
import org.springframework.security.saml.trust.MetadataCredentialResolver;
import org.springframework.security.saml.trust.PKIXInformationResolver;
import org.springframework.security.saml.userdetails.SAMLUserDetailsService;
import org.springframework.security.saml.util.VelocityFactory;
import org.springframework.security.saml.websso.WebSSOProfile;
import org.springframework.security.saml.websso.WebSSOProfileConsumerImpl;
import org.springframework.security.saml.websso.WebSSOProfileImpl;
import org.springframework.security.saml.websso.WebSSOProfileOptions;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.AndRequestMatcher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:org/springframework/security/extensions/saml2/config/SAMLConfigurer.class */
public class SAMLConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
    private SAMLAuthenticationProvider samlAuthenticationProvider;
    private MetadataProvider metadataProvider;
    private ExtendedMetadataDelegate extendedMetadataDelegate;
    private CachingMetadataManager cachingMetadataManager;
    private WebSSOProfile webSSOProfile;
    private SAMLUserDetailsService samlUserDetailsService;
    private IdentityProvider identityProvider = new IdentityProvider();
    private ServiceProvider serviceProvider = new ServiceProvider();
    private WebSSOProfileOptions webSSOProfileOptions = webSSOProfileOptions();
    private StaticBasicParserPool parserPool = staticBasicParserPool();
    private SAMLProcessor samlProcessor = samlProcessor();
    private SAMLDefaultLogger samlLogger = new SAMLDefaultLogger();
    private ObjectPostProcessor<Object> objectPostProcessor = new ObjectPostProcessor<Object>() { // from class: org.springframework.security.extensions.saml2.config.SAMLConfigurer.1
        public <T> T postProcess(T t) {
            return t;
        }
    };

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/springframework/security/extensions/saml2/config/SAMLConfigurer$DefaultRequiresCsrfMatcher.class */
    public static final class DefaultRequiresCsrfMatcher implements RequestMatcher {
        private Pattern allowedMethods;

        private DefaultRequiresCsrfMatcher() {
            this.allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
        }

        public boolean matches(HttpServletRequest httpServletRequest) {
            return !this.allowedMethods.matcher(httpServletRequest.getMethod()).matches();
        }
    }

    /* loaded from: input_file:org/springframework/security/extensions/saml2/config/SAMLConfigurer$IdentityProvider.class */
    public class IdentityProvider {
        private String metadataFilePath;
        private boolean discoveryEnabled = true;

        public IdentityProvider() {
        }

        public IdentityProvider metadataFilePath(String str) {
            this.metadataFilePath = str;
            return this;
        }

        public IdentityProvider discoveryEnabled(boolean z) {
            this.discoveryEnabled = z;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public MetadataProvider metadataProvider() {
            return this.metadataFilePath.startsWith("http") ? httpMetadataProvider() : fileSystemMetadataProvider();
        }

        private HTTPMetadataProvider httpMetadataProvider() {
            try {
                HTTPMetadataProvider hTTPMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), this.metadataFilePath);
                hTTPMetadataProvider.setParserPool(SAMLConfigurer.this.parserPool);
                return hTTPMetadataProvider;
            } catch (MetadataProviderException e) {
                e.printStackTrace();
                return null;
            }
        }

        private FilesystemMetadataProvider fileSystemMetadataProvider() {
            File file = null;
            try {
                file = new DefaultResourceLoader().getResource(this.metadataFilePath).getFile();
            } catch (IOException e) {
                e.printStackTrace();
            }
            FilesystemMetadataProvider filesystemMetadataProvider = null;
            try {
                filesystemMetadataProvider = new FilesystemMetadataProvider(file);
            } catch (MetadataProviderException e2) {
                e2.printStackTrace();
            }
            filesystemMetadataProvider.setParserPool(SAMLConfigurer.this.parserPool);
            return filesystemMetadataProvider;
        }

        public SAMLConfigurer and() {
            return SAMLConfigurer.this;
        }
    }

    /* loaded from: input_file:org/springframework/security/extensions/saml2/config/SAMLConfigurer$ServiceProvider.class */
    public class ServiceProvider {
        private KeyStore keyStore = new KeyStore();
        private KeyManager keyManager;
        private String protocol;
        private String hostName;
        private String basePath;
        private String entityId;

        /* loaded from: input_file:org/springframework/security/extensions/saml2/config/SAMLConfigurer$ServiceProvider$KeyStore.class */
        public class KeyStore {
            private String storeFilePath;
            private String password;
            private String keyname;
            private String keyPassword;

            public KeyStore() {
            }

            public KeyStore storeFilePath(String str) {
                this.storeFilePath = str;
                return this;
            }

            public KeyStore password(String str) {
                this.password = str;
                return this;
            }

            public KeyStore keyname(String str) {
                this.keyname = str;
                return this;
            }

            public KeyStore keyPassword(String str) {
                this.keyPassword = str;
                return this;
            }

            public ServiceProvider and() {
                return ServiceProvider.this;
            }

            public String getStoreFilePath() {
                return this.storeFilePath;
            }

            public String getPassword() {
                return this.password;
            }

            public String getKeyname() {
                return this.keyname;
            }

            public String getKeyPassword() {
                return this.keyPassword;
            }

            public String toString() {
                return "KeyStore{storeFilePath='" + this.storeFilePath + "', password='" + this.password + "', keyname='" + this.keyname + "', keyPassword='" + this.keyPassword + "'}";
            }

            public boolean equals(Object obj) {
                if (this == obj) {
                    return true;
                }
                if (obj == null || getClass() != obj.getClass()) {
                    return false;
                }
                KeyStore keyStore = (KeyStore) obj;
                if (this.storeFilePath != null) {
                    if (!this.storeFilePath.equals(keyStore.storeFilePath)) {
                        return false;
                    }
                } else if (keyStore.storeFilePath != null) {
                    return false;
                }
                if (this.password != null) {
                    if (!this.password.equals(keyStore.password)) {
                        return false;
                    }
                } else if (keyStore.password != null) {
                    return false;
                }
                if (this.keyname != null) {
                    if (!this.keyname.equals(keyStore.keyname)) {
                        return false;
                    }
                } else if (keyStore.keyname != null) {
                    return false;
                }
                return this.keyPassword != null ? this.keyPassword.equals(keyStore.keyPassword) : keyStore.keyPassword == null;
            }

            public int hashCode() {
                return (31 * ((31 * ((31 * (this.storeFilePath != null ? this.storeFilePath.hashCode() : 0)) + (this.password != null ? this.password.hashCode() : 0))) + (this.keyname != null ? this.keyname.hashCode() : 0))) + (this.keyPassword != null ? this.keyPassword.hashCode() : 0);
            }
        }

        public ServiceProvider() {
        }

        public ServiceProvider protocol(String str) {
            this.protocol = str;
            return this;
        }

        public ServiceProvider hostname(String str) {
            this.hostName = str;
            return this;
        }

        public ServiceProvider basePath(String str) {
            this.basePath = str;
            return this;
        }

        public ServiceProvider entityId(String str) {
            this.entityId = str;
            return this;
        }

        public KeyStore keyStore() {
            return this.keyStore;
        }

        public SAMLConfigurer and() {
            return SAMLConfigurer.this;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public KeyManager keyManager() {
            Resource resource = new DefaultResourceLoader().getResource(this.keyStore.getStoreFilePath());
            HashMap hashMap = new HashMap();
            hashMap.put(this.keyStore.getKeyname(), this.keyStore.getKeyPassword());
            return new JKSKeyManager(resource, this.keyStore.getPassword(), hashMap, this.keyStore.getKeyname());
        }
    }

    private SAMLConfigurer() {
    }

    public void init(HttpSecurity httpSecurity) {
        this.metadataProvider = this.identityProvider.metadataProvider();
        ExtendedMetadata extendedMetadata = extendedMetadata(this.identityProvider.discoveryEnabled);
        this.extendedMetadataDelegate = extendedMetadataDelegate(extendedMetadata);
        this.serviceProvider.keyManager = this.serviceProvider.keyManager();
        this.cachingMetadataManager = cachingMetadataManager();
        this.webSSOProfile = new WebSSOProfileImpl(this.samlProcessor, this.cachingMetadataManager);
        this.samlAuthenticationProvider = samlAuthenticationProvider();
        bootstrap();
        SAMLContextProvider contextProvider = contextProvider();
        SAMLEntryPoint samlEntryPoint = samlEntryPoint(contextProvider);
        try {
            httpSecurity.httpBasic().authenticationEntryPoint(samlEntryPoint);
            CsrfConfigurer configurer = httpSecurity.getConfigurer(CsrfConfigurer.class);
            if (configurer != null) {
                configurer.requireCsrfProtectionMatcher(new AndRequestMatcher(new RequestMatcher[]{new DefaultRequiresCsrfMatcher(), new NegatedRequestMatcher(new AntPathRequestMatcher("/saml/SSO"))}));
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        httpSecurity.addFilterBefore(metadataGeneratorFilter(samlEntryPoint, extendedMetadata), ChannelProcessingFilter.class).addFilterAfter(samlFilter(samlEntryPoint, contextProvider), BasicAuthenticationFilter.class).authenticationProvider(this.samlAuthenticationProvider);
    }

    public static SAMLConfigurer saml() {
        return new SAMLConfigurer();
    }

    public SAMLConfigurer userDetailsService(SAMLUserDetailsService sAMLUserDetailsService) {
        this.samlUserDetailsService = sAMLUserDetailsService;
        return this;
    }

    public IdentityProvider identityProvider() {
        return this.identityProvider;
    }

    public ServiceProvider serviceProvider() {
        return this.serviceProvider;
    }

    private String entityBaseURL() {
        return this.serviceProvider.protocol + "://" + (this.serviceProvider.hostName + "/" + this.serviceProvider.basePath).replaceAll("//", "/").replaceAll("/$", "");
    }

    private SAMLEntryPoint samlEntryPoint(SAMLContextProvider sAMLContextProvider) {
        SAMLDslEntryPoint sAMLDslEntryPoint = new SAMLDslEntryPoint();
        sAMLDslEntryPoint.setDefaultProfileOptions(this.webSSOProfileOptions);
        sAMLDslEntryPoint.setWebSSOprofile(this.webSSOProfile);
        sAMLDslEntryPoint.setContextProvider(sAMLContextProvider);
        sAMLDslEntryPoint.setMetadata(this.cachingMetadataManager);
        sAMLDslEntryPoint.setSamlLogger(this.samlLogger);
        return sAMLDslEntryPoint;
    }

    private SAMLProcessor samlProcessor() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(httpRedirectDeflateBinding(this.parserPool));
        arrayList.add(httpPostBinding(this.parserPool));
        return new SAMLProcessorImpl(arrayList);
    }

    private CachingMetadataManager cachingMetadataManager() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.extendedMetadataDelegate);
        CachingMetadataManager cachingMetadataManager = null;
        try {
            cachingMetadataManager = new CachingMetadataManager(arrayList);
        } catch (MetadataProviderException e) {
            e.printStackTrace();
        }
        cachingMetadataManager.setKeyManager(this.serviceProvider.keyManager);
        return cachingMetadataManager;
    }

    private StaticBasicParserPool staticBasicParserPool() {
        StaticBasicParserPool staticBasicParserPool = new StaticBasicParserPool();
        try {
            staticBasicParserPool.initialize();
        } catch (XMLParserException e) {
            e.printStackTrace();
        }
        return staticBasicParserPool;
    }

    private ExtendedMetadataDelegate extendedMetadataDelegate(ExtendedMetadata extendedMetadata) {
        ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(this.metadataProvider, extendedMetadata);
        extendedMetadataDelegate.setMetadataTrustCheck(false);
        extendedMetadataDelegate.setMetadataRequireSignature(false);
        return extendedMetadataDelegate;
    }

    private ExtendedMetadata extendedMetadata(boolean z) {
        ExtendedMetadata extendedMetadata = new ExtendedMetadata();
        extendedMetadata.setIdpDiscoveryEnabled(z);
        extendedMetadata.setSignMetadata(true);
        return extendedMetadata;
    }

    private WebSSOProfileOptions webSSOProfileOptions() {
        WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions();
        webSSOProfileOptions.setIncludeScoping(false);
        return webSSOProfileOptions;
    }

    private void bootstrap() {
        try {
            PaosBootstrap.bootstrap();
        } catch (ConfigurationException e) {
            e.printStackTrace();
        }
        NamedKeyInfoGeneratorManager keyInfoGeneratorManager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager();
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
        x509KeyInfoGeneratorFactory.setEmitEntityCertificateChain(true);
        keyInfoGeneratorManager.registerFactory("MetadataKeyInfoGenerator", x509KeyInfoGeneratorFactory);
    }

    private HTTPPostBinding httpPostBinding(ParserPool parserPool) {
        return new HTTPPostBinding(parserPool, VelocityFactory.getEngine());
    }

    private HTTPRedirectDeflateBinding httpRedirectDeflateBinding(ParserPool parserPool) {
        return new HTTPRedirectDeflateBinding(parserPool);
    }

    private SAMLProcessingFilter samlWebSSOProcessingFilter(SAMLAuthenticationProvider sAMLAuthenticationProvider, SAMLContextProvider sAMLContextProvider, SAMLProcessor sAMLProcessor) throws Exception {
        SAMLProcessingFilter sAMLProcessingFilter = new SAMLProcessingFilter();
        AuthenticationManagerBuilder authenticationManagerBuilder = new AuthenticationManagerBuilder(this.objectPostProcessor);
        authenticationManagerBuilder.authenticationProvider(sAMLAuthenticationProvider);
        sAMLProcessingFilter.setAuthenticationManager((AuthenticationManager) authenticationManagerBuilder.build());
        sAMLProcessingFilter.setContextProvider(sAMLContextProvider);
        sAMLProcessingFilter.setSAMLProcessor(sAMLProcessor);
        return sAMLProcessingFilter;
    }

    private MetadataGeneratorFilter metadataGeneratorFilter(SAMLEntryPoint sAMLEntryPoint, ExtendedMetadata extendedMetadata) {
        MetadataGeneratorFilter metadataGeneratorFilter = new MetadataGeneratorFilter(getMetadataGenerator(sAMLEntryPoint, extendedMetadata));
        metadataGeneratorFilter.setManager(this.cachingMetadataManager);
        return metadataGeneratorFilter;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private FilterChainProxy samlFilter(SAMLEntryPoint sAMLEntryPoint, SAMLContextProvider sAMLContextProvider) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), new Filter[]{sAMLEntryPoint}));
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"), new Filter[]{new MetadataDisplayFilter()}));
        try {
            arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"), new Filter[]{samlWebSSOProcessingFilter(this.samlAuthenticationProvider, sAMLContextProvider, this.samlProcessor)}));
        } catch (Exception e) {
            e.printStackTrace();
        }
        Filter sAMLDiscovery = new SAMLDiscovery();
        sAMLDiscovery.setMetadata(this.cachingMetadataManager);
        sAMLDiscovery.setContextProvider(sAMLContextProvider);
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"), new Filter[]{sAMLDiscovery}));
        return new FilterChainProxy(arrayList);
    }

    private SAMLAuthenticationProvider samlAuthenticationProvider() {
        SAMLAuthenticationProvider sAMLAuthenticationProvider = new SAMLAuthenticationProvider();
        sAMLAuthenticationProvider.setForcePrincipalAsString(false);
        sAMLAuthenticationProvider.setSamlLogger(this.samlLogger);
        sAMLAuthenticationProvider.setConsumer(new WebSSOProfileConsumerImpl());
        sAMLAuthenticationProvider.setUserDetails(this.samlUserDetailsService);
        return sAMLAuthenticationProvider;
    }

    private SAMLContextProvider contextProvider() {
        SAMLContextProviderLB sAMLContextProviderLB = new SAMLContextProviderLB();
        sAMLContextProviderLB.setMetadata(this.cachingMetadataManager);
        sAMLContextProviderLB.setScheme(this.serviceProvider.protocol);
        sAMLContextProviderLB.setServerName(this.serviceProvider.hostName);
        sAMLContextProviderLB.setContextPath(this.serviceProvider.basePath);
        sAMLContextProviderLB.setKeyManager(this.serviceProvider.keyManager);
        MetadataCredentialResolver metadataCredentialResolver = new MetadataCredentialResolver(this.cachingMetadataManager, this.serviceProvider.keyManager);
        CertPathPKIXTrustEvaluator certPathPKIXTrustEvaluator = new CertPathPKIXTrustEvaluator();
        sAMLContextProviderLB.setPkixResolver(new PKIXInformationResolver(metadataCredentialResolver, this.cachingMetadataManager, this.serviceProvider.keyManager));
        sAMLContextProviderLB.setPkixTrustEvaluator(certPathPKIXTrustEvaluator);
        sAMLContextProviderLB.setMetadataResolver(metadataCredentialResolver);
        return sAMLContextProviderLB;
    }

    private MetadataGenerator getMetadataGenerator(SAMLEntryPoint sAMLEntryPoint, ExtendedMetadata extendedMetadata) {
        MetadataGenerator metadataGenerator = new MetadataGenerator();
        metadataGenerator.setSamlEntryPoint(sAMLEntryPoint);
        metadataGenerator.setEntityBaseURL(entityBaseURL());
        metadataGenerator.setKeyManager(this.serviceProvider.keyManager);
        metadataGenerator.setEntityId(this.serviceProvider.entityId);
        metadataGenerator.setIncludeDiscoveryExtension(false);
        metadataGenerator.setExtendedMetadata(extendedMetadata);
        return metadataGenerator;
    }
}
