package org.springframework.security.saml.provider.service;

import java.net.URI;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
import org.joda.time.DateTime;
import org.springframework.security.saml.SamlMetadataCache;
import org.springframework.security.saml.SamlProviderNotFoundException;
import org.springframework.security.saml.SamlTransformer;
import org.springframework.security.saml.SamlValidator;
import org.springframework.security.saml.key.SimpleKey;
import org.springframework.security.saml.provider.AbstractHostedProviderService;
import org.springframework.security.saml.provider.config.ExternalProviderConfiguration;
import org.springframework.security.saml.provider.service.config.ExternalIdentityProviderConfiguration;
import org.springframework.security.saml.provider.service.config.LocalServiceProviderConfiguration;
import org.springframework.security.saml.saml2.Saml2Object;
import org.springframework.security.saml.saml2.authentication.Assertion;
import org.springframework.security.saml.saml2.authentication.AuthenticationRequest;
import org.springframework.security.saml.saml2.authentication.Issuer;
import org.springframework.security.saml.saml2.authentication.LogoutRequest;
import org.springframework.security.saml.saml2.authentication.LogoutResponse;
import org.springframework.security.saml.saml2.authentication.NameIdPolicy;
import org.springframework.security.saml.saml2.authentication.Response;
import org.springframework.security.saml.saml2.metadata.Binding;
import org.springframework.security.saml.saml2.metadata.Endpoint;
import org.springframework.security.saml.saml2.metadata.IdentityProvider;
import org.springframework.security.saml.saml2.metadata.IdentityProviderMetadata;
import org.springframework.security.saml.saml2.metadata.Metadata;
import org.springframework.security.saml.saml2.metadata.Provider;
import org.springframework.security.saml.saml2.metadata.ServiceProviderMetadata;

/* loaded from: input_file:org/springframework/security/saml/provider/service/HostedServiceProviderService.class */
public class HostedServiceProviderService extends AbstractHostedProviderService<LocalServiceProviderConfiguration, ServiceProviderMetadata, IdentityProviderMetadata> implements ServiceProviderService {
    private AuthenticationRequestEnhancer authnRequestEnhancer;

    public HostedServiceProviderService(LocalServiceProviderConfiguration localServiceProviderConfiguration, ServiceProviderMetadata serviceProviderMetadata, SamlTransformer samlTransformer, SamlValidator samlValidator, SamlMetadataCache samlMetadataCache, AuthenticationRequestEnhancer authenticationRequestEnhancer) {
        super(localServiceProviderConfiguration, serviceProviderMetadata, samlTransformer, samlValidator, samlMetadataCache);
        this.authnRequestEnhancer = (AuthenticationRequestEnhancer) Optional.ofNullable(authenticationRequestEnhancer).orElseGet(() -> {
            return authenticationRequest -> {
                return authenticationRequest;
            };
        });
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.springframework.security.saml.provider.AbstractHostedProviderService, org.springframework.security.saml.provider.HostedProviderService
    public IdentityProviderMetadata getRemoteProvider(ExternalProviderConfiguration externalProviderConfiguration) {
        IdentityProviderMetadata identityProviderMetadata = (IdentityProviderMetadata) super.getRemoteProvider(externalProviderConfiguration);
        if (identityProviderMetadata != null && (externalProviderConfiguration instanceof ExternalIdentityProviderConfiguration)) {
            ExternalIdentityProviderConfiguration externalIdentityProviderConfiguration = (ExternalIdentityProviderConfiguration) externalProviderConfiguration;
            if (externalIdentityProviderConfiguration.getNameId() != null) {
                identityProviderMetadata.setDefaultNameId(externalIdentityProviderConfiguration.getNameId());
            }
        }
        return identityProviderMetadata;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.springframework.security.saml.provider.AbstractHostedProviderService
    public IdentityProviderMetadata transformMetadata(String str) {
        IdentityProviderMetadata identityProviderMetadata;
        Metadata metadata = (Metadata) getTransformer().fromXml(str, (List<SimpleKey>) null, (List<SimpleKey>) null);
        if (metadata instanceof IdentityProviderMetadata) {
            identityProviderMetadata = (IdentityProviderMetadata) metadata;
        } else {
            List<? extends Provider> list = (List) metadata.getSsoProviders().stream().filter(ssoProvider -> {
                return ssoProvider instanceof IdentityProvider;
            }).collect(Collectors.toList());
            identityProviderMetadata = new IdentityProviderMetadata(metadata);
            identityProviderMetadata.setProviders(list);
        }
        return identityProviderMetadata;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.springframework.security.saml.provider.AbstractHostedProviderService, org.springframework.security.saml.provider.HostedProviderService
    public IdentityProviderMetadata getRemoteProvider(Saml2Object saml2Object) {
        if (saml2Object instanceof Assertion) {
            return getRemoteProvider((Assertion) saml2Object);
        }
        if (saml2Object instanceof Response) {
            return getRemoteProvider((Response) saml2Object);
        }
        if (saml2Object instanceof LogoutRequest) {
            return getRemoteProvider((LogoutRequest) saml2Object);
        }
        if (saml2Object instanceof LogoutResponse) {
            return getRemoteProvider((LogoutResponse) saml2Object);
        }
        throw new UnsupportedOperationException("Class:" + saml2Object.getClass().getName() + " not yet implemented");
    }

    public IdentityProviderMetadata getRemoteProvider(Assertion assertion) {
        return getRemoteProvider(assertion.getIssuer() != null ? assertion.getIssuer().getValue() : null);
    }

    public IdentityProviderMetadata getRemoteProvider(Response response) {
        return getRemoteProvider(response.getIssuer() != null ? response.getIssuer().getValue() : null);
    }

    @Override // org.springframework.security.saml.provider.service.ServiceProviderService
    public AuthenticationRequest authenticationRequest(IdentityProviderMetadata identityProviderMetadata) {
        URI authenticationRequestBinding = getIdentityProviderConfigurationForMetadata(identityProviderMetadata).getAuthenticationRequestBinding();
        Endpoint preferredEndpoint = getPreferredEndpoint(identityProviderMetadata.getIdentityProvider().getSingleSignOnService(), authenticationRequestBinding == null ? Binding.REDIRECT : Binding.fromUrn(authenticationRequestBinding), 0);
        ServiceProviderMetadata metadata = getMetadata();
        AuthenticationRequest destination = new AuthenticationRequest().setId("ARQ" + UUID.randomUUID().toString().substring(1)).setIssueInstant(new DateTime(getClock().millis())).setForceAuth(Boolean.FALSE).setPassive(Boolean.FALSE).setBinding(preferredEndpoint.getBinding()).setAssertionConsumerService(getPreferredEndpoint(metadata.getServiceProvider().getAssertionConsumerService(), null, -1)).setIssuer(new Issuer().setValue(metadata.getEntityId())).setDestination(preferredEndpoint);
        if (metadata.getServiceProvider().isAuthnRequestsSigned()) {
            destination.setSigningKey(metadata.getSigningKey(), metadata.getAlgorithm(), metadata.getDigest());
        }
        if (identityProviderMetadata.getDefaultNameId() != null) {
            destination.setNameIdPolicy(new NameIdPolicy(identityProviderMetadata.getDefaultNameId(), metadata.getEntityAlias(), true));
        } else if (identityProviderMetadata.getIdentityProvider().getNameIds().size() > 0) {
            destination.setNameIdPolicy(new NameIdPolicy(identityProviderMetadata.getIdentityProvider().getNameIds().get(0), metadata.getEntityAlias(), true));
        }
        return this.authnRequestEnhancer.enhance(destination);
    }

    private ExternalIdentityProviderConfiguration getIdentityProviderConfigurationForMetadata(IdentityProviderMetadata identityProviderMetadata) {
        return getConfiguration().getProviders().stream().filter(externalIdentityProviderConfiguration -> {
            return externalIdentityProviderConfiguration.getAlias().equals(identityProviderMetadata.getEntityAlias());
        }).findFirst().orElseThrow(() -> {
            return new SamlProviderNotFoundException("alias:" + identityProviderMetadata.getEntityAlias());
        });
    }
}
