package org.springframework.security.saml.provider.service;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.HashMap;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.saml.SamlRequestMatcher;
import org.springframework.security.saml.provider.SamlFilter;
import org.springframework.security.saml.provider.provisioning.SamlProviderProvisioning;
import org.springframework.security.saml.saml2.Saml2Object;
import org.springframework.security.saml.saml2.authentication.AuthenticationRequest;
import org.springframework.security.saml.saml2.metadata.Binding;
import org.springframework.security.saml.saml2.metadata.Endpoint;
import org.springframework.security.saml.saml2.metadata.IdentityProviderMetadata;
import org.springframework.security.web.header.HeaderWriter;
import org.springframework.security.web.header.writers.CacheControlHeadersWriter;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.util.HtmlUtils;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;

/* loaded from: input_file:org/springframework/security/saml/provider/service/SamlAuthenticationRequestFilter.class */
public class SamlAuthenticationRequestFilter extends SamlFilter<ServiceProviderService> {
    private final SamlProviderProvisioning<ServiceProviderService> provisioning;
    private final RequestMatcher requestMatcher;
    private HeaderWriter cacheHeaderWriter;
    private String postTemplate;

    public SamlAuthenticationRequestFilter(SamlProviderProvisioning<ServiceProviderService> samlProviderProvisioning) {
        this(samlProviderProvisioning, new SamlRequestMatcher(samlProviderProvisioning, "discovery", false));
    }

    public SamlAuthenticationRequestFilter(SamlProviderProvisioning<ServiceProviderService> samlProviderProvisioning, RequestMatcher requestMatcher) {
        super(samlProviderProvisioning);
        this.cacheHeaderWriter = new CacheControlHeadersWriter();
        this.postTemplate = "/templates/saml2-post-binding.vm";
        this.provisioning = samlProviderProvisioning;
        this.requestMatcher = requestMatcher;
    }

    public SamlAuthenticationRequestFilter setCacheHeaderWriter(HeaderWriter headerWriter) {
        this.cacheHeaderWriter = headerWriter;
        return this;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("idp");
        if (!getRequestMatcher().matches(httpServletRequest) || !StringUtils.hasText(parameter)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        ServiceProviderService hostedProvider = this.provisioning.getHostedProvider();
        AuthenticationRequest authenticationRequest = getAuthenticationRequest(hostedProvider, getIdentityProvider(hostedProvider, parameter), httpServletRequest);
        sendAuthenticationRequest(hostedProvider, httpServletRequest, httpServletResponse, authenticationRequest, authenticationRequest.getDestination());
    }

    protected AuthenticationRequest getAuthenticationRequest(ServiceProviderService serviceProviderService, IdentityProviderMetadata identityProviderMetadata, HttpServletRequest httpServletRequest) {
        return serviceProviderService.authenticationRequest(identityProviderMetadata);
    }

    protected RequestMatcher getRequestMatcher() {
        return this.requestMatcher;
    }

    protected IdentityProviderMetadata getIdentityProvider(ServiceProviderService serviceProviderService, String str) {
        return serviceProviderService.getRemoteProvider(str);
    }

    protected void sendAuthenticationRequest(ServiceProviderService serviceProviderService, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationRequest authenticationRequest, Endpoint endpoint) throws IOException {
        String relayState = getRelayState(serviceProviderService, httpServletRequest);
        if (endpoint.getBinding().equals(Binding.REDIRECT)) {
            String encodedXml = serviceProviderService.toEncodedXml((Saml2Object) authenticationRequest, true);
            UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(endpoint.getLocation());
            fromUriString.queryParam("SAMLRequest", new Object[]{UriUtils.encode(encodedXml, StandardCharsets.UTF_8.name())});
            if (StringUtils.hasText(relayState)) {
                fromUriString.queryParam("RelayState", new Object[]{UriUtils.encode(relayState, StandardCharsets.UTF_8.name())});
            }
            httpServletResponse.sendRedirect(fromUriString.build(true).toUriString());
            return;
        }
        if (!endpoint.getBinding().equals(Binding.POST)) {
            processHtml(httpServletRequest, httpServletResponse, getErrorTemplate(), Collections.singletonMap("message", "Unsupported binding:" + endpoint.getBinding().toString()));
            return;
        }
        String encodedXml2 = serviceProviderService.toEncodedXml((Saml2Object) authenticationRequest, false);
        HashMap hashMap = new HashMap();
        hashMap.put("action", endpoint.getLocation());
        hashMap.put("SAMLRequest", encodedXml2);
        if (StringUtils.hasText(relayState)) {
            hashMap.put("RelayState", HtmlUtils.htmlEscape(relayState));
        }
        processHtml(httpServletRequest, httpServletResponse, getPostTemplate(), hashMap);
    }

    protected String getRelayState(ServiceProviderService serviceProviderService, HttpServletRequest httpServletRequest) {
        return null;
    }

    public String getPostTemplate() {
        return this.postTemplate;
    }

    public SamlAuthenticationRequestFilter setPostTemplate(String str) {
        this.postTemplate = str;
        return this;
    }
}
