package org.springframework.security.saml.provider.identity.config;

import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import org.springframework.context.ApplicationContext;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.saml.provider.SamlServerConfiguration;
import org.springframework.security.saml.provider.config.NetworkConfiguration;
import org.springframework.security.saml.provider.config.RotatingKeys;
import org.springframework.security.saml.saml2.encrypt.DataEncryptionMethod;
import org.springframework.security.saml.saml2.encrypt.KeyEncryptionMethod;
import org.springframework.security.saml.saml2.metadata.NameId;
import org.springframework.security.saml.saml2.signature.AlgorithmMethod;
import org.springframework.security.saml.saml2.signature.DigestMethod;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;

/* loaded from: input_file:org/springframework/security/saml/provider/identity/config/SamlIdentityProviderSecurityDsl.class */
public class SamlIdentityProviderSecurityDsl extends AbstractHttpConfigurer<SamlIdentityProviderSecurityDsl, HttpSecurity> {
    private String prefix = "saml/idp/";
    private boolean useStandardFilterConfiguration = true;
    private List<Filter> filters = new LinkedList();
    private SamlServerConfiguration configuration = new SamlServerConfiguration().setNetwork(new NetworkConfiguration().setConnectTimeout(5000).setReadTimeout(10000)).setIdentityProvider(new LocalIdentityProviderConfiguration().setPrefix(this.prefix).setSignMetadata(true).setSignAssertions(true).setWantRequestsSigned(true).setDefaultSigningAlgorithm(AlgorithmMethod.RSA_SHA256).setDefaultDigest(DigestMethod.SHA256).setNameIds(Arrays.asList(NameId.PERSISTENT, NameId.EMAIL, NameId.UNSPECIFIED)).setEncryptAssertions(false).setKeyEncryptionAlgorithm(KeyEncryptionMethod.RSA_1_5).setProviders(new LinkedList()));

    public void configure(HttpSecurity httpSecurity) throws Exception {
        ApplicationContext applicationContext = (ApplicationContext) httpSecurity.getSharedObject(ApplicationContext.class);
        ((SamlServerConfiguration) applicationContext.getBean("idpSamlServerConfiguration", SamlServerConfiguration.class)).transfer(this.configuration);
        if (this.useStandardFilterConfiguration) {
            SamlIdentityProviderServerBeanConfiguration samlIdentityProviderServerBeanConfiguration = (SamlIdentityProviderServerBeanConfiguration) applicationContext.getBean(SamlIdentityProviderServerBeanConfiguration.class);
            Filter samlConfigurationFilter = samlIdentityProviderServerBeanConfiguration.samlConfigurationFilter();
            Filter idpMetadataFilter = samlIdentityProviderServerBeanConfiguration.idpMetadataFilter();
            Filter idpInitatedLoginFilter = samlIdentityProviderServerBeanConfiguration.idpInitatedLoginFilter();
            Filter idpAuthnRequestFilter = samlIdentityProviderServerBeanConfiguration.idpAuthnRequestFilter();
            Filter idpLogoutFilter = samlIdentityProviderServerBeanConfiguration.idpLogoutFilter();
            httpSecurity.addFilterAfter(samlConfigurationFilter, SecurityContextPersistenceFilter.class).addFilterAfter(idpMetadataFilter, samlConfigurationFilter.getClass()).addFilterAfter(idpInitatedLoginFilter, idpMetadataFilter.getClass()).addFilterAfter(idpAuthnRequestFilter, idpInitatedLoginFilter.getClass()).addFilterAfter(idpLogoutFilter, idpAuthnRequestFilter.getClass()).addFilterAfter(samlIdentityProviderServerBeanConfiguration.idpSelectServiceProviderFilter(), idpLogoutFilter.getClass());
        }
    }

    public SamlIdentityProviderSecurityDsl configure(SamlServerConfiguration samlServerConfiguration) {
        this.configuration = samlServerConfiguration;
        return this;
    }

    public SamlIdentityProviderSecurityDsl prefix(String str) {
        this.configuration.getIdentityProvider().setPrefix(str);
        this.prefix = str;
        return this;
    }

    public SamlIdentityProviderSecurityDsl entityId(String str) {
        this.configuration.getIdentityProvider().setEntityId(str);
        return this;
    }

    public SamlIdentityProviderSecurityDsl alias(String str) {
        this.configuration.getIdentityProvider().setAlias(str);
        return this;
    }

    public SamlIdentityProviderSecurityDsl signMetadata(boolean z) {
        this.configuration.getIdentityProvider().setSignMetadata(z);
        return this;
    }

    public SamlIdentityProviderSecurityDsl signatureAlgorithms(AlgorithmMethod algorithmMethod, DigestMethod digestMethod) {
        this.configuration.getIdentityProvider().setDefaultSigningAlgorithm(algorithmMethod).setDefaultDigest(digestMethod);
        return this;
    }

    public SamlIdentityProviderSecurityDsl signAssertions(boolean z) {
        this.configuration.getIdentityProvider().setSignAssertions(z);
        return this;
    }

    public SamlIdentityProviderSecurityDsl wantRequestsSigned(boolean z) {
        this.configuration.getIdentityProvider().setWantRequestsSigned(z);
        return this;
    }

    public SamlIdentityProviderSecurityDsl encryptAssertions(boolean z, KeyEncryptionMethod keyEncryptionMethod, DataEncryptionMethod dataEncryptionMethod) {
        this.configuration.getIdentityProvider().setEncryptAssertions(z).setKeyEncryptionAlgorithm(keyEncryptionMethod).setDataEncryptionAlgorithm(dataEncryptionMethod);
        return this;
    }

    public SamlIdentityProviderSecurityDsl singleLogout(boolean z) {
        this.configuration.getIdentityProvider().setSingleLogoutEnabled(z);
        return this;
    }

    public SamlIdentityProviderSecurityDsl nameIds(List<NameId> list) {
        this.configuration.getIdentityProvider().setNameIds((List) list.stream().collect(Collectors.toList()));
        return this;
    }

    public SamlIdentityProviderSecurityDsl rotatingKeys(RotatingKeys rotatingKeys) {
        this.configuration.getIdentityProvider().setKeys(rotatingKeys);
        return this;
    }

    public SamlIdentityProviderSecurityDsl serviceProvider(ExternalServiceProviderConfiguration externalServiceProviderConfiguration) {
        this.configuration.getIdentityProvider().getProviders().add(externalServiceProviderConfiguration);
        return this;
    }

    public SamlIdentityProviderSecurityDsl useStandardFilters() {
        return useStandardFilters(true);
    }

    public SamlIdentityProviderSecurityDsl useStandardFilters(boolean z) {
        this.useStandardFilterConfiguration = z;
        return this;
    }

    public SamlIdentityProviderSecurityDsl filters(List<Filter> list) {
        this.filters.clear();
        this.filters.addAll(list);
        return this;
    }

    public static SamlIdentityProviderSecurityDsl identityProvider() {
        return new SamlIdentityProviderSecurityDsl();
    }
}
