package org.springframework.security.saml.provider.identity;

import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
import org.joda.time.DateTime;
import org.springframework.security.saml.SamlMetadataCache;
import org.springframework.security.saml.SamlProviderNotFoundException;
import org.springframework.security.saml.SamlTransformer;
import org.springframework.security.saml.SamlValidator;
import org.springframework.security.saml.key.KeyType;
import org.springframework.security.saml.key.SimpleKey;
import org.springframework.security.saml.provider.AbstractHostedProviderService;
import org.springframework.security.saml.provider.identity.config.LocalIdentityProviderConfiguration;
import org.springframework.security.saml.saml2.Saml2Object;
import org.springframework.security.saml.saml2.authentication.Assertion;
import org.springframework.security.saml.saml2.authentication.AudienceRestriction;
import org.springframework.security.saml.saml2.authentication.AuthenticationRequest;
import org.springframework.security.saml.saml2.authentication.AuthenticationStatement;
import org.springframework.security.saml.saml2.authentication.Conditions;
import org.springframework.security.saml.saml2.authentication.Issuer;
import org.springframework.security.saml.saml2.authentication.LogoutRequest;
import org.springframework.security.saml.saml2.authentication.LogoutResponse;
import org.springframework.security.saml.saml2.authentication.NameIdPrincipal;
import org.springframework.security.saml.saml2.authentication.Response;
import org.springframework.security.saml.saml2.authentication.Status;
import org.springframework.security.saml.saml2.authentication.StatusCode;
import org.springframework.security.saml.saml2.authentication.Subject;
import org.springframework.security.saml.saml2.authentication.SubjectConfirmation;
import org.springframework.security.saml.saml2.authentication.SubjectConfirmationData;
import org.springframework.security.saml.saml2.authentication.SubjectConfirmationMethod;
import org.springframework.security.saml.saml2.metadata.Binding;
import org.springframework.security.saml.saml2.metadata.Endpoint;
import org.springframework.security.saml.saml2.metadata.IdentityProviderMetadata;
import org.springframework.security.saml.saml2.metadata.Metadata;
import org.springframework.security.saml.saml2.metadata.NameId;
import org.springframework.security.saml.saml2.metadata.Provider;
import org.springframework.security.saml.saml2.metadata.ServiceProvider;
import org.springframework.security.saml.saml2.metadata.ServiceProviderMetadata;

/* loaded from: input_file:org/springframework/security/saml/provider/identity/HostedIdentityProviderService.class */
public class HostedIdentityProviderService extends AbstractHostedProviderService<LocalIdentityProviderConfiguration, IdentityProviderMetadata, ServiceProviderMetadata> implements IdentityProviderService {
    private AssertionEnhancer assertionEnhancer;
    private ResponseEnhancer responseEnhancer;

    public HostedIdentityProviderService(LocalIdentityProviderConfiguration localIdentityProviderConfiguration, IdentityProviderMetadata identityProviderMetadata, SamlTransformer samlTransformer, SamlValidator samlValidator, SamlMetadataCache samlMetadataCache, AssertionEnhancer assertionEnhancer, ResponseEnhancer responseEnhancer) {
        super(localIdentityProviderConfiguration, identityProviderMetadata, samlTransformer, samlValidator, samlMetadataCache);
        this.assertionEnhancer = (AssertionEnhancer) Optional.ofNullable(assertionEnhancer).orElseGet(() -> {
            return assertion -> {
                return assertion;
            };
        });
        this.responseEnhancer = (ResponseEnhancer) Optional.ofNullable(responseEnhancer).orElseGet(() -> {
            return response -> {
                return response;
            };
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.springframework.security.saml.provider.AbstractHostedProviderService
    public ServiceProviderMetadata transformMetadata(String str) {
        ServiceProviderMetadata serviceProviderMetadata;
        Metadata metadata = (Metadata) getTransformer().fromXml(str, (List<SimpleKey>) null, (List<SimpleKey>) null);
        if (metadata instanceof ServiceProviderMetadata) {
            serviceProviderMetadata = (ServiceProviderMetadata) metadata;
        } else {
            List<? extends Provider> list = (List) metadata.getSsoProviders().stream().filter(ssoProvider -> {
                return ssoProvider instanceof ServiceProvider;
            }).collect(Collectors.toList());
            serviceProviderMetadata = new ServiceProviderMetadata(metadata);
            serviceProviderMetadata.setProviders(list);
        }
        return serviceProviderMetadata;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.springframework.security.saml.provider.AbstractHostedProviderService, org.springframework.security.saml.provider.HostedProviderService
    public ServiceProviderMetadata getRemoteProvider(Saml2Object saml2Object) {
        if (saml2Object instanceof AuthenticationRequest) {
            return getRemoteProvider((AuthenticationRequest) saml2Object);
        }
        if (saml2Object instanceof LogoutRequest) {
            return getRemoteProvider((LogoutRequest) saml2Object);
        }
        if (saml2Object instanceof LogoutResponse) {
            return getRemoteProvider((LogoutResponse) saml2Object);
        }
        if (saml2Object instanceof Assertion) {
            return getRemoteProvider((Assertion) saml2Object);
        }
        throw new IllegalArgumentException("Unable to resolve class:" + saml2Object.getClass().getName());
    }

    public ServiceProviderMetadata getRemoteProvider(AuthenticationRequest authenticationRequest) {
        return getRemoteProvider(authenticationRequest.getIssuer() != null ? authenticationRequest.getIssuer().getValue() : null);
    }

    public ServiceProviderMetadata getRemoteProvider(Assertion assertion) {
        if (assertion == null || assertion.getSubject() == null) {
            throw new SamlProviderNotFoundException("Assertion must not be null");
        }
        NameIdPrincipal principal = assertion.getSubject().getPrincipal();
        return getRemoteProvider(principal != null ? principal.getSpNameQualifier() : null);
    }

    @Override // org.springframework.security.saml.provider.identity.IdentityProviderService
    public Assertion assertion(ServiceProviderMetadata serviceProviderMetadata, String str, NameId nameId) {
        return assertion(serviceProviderMetadata, null, str, nameId);
    }

    @Override // org.springframework.security.saml.provider.identity.IdentityProviderService
    public Assertion assertion(ServiceProviderMetadata serviceProviderMetadata, AuthenticationRequest authenticationRequest, String str, NameId nameId) {
        long millis = getClock().millis();
        Assertion addAuthenticationStatement = new Assertion().setSigningKey(getMetadata().getSigningKey(), getMetadata().getAlgorithm(), getMetadata().getDigest()).setVersion("2.0").setIssueInstant(new DateTime(millis)).setId("A" + UUID.randomUUID().toString()).setIssuer(getMetadata().getEntityId()).setSubject(new Subject().setPrincipal(new NameIdPrincipal().setValue(str).setFormat(nameId).setNameQualifier(serviceProviderMetadata.getEntityAlias()).setSpNameQualifier(serviceProviderMetadata.getEntityId())).addConfirmation(new SubjectConfirmation().setMethod(SubjectConfirmationMethod.BEARER).setConfirmationData(new SubjectConfirmationData().setInResponseTo(authenticationRequest != null ? authenticationRequest.getId() : null).setNotOnOrAfter(new DateTime(millis + getConfiguration().getNotOnOrAfter())).setRecipient(authenticationRequest != null ? authenticationRequest.getAssertionConsumerService().getLocation() : getPreferredEndpoint(serviceProviderMetadata.getServiceProvider().getAssertionConsumerService(), Binding.POST, -1).getLocation())))).setConditions(new Conditions().setNotBefore(new DateTime(millis - getConfiguration().getNotBefore())).setNotOnOrAfter(new DateTime(millis + getConfiguration().getNotOnOrAfter())).addCriteria(new AudienceRestriction().addAudience(serviceProviderMetadata.getEntityId()))).addAuthenticationStatement(new AuthenticationStatement().setAuthInstant(new DateTime(millis)).setSessionIndex("IDX" + UUID.randomUUID().toString()).setSessionNotOnOrAfter(new DateTime(millis + getConfiguration().getSessionNotOnOrAfter())));
        if (getConfiguration().isEncryptAssertions()) {
            Optional<SimpleKey> findFirst = serviceProviderMetadata.getServiceProvider().getKeys().stream().filter(simpleKey -> {
                return KeyType.ENCRYPTION == simpleKey.getType();
            }).findFirst();
            if (findFirst.isPresent()) {
                addAuthenticationStatement.setEncryptionKey(findFirst.get(), getConfiguration().getKeyEncryptionAlgorithm(), getConfiguration().getDataEncryptionAlgorithm());
            }
        }
        return this.assertionEnhancer.enhance(addAuthenticationStatement);
    }

    @Override // org.springframework.security.saml.provider.identity.IdentityProviderService
    public Response response(Assertion assertion, ServiceProviderMetadata serviceProviderMetadata) {
        return response(null, assertion, serviceProviderMetadata);
    }

    @Override // org.springframework.security.saml.provider.identity.IdentityProviderService
    public Response response(AuthenticationRequest authenticationRequest, Assertion assertion, ServiceProviderMetadata serviceProviderMetadata) {
        Response version = new Response().setAssertions(Arrays.asList(assertion)).setId("RP" + UUID.randomUUID().toString()).setInResponseTo(authenticationRequest != null ? authenticationRequest.getId() : null).setStatus(new Status().setCode(StatusCode.UNKNOWN_STATUS)).setIssuer(new Issuer().setValue(getMetadata().getEntityId())).setSigningKey(getMetadata().getSigningKey(), getMetadata().getAlgorithm(), getMetadata().getDigest()).setIssueInstant(new DateTime()).setStatus(new Status().setCode(StatusCode.SUCCESS)).setVersion("2.0");
        Endpoint assertionConsumerService = authenticationRequest != null ? authenticationRequest.getAssertionConsumerService() : null;
        if (assertionConsumerService == null) {
            assertionConsumerService = getPreferredEndpoint(serviceProviderMetadata.getServiceProvider().getAssertionConsumerService(), Binding.POST, -1);
        }
        if (assertionConsumerService != null) {
            version.setDestination(assertionConsumerService.getLocation());
        }
        return this.responseEnhancer.enhance(version);
    }
}
