package com.github.ulisesbocchio.spring.boot.security.saml.bean;

import com.github.ulisesbocchio.spring.boot.security.saml.configurer.ServiceProviderBuilder;
import com.github.ulisesbocchio.spring.boot.security.saml.configurer.ServiceProviderConfigurer;
import com.github.ulisesbocchio.spring.boot.security.saml.configurer.ServiceProviderEndpoints;
import com.github.ulisesbocchio.spring.boot.security.saml.util.FunctionalUtils;
import java.util.List;
import java.util.Optional;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.saml.SAMLAuthenticationProvider;
import org.springframework.security.saml.SAMLDiscovery;
import org.springframework.security.saml.SAMLEntryPoint;
import org.springframework.security.saml.SAMLLogoutFilter;
import org.springframework.security.saml.SAMLLogoutProcessingFilter;
import org.springframework.security.saml.SAMLProcessingFilter;
import org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.security.saml.metadata.MetadataDisplayFilter;
import org.springframework.security.saml.metadata.MetadataGeneratorFilter;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;

/* loaded from: input_file:com/github/ulisesbocchio/spring/boot/security/saml/bean/SAMLConfigurerBean.class */
public class SAMLConfigurerBean extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> implements InitializingBean {

    @Autowired
    protected ServiceProviderBuilder serviceProviderBuilder;

    @Autowired
    protected AuthenticationManager authenticationManager;
    private Class<? extends Filter> afterFilter = BasicAuthenticationFilter.class;

    /* loaded from: input_file:com/github/ulisesbocchio/spring/boot/security/saml/bean/SAMLConfigurerBean$LazyEndpointsRequestMatcher.class */
    private static class LazyEndpointsRequestMatcher implements RequestMatcher {
        private RequestMatcher delegate;
        private final ServiceProviderEndpoints endpoints;

        private LazyEndpointsRequestMatcher(ServiceProviderEndpoints serviceProviderEndpoints) {
            this.endpoints = serviceProviderEndpoints;
        }

        public boolean matches(HttpServletRequest httpServletRequest) {
            if (this.delegate == null) {
                synchronized (this) {
                    if (this.delegate == null) {
                        this.delegate = this.endpoints.getRequestMatcher();
                    }
                }
            }
            return this.delegate.matches(httpServletRequest);
        }
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.serviceProviderBuilder, "ServiceProviderBuilder can't be null");
        Assert.notNull(this.authenticationManager, "AuthenticationManager can't be null");
        this.serviceProviderBuilder.setSharedObject(AuthenticationManager.class, this.authenticationManager);
    }

    public SAMLConfigurerBean() {
    }

    public SAMLConfigurerBean(ServiceProviderBuilder serviceProviderBuilder, AuthenticationManager authenticationManager) {
        this.serviceProviderBuilder = serviceProviderBuilder;
        this.authenticationManager = authenticationManager;
    }

    public ServiceProviderBuilder serviceProvider() {
        return this.serviceProviderBuilder;
    }

    public ServiceProviderBuilder serviceProvider(List<ServiceProviderConfigurer> list) {
        list.forEach(FunctionalUtils.unchecked(serviceProviderConfigurer -> {
            serviceProviderConfigurer.configure(serviceProvider());
        }));
        return this.serviceProviderBuilder;
    }

    public RequestMatcher endpointsMatcher() {
        return new LazyEndpointsRequestMatcher((ServiceProviderEndpoints) Optional.of(this.serviceProviderBuilder).map(serviceProviderBuilder -> {
            return (ServiceProviderEndpoints) serviceProviderBuilder.getSharedObject(ServiceProviderEndpoints.class);
        }).orElseThrow(() -> {
            return new IllegalStateException("Can't find SAML Endpoints");
        }));
    }

    public void setBuilder(HttpSecurity httpSecurity) {
        this.serviceProviderBuilder.setSharedObject(HttpSecurity.class, httpSecurity);
        super.setBuilder(httpSecurity);
    }

    public void init(HttpSecurity httpSecurity) throws Exception {
        this.serviceProviderBuilder.build();
        SAMLAuthenticationProvider sAMLAuthenticationProvider = (SAMLAuthenticationProvider) this.serviceProviderBuilder.getSharedObject(SAMLAuthenticationProvider.class);
        SAMLEntryPoint sAMLEntryPoint = (SAMLEntryPoint) this.serviceProviderBuilder.getSharedObject(SAMLEntryPoint.class);
        FunctionalUtils.CheckedConsumer checkedConsumer = (FunctionalUtils.CheckedConsumer) this.serviceProviderBuilder.getSharedObject(FunctionalUtils.CheckedConsumer.class);
        httpSecurity.exceptionHandling().authenticationEntryPoint(sAMLEntryPoint);
        httpSecurity.logout().disable();
        httpSecurity.authenticationProvider(sAMLAuthenticationProvider);
        if (checkedConsumer != null) {
            checkedConsumer.accept(httpSecurity);
        }
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        if (!hasStaticServiceProviderMetadataConfigured()) {
            addFilter(httpSecurity, MetadataGeneratorFilter.class);
        }
        addFilter(httpSecurity, MetadataDisplayFilter.class);
        addFilter(httpSecurity, SAMLEntryPoint.class);
        addFilter(httpSecurity, SAMLProcessingFilter.class);
        addFilter(httpSecurity, SAMLWebSSOHoKProcessingFilter.class);
        addFilter(httpSecurity, SAMLLogoutProcessingFilter.class);
        addFilter(httpSecurity, SAMLDiscovery.class);
        addFilter(httpSecurity, SAMLLogoutFilter.class);
    }

    protected void addFilter(HttpSecurity httpSecurity, Class<? extends Filter> cls) {
        Optional.of(this.serviceProviderBuilder).map(serviceProviderBuilder -> {
            return (Filter) serviceProviderBuilder.getSharedObject(cls);
        }).ifPresent(filter -> {
            httpSecurity.addFilterAfter(filter, this.afterFilter);
            this.afterFilter = cls;
        });
    }

    private boolean hasStaticServiceProviderMetadataConfigured() {
        return ((MetadataManager) this.serviceProviderBuilder.getSharedObject(MetadataManager.class)).getAvailableProviders().stream().anyMatch(this::isLocal);
    }

    private boolean isLocal(ExtendedMetadataDelegate extendedMetadataDelegate) {
        extendedMetadataDelegate.initialize();
        return ((Boolean) Optional.ofNullable(extendedMetadataDelegate.getExtendedMetadata(extendedMetadataDelegate.getDelegate().getMetadata().getEntityID())).map((v0) -> {
            return v0.isLocal();
        }).orElse(false)).booleanValue();
    }
}
