package org.springframework.security.saml2.provider.service.servlet.filter;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationRequestFactory;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequest;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;

/* loaded from: input_file:org/springframework/security/saml2/provider/service/servlet/filter/Saml2WebSsoAuthenticationRequestFilter.class */
public class Saml2WebSsoAuthenticationRequestFilter extends OncePerRequestFilter {
    private final RelyingPartyRegistrationRepository relyingPartyRegistrationRepository;
    private RequestMatcher redirectMatcher = new AntPathRequestMatcher("/saml2/authenticate/{registrationId}");
    private Saml2AuthenticationRequestFactory authenticationRequestFactory = new OpenSamlAuthenticationRequestFactory();

    public Saml2WebSsoAuthenticationRequestFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
        Assert.notNull(relyingPartyRegistrationRepository, "relyingPartyRegistrationRepository cannot be null");
        this.relyingPartyRegistrationRepository = relyingPartyRegistrationRepository;
    }

    public void setAuthenticationRequestFactory(Saml2AuthenticationRequestFactory saml2AuthenticationRequestFactory) {
        Assert.notNull(saml2AuthenticationRequestFactory, "authenticationRequestFactory cannot be null");
        this.authenticationRequestFactory = saml2AuthenticationRequestFactory;
    }

    public void setRedirectMatcher(RequestMatcher requestMatcher) {
        Assert.notNull(requestMatcher, "redirectMatcher cannot be null");
        this.redirectMatcher = requestMatcher;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        RequestMatcher.MatchResult matcher = this.redirectMatcher.matcher(httpServletRequest);
        if (matcher.isMatch()) {
            sendRedirect(httpServletRequest, httpServletResponse, (String) matcher.getVariables().get("registrationId"));
        } else {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    private void sendRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(String.format("Creating SAML2 SP Authentication Request for IDP[%s]", str));
        }
        httpServletResponse.sendRedirect(createSamlRequestRedirectUrl(httpServletRequest, this.relyingPartyRegistrationRepository.findByRegistrationId(str)));
    }

    private String createSamlRequestRedirectUrl(HttpServletRequest httpServletRequest, RelyingPartyRegistration relyingPartyRegistration) {
        return UriComponentsBuilder.fromUriString(relyingPartyRegistration.getIdpWebSsoUrl()).queryParam("SAMLRequest", new Object[]{UriUtils.encode(Saml2Utils.encode(Saml2Utils.deflate(this.authenticationRequestFactory.createAuthenticationRequest(createAuthenticationRequest(relyingPartyRegistration, httpServletRequest)))), StandardCharsets.ISO_8859_1)}).queryParam("RelayState", new Object[]{UriUtils.encode(httpServletRequest.getParameter("RelayState"), StandardCharsets.ISO_8859_1)}).build(true).toUriString();
    }

    private Saml2AuthenticationRequest createAuthenticationRequest(RelyingPartyRegistration relyingPartyRegistration, HttpServletRequest httpServletRequest) {
        return new Saml2AuthenticationRequest(Saml2Utils.getServiceProviderEntityId(relyingPartyRegistration, httpServletRequest), Saml2Utils.resolveUrlTemplate(relyingPartyRegistration.getAssertionConsumerServiceUrlTemplate(), Saml2Utils.getApplicationUri(httpServletRequest), relyingPartyRegistration.getRemoteIdpEntityId(), relyingPartyRegistration.getRegistrationId()), relyingPartyRegistration.getSigningCredentials());
    }
}
