package org.springframework.security.saml2.provider.service.web;

import java.io.IOException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.class */
public final class Saml2MetadataFilter extends OncePerRequestFilter {
    public static final String DEFAULT_METADATA_FILE_NAME = "saml-{registrationId}-metadata.xml";
    private final Converter<HttpServletRequest, RelyingPartyRegistration> relyingPartyRegistrationConverter;
    private final Saml2MetadataResolver saml2MetadataResolver;
    private String metadataFilename = DEFAULT_METADATA_FILE_NAME;
    private RequestMatcher requestMatcher = new AntPathRequestMatcher("/saml2/service-provider-metadata/{registrationId}");

    public Saml2MetadataFilter(Converter<HttpServletRequest, RelyingPartyRegistration> converter, Saml2MetadataResolver saml2MetadataResolver) {
        this.relyingPartyRegistrationConverter = converter;
        this.saml2MetadataResolver = saml2MetadataResolver;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!this.requestMatcher.matcher(httpServletRequest).isMatch()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        RelyingPartyRegistration relyingPartyRegistration = (RelyingPartyRegistration) this.relyingPartyRegistrationConverter.convert(httpServletRequest);
        if (relyingPartyRegistration == null) {
            httpServletResponse.setStatus(401);
        } else {
            writeMetadataToResponse(httpServletResponse, relyingPartyRegistration.getRegistrationId(), this.saml2MetadataResolver.resolve(relyingPartyRegistration));
        }
    }

    private void writeMetadataToResponse(HttpServletResponse httpServletResponse, String str, String str2) throws IOException {
        httpServletResponse.setContentType("application/xml");
        String replace = this.metadataFilename.replace("{registrationId}", str);
        httpServletResponse.setHeader("Content-Disposition", String.format("attachment; filename=\"%s\"; filename*=UTF-8''%s", replace, URLEncoder.encode(replace, StandardCharsets.UTF_8.name())));
        httpServletResponse.setContentLength(str2.length());
        httpServletResponse.getWriter().write(str2);
    }

    public void setRequestMatcher(RequestMatcher requestMatcher) {
        Assert.notNull(requestMatcher, "requestMatcher cannot be null");
        this.requestMatcher = requestMatcher;
    }

    public void setMetadataFilename(String str) {
        Assert.hasText(str, "metadataFilename cannot be empty");
        Assert.isTrue(str.contains("{registrationId}"), "metadataFilename must contain a {registrationId} match variable");
        this.metadataFilename = str;
    }
}
