package com.github.choonchernlim.security.adfs.saml2;

import com.github.choonchernlim.betterPreconditions.preconditions.ObjectPreconditions;
import com.github.choonchernlim.betterPreconditions.preconditions.PreconditionFactory;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import java.util.Set;
import java.util.Timer;
import javax.annotation.PostConstruct;
import javax.servlet.Filter;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.parse.StaticBasicParserPool;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
import org.springframework.context.annotation.Bean;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.saml.SAMLAuthenticationProvider;
import org.springframework.security.saml.SAMLBootstrap;
import org.springframework.security.saml.SAMLDiscovery;
import org.springframework.security.saml.SAMLEntryPoint;
import org.springframework.security.saml.SAMLLogoutFilter;
import org.springframework.security.saml.SAMLLogoutProcessingFilter;
import org.springframework.security.saml.SAMLProcessingFilter;
import org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter;
import org.springframework.security.saml.context.SAMLContextProviderLB;
import org.springframework.security.saml.key.JKSKeyManager;
import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.log.SAMLDefaultLogger;
import org.springframework.security.saml.metadata.CachingMetadataManager;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.security.saml.metadata.MetadataDisplayFilter;
import org.springframework.security.saml.metadata.MetadataGenerator;
import org.springframework.security.saml.metadata.MetadataGeneratorFilter;
import org.springframework.security.saml.parser.ParserPoolHolder;
import org.springframework.security.saml.processor.HTTPArtifactBinding;
import org.springframework.security.saml.processor.HTTPPAOS11Binding;
import org.springframework.security.saml.processor.HTTPPostBinding;
import org.springframework.security.saml.processor.HTTPRedirectDeflateBinding;
import org.springframework.security.saml.processor.HTTPSOAP11Binding;
import org.springframework.security.saml.processor.SAMLProcessorImpl;
import org.springframework.security.saml.trust.httpclient.TLSProtocolConfigurer;
import org.springframework.security.saml.trust.httpclient.TLSProtocolSocketFactory;
import org.springframework.security.saml.userdetails.SAMLUserDetailsService;
import org.springframework.security.saml.util.VelocityFactory;
import org.springframework.security.saml.websso.ArtifactResolutionProfileImpl;
import org.springframework.security.saml.websso.SingleLogoutProfile;
import org.springframework.security.saml.websso.SingleLogoutProfileImpl;
import org.springframework.security.saml.websso.WebSSOProfile;
import org.springframework.security.saml.websso.WebSSOProfileConsumer;
import org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl;
import org.springframework.security.saml.websso.WebSSOProfileConsumerImpl;
import org.springframework.security.saml.websso.WebSSOProfileECPImpl;
import org.springframework.security.saml.websso.WebSSOProfileImpl;
import org.springframework.security.saml.websso.WebSSOProfileOptions;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

/* loaded from: input_file:com/github/choonchernlim/security/adfs/saml2/SAMLWebSecurityConfigurerAdapter.class */
public abstract class SAMLWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    @Autowired
    protected Environment env;

    @Autowired
    private SAMLAuthenticationProvider samlAuthenticationProvider;

    @Bean
    public static SAMLBootstrap samlBootstrap() {
        return new DefaultSAMLBootstrap();
    }

    @Bean
    protected abstract SAMLConfigBean samlConfigBean();

    protected final HttpSecurity samlizedConfig(HttpSecurity httpSecurity) throws Exception {
        return ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.httpBasic().authenticationEntryPoint(samlEntryPoint()).and().csrf().ignoringAntMatchers(new String[]{"/saml/**"}).and().authorizeRequests().antMatchers(new String[]{"/saml/**"})).permitAll().and().addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(filterChainProxy(), BasicAuthenticationFilter.class);
    }

    protected final HttpSecurity mockSecurity(HttpSecurity httpSecurity, User user) {
        ((ObjectPreconditions) ((ObjectPreconditions) PreconditionFactory.expect(user, "user").not()).toBeNull()).check();
        if (samlConfigBean().getSamlUserDetailsService() == null) {
            throw new SpringSecurityAdfsSaml2Exception("`samlConfigBean.samlUserDetailsService` cannot be null. When mocking security, the given user details object will be set as principal. Because setting `samlConfigBean.samlUserDetailsService` will set the user details object as principal, this property must be configured to ensure the mock security mimics the actual security configuration.");
        }
        return httpSecurity.addFilterBefore(new MockFilterSecurityInterceptor(user), FilterSecurityInterceptor.class);
    }

    protected final WebSecurity samlizedConfig(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers(new String[]{samlConfigBean().getSuccessLogoutUrl()});
        return webSecurity;
    }

    private String getMetdataUrl() {
        return String.format("https://%s/federationmetadata/2007-06/federationmetadata.xml", samlConfigBean().getIdpServerName());
    }

    @Bean
    public SAMLEntryPoint samlEntryPoint() {
        WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions();
        webSSOProfileOptions.setIncludeScoping(false);
        webSSOProfileOptions.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        webSSOProfileOptions.setForceAuthN(true);
        if (!samlConfigBean().getAuthnContexts().isEmpty()) {
            webSSOProfileOptions.setAuthnContexts(samlConfigBean().getAuthnContexts());
        }
        SAMLEntryPoint sAMLEntryPoint = new SAMLEntryPoint();
        sAMLEntryPoint.setDefaultProfileOptions(webSSOProfileOptions);
        return sAMLEntryPoint;
    }

    @Bean
    public MetadataGeneratorFilter metadataGeneratorFilter() {
        StringBuilder sb = new StringBuilder();
        sb.append("https://").append(samlConfigBean().getSpServerName());
        if (samlConfigBean().getSpHttpsPort().intValue() != 443) {
            sb.append(":").append(samlConfigBean().getSpHttpsPort());
        }
        sb.append(samlConfigBean().getSpContextPath());
        String sb2 = sb.toString();
        MetadataGenerator metadataGenerator = new MetadataGenerator();
        metadataGenerator.setKeyManager(keyManager());
        metadataGenerator.setEntityBaseURL(sb2);
        return new MetadataGeneratorFilter(metadataGenerator);
    }

    @Bean
    public HttpClient httpClient() {
        return new HttpClient(new MultiThreadedHttpConnectionManager());
    }

    @Bean
    public FilterChainProxy filterChainProxy() throws Exception {
        return new FilterChainProxy(ImmutableList.of(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), new Filter[]{samlEntryPoint()}), new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"), new Filter[]{samlLogoutFilter()}), new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"), new Filter[]{metadataDisplayFilter()}), new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"), new Filter[]{samlProcessingFilter()}), new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"), new Filter[]{samlWebSSOHoKProcessingFilter()}), new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"), new Filter[]{samlLogoutProcessingFilter()}), new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"), new Filter[]{samlIDPDiscovery()})));
    }

    @Bean
    public SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler() {
        SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        savedRequestAwareAuthenticationSuccessHandler.setDefaultTargetUrl(samlConfigBean().getSuccessLoginDefaultUrl());
        return savedRequestAwareAuthenticationSuccessHandler;
    }

    @Bean
    public SimpleUrlAuthenticationFailureHandler failureRedirectHandler() {
        SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler = new SimpleUrlAuthenticationFailureHandler();
        if (!samlConfigBean().getFailedLoginDefaultUrl().isEmpty()) {
            simpleUrlAuthenticationFailureHandler.setDefaultFailureUrl(samlConfigBean().getFailedLoginDefaultUrl());
        }
        return simpleUrlAuthenticationFailureHandler;
    }

    @Bean
    public SimpleUrlLogoutSuccessHandler successLogoutHandler() {
        SimpleUrlLogoutSuccessHandler simpleUrlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
        simpleUrlLogoutSuccessHandler.setDefaultTargetUrl(samlConfigBean().getSuccessLogoutUrl());
        return simpleUrlLogoutSuccessHandler;
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.authenticationProvider(this.samlAuthenticationProvider);
    }

    @Bean
    public SAMLDefaultLogger samlLogger() {
        return new SAMLDefaultLogger();
    }

    @Bean
    public KeyManager keyManager() {
        return new JKSKeyManager(samlConfigBean().getKeystoreResource(), samlConfigBean().getKeystorePassword(), ImmutableMap.of(samlConfigBean().getKeystoreAlias(), samlConfigBean().getKeystorePrivateKeyPassword()), samlConfigBean().getKeystoreAlias());
    }

    @Bean
    public SAMLDiscovery samlIDPDiscovery() {
        return new SAMLDiscovery();
    }

    @Bean
    public MetadataDisplayFilter metadataDisplayFilter() {
        return new MetadataDisplayFilter();
    }

    @Bean
    public TLSProtocolConfigurer tlsProtocolConfigurer() {
        return new TLSProtocolConfigurer();
    }

    @Bean
    public ProtocolSocketFactory protocolSocketFactory() {
        return new TLSProtocolSocketFactory(keyManager(), (Set) null, "default");
    }

    @Bean
    public Protocol protocol() {
        return new Protocol("https", protocolSocketFactory(), 443);
    }

    @PostConstruct
    public MethodInvokingFactoryBean socketFactoryInitialization() {
        MethodInvokingFactoryBean methodInvokingFactoryBean = new MethodInvokingFactoryBean();
        methodInvokingFactoryBean.setTargetClass(Protocol.class);
        methodInvokingFactoryBean.setTargetMethod("registerProtocol");
        methodInvokingFactoryBean.setArguments(new Object[]{"https", protocol()});
        return methodInvokingFactoryBean;
    }

    @Bean
    public CachingMetadataManager metadata() throws MetadataProviderException {
        HTTPMetadataProvider hTTPMetadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient(), getMetdataUrl());
        hTTPMetadataProvider.setParserPool(parserPool());
        ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(hTTPMetadataProvider);
        extendedMetadataDelegate.setMetadataTrustCheck(false);
        return new CachingMetadataManager(ImmutableList.of(extendedMetadataDelegate));
    }

    @Bean
    public SAMLAuthenticationProvider samlAuthenticationProvider() {
        SAMLAuthenticationProvider sAMLAuthenticationProvider = new SAMLAuthenticationProvider();
        SAMLUserDetailsService samlUserDetailsService = samlConfigBean().getSamlUserDetailsService();
        if (samlUserDetailsService != null) {
            sAMLAuthenticationProvider.setUserDetails(samlUserDetailsService);
            sAMLAuthenticationProvider.setForcePrincipalAsString(false);
        }
        return sAMLAuthenticationProvider;
    }

    @Bean
    public SAMLContextProviderLB contextProvider() {
        SAMLContextProviderLB sAMLContextProviderLB = new SAMLContextProviderLB();
        sAMLContextProviderLB.setScheme("https");
        sAMLContextProviderLB.setServerName(samlConfigBean().getSpServerName());
        sAMLContextProviderLB.setServerPort(samlConfigBean().getSpHttpsPort().intValue());
        sAMLContextProviderLB.setIncludeServerPortInRequestURL(samlConfigBean().getSpHttpsPort().intValue() != 443);
        sAMLContextProviderLB.setContextPath(samlConfigBean().getSpContextPath());
        return sAMLContextProviderLB;
    }

    @Bean
    public SAMLProcessingFilter samlProcessingFilter() throws Exception {
        SAMLProcessingFilter sAMLProcessingFilter = new SAMLProcessingFilter();
        sAMLProcessingFilter.setAuthenticationManager(authenticationManager());
        sAMLProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
        sAMLProcessingFilter.setAuthenticationFailureHandler(failureRedirectHandler());
        return sAMLProcessingFilter;
    }

    @Bean
    public SAMLWebSSOHoKProcessingFilter samlWebSSOHoKProcessingFilter() throws Exception {
        SAMLWebSSOHoKProcessingFilter sAMLWebSSOHoKProcessingFilter = new SAMLWebSSOHoKProcessingFilter();
        sAMLWebSSOHoKProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
        sAMLWebSSOHoKProcessingFilter.setAuthenticationManager(authenticationManager());
        sAMLWebSSOHoKProcessingFilter.setAuthenticationFailureHandler(failureRedirectHandler());
        return sAMLWebSSOHoKProcessingFilter;
    }

    @Bean
    public SecurityContextLogoutHandler logoutHandler() {
        SecurityContextLogoutHandler securityContextLogoutHandler = new SecurityContextLogoutHandler();
        securityContextLogoutHandler.setInvalidateHttpSession(true);
        securityContextLogoutHandler.setClearAuthentication(true);
        return securityContextLogoutHandler;
    }

    @Bean
    public SAMLLogoutFilter samlLogoutFilter() {
        return new SAMLLogoutFilter(successLogoutHandler(), new LogoutHandler[]{logoutHandler()}, new LogoutHandler[]{logoutHandler()});
    }

    @Bean
    public SAMLLogoutProcessingFilter samlLogoutProcessingFilter() {
        return new SAMLLogoutProcessingFilter(successLogoutHandler(), new LogoutHandler[]{logoutHandler()});
    }

    @Bean
    public SAMLProcessorImpl processor() {
        return new SAMLProcessorImpl(ImmutableList.of(redirectDeflateBinding(), postBinding(), artifactBinding(), soapBinding(), paosBinding()));
    }

    @Bean
    public WebSSOProfileConsumer webSSOprofileConsumer() {
        return new WebSSOProfileConsumerImpl();
    }

    @Bean
    public WebSSOProfileConsumerHoKImpl hokWebSSOprofileConsumer() {
        return new WebSSOProfileConsumerHoKImpl();
    }

    @Bean
    public WebSSOProfile webSSOprofile() {
        return new WebSSOProfileImpl();
    }

    @Bean
    public WebSSOProfileConsumerHoKImpl hokWebSSOProfile() {
        return new WebSSOProfileConsumerHoKImpl();
    }

    @Bean
    public WebSSOProfileECPImpl ecpprofile() {
        return new WebSSOProfileECPImpl();
    }

    @Bean
    public SingleLogoutProfile logoutprofile() {
        return new SingleLogoutProfileImpl();
    }

    @Bean
    public HTTPPostBinding postBinding() {
        return new HTTPPostBinding(parserPool(), velocityEngine());
    }

    @Bean
    public HTTPRedirectDeflateBinding redirectDeflateBinding() {
        return new HTTPRedirectDeflateBinding(parserPool());
    }

    @Bean
    public HTTPArtifactBinding artifactBinding() {
        ArtifactResolutionProfileImpl artifactResolutionProfileImpl = new ArtifactResolutionProfileImpl(httpClient());
        artifactResolutionProfileImpl.setProcessor(new SAMLProcessorImpl(soapBinding()));
        return new HTTPArtifactBinding(parserPool(), velocityEngine(), artifactResolutionProfileImpl);
    }

    @Bean
    public HTTPSOAP11Binding soapBinding() {
        return new HTTPSOAP11Binding(parserPool());
    }

    @Bean
    public HTTPPAOS11Binding paosBinding() {
        return new HTTPPAOS11Binding(parserPool());
    }

    @Bean
    public VelocityEngine velocityEngine() {
        return VelocityFactory.getEngine();
    }

    @Bean(initMethod = "initialize")
    public StaticBasicParserPool parserPool() {
        return new StaticBasicParserPool();
    }

    @Bean
    public ParserPoolHolder parserPoolHolder() {
        return new ParserPoolHolder();
    }
}
