package nl._42.boot.saml;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Timer;
import javax.servlet.Filter;
import nl._42.boot.saml.config.SAMLConfigController;
import nl._42.boot.saml.user.SAMLUserService;
import nl._42.boot.saml.web.FriendlyURLComparator;
import nl._42.boot.saml.web.SAMLDefaultEntryPoint;
import nl._42.boot.saml.web.SAMLFailureHandler;
import nl._42.boot.saml.web.SAMLFilter;
import nl._42.boot.saml.web.SAMLMetadataDisplayFilter;
import nl._42.boot.saml.web.SAMLMetadataGenerator;
import nl._42.boot.saml.web.SAMLSuccessRedirectHandler;
import nl._42.boot.saml.web.SAMLWebSSOProfile;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.parse.StaticBasicParserPool;
import org.opensaml.xml.parse.XMLParserException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.ApplicationListener;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.saml.SAMLAuthenticationProvider;
import org.springframework.security.saml.SAMLBootstrap;
import org.springframework.security.saml.SAMLEntryPoint;
import org.springframework.security.saml.SAMLLogoutFilter;
import org.springframework.security.saml.SAMLLogoutProcessingFilter;
import org.springframework.security.saml.SAMLProcessingFilter;
import org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter;
import org.springframework.security.saml.context.SAMLContextProvider;
import org.springframework.security.saml.context.SAMLContextProviderImpl;
import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.log.SAMLDefaultLogger;
import org.springframework.security.saml.metadata.CachingMetadataManager;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.security.saml.metadata.MetadataDisplayFilter;
import org.springframework.security.saml.metadata.MetadataGenerator;
import org.springframework.security.saml.metadata.MetadataGeneratorFilter;
import org.springframework.security.saml.parser.ParserPoolHolder;
import org.springframework.security.saml.processor.HTTPArtifactBinding;
import org.springframework.security.saml.processor.HTTPPAOS11Binding;
import org.springframework.security.saml.processor.HTTPPostBinding;
import org.springframework.security.saml.processor.HTTPRedirectDeflateBinding;
import org.springframework.security.saml.processor.HTTPSOAP11Binding;
import org.springframework.security.saml.processor.SAMLProcessor;
import org.springframework.security.saml.processor.SAMLProcessorImpl;
import org.springframework.security.saml.storage.EmptyStorageFactory;
import org.springframework.security.saml.userdetails.SAMLUserDetailsService;
import org.springframework.security.saml.util.VelocityFactory;
import org.springframework.security.saml.websso.ArtifactResolutionProfileImpl;
import org.springframework.security.saml.websso.SingleLogoutProfile;
import org.springframework.security.saml.websso.SingleLogoutProfileImpl;
import org.springframework.security.saml.websso.WebSSOProfile;
import org.springframework.security.saml.websso.WebSSOProfileConsumer;
import org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl;
import org.springframework.security.saml.websso.WebSSOProfileConsumerImpl;
import org.springframework.security.saml.websso.WebSSOProfileECPImpl;
import org.springframework.security.saml.websso.WebSSOProfileOptions;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@ComponentScan(basePackageClasses = {SAMLConfigController.class})
/* loaded from: input_file:nl/_42/boot/saml/SAMLAutoConfiguration.class */
public class SAMLAutoConfiguration {
    private static final Logger log = LoggerFactory.getLogger(SAMLAutoConfiguration.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:nl/_42/boot/saml/SAMLAutoConfiguration$AuthenticationManagerAdapter.class */
    public static class AuthenticationManagerAdapter implements AuthenticationManager {
        private final AuthenticationProvider provider;

        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            return this.provider.authenticate(authentication);
        }

        public AuthenticationManagerAdapter(AuthenticationProvider authenticationProvider) {
            this.provider = authenticationProvider;
        }
    }

    @Configuration
    @ConditionalOnProperty(name = {"saml.enabled"}, havingValue = "true")
    @ComponentScan(basePackageClasses = {SAMLFilter.class})
    /* loaded from: input_file:nl/_42/boot/saml/SAMLAutoConfiguration$SAMLAuthenticationConfiguration.class */
    public static class SAMLAuthenticationConfiguration {
        private final SAMLProperties properties;

        @Autowired
        public SAMLAuthenticationConfiguration(SAMLProperties sAMLProperties) {
            SAMLProperties.throwIfBlank(sAMLProperties.getIdpUrl(), "idp_url");
            SAMLProperties.throwIfBlank(sAMLProperties.getMetadataUrl(), "metadata_url");
            SAMLProperties.throwIfBlank(sAMLProperties.getSpId(), "sp_id");
            SAMLProperties.throwIfBlank(sAMLProperties.getSpBaseUrl(), "sp_base_url");
            this.properties = sAMLProperties;
        }

        @Bean
        public SAMLAuthenticationProvider samlAuthenticationProvider() {
            SAMLAuthenticationProvider sAMLAuthenticationProvider = new SAMLAuthenticationProvider();
            sAMLAuthenticationProvider.setUserDetails(samlUserDetailService());
            sAMLAuthenticationProvider.setForcePrincipalAsString(this.properties.isForcePrincipal());
            return sAMLAuthenticationProvider;
        }

        @Bean
        public SAMLUserDetailsService samlUserDetailService() {
            return new SAMLUserService(this.properties);
        }

        @Bean
        public MetadataGeneratorFilter samlMetadataGeneratorFilter() {
            return new MetadataGeneratorFilter(metadataGenerator());
        }

        @Bean
        public MetadataGenerator metadataGenerator() {
            SAMLMetadataGenerator sAMLMetadataGenerator = new SAMLMetadataGenerator();
            sAMLMetadataGenerator.setEntityId(this.properties.getSpId());
            sAMLMetadataGenerator.setEntityBaseURL(this.properties.getSpBaseUrl());
            sAMLMetadataGenerator.setKeyManager(keyManager());
            sAMLMetadataGenerator.setBindingsSSO(Arrays.asList("post"));
            return sAMLMetadataGenerator;
        }

        @Bean
        @Qualifier("metadata")
        public CachingMetadataManager metadata() throws MetadataProviderException {
            ArrayList arrayList = new ArrayList();
            arrayList.add(metadataProvider());
            return new CachingMetadataManager(arrayList);
        }

        @Bean
        public MetadataProvider metadataProvider() throws MetadataProviderException {
            HTTPMetadataProvider hTTPMetadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient(), this.properties.getMetadataUrl());
            hTTPMetadataProvider.setParserPool(parserPool());
            ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(hTTPMetadataProvider);
            extendedMetadataDelegate.setMetadataTrustCheck(this.properties.isMetaDataTrustCheck());
            return extendedMetadataDelegate;
        }

        @Bean
        public StaticBasicParserPool parserPool() {
            StaticBasicParserPool staticBasicParserPool = new StaticBasicParserPool();
            try {
                staticBasicParserPool.initialize();
                return staticBasicParserPool;
            } catch (XMLParserException e) {
                throw new IllegalStateException("Could not initialize parser pool", e);
            }
        }

        @Bean
        public ParserPoolHolder parserPoolHolder() {
            return new ParserPoolHolder();
        }

        @Bean
        public HttpClient httpClient() {
            return new HttpClient(multiThreadedHttpConnectionManager());
        }

        @Bean
        public MultiThreadedHttpConnectionManager multiThreadedHttpConnectionManager() {
            return new MultiThreadedHttpConnectionManager();
        }

        @Bean
        public SAMLContextProvider contextProvider() {
            SAMLContextProviderImpl sAMLContextProviderImpl = new SAMLContextProviderImpl();
            if (!this.properties.isInResponseCheck()) {
                sAMLContextProviderImpl.setStorageFactory(new EmptyStorageFactory());
            }
            return sAMLContextProviderImpl;
        }

        @Bean
        public static SAMLBootstrap samlBootstrap() {
            return new SAMLBootstrap();
        }

        @Bean
        public SAMLDefaultLogger samlLogger() {
            return new SAMLDefaultLogger();
        }

        @Bean
        public WebSSOProfileConsumer webSSOprofileConsumer() throws Exception {
            WebSSOProfileConsumerImpl webSSOProfileConsumerImpl = new WebSSOProfileConsumerImpl(processor(), metadata());
            webSSOProfileConsumerImpl.setMaxAuthenticationAge(this.properties.getMaxAuthenticationAge());
            webSSOProfileConsumerImpl.setResponseSkew(this.properties.getResponseSkew());
            webSSOProfileConsumerImpl.afterPropertiesSet();
            return webSSOProfileConsumerImpl;
        }

        @Bean
        public WebSSOProfileConsumerHoKImpl hokWebSSOprofileConsumer() throws Exception {
            return buildConsumer();
        }

        @Bean
        public WebSSOProfile webSSOprofile() throws Exception {
            SAMLWebSSOProfile sAMLWebSSOProfile = new SAMLWebSSOProfile(processor(), metadata());
            sAMLWebSSOProfile.setStripWww(this.properties.isSpStripWww());
            sAMLWebSSOProfile.afterPropertiesSet();
            return sAMLWebSSOProfile;
        }

        @Bean
        public WebSSOProfileConsumerHoKImpl hokWebSSOProfile() throws Exception {
            return buildConsumer();
        }

        private WebSSOProfileConsumerHoKImpl buildConsumer() throws Exception {
            WebSSOProfileConsumerHoKImpl webSSOProfileConsumerHoKImpl = new WebSSOProfileConsumerHoKImpl();
            webSSOProfileConsumerHoKImpl.setMetadata(metadata());
            webSSOProfileConsumerHoKImpl.setProcessor(processor());
            webSSOProfileConsumerHoKImpl.afterPropertiesSet();
            return webSSOProfileConsumerHoKImpl;
        }

        @Bean
        public WebSSOProfileECPImpl ecpprofile() throws Exception {
            WebSSOProfileECPImpl webSSOProfileECPImpl = new WebSSOProfileECPImpl();
            webSSOProfileECPImpl.setMetadata(metadata());
            webSSOProfileECPImpl.setProcessor(processor());
            webSSOProfileECPImpl.afterPropertiesSet();
            return webSSOProfileECPImpl;
        }

        @Bean
        public SingleLogoutProfile logoutProfile() throws Exception {
            SingleLogoutProfileImpl singleLogoutProfileImpl = new SingleLogoutProfileImpl();
            singleLogoutProfileImpl.setMetadata(metadata());
            singleLogoutProfileImpl.setProcessor(processor());
            singleLogoutProfileImpl.afterPropertiesSet();
            return singleLogoutProfileImpl;
        }

        @Bean
        public KeyManager keyManager() {
            return this.properties.getKeystore().getKeyManager();
        }

        @Bean
        public SAMLEntryPoint samlEntryPoint() {
            SAMLDefaultEntryPoint sAMLDefaultEntryPoint = new SAMLDefaultEntryPoint(new AntPathRequestMatcher("/saml/**"));
            sAMLDefaultEntryPoint.setFilterProcessesUrl("/saml/login");
            sAMLDefaultEntryPoint.setDefaultProfileOptions(defaultWebSSOProfileOptions());
            return sAMLDefaultEntryPoint;
        }

        @Bean
        public WebSSOProfileOptions defaultWebSSOProfileOptions() {
            WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions();
            webSSOProfileOptions.setIncludeScoping(false);
            webSSOProfileOptions.setForceAuthN(Boolean.valueOf(this.properties.isForceAuthN()));
            return webSSOProfileOptions;
        }

        @Bean
        public SAMLFilter samlFilterChain() {
            SAMLFilter sAMLFilter = new SAMLFilter(samlMetadataGeneratorFilter());
            sAMLFilter.on("/saml/login/**", samlEntryPoint());
            sAMLFilter.on("/saml/logout/**", samlLogoutFilter());
            sAMLFilter.on("/saml/metadata/**", samlMetadataDisplayFilter());
            sAMLFilter.on("/saml/SSO/**", samlWebSSOProcessingFilter());
            sAMLFilter.on("/saml/SSOHoK/**", samlWebSSOHoKProcessingFilter());
            sAMLFilter.on("/saml/SingleLogout/**", samlLogoutProcessingFilter());
            return sAMLFilter;
        }

        @Bean
        public SAMLMetadataDisplayFilter samlMetadataDisplayFilter() {
            return new SAMLMetadataDisplayFilter(this.properties.getSpId());
        }

        @Bean
        public SAMLWebSSOHoKProcessingFilter samlWebSSOHoKProcessingFilter() {
            SAMLWebSSOHoKProcessingFilter sAMLWebSSOHoKProcessingFilter = new SAMLWebSSOHoKProcessingFilter();
            sAMLWebSSOHoKProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
            sAMLWebSSOHoKProcessingFilter.setAuthenticationManager(samlAuthenticationManager());
            sAMLWebSSOHoKProcessingFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
            return sAMLWebSSOHoKProcessingFilter;
        }

        @Bean
        public SAMLProcessingFilter samlWebSSOProcessingFilter() {
            SAMLProcessingFilter sAMLProcessingFilter = new SAMLProcessingFilter();
            sAMLProcessingFilter.setAuthenticationManager(samlAuthenticationManager());
            sAMLProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
            sAMLProcessingFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
            return sAMLProcessingFilter;
        }

        private AuthenticationManager samlAuthenticationManager() {
            return new AuthenticationManagerAdapter(samlAuthenticationProvider());
        }

        @Bean
        public SAMLSuccessRedirectHandler successRedirectHandler() {
            return new SAMLSuccessRedirectHandler(this.properties);
        }

        @Bean
        public SAMLFailureHandler authenticationFailureHandler() {
            return new SAMLFailureHandler(this.properties);
        }

        @Bean
        public SAMLLogoutFilter samlLogoutFilter() {
            return new SAMLLogoutFilter(successLogoutHandler(), new LogoutHandler[]{logoutHandler()}, new LogoutHandler[]{logoutHandler()});
        }

        @Bean
        public SimpleUrlLogoutSuccessHandler successLogoutHandler() {
            SimpleUrlLogoutSuccessHandler simpleUrlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
            simpleUrlLogoutSuccessHandler.setDefaultTargetUrl(this.properties.getLogoutUrl());
            return simpleUrlLogoutSuccessHandler;
        }

        @Bean
        public SecurityContextLogoutHandler logoutHandler() {
            SecurityContextLogoutHandler securityContextLogoutHandler = new SecurityContextLogoutHandler();
            securityContextLogoutHandler.setInvalidateHttpSession(true);
            securityContextLogoutHandler.setClearAuthentication(true);
            return securityContextLogoutHandler;
        }

        @Bean
        public SAMLLogoutProcessingFilter samlLogoutProcessingFilter() {
            return new SAMLLogoutProcessingFilter(successLogoutHandler(), new LogoutHandler[]{logoutHandler()});
        }

        @Bean
        public SAMLProcessor processor() throws Exception {
            return new SAMLProcessorImpl(Arrays.asList(redirectBinding(), httpPostBinding(), artifactBinding(), soapBinding(), paosBinding()));
        }

        @Bean
        public HTTPPostBinding httpPostBinding() {
            return new HTTPPostBinding(parserPool(), httpPostDecoder(), httpPostEncoder());
        }

        @Bean
        public HTTPPostDecoder httpPostDecoder() {
            HTTPPostDecoder hTTPPostDecoder = new HTTPPostDecoder(parserPool());
            hTTPPostDecoder.setURIComparator(new FriendlyURLComparator(this.properties.getAliases()));
            return hTTPPostDecoder;
        }

        @Bean
        public HTTPPostEncoder httpPostEncoder() {
            return new HTTPPostEncoder(velocityEngine(), "/templates/saml2-post-binding.vm");
        }

        @Bean
        public VelocityEngine velocityEngine() {
            return VelocityFactory.getEngine();
        }

        @Bean
        public HTTPRedirectDeflateBinding redirectBinding() {
            return new HTTPRedirectDeflateBinding(parserPool());
        }

        @Bean
        public HTTPSOAP11Binding soapBinding() {
            return new HTTPSOAP11Binding(parserPool());
        }

        @Bean
        public HTTPPAOS11Binding paosBinding() {
            return new HTTPPAOS11Binding(parserPool());
        }

        @Bean
        public HTTPArtifactBinding artifactBinding() throws Exception {
            ArtifactResolutionProfileImpl artifactResolutionProfileImpl = new ArtifactResolutionProfileImpl(httpClient());
            artifactResolutionProfileImpl.setProcessor(new SAMLProcessorImpl(soapBinding()));
            artifactResolutionProfileImpl.setMetadata(metadata());
            artifactResolutionProfileImpl.afterPropertiesSet();
            return new HTTPArtifactBinding(parserPool(), velocityEngine(), artifactResolutionProfileImpl);
        }

        @Bean
        public SAMLConfigListener samlConfigListener() {
            return new SAMLConfigListener(this.properties);
        }

        @Bean
        public FilterRegistrationBean samlEntryPointRegistration(SAMLEntryPoint sAMLEntryPoint) {
            return disabledFilterRegistration(sAMLEntryPoint);
        }

        @Bean
        public FilterRegistrationBean samlMetadataGeneratorRegistration(MetadataGeneratorFilter metadataGeneratorFilter) {
            return disabledFilterRegistration(metadataGeneratorFilter);
        }

        @Bean
        public FilterRegistrationBean samlMetadataDisplayRegistration(MetadataDisplayFilter metadataDisplayFilter) {
            return disabledFilterRegistration(metadataDisplayFilter);
        }

        @Bean
        public FilterRegistrationBean samlWebSSOProcessingRegistration(SAMLWebSSOHoKProcessingFilter sAMLWebSSOHoKProcessingFilter) {
            return disabledFilterRegistration(sAMLWebSSOHoKProcessingFilter);
        }

        @Bean
        public FilterRegistrationBean samlLogoutRegistration(SAMLLogoutFilter sAMLLogoutFilter) {
            return disabledFilterRegistration(sAMLLogoutFilter);
        }

        @Bean
        public FilterRegistrationBean samlLogoutProcessingRegistration(SAMLLogoutProcessingFilter sAMLLogoutProcessingFilter) {
            return disabledFilterRegistration(sAMLLogoutProcessingFilter);
        }

        private FilterRegistrationBean disabledFilterRegistration(Filter filter) {
            FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(filter, new ServletRegistrationBean[0]);
            filterRegistrationBean.setEnabled(false);
            return filterRegistrationBean;
        }
    }

    /* loaded from: input_file:nl/_42/boot/saml/SAMLAutoConfiguration$SAMLConfigListener.class */
    private static class SAMLConfigListener implements ApplicationListener<ContextRefreshedEvent> {
        private static final Logger log = LoggerFactory.getLogger(SAMLConfigListener.class);
        private final SAMLProperties properties;

        public SAMLConfigListener(SAMLProperties sAMLProperties) {
            this.properties = sAMLProperties;
        }

        public void onApplicationEvent(ContextRefreshedEvent contextRefreshedEvent) {
            org.opensaml.Configuration.getGlobalSecurityConfiguration().registerSignatureAlgorithmURI("RSA", this.properties.getRsaSignatureAlgorithmUri());
            log.info("Registered RSA signature algorithm URI: {}", this.properties.getRsaSignatureAlgorithmUri());
        }
    }

    @Bean
    public SAMLProperties samlProperties() {
        return new SAMLProperties();
    }
}
