package org.springframework.security.saml2.provider.service.web;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import org.springframework.security.saml2.Saml2Exception;
import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver;
import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponse;
import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponseResolver;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.class */
public final class Saml2MetadataFilter extends OncePerRequestFilter {
    public static final String DEFAULT_METADATA_FILE_NAME = "saml-{registrationId}-metadata.xml";
    private final Saml2MetadataResponseResolver metadataResolver;

    /* loaded from: input_file:org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter$Saml2MetadataResponseResolverAdapter.class */
    private static final class Saml2MetadataResponseResolverAdapter implements Saml2MetadataResponseResolver {
        private final RelyingPartyRegistrationResolver registrations;
        private final Saml2MetadataResolver metadataResolver;
        private RequestMatcher requestMatcher = new AntPathRequestMatcher("/saml2/service-provider-metadata/{registrationId}");
        private String metadataFilename = Saml2MetadataFilter.DEFAULT_METADATA_FILE_NAME;

        Saml2MetadataResponseResolverAdapter(RelyingPartyRegistrationResolver relyingPartyRegistrationResolver, Saml2MetadataResolver saml2MetadataResolver) {
            this.registrations = relyingPartyRegistrationResolver;
            this.metadataResolver = saml2MetadataResolver;
        }

        @Override // org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponseResolver
        public Saml2MetadataResponse resolve(HttpServletRequest httpServletRequest) {
            RequestMatcher.MatchResult matcher = this.requestMatcher.matcher(httpServletRequest);
            if (!matcher.isMatch()) {
                return null;
            }
            RelyingPartyRegistration resolve = this.registrations.resolve(httpServletRequest, (String) matcher.getVariables().get("registrationId"));
            if (resolve == null) {
                throw new Saml2Exception("registration not found");
            }
            return new Saml2MetadataResponse(this.metadataResolver.resolve(resolve), this.metadataFilename.replace("{registrationId}", resolve.getRegistrationId()));
        }

        void setRequestMatcher(RequestMatcher requestMatcher) {
            Assert.notNull(requestMatcher, "requestMatcher cannot be null");
            this.requestMatcher = requestMatcher;
        }

        void setMetadataFilename(String str) {
            Assert.hasText(str, "metadataFilename cannot be empty");
            Assert.isTrue(str.contains("{registrationId}"), "metadataFilename must contain a {registrationId} match variable");
            this.metadataFilename = str;
        }
    }

    public Saml2MetadataFilter(RelyingPartyRegistrationResolver relyingPartyRegistrationResolver, Saml2MetadataResolver saml2MetadataResolver) {
        Assert.notNull(relyingPartyRegistrationResolver, "relyingPartyRegistrationResolver cannot be null");
        Assert.notNull(saml2MetadataResolver, "saml2MetadataResolver cannot be null");
        this.metadataResolver = new Saml2MetadataResponseResolverAdapter(relyingPartyRegistrationResolver, saml2MetadataResolver);
    }

    public Saml2MetadataFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository, Saml2MetadataResolver saml2MetadataResolver) {
        this(new DefaultRelyingPartyRegistrationResolver(relyingPartyRegistrationRepository), saml2MetadataResolver);
    }

    public Saml2MetadataFilter(Saml2MetadataResponseResolver saml2MetadataResponseResolver) {
        this.metadataResolver = saml2MetadataResponseResolver;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            Saml2MetadataResponse resolve = this.metadataResolver.resolve(httpServletRequest);
            if (resolve == null) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else {
                writeMetadataToResponse(httpServletResponse, resolve);
            }
        } catch (Saml2Exception e) {
            httpServletResponse.setStatus(401);
        }
    }

    private void writeMetadataToResponse(HttpServletResponse httpServletResponse, Saml2MetadataResponse saml2MetadataResponse) throws IOException {
        httpServletResponse.setContentType("application/xml");
        String fileName = saml2MetadataResponse.getFileName();
        httpServletResponse.setHeader("Content-Disposition", String.format("attachment; filename=\"%s\"; filename*=UTF-8''%s", fileName, URLEncoder.encode(fileName, StandardCharsets.UTF_8.name())));
        httpServletResponse.setContentLength(saml2MetadataResponse.getMetadata().length());
        httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
        httpServletResponse.getWriter().write(saml2MetadataResponse.getMetadata());
    }

    public void setRequestMatcher(RequestMatcher requestMatcher) {
        Assert.notNull(requestMatcher, "requestMatcher cannot be null");
        Assert.isInstanceOf(Saml2MetadataResponseResolverAdapter.class, this.metadataResolver, "a Saml2MetadataResponseResolver and RequestMatcher cannot be both set on this filter. Please set the request matcher on the Saml2MetadataResponseResolver itself.");
        ((Saml2MetadataResponseResolverAdapter) this.metadataResolver).setRequestMatcher(requestMatcher);
    }

    public void setMetadataFilename(String str) {
        Assert.hasText(str, "metadataFilename cannot be empty");
        Assert.isTrue(str.contains("{registrationId}"), "metadataFilename must contain a {registrationId} match variable");
        Assert.isInstanceOf(Saml2MetadataResponseResolverAdapter.class, this.metadataResolver, "a Saml2MetadataResponseResolver and file name cannot be both set on this filter. Please set the file name on the Saml2MetadataResponseResolver itself.");
        ((Saml2MetadataResponseResolverAdapter) this.metadataResolver).setMetadataFilename(str);
    }
}
