package org.springframework.security.saml2.provider.service.web.metadata;

import jakarta.servlet.http.HttpServletRequest;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.UUID;
import org.springframework.security.saml2.Saml2Exception;
import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver;
import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponse;
import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponseResolver;
import org.springframework.security.saml2.provider.service.registration.IterableRelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/saml2/provider/service/web/metadata/RequestMatcherMetadataResponseResolver.class */
public class RequestMatcherMetadataResponseResolver implements Saml2MetadataResponseResolver {
    private static final String DEFAULT_METADATA_FILENAME = "saml-{registrationId}-metadata.xml";
    private RequestMatcher matcher = new OrRequestMatcher(new RequestMatcher[]{new AntPathRequestMatcher("/saml2/service-provider-metadata/{registrationId}"), new AntPathRequestMatcher("/saml2/metadata/{registrationId}"), new AntPathRequestMatcher("/saml2/metadata")});
    private String filename = "saml-{registrationId}-metadata.xml";
    private final RelyingPartyRegistrationRepository registrations;
    private final Saml2MetadataResolver metadata;

    public RequestMatcherMetadataResponseResolver(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository, Saml2MetadataResolver saml2MetadataResolver) {
        Assert.notNull(relyingPartyRegistrationRepository, "relyingPartyRegistrationRepository cannot be null");
        Assert.notNull(saml2MetadataResolver, "saml2MetadataResolver cannot be null");
        this.registrations = relyingPartyRegistrationRepository;
        this.metadata = saml2MetadataResolver;
    }

    @Override // org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponseResolver
    public Saml2MetadataResponse resolve(HttpServletRequest httpServletRequest) {
        RequestMatcher.MatchResult matcher = this.matcher.matcher(httpServletRequest);
        if (!matcher.isMatch()) {
            return null;
        }
        Saml2MetadataResponse responseByRegistrationId = responseByRegistrationId(httpServletRequest, (String) matcher.getVariables().get("registrationId"));
        if (responseByRegistrationId != null) {
            return responseByRegistrationId;
        }
        RelyingPartyRegistrationRepository relyingPartyRegistrationRepository = this.registrations;
        if (relyingPartyRegistrationRepository instanceof IterableRelyingPartyRegistrationRepository) {
            return responseByIterable(httpServletRequest, (IterableRelyingPartyRegistrationRepository) relyingPartyRegistrationRepository);
        }
        if (this.registrations instanceof Iterable) {
            return responseByIterable(httpServletRequest, (Iterable) this.registrations);
        }
        return null;
    }

    private Saml2MetadataResponse responseByRegistrationId(HttpServletRequest httpServletRequest, String str) {
        if (str == null) {
            return null;
        }
        RelyingPartyRegistration findByRegistrationId = this.registrations.findByRegistrationId(str);
        if (findByRegistrationId == null) {
            throw new Saml2Exception("registration not found");
        }
        return responseByIterable(httpServletRequest, Collections.singleton(findByRegistrationId));
    }

    private Saml2MetadataResponse responseByIterable(HttpServletRequest httpServletRequest, Iterable<RelyingPartyRegistration> iterable) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (RelyingPartyRegistration relyingPartyRegistration : iterable) {
            RelyingPartyRegistrationPlaceholderResolvers.UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(httpServletRequest, relyingPartyRegistration);
            String resolve = uriResolver.resolve(relyingPartyRegistration.getEntityId());
            linkedHashMap.computeIfAbsent(resolve, str -> {
                String resolve2 = uriResolver.resolve(relyingPartyRegistration.getAssertionConsumerServiceLocation());
                String resolve3 = uriResolver.resolve(relyingPartyRegistration.getSingleLogoutServiceLocation());
                return relyingPartyRegistration.mutate().entityId(resolve).assertionConsumerServiceLocation(resolve2).singleLogoutServiceLocation(resolve3).singleLogoutServiceResponseLocation(uriResolver.resolve(relyingPartyRegistration.getSingleLogoutServiceResponseLocation())).build();
            });
        }
        try {
            return new Saml2MetadataResponse(this.metadata.resolve(linkedHashMap.values()), URLEncoder.encode(this.filename.replace("{registrationId}", linkedHashMap.size() == 1 ? ((RelyingPartyRegistration) linkedHashMap.values().iterator().next()).getRegistrationId() : UUID.randomUUID().toString()), StandardCharsets.UTF_8.name()));
        } catch (UnsupportedEncodingException e) {
            throw new Saml2Exception(e);
        }
    }

    public void setRequestMatcher(RequestMatcher requestMatcher) {
        Assert.notNull(requestMatcher, "requestMatcher cannot be empty");
        this.matcher = requestMatcher;
    }

    public void setMetadataFilename(String str) {
        Assert.hasText(str, "metadataFilename cannot be empty");
        this.filename = str;
    }
}
