package org.springframework.security.config.annotation.web.configurers.saml2;

import jakarta.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
import org.opensaml.core.Version;
import org.springframework.context.ApplicationContext;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml4LogoutRequestValidator;
import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml4LogoutResponseValidator;
import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml5LogoutRequestValidator;
import org.springframework.security.saml2.provider.service.authentication.logout.OpenSaml5LogoutResponseValidator;
import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidator;
import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidator;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository;
import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutRequestResolver;
import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutRequestValidatorParametersResolver;
import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutResponseResolver;
import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml5LogoutRequestResolver;
import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml5LogoutRequestValidatorParametersResolver;
import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml5LogoutResponseResolver;
import org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter;
import org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository;
import org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestResolver;
import org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestValidatorParametersResolver;
import org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter;
import org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseResolver;
import org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2RelyingPartyInitiatedLogoutSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
import org.springframework.security.web.util.matcher.AndRequestMatcher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.ParameterRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.4.1.jar:org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.class */
public final class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<Saml2LogoutConfigurer<H>, H> {
    private static final boolean USE_OPENSAML_5 = Version.getVersion().startsWith("5");
    private ApplicationContext context;
    private RelyingPartyRegistrationRepository relyingPartyRegistrationRepository;
    private String logoutUrl = "/logout";
    private List<LogoutHandler> logoutHandlers = new ArrayList();
    private LogoutSuccessHandler logoutSuccessHandler;
    private Saml2LogoutConfigurer<H>.LogoutRequestConfigurer logoutRequestConfigurer;
    private Saml2LogoutConfigurer<H>.LogoutResponseConfigurer logoutResponseConfigurer;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.4.1.jar:org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer$LogoutRequestConfigurer.class */
    public final class LogoutRequestConfigurer {
        private Saml2LogoutRequestValidator logoutRequestValidator;
        private Saml2LogoutRequestResolver logoutRequestResolver;
        private String logoutUrl = "/logout/saml2/slo";
        private Saml2LogoutRequestRepository logoutRequestRepository = new HttpSessionLogoutRequestRepository();

        LogoutRequestConfigurer() {
        }

        public Saml2LogoutConfigurer<H>.LogoutRequestConfigurer logoutUrl(String str) {
            this.logoutUrl = str;
            return this;
        }

        public Saml2LogoutConfigurer<H>.LogoutRequestConfigurer logoutRequestValidator(Saml2LogoutRequestValidator saml2LogoutRequestValidator) {
            this.logoutRequestValidator = saml2LogoutRequestValidator;
            return this;
        }

        public Saml2LogoutConfigurer<H>.LogoutRequestConfigurer logoutRequestResolver(Saml2LogoutRequestResolver saml2LogoutRequestResolver) {
            this.logoutRequestResolver = saml2LogoutRequestResolver;
            return this;
        }

        public Saml2LogoutConfigurer<H>.LogoutRequestConfigurer logoutRequestRepository(Saml2LogoutRequestRepository saml2LogoutRequestRepository) {
            this.logoutRequestRepository = saml2LogoutRequestRepository;
            return this;
        }

        @Deprecated(since = "6.1", forRemoval = true)
        public Saml2LogoutConfigurer<H> and() {
            return Saml2LogoutConfigurer.this;
        }

        private Saml2LogoutRequestValidator logoutRequestValidator() {
            return this.logoutRequestValidator != null ? this.logoutRequestValidator : Saml2LogoutConfigurer.USE_OPENSAML_5 ? new OpenSaml5LogoutRequestValidator() : new OpenSaml4LogoutRequestValidator();
        }

        private Saml2LogoutRequestResolver logoutRequestResolver(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
            return this.logoutRequestResolver != null ? this.logoutRequestResolver : Saml2LogoutConfigurer.USE_OPENSAML_5 ? new OpenSaml5LogoutRequestResolver(relyingPartyRegistrationRepository) : new OpenSaml4LogoutRequestResolver(relyingPartyRegistrationRepository);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.4.1.jar:org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer$LogoutResponseConfigurer.class */
    public final class LogoutResponseConfigurer {
        private String logoutUrl = "/logout/saml2/slo";
        private Saml2LogoutResponseValidator logoutResponseValidator;
        private Saml2LogoutResponseResolver logoutResponseResolver;

        LogoutResponseConfigurer() {
        }

        public Saml2LogoutConfigurer<H>.LogoutResponseConfigurer logoutUrl(String str) {
            this.logoutUrl = str;
            return this;
        }

        public Saml2LogoutConfigurer<H>.LogoutResponseConfigurer logoutResponseValidator(Saml2LogoutResponseValidator saml2LogoutResponseValidator) {
            this.logoutResponseValidator = saml2LogoutResponseValidator;
            return this;
        }

        public Saml2LogoutConfigurer<H>.LogoutResponseConfigurer logoutResponseResolver(Saml2LogoutResponseResolver saml2LogoutResponseResolver) {
            this.logoutResponseResolver = saml2LogoutResponseResolver;
            return this;
        }

        @Deprecated(since = "6.1", forRemoval = true)
        public Saml2LogoutConfigurer<H> and() {
            return Saml2LogoutConfigurer.this;
        }

        private Saml2LogoutResponseValidator logoutResponseValidator() {
            return this.logoutResponseValidator != null ? this.logoutResponseValidator : Saml2LogoutConfigurer.USE_OPENSAML_5 ? new OpenSaml5LogoutResponseValidator() : new OpenSaml4LogoutResponseValidator();
        }

        private Saml2LogoutResponseResolver logoutResponseResolver(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
            return this.logoutResponseResolver != null ? this.logoutResponseResolver : Saml2LogoutConfigurer.USE_OPENSAML_5 ? new OpenSaml5LogoutResponseResolver(relyingPartyRegistrationRepository) : new OpenSaml4LogoutResponseResolver(relyingPartyRegistrationRepository);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.4.1.jar:org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer$Saml2RelyingPartyInitiatedLogoutFilter.class */
    public static class Saml2RelyingPartyInitiatedLogoutFilter extends LogoutFilter {
        Saml2RelyingPartyInitiatedLogoutFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... logoutHandlerArr) {
            super(logoutSuccessHandler, logoutHandlerArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.4.1.jar:org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer$Saml2RequestMatcher.class */
    public static class Saml2RequestMatcher implements RequestMatcher {
        private final SecurityContextHolderStrategy securityContextHolderStrategy;

        Saml2RequestMatcher(SecurityContextHolderStrategy securityContextHolderStrategy) {
            this.securityContextHolderStrategy = securityContextHolderStrategy;
        }

        @Override // org.springframework.security.web.util.matcher.RequestMatcher
        public boolean matches(HttpServletRequest httpServletRequest) {
            Authentication authentication = this.securityContextHolderStrategy.getContext().getAuthentication();
            if (authentication == null) {
                return false;
            }
            return authentication.getPrincipal() instanceof Saml2AuthenticatedPrincipal;
        }
    }

    public Saml2LogoutConfigurer(ApplicationContext applicationContext) {
        this.context = applicationContext;
        this.logoutHandlers.add(new SecurityContextLogoutHandler());
        this.logoutHandlers.add(new LogoutSuccessEventPublishingLogoutHandler());
        SimpleUrlLogoutSuccessHandler simpleUrlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
        simpleUrlLogoutSuccessHandler.setDefaultTargetUrl(RedirectServerLogoutSuccessHandler.DEFAULT_LOGOUT_SUCCESS_URL);
        this.logoutSuccessHandler = simpleUrlLogoutSuccessHandler;
        this.logoutRequestConfigurer = new LogoutRequestConfigurer();
        this.logoutResponseConfigurer = new LogoutResponseConfigurer();
    }

    public Saml2LogoutConfigurer<H> logoutUrl(String str) {
        this.logoutUrl = str;
        return this;
    }

    public Saml2LogoutConfigurer<H> relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
        this.relyingPartyRegistrationRepository = relyingPartyRegistrationRepository;
        return this;
    }

    @Deprecated(since = "6.1", forRemoval = true)
    public Saml2LogoutConfigurer<H>.LogoutRequestConfigurer logoutRequest() {
        return this.logoutRequestConfigurer;
    }

    public Saml2LogoutConfigurer<H> logoutRequest(Customizer<Saml2LogoutConfigurer<H>.LogoutRequestConfigurer> customizer) {
        customizer.customize(this.logoutRequestConfigurer);
        return this;
    }

    @Deprecated(since = "6.1", forRemoval = true)
    public Saml2LogoutConfigurer<H>.LogoutResponseConfigurer logoutResponse() {
        return this.logoutResponseConfigurer;
    }

    public Saml2LogoutConfigurer<H> logoutResponse(Customizer<Saml2LogoutConfigurer<H>.LogoutResponseConfigurer> customizer) {
        customizer.customize(this.logoutResponseConfigurer);
        return this;
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(H h) throws Exception {
        LogoutConfigurer logoutConfigurer = (LogoutConfigurer) h.getConfigurer(LogoutConfigurer.class);
        if (logoutConfigurer != null) {
            this.logoutHandlers = logoutConfigurer.getLogoutHandlers();
            this.logoutSuccessHandler = logoutConfigurer.getLogoutSuccessHandler();
        }
        RelyingPartyRegistrationRepository relyingPartyRegistrationRepository = getRelyingPartyRegistrationRepository(h);
        h.addFilterBefore(createLogoutRequestProcessingFilter(relyingPartyRegistrationRepository), CsrfFilter.class);
        h.addFilterBefore(createLogoutResponseProcessingFilter(relyingPartyRegistrationRepository), CsrfFilter.class);
        h.addFilterBefore(createRelyingPartyLogoutFilter(relyingPartyRegistrationRepository), LogoutFilter.class);
    }

    private RelyingPartyRegistrationRepository getRelyingPartyRegistrationRepository(H h) {
        if (this.relyingPartyRegistrationRepository != null) {
            return this.relyingPartyRegistrationRepository;
        }
        Saml2LoginConfigurer saml2LoginConfigurer = (Saml2LoginConfigurer) h.getConfigurer(Saml2LoginConfigurer.class);
        if (saml2LoginConfigurer != null) {
            this.relyingPartyRegistrationRepository = saml2LoginConfigurer.relyingPartyRegistrationRepository((Saml2LoginConfigurer) h);
        } else {
            this.relyingPartyRegistrationRepository = (RelyingPartyRegistrationRepository) getBeanOrNull(RelyingPartyRegistrationRepository.class);
        }
        return this.relyingPartyRegistrationRepository;
    }

    private Saml2LogoutRequestFilter createLogoutRequestProcessingFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
        LogoutHandler[] logoutHandlerArr = (LogoutHandler[]) this.logoutHandlers.toArray(new LogoutHandler[0]);
        Saml2LogoutRequestFilter saml2LogoutRequestFilter = new Saml2LogoutRequestFilter(createSaml2LogoutResponseParametersResolver(relyingPartyRegistrationRepository), this.logoutRequestConfigurer.logoutRequestValidator(), createSaml2LogoutResponseResolver(relyingPartyRegistrationRepository), logoutHandlerArr);
        saml2LogoutRequestFilter.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
        return (Saml2LogoutRequestFilter) postProcess(saml2LogoutRequestFilter);
    }

    private Saml2LogoutRequestValidatorParametersResolver createSaml2LogoutResponseParametersResolver(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
        RequestMatcher createLogoutRequestMatcher = createLogoutRequestMatcher();
        if (USE_OPENSAML_5) {
            OpenSaml5LogoutRequestValidatorParametersResolver openSaml5LogoutRequestValidatorParametersResolver = new OpenSaml5LogoutRequestValidatorParametersResolver(relyingPartyRegistrationRepository);
            openSaml5LogoutRequestValidatorParametersResolver.setRequestMatcher(createLogoutRequestMatcher);
            return openSaml5LogoutRequestValidatorParametersResolver;
        }
        OpenSaml4LogoutRequestValidatorParametersResolver openSaml4LogoutRequestValidatorParametersResolver = new OpenSaml4LogoutRequestValidatorParametersResolver(relyingPartyRegistrationRepository);
        openSaml4LogoutRequestValidatorParametersResolver.setRequestMatcher(createLogoutRequestMatcher);
        return openSaml4LogoutRequestValidatorParametersResolver;
    }

    private Saml2LogoutResponseFilter createLogoutResponseProcessingFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
        Saml2LogoutResponseFilter saml2LogoutResponseFilter = new Saml2LogoutResponseFilter(relyingPartyRegistrationRepository, this.logoutResponseConfigurer.logoutResponseValidator(), this.logoutSuccessHandler);
        saml2LogoutResponseFilter.setLogoutRequestMatcher(createLogoutResponseMatcher());
        saml2LogoutResponseFilter.setLogoutRequestRepository(((LogoutRequestConfigurer) this.logoutRequestConfigurer).logoutRequestRepository);
        return (Saml2LogoutResponseFilter) postProcess(saml2LogoutResponseFilter);
    }

    private Saml2RelyingPartyInitiatedLogoutFilter createRelyingPartyLogoutFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
        LogoutHandler[] logoutHandlerArr = (LogoutHandler[]) this.logoutHandlers.toArray(new LogoutHandler[0]);
        Saml2RelyingPartyInitiatedLogoutSuccessHandler createSaml2LogoutRequestSuccessHandler = createSaml2LogoutRequestSuccessHandler(relyingPartyRegistrationRepository);
        createSaml2LogoutRequestSuccessHandler.setLogoutRequestRepository(((LogoutRequestConfigurer) this.logoutRequestConfigurer).logoutRequestRepository);
        Saml2RelyingPartyInitiatedLogoutFilter saml2RelyingPartyInitiatedLogoutFilter = new Saml2RelyingPartyInitiatedLogoutFilter(createSaml2LogoutRequestSuccessHandler, logoutHandlerArr);
        saml2RelyingPartyInitiatedLogoutFilter.setLogoutRequestMatcher(createLogoutMatcher());
        return (Saml2RelyingPartyInitiatedLogoutFilter) postProcess(saml2RelyingPartyInitiatedLogoutFilter);
    }

    private RequestMatcher createLogoutMatcher() {
        return new AndRequestMatcher(new AntPathRequestMatcher(this.logoutUrl, "POST"), new Saml2RequestMatcher(getSecurityContextHolderStrategy()));
    }

    private RequestMatcher createLogoutRequestMatcher() {
        return new AndRequestMatcher(new AntPathRequestMatcher(((LogoutRequestConfigurer) this.logoutRequestConfigurer).logoutUrl), new ParameterRequestMatcher("SAMLRequest"));
    }

    private RequestMatcher createLogoutResponseMatcher() {
        return new AndRequestMatcher(new AntPathRequestMatcher(((LogoutResponseConfigurer) this.logoutResponseConfigurer).logoutUrl), new ParameterRequestMatcher("SAMLResponse"));
    }

    private Saml2RelyingPartyInitiatedLogoutSuccessHandler createSaml2LogoutRequestSuccessHandler(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
        return new Saml2RelyingPartyInitiatedLogoutSuccessHandler(this.logoutRequestConfigurer.logoutRequestResolver(relyingPartyRegistrationRepository));
    }

    private Saml2LogoutResponseResolver createSaml2LogoutResponseResolver(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
        return this.logoutResponseConfigurer.logoutResponseResolver(relyingPartyRegistrationRepository);
    }

    private <C> C getBeanOrNull(Class<C> cls) {
        if (this.context == null) {
            return null;
        }
        return (C) this.context.getBeanProvider(cls).getIfAvailable();
    }
}
