package com.github.ulisesbocchio.spring.boot.security.saml.configuration;

import com.github.ulisesbocchio.spring.boot.security.saml.bean.SAMLConfigurerBean;
import com.github.ulisesbocchio.spring.boot.security.saml.configurer.ServiceProviderBuilder;
import com.github.ulisesbocchio.spring.boot.security.saml.configurer.ServiceProviderConfigurer;
import com.github.ulisesbocchio.spring.boot.security.saml.configurer.ServiceProviderEndpoints;
import com.github.ulisesbocchio.spring.boot.security.saml.properties.SAMLSSOProperties;
import com.github.ulisesbocchio.spring.boot.security.saml.util.FunctionalUtils;
import java.util.Collections;
import java.util.List;
import org.assertj.core.util.Lists;
import org.opensaml.xml.parse.ParserPool;
import org.opensaml.xml.parse.StaticBasicParserPool;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.io.ResourceLoader;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.saml.SAMLAuthenticationProvider;
import org.springframework.security.saml.SAMLBootstrap;
import org.springframework.security.saml.context.SAMLContextProvider;
import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.log.SAMLDefaultLogger;
import org.springframework.security.saml.log.SAMLLogger;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.metadata.MetadataGenerator;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.security.saml.parser.ParserPoolHolder;
import org.springframework.security.saml.processor.SAMLProcessor;
import org.springframework.security.saml.websso.SingleLogoutProfile;
import org.springframework.security.saml.websso.WebSSOProfile;
import org.springframework.security.saml.websso.WebSSOProfileConsumer;
import org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl;
import org.springframework.security.saml.websso.WebSSOProfileConsumerImpl;
import org.springframework.security.saml.websso.WebSSOProfileECPImpl;
import org.springframework.security.saml.websso.WebSSOProfileHoKImpl;
import org.springframework.security.web.util.matcher.RequestMatcher;

@EnableConfigurationProperties({SAMLSSOProperties.class})
@Configuration
/* loaded from: input_file:com/github/ulisesbocchio/spring/boot/security/saml/configuration/SAMLServiceProviderSecurityConfiguration.class */
public class SAMLServiceProviderSecurityConfiguration implements InitializingBean {

    @Autowired
    private SAMLSSOProperties sAMLSsoProperties;

    @Autowired
    private ResourceLoader resourceLoader;

    @Autowired
    private SAMLLogger samlLogger;

    @Autowired(required = false)
    private ExtendedMetadata extendedMetadata;

    @Autowired(required = false)
    private SAMLContextProvider samlContextProvider;

    @Autowired(required = false)
    private KeyManager keyManager;

    @Autowired(required = false)
    private MetadataManager metadataManager;

    @Autowired(required = false)
    private MetadataGenerator metadataGenerator;

    @Autowired(required = false)
    private SAMLProcessor samlProcessor;

    @Autowired(required = false)
    private WebSSOProfileConsumer webSSOProfileConsumer;

    @Autowired(required = false)
    private WebSSOProfileConsumerHoKImpl hokWebSSOProfileConsumer;

    @Autowired(required = false)
    private WebSSOProfile webSSOProfile;

    @Autowired(required = false)
    private WebSSOProfileECPImpl ecpProfile;

    @Autowired(required = false)
    private WebSSOProfileHoKImpl hokWebSSOProfile;

    @Autowired(required = false)
    private SingleLogoutProfile sloProfile;

    @Autowired(required = false)
    private SAMLAuthenticationProvider samlAuthenticationProvider;

    @Autowired(required = false)
    List<ServiceProviderConfigurer> serviceProviderConfigurers = Lists.newArrayList();

    @Autowired(required = false)
    SAMLConfigurerBean samlConfigurerBean;

    @Autowired
    ServiceProviderBuilder serviceProviderBuilder;

    @ConditionalOnMissingBean({SAMLConfigurerBean.class})
    @Configuration
    /* loaded from: input_file:com/github/ulisesbocchio/spring/boot/security/saml/configuration/SAMLServiceProviderSecurityConfiguration$SAMLWebSecurityConfigurer.class */
    static class SAMLWebSecurityConfigurer extends WebSecurityConfigurerAdapter implements Ordered {

        @Autowired(required = false)
        private List<ServiceProviderConfigurer> serviceProviderConfigurers = Collections.emptyList();

        SAMLWebSecurityConfigurer() {
        }

        public void configure(WebSecurity webSecurity) throws Exception {
            this.serviceProviderConfigurers.forEach(FunctionalUtils.unchecked(serviceProviderConfigurer -> {
                serviceProviderConfigurer.configure(webSecurity);
            }));
        }

        @Bean
        SAMLConfigurerBean saml() {
            return new SAMLConfigurerBean();
        }

        @ConditionalOnMissingBean
        @Bean
        public AuthenticationManager authenticationManagerBean() throws Exception {
            return super.authenticationManagerBean();
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((SAMLConfigurerBean) httpSecurity.httpBasic().disable().csrf().disable().anonymous().and().apply(saml())).serviceProvider(this.serviceProviderConfigurers).http().authorizeRequests().requestMatchers(new RequestMatcher[]{saml().endpointsMatcher()})).permitAll();
            this.serviceProviderConfigurers.forEach(FunctionalUtils.unchecked(serviceProviderConfigurer -> {
                serviceProviderConfigurer.configure(httpSecurity);
            }));
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated();
        }

        public int getOrder() {
            return -17;
        }
    }

    @ConditionalOnMissingBean
    @Bean
    public static SAMLBootstrap sAMLBootstrap() {
        return new SAMLBootstrap();
    }

    @ConditionalOnMissingBean
    @Bean
    public ParserPoolHolder parserPoolHolder() {
        return new ParserPoolHolder();
    }

    @ConditionalOnMissingBean
    @Bean(initMethod = "initialize")
    public ParserPool parserPool() {
        return new StaticBasicParserPool();
    }

    @ConditionalOnMissingBean
    @Bean
    public SAMLLogger samlLogger() {
        return new SAMLDefaultLogger();
    }

    @Bean
    public static ServiceProviderBuilder serviceProviderBuilder() {
        return new ServiceProviderBuilder();
    }

    public void afterPropertiesSet() {
        this.serviceProviderBuilder.setSharedObject(ParserPool.class, ParserPoolHolder.getPool());
        this.serviceProviderBuilder.setSharedObject(WebSSOProfileConsumerImpl.class, this.webSSOProfileConsumer);
        this.serviceProviderBuilder.setSharedObject(WebSSOProfileConsumerHoKImpl.class, this.hokWebSSOProfileConsumer);
        this.serviceProviderBuilder.setSharedObject(ServiceProviderEndpoints.class, new ServiceProviderEndpoints());
        this.serviceProviderBuilder.setSharedObject(ResourceLoader.class, this.resourceLoader);
        this.serviceProviderBuilder.setSharedObject(SAMLSSOProperties.class, this.sAMLSsoProperties);
        this.serviceProviderBuilder.setSharedObject(ExtendedMetadata.class, this.extendedMetadata);
        this.serviceProviderBuilder.setSharedObject(SAMLAuthenticationProvider.class, this.samlAuthenticationProvider);
        this.serviceProviderBuilder.setSharedObject(SAMLContextProvider.class, this.samlContextProvider);
        this.serviceProviderBuilder.setSharedObject(KeyManager.class, this.keyManager);
        this.serviceProviderBuilder.setSharedObject(MetadataManager.class, this.metadataManager);
        this.serviceProviderBuilder.setSharedObject(MetadataGenerator.class, this.metadataGenerator);
        this.serviceProviderBuilder.setSharedObject(SAMLProcessor.class, this.samlProcessor);
        this.serviceProviderBuilder.setSharedObject(WebSSOProfile.class, this.webSSOProfile);
        this.serviceProviderBuilder.setSharedObject(WebSSOProfileECPImpl.class, this.ecpProfile);
        this.serviceProviderBuilder.setSharedObject(WebSSOProfileHoKImpl.class, this.hokWebSSOProfile);
        this.serviceProviderBuilder.setSharedObject(SingleLogoutProfile.class, this.sloProfile);
        this.serviceProviderBuilder.setSharedObject(WebSSOProfileConsumer.class, this.webSSOProfileConsumer);
        this.serviceProviderBuilder.setSharedObject(WebSSOProfileConsumerHoKImpl.class, this.hokWebSSOProfileConsumer);
        this.serviceProviderBuilder.setSharedObject(SAMLLogger.class, this.samlLogger);
    }
}
