package org.springframework.security.config.annotation.web.configurers.saml2;

import java.util.function.Function;
import org.springframework.context.ApplicationContext;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.saml2.provider.service.metadata.OpenSamlMetadataResolver;
import org.springframework.security.saml2.provider.service.metadata.RequestMatcherMetadataResponseResolver;
import org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponseResolver;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.1.0.jar:org/springframework/security/config/annotation/web/configurers/saml2/Saml2MetadataConfigurer.class */
public class Saml2MetadataConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<Saml2LogoutConfigurer<H>, H> {
    private final ApplicationContext context;
    private Function<RelyingPartyRegistrationRepository, Saml2MetadataResponseResolver> metadataResponseResolver;

    public Saml2MetadataConfigurer(ApplicationContext applicationContext) {
        this.context = applicationContext;
    }

    public Saml2MetadataConfigurer<H> metadataUrl(String str) {
        Assert.hasText(str, "metadataUrl cannot be empty");
        this.metadataResponseResolver = relyingPartyRegistrationRepository -> {
            RequestMatcherMetadataResponseResolver requestMatcherMetadataResponseResolver = new RequestMatcherMetadataResponseResolver(relyingPartyRegistrationRepository, new OpenSamlMetadataResolver());
            requestMatcherMetadataResponseResolver.setRequestMatcher(new AntPathRequestMatcher(str));
            return requestMatcherMetadataResponseResolver;
        };
        return this;
    }

    public Saml2MetadataConfigurer<H> metadataResponseResolver(Saml2MetadataResponseResolver saml2MetadataResponseResolver) {
        Assert.notNull(saml2MetadataResponseResolver, "metadataResponseResolver cannot be null");
        this.metadataResponseResolver = relyingPartyRegistrationRepository -> {
            return saml2MetadataResponseResolver;
        };
        return this;
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter
    public H and() {
        return (H) getBuilder();
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(H h) throws Exception {
        h.addFilterBefore(new Saml2MetadataFilter(createMetadataResponseResolver(h)), BasicAuthenticationFilter.class);
    }

    private Saml2MetadataResponseResolver createMetadataResponseResolver(H h) {
        if (this.metadataResponseResolver != null) {
            return this.metadataResponseResolver.apply(getRelyingPartyRegistrationRepository(h));
        }
        Saml2MetadataResponseResolver saml2MetadataResponseResolver = (Saml2MetadataResponseResolver) getBeanOrNull(Saml2MetadataResponseResolver.class);
        return saml2MetadataResponseResolver != null ? saml2MetadataResponseResolver : new RequestMatcherMetadataResponseResolver(getRelyingPartyRegistrationRepository(h), new OpenSamlMetadataResolver());
    }

    private RelyingPartyRegistrationRepository getRelyingPartyRegistrationRepository(H h) {
        Saml2LoginConfigurer saml2LoginConfigurer = (Saml2LoginConfigurer) h.getConfigurer(Saml2LoginConfigurer.class);
        return saml2LoginConfigurer != null ? saml2LoginConfigurer.relyingPartyRegistrationRepository((Saml2LoginConfigurer) h) : (RelyingPartyRegistrationRepository) getBeanOrNull(RelyingPartyRegistrationRepository.class);
    }

    private <C> C getBeanOrNull(Class<C> cls) {
        if (this.context == null || this.context.getBeanNamesForType((Class<?>) cls).length == 0) {
            return null;
        }
        return (C) this.context.getBean(cls);
    }
}
