package org.springframework.security.saml2.provider.service.authentication;

import java.time.Duration;
import java.util.Map;
import java.util.function.Consumer;
import org.opensaml.saml.common.assertion.ValidationContext;
import org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Response;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.saml2.core.Saml2ResponseValidatorResult;
import org.springframework.security.saml2.provider.service.authentication.BaseOpenSamlAuthenticationProvider;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.4.5.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.class */
public final class OpenSaml4AuthenticationProvider implements AuthenticationProvider {
    private final BaseOpenSamlAuthenticationProvider delegate = new BaseOpenSamlAuthenticationProvider(new OpenSaml4Template());

    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.4.5.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider$AssertionToken.class */
    public static class AssertionToken {
        private final Saml2AuthenticationToken token;
        private final Assertion assertion;

        AssertionToken(Assertion assertion, Saml2AuthenticationToken saml2AuthenticationToken) {
            this.token = saml2AuthenticationToken;
            this.assertion = assertion;
        }

        AssertionToken(BaseOpenSamlAuthenticationProvider.AssertionToken assertionToken) {
            this.token = assertionToken.getToken();
            this.assertion = assertionToken.getAssertion();
        }

        public Assertion getAssertion() {
            return this.assertion;
        }

        public Saml2AuthenticationToken getToken() {
            return this.token;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.4.5.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider$ResponseToken.class */
    public static class ResponseToken {
        private final Saml2AuthenticationToken token;
        private final Response response;

        ResponseToken(Response response, Saml2AuthenticationToken saml2AuthenticationToken) {
            this.token = saml2AuthenticationToken;
            this.response = response;
        }

        ResponseToken(BaseOpenSamlAuthenticationProvider.ResponseToken responseToken) {
            this.token = responseToken.getToken();
            this.response = responseToken.getResponse();
        }

        public Response getResponse() {
            return this.response;
        }

        public Saml2AuthenticationToken getToken() {
            return this.token;
        }
    }

    public void setResponseElementsDecrypter(Consumer<ResponseToken> consumer) {
        Assert.notNull(consumer, "responseElementsDecrypter cannot be null");
        this.delegate.setResponseElementsDecrypter(responseToken -> {
            consumer.accept(new ResponseToken(responseToken));
        });
    }

    public void setResponseValidator(Converter<ResponseToken, Saml2ResponseValidatorResult> converter) {
        Assert.notNull(converter, "responseValidator cannot be null");
        this.delegate.setResponseValidator(responseToken -> {
            return (Saml2ResponseValidatorResult) converter.convert2(new ResponseToken(responseToken));
        });
    }

    public void setAssertionValidator(Converter<AssertionToken, Saml2ResponseValidatorResult> converter) {
        Assert.notNull(converter, "assertionValidator cannot be null");
        this.delegate.setAssertionValidator(assertionToken -> {
            return (Saml2ResponseValidatorResult) converter.convert2(new AssertionToken(assertionToken));
        });
    }

    public void setAssertionElementsDecrypter(Consumer<AssertionToken> consumer) {
        Assert.notNull(consumer, "assertionDecrypter cannot be null");
        this.delegate.setAssertionElementsDecrypter(assertionToken -> {
            consumer.accept(new AssertionToken(assertionToken));
        });
    }

    public void setResponseAuthenticationConverter(Converter<ResponseToken, ? extends AbstractAuthenticationToken> converter) {
        Assert.notNull(converter, "responseAuthenticationConverter cannot be null");
        this.delegate.setResponseAuthenticationConverter(responseToken -> {
            return (AbstractAuthenticationToken) converter.convert2(new ResponseToken(responseToken));
        });
    }

    public static Converter<ResponseToken, Saml2ResponseValidatorResult> createDefaultResponseValidator() {
        Converter<BaseOpenSamlAuthenticationProvider.ResponseToken, Saml2ResponseValidatorResult> createDefaultResponseValidator = BaseOpenSamlAuthenticationProvider.createDefaultResponseValidator();
        return responseToken -> {
            return (Saml2ResponseValidatorResult) createDefaultResponseValidator.convert2(new BaseOpenSamlAuthenticationProvider.ResponseToken(responseToken.getResponse(), responseToken.getToken()));
        };
    }

    public static Converter<AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionValidator() {
        return createDefaultAssertionValidatorWithParameters(map -> {
            map.put(SAML2AssertionValidationParameters.CLOCK_SKEW, Duration.ofMinutes(5L));
        });
    }

    @Deprecated
    public static Converter<AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionValidator(Converter<AssertionToken, ValidationContext> converter) {
        Converter<BaseOpenSamlAuthenticationProvider.AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionValidator = BaseOpenSamlAuthenticationProvider.createDefaultAssertionValidator(assertionToken -> {
            return (ValidationContext) converter.convert2(new AssertionToken(assertionToken.getAssertion(), assertionToken.getToken()));
        });
        return assertionToken2 -> {
            return (Saml2ResponseValidatorResult) createDefaultAssertionValidator.convert2(new BaseOpenSamlAuthenticationProvider.AssertionToken(assertionToken2.getAssertion(), assertionToken2.getToken()));
        };
    }

    public static Converter<AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionValidatorWithParameters(Consumer<Map<String, Object>> consumer) {
        Converter<BaseOpenSamlAuthenticationProvider.AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionValidatorWithParameters = BaseOpenSamlAuthenticationProvider.createDefaultAssertionValidatorWithParameters(consumer);
        return assertionToken -> {
            return (Saml2ResponseValidatorResult) createDefaultAssertionValidatorWithParameters.convert2(new BaseOpenSamlAuthenticationProvider.AssertionToken(assertionToken.getAssertion(), assertionToken.getToken()));
        };
    }

    public static Converter<ResponseToken, Saml2Authentication> createDefaultResponseAuthenticationConverter() {
        Converter<BaseOpenSamlAuthenticationProvider.ResponseToken, Saml2Authentication> createDefaultResponseAuthenticationConverter = BaseOpenSamlAuthenticationProvider.createDefaultResponseAuthenticationConverter();
        return responseToken -> {
            return (Saml2Authentication) createDefaultResponseAuthenticationConverter.convert2(new BaseOpenSamlAuthenticationProvider.ResponseToken(responseToken.getResponse(), responseToken.getToken()));
        };
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        return this.delegate.authenticate(authentication);
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return cls != null && Saml2AuthenticationToken.class.isAssignableFrom(cls);
    }
}
