package org.springframework.security.saml2.provider.service.web;

import java.io.ByteArrayOutputStream;
import java.nio.charset.StandardCharsets;
import java.util.zip.Inflater;
import java.util.zip.InflaterOutputStream;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.CodecPolicy;
import org.apache.commons.codec.binary.Base64;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.HttpMethod;
import org.springframework.security.saml2.core.Saml2Error;
import org.springframework.security.saml2.core.Saml2ErrorCodes;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverter.class */
public final class Saml2AuthenticationTokenConverter implements AuthenticationConverter {
    private static Base64 BASE64 = new Base64(0, new byte[]{10}, false, CodecPolicy.STRICT);
    private final Converter<HttpServletRequest, RelyingPartyRegistration> relyingPartyRegistrationResolver;

    public Saml2AuthenticationTokenConverter(Converter<HttpServletRequest, RelyingPartyRegistration> converter) {
        Assert.notNull(converter, "relyingPartyRegistrationResolver cannot be null");
        this.relyingPartyRegistrationResolver = converter;
    }

    /* renamed from: convert, reason: merged with bridge method [inline-methods] */
    public Saml2AuthenticationToken m19convert(HttpServletRequest httpServletRequest) {
        String parameter;
        RelyingPartyRegistration relyingPartyRegistration = (RelyingPartyRegistration) this.relyingPartyRegistrationResolver.convert(httpServletRequest);
        if (relyingPartyRegistration == null || (parameter = httpServletRequest.getParameter("SAMLResponse")) == null) {
            return null;
        }
        return new Saml2AuthenticationToken(relyingPartyRegistration, inflateIfRequired(httpServletRequest, samlDecode(parameter)));
    }

    private String inflateIfRequired(HttpServletRequest httpServletRequest, byte[] bArr) {
        return HttpMethod.GET.matches(httpServletRequest.getMethod()) ? samlInflate(bArr) : new String(bArr, StandardCharsets.UTF_8);
    }

    private byte[] samlDecode(String str) {
        try {
            return BASE64.decode(str);
        } catch (Exception e) {
            throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, "Failed to decode SAMLResponse"), e);
        }
    }

    private String samlInflate(byte[] bArr) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            InflaterOutputStream inflaterOutputStream = new InflaterOutputStream(byteArrayOutputStream, new Inflater(true));
            inflaterOutputStream.write(bArr);
            inflaterOutputStream.finish();
            return byteArrayOutputStream.toString(StandardCharsets.UTF_8.name());
        } catch (Exception e) {
            throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, "Unable to inflate string"), e);
        }
    }
}
