package pl.edu.icm.unity.saml.metadata.cfg;

import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.Random;
import java.util.stream.Collectors;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.saml.SamlProperties;
import pl.edu.icm.unity.saml.idp.SamlIdpProperties;
import xmlbeans.org.oasis.saml2.metadata.EndpointType;
import xmlbeans.org.oasis.saml2.metadata.EntitiesDescriptorDocument;
import xmlbeans.org.oasis.saml2.metadata.EntitiesDescriptorType;
import xmlbeans.org.oasis.saml2.metadata.EntityDescriptorType;
import xmlbeans.org.oasis.saml2.metadata.IndexedEndpointType;
import xmlbeans.org.oasis.saml2.metadata.SSODescriptorType;
import xmlbeans.org.oasis.saml2.metadata.extui.LogoType;
import xmlbeans.org.oasis.saml2.metadata.extui.UIInfoType;

/* loaded from: input_file:pl/edu/icm/unity/saml/metadata/cfg/MetaToIDPConfigConverter.class */
public class MetaToIDPConfigConverter extends AbstractMetaToConfigConverter {
    private static final Logger log = Log.getLogger("unity.server.saml", MetaToIDPConfigConverter.class);
    private static final String IDP_META_CERT = "_IDP_METADATA_CERT_";

    public MetaToIDPConfigConverter(PKIManagement pKIManagement, MessageSource messageSource) {
        super(pKIManagement, messageSource);
    }

    public void convertToProperties(EntitiesDescriptorDocument entitiesDescriptorDocument, Properties properties, SamlIdpProperties samlIdpProperties, String str) {
        super.convertToProperties(entitiesDescriptorDocument, properties, (SamlProperties) samlIdpProperties, str);
    }

    @Override // pl.edu.icm.unity.saml.metadata.cfg.AbstractMetaToConfigConverter
    protected void convertToProperties(EntitiesDescriptorType entitiesDescriptorType, EntityDescriptorType entityDescriptorType, Properties properties, SamlProperties samlProperties, String str) {
        SamlIdpProperties samlIdpProperties = (SamlIdpProperties) samlProperties;
        SSODescriptorType[] sPSSODescriptorArray = entityDescriptorType.getSPSSODescriptorArray();
        SamlIdpProperties.RequestAcceptancePolicy requestAcceptancePolicy = (SamlIdpProperties.RequestAcceptancePolicy) samlIdpProperties.getEnumValue(SamlIdpProperties.SP_ACCEPT_POLICY, SamlIdpProperties.RequestAcceptancePolicy.class);
        if (sPSSODescriptorArray == null || sPSSODescriptorArray.length == 0) {
            return;
        }
        String entityID = entityDescriptorType.getEntityID();
        Random random = new Random();
        for (SSODescriptorType sSODescriptorType : sPSSODescriptorArray) {
            if (!MetaToConfigConverterHelper.supportsSaml2(sSODescriptorType)) {
                log.trace("SP of entity " + entityID + " doesn't support SAML2 - ignoring.");
            } else if (isDisabled(parseMDAttributes(entityDescriptorType.getExtensions(), entityID))) {
                log.trace("SP of entity " + entityID + " is hidden from discovery - ignoring.");
            } else {
                List<X509Certificate> signingCerts = getSigningCerts(sSODescriptorType.getKeyDescriptorArray(), entityID);
                if (!signingCerts.isEmpty()) {
                    try {
                        updatePKICerts(signingCerts, entityID, IDP_META_CERT);
                    } catch (EngineException e) {
                        log.error("Adding remote SPs certs to local certs store failed, skipping IdP: " + entityID, e);
                    }
                } else if (requestAcceptancePolicy == SamlIdpProperties.RequestAcceptancePolicy.strict) {
                    log.info("No signing certificate found for SP, skipping it as the 'strict' trust model is used: " + entityID);
                }
                Map<Integer, String> endpointURLs = getEndpointURLs(sSODescriptorType.getAssertionConsumerServiceArray(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
                String defaultEndpoint = getDefaultEndpoint(sSODescriptorType.getAssertionConsumerServiceArray(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
                if (defaultEndpoint != null && !endpointURLs.isEmpty()) {
                    EndpointType selectEndpointByBinding = selectEndpointByBinding(sSODescriptorType.getSingleLogoutServiceArray(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
                    EndpointType selectEndpointByBinding2 = selectEndpointByBinding(sSODescriptorType.getSingleLogoutServiceArray(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
                    EndpointType selectEndpointByBinding3 = selectEndpointByBinding(sSODescriptorType.getSingleLogoutServiceArray(), "urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
                    UIInfoType parseMDUIInfo = MetaToConfigConverterHelper.parseMDUIInfo(sSODescriptorType.getExtensions(), entityID);
                    addEntryToProperties(entityID, defaultEndpoint, endpointURLs, selectEndpointByBinding3, selectEndpointByBinding2, selectEndpointByBinding, samlIdpProperties, str, properties, random, signingCerts, MetaToConfigConverterHelper.getLocalizedNames(this.msg, parseMDUIInfo, sSODescriptorType, entityDescriptorType), MetaToConfigConverterHelper.getLocalizedLogos(parseMDUIInfo));
                }
            }
        }
    }

    private void addEntryToProperties(String str, String str2, Map<Integer, String> map, EndpointType endpointType, EndpointType endpointType2, EndpointType endpointType3, SamlIdpProperties samlIdpProperties, String str3, Properties properties, Random random, List<X509Certificate> list, Map<String, String> map2, Map<String, LogoType> map3) {
        String existingKey = getExistingKey(str, samlIdpProperties);
        boolean z = existingKey == null;
        if (existingKey == null) {
            existingKey = "unity.saml.acceptedSP._entryFromMetadata_" + random.nextInt() + ".";
        }
        if (z || !properties.containsKey(existingKey + "entity")) {
            properties.setProperty(existingKey + "entity", str);
        }
        if (z || !properties.containsKey(existingKey + "returnURL")) {
            properties.setProperty(existingKey + "returnURL", str2);
        }
        if (z) {
            int i = 0;
            for (Map.Entry<Integer, String> entry : map.entrySet()) {
                while (properties.containsKey(existingKey + "returnURLs." + i)) {
                    i++;
                }
                properties.setProperty(existingKey + "returnURLs." + i, "[" + entry.getKey() + "]" + entry.getValue());
                i++;
            }
        }
        if (z || properties.containsKey(existingKey + "returnURLs.")) {
            properties.setProperty(existingKey + "returnURL", str2);
        }
        setSLOProperty(properties, existingKey, z, endpointType, SamlProperties.SOAP_LOGOUT_URL, null);
        setSLOProperty(properties, existingKey, z, endpointType2, SamlProperties.POST_LOGOUT_URL, SamlProperties.POST_LOGOUT_RET_URL);
        setSLOProperty(properties, existingKey, z, endpointType3, SamlProperties.REDIRECT_LOGOUT_URL, SamlProperties.REDIRECT_LOGOUT_RET_URL);
        if (z || !properties.containsKey(existingKey + "certificate")) {
            int i2 = 1;
            for (X509Certificate x509Certificate : list) {
                if (!properties.containsKey(existingKey + "certificates." + i2)) {
                    properties.setProperty(existingKey + "certificates." + i2, getCertificateKey(x509Certificate, str, IDP_META_CERT));
                }
                i2++;
            }
        }
        for (Map.Entry<String, String> entry2 : map2.entrySet()) {
            if (z || !properties.containsKey(existingKey + "name" + entry2.getKey())) {
                properties.setProperty(existingKey + "name" + entry2.getKey(), entry2.getValue());
            }
        }
        for (Map.Entry<String, LogoType> entry3 : map3.entrySet()) {
            if (z || !properties.containsKey(existingKey + "logoURI" + entry3.getKey())) {
                properties.setProperty(existingKey + "logoURI" + entry3.getKey(), entry3.getValue().getStringValue());
            }
        }
        log.info("Added an accepted SP loaded from SAML metadata: " + str + " with " + str2 + " default return url");
    }

    private String getExistingKey(String str, SamlIdpProperties samlIdpProperties) {
        for (String str2 : samlIdpProperties.getStructuredListKeys(SamlIdpProperties.ALLOWED_SP_PREFIX)) {
            if (str.equals(samlIdpProperties.getValue(str2 + "entity"))) {
                return "unity.saml." + str2;
            }
        }
        return null;
    }

    private EndpointType selectEndpointByBinding(EndpointType[] endpointTypeArr, String str) {
        for (EndpointType endpointType : endpointTypeArr) {
            if (endpointType.getBinding() != null && endpointType.getLocation() != null && endpointType.getBinding().equals(str)) {
                return endpointType;
            }
        }
        return null;
    }

    private String getDefaultEndpoint(IndexedEndpointType[] indexedEndpointTypeArr, String str) {
        Optional findFirst = Arrays.stream(indexedEndpointTypeArr).filter(indexedEndpointType -> {
            return str.equals(indexedEndpointType.getBinding());
        }).filter(indexedEndpointType2 -> {
            return indexedEndpointType2.getIsDefault();
        }).findFirst();
        EndpointType selectEndpointByBinding = findFirst.isPresent() ? (EndpointType) findFirst.get() : selectEndpointByBinding(indexedEndpointTypeArr, str);
        if (selectEndpointByBinding == null) {
            return null;
        }
        return selectEndpointByBinding.getLocation();
    }

    private Map<Integer, String> getEndpointURLs(IndexedEndpointType[] indexedEndpointTypeArr, String str) {
        return (Map) Arrays.stream(indexedEndpointTypeArr).filter(indexedEndpointType -> {
            return str.equals(indexedEndpointType.getBinding());
        }).collect(Collectors.toMap(indexedEndpointType2 -> {
            return Integer.valueOf(indexedEndpointType2.getIndex());
        }, indexedEndpointType3 -> {
            return indexedEndpointType3.getLocation();
        }));
    }
}
