package pl.edu.icm.unity.saml.idp;

import com.vaadin.server.Resource;
import eu.emi.security.authn.x509.X509CertChainValidator;
import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.impl.X500NameUtils;
import eu.unicore.samly2.trust.AcceptingSamlTrustChecker;
import eu.unicore.samly2.trust.EnumeratedTrustChecker;
import eu.unicore.samly2.trust.PKISamlTrustChecker;
import eu.unicore.samly2.trust.SamlTrustChecker;
import eu.unicore.samly2.trust.StrictSamlTrustChecker;
import eu.unicore.samly2.validators.ReplayAttackChecker;
import eu.unicore.util.configuration.ConfigurationException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.temporal.ChronoUnit;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.idp.ActiveValueClient;
import pl.edu.icm.unity.engine.api.idp.IdpPolicyAgreementsConfiguration;
import pl.edu.icm.unity.engine.api.idp.UserImportConfigs;
import pl.edu.icm.unity.saml.sp.config.BaseSamlConfiguration;
import pl.edu.icm.unity.saml.validator.UnityAuthnRequestValidator;
import pl.edu.icm.unity.types.translation.TranslationProfile;
import pl.edu.icm.unity.webui.common.file.ImageAccessService;
import xmlbeans.org.oasis.saml2.assertion.NameIDType;
import xmlbeans.org.oasis.saml2.protocol.AuthnRequestType;

/* loaded from: input_file:pl/edu/icm/unity/saml/idp/SAMLIdPConfiguration.class */
public class SAMLIdPConfiguration extends BaseSamlConfiguration {
    private static final Logger log = Log.getLogger(SamlIdpProperties.LOG_PFX, SAMLIdPConfiguration.class);
    public final int authenticationTimeout;
    public final ResponseSigningPolicy signResponses;
    public final AssertionSigningPolicy signAssertion;
    public final String credentialName;
    public final String truststore;
    public final Duration validityPeriod;
    public final Duration requestValidityPeriod;
    public final String issuerURI;
    public final boolean returnSingleAssertion;
    public final RequestAcceptancePolicy spAcceptPolicy;
    public final boolean userCanEditConsent;
    public final TrustedServiceProviders trustedServiceProviders;
    public final UserImportConfigs userImportConfigs;
    public final TranslationProfile translationProfile;
    public final boolean skipConsent;
    public final Set<ActiveValueClient> activeValueClient;
    public final IdpPolicyAgreementsConfiguration policyAgreements;
    public final X509Credential credential;
    private final X509CertChainValidator trustedValidator;
    public final GroupChooser groupChooser;
    public final SamlAttributeMapper attributesMapper;
    public final IdentityTypeMapper idTypeMapper;
    public final boolean signMetadata;
    public final boolean setNotBeforeConstraint;
    private boolean signRespNever;
    private boolean signRespAlways;
    private ReplayAttackChecker replayChecker;
    private SamlTrustChecker authnTrustChecker;
    private SamlTrustChecker soapTrustChecker;
    private Map<Integer, String> allowedRequestersByIndex;
    public final Optional<AdditionalyAdvertisedCredential> additionallyAdvertisedCredential;

    /* loaded from: input_file:pl/edu/icm/unity/saml/idp/SAMLIdPConfiguration$AssertionSigningPolicy.class */
    public enum AssertionSigningPolicy {
        always,
        ifResponseUnsigned
    }

    /* loaded from: input_file:pl/edu/icm/unity/saml/idp/SAMLIdPConfiguration$RequestAcceptancePolicy.class */
    public enum RequestAcceptancePolicy {
        all,
        validSigner,
        validRequester,
        strict
    }

    /* loaded from: input_file:pl/edu/icm/unity/saml/idp/SAMLIdPConfiguration$ResponseSigningPolicy.class */
    public enum ResponseSigningPolicy {
        always,
        never,
        asRequest
    }

    /* loaded from: input_file:pl/edu/icm/unity/saml/idp/SAMLIdPConfiguration$SAMLIdPConfigurationBuilder.class */
    public static final class SAMLIdPConfigurationBuilder {
        public int authenticationTimeout;
        public ResponseSigningPolicy signResponses;
        public AssertionSigningPolicy signAssertion;
        public String credentialName;
        public X509Credential credential;
        public String truststore;
        public Duration validityPeriod;
        public Duration requestValidityPeriod;
        public String issuerURI;
        public boolean returnSingleAssertion;
        public RequestAcceptancePolicy spAcceptPolicy;
        public boolean publishMetadata;
        public String metadataURLPath;
        public String ourMetadataFilePath;
        private boolean userCanEditConsent;
        private GroupChooser groupChooser;
        private IdentityTypeMapper identityTypeMapper;
        private UserImportConfigs userImportConfigs;
        private TranslationProfile translationProfile;
        private boolean skipConsent;
        private IdpPolicyAgreementsConfiguration policyAgreements;
        private X509CertChainValidator chainValidator;
        private boolean signMetadata;
        private boolean setNotBeforeConstraint;
        public List<BaseSamlConfiguration.RemoteMetadataSource> trustedMetadataSources = List.of();
        private TrustedServiceProviders trustedServiceProviders = new TrustedServiceProviders(List.of());
        private Set<ActiveValueClient> activeValueClient = Set.of();
        private Optional<AdditionalyAdvertisedCredential> additionallyAdvertisedCredential = Optional.empty();

        private SAMLIdPConfigurationBuilder() {
        }

        public SAMLIdPConfigurationBuilder withAuthenticationTimeout(int i) {
            this.authenticationTimeout = i;
            return this;
        }

        public SAMLIdPConfigurationBuilder withSignResponses(ResponseSigningPolicy responseSigningPolicy) {
            this.signResponses = responseSigningPolicy;
            return this;
        }

        public SAMLIdPConfigurationBuilder withSignAssertion(AssertionSigningPolicy assertionSigningPolicy) {
            this.signAssertion = assertionSigningPolicy;
            return this;
        }

        public SAMLIdPConfigurationBuilder withCredentialName(String str) {
            this.credentialName = str;
            return this;
        }

        public SAMLIdPConfigurationBuilder withCredential(X509Credential x509Credential) {
            this.credential = x509Credential;
            return this;
        }

        public SAMLIdPConfigurationBuilder withAdditionallyAdvertisedCredential(Optional<AdditionalyAdvertisedCredential> optional) {
            this.additionallyAdvertisedCredential = optional;
            return this;
        }

        public SAMLIdPConfigurationBuilder withTruststore(String str) {
            this.truststore = str;
            return this;
        }

        public SAMLIdPConfigurationBuilder withValidityPeriod(Duration duration) {
            this.validityPeriod = duration;
            return this;
        }

        public SAMLIdPConfigurationBuilder withRequestValidityPeriod(Duration duration) {
            this.requestValidityPeriod = duration;
            return this;
        }

        public SAMLIdPConfigurationBuilder withIssuerURI(String str) {
            this.issuerURI = str;
            return this;
        }

        public SAMLIdPConfigurationBuilder withReturnSingleAssertion(boolean z) {
            this.returnSingleAssertion = z;
            return this;
        }

        public SAMLIdPConfigurationBuilder withSpAcceptPolicy(RequestAcceptancePolicy requestAcceptancePolicy) {
            this.spAcceptPolicy = requestAcceptancePolicy;
            return this;
        }

        public SAMLIdPConfigurationBuilder withGroupChooser(Map<String, String> map, String str) {
            this.groupChooser = new GroupChooser(map, str);
            return this;
        }

        public SAMLIdPConfigurationBuilder withUserCanEditConsent(boolean z) {
            this.userCanEditConsent = z;
            return this;
        }

        public SAMLIdPConfigurationBuilder withTrustedServiceProviders(TrustedServiceProviders trustedServiceProviders) {
            this.trustedServiceProviders = trustedServiceProviders;
            return this;
        }

        public SAMLIdPConfigurationBuilder withIdentityTypeMapper(Map<String, String> map) {
            this.identityTypeMapper = new IdentityTypeMapper(map);
            return this;
        }

        public SAMLIdPConfigurationBuilder withTrustedMetadataSources(List<BaseSamlConfiguration.RemoteMetadataSource> list) {
            this.trustedMetadataSources = list;
            return this;
        }

        public SAMLIdPConfigurationBuilder withPublishMetadata(boolean z) {
            this.publishMetadata = z;
            return this;
        }

        public SAMLIdPConfigurationBuilder withMetadataURLPath(String str) {
            this.metadataURLPath = str;
            return this;
        }

        public SAMLIdPConfigurationBuilder withOurMetadataFilePath(String str) {
            this.ourMetadataFilePath = str;
            return this;
        }

        public SAMLIdPConfigurationBuilder withUserImportConfigs(UserImportConfigs userImportConfigs) {
            this.userImportConfigs = userImportConfigs;
            return this;
        }

        public SAMLIdPConfigurationBuilder withOutputTranslationProfile(TranslationProfile translationProfile) {
            this.translationProfile = translationProfile;
            return this;
        }

        public SAMLIdPConfigurationBuilder withSkipConsent(boolean z) {
            this.skipConsent = z;
            return this;
        }

        public SAMLIdPConfigurationBuilder withActiveValueClient(Set<ActiveValueClient> set) {
            this.activeValueClient = set;
            return this;
        }

        public SAMLIdPConfigurationBuilder withPolicyAgreements(IdpPolicyAgreementsConfiguration idpPolicyAgreementsConfiguration) {
            this.policyAgreements = idpPolicyAgreementsConfiguration;
            return this;
        }

        public SAMLIdPConfigurationBuilder withChainValidator(X509CertChainValidator x509CertChainValidator) {
            this.chainValidator = x509CertChainValidator;
            return this;
        }

        public SAMLIdPConfigurationBuilder withSignMetadata(boolean z) {
            this.signMetadata = z;
            return this;
        }

        public SAMLIdPConfigurationBuilder withSetNotBeforeConstraint(boolean z) {
            this.setNotBeforeConstraint = z;
            return this;
        }

        public SAMLIdPConfiguration build() {
            return new SAMLIdPConfiguration(this.trustedMetadataSources, this.publishMetadata, this.metadataURLPath, this.ourMetadataFilePath, this.authenticationTimeout, this.signResponses, this.signAssertion, this.credentialName, this.truststore, this.validityPeriod, this.requestValidityPeriod, this.issuerURI, this.returnSingleAssertion, this.spAcceptPolicy, this.userCanEditConsent, this.trustedServiceProviders, this.groupChooser, this.identityTypeMapper, this.userImportConfigs, this.translationProfile, this.skipConsent, this.activeValueClient, this.policyAgreements, this.credential, this.chainValidator, this.signMetadata, this.additionallyAdvertisedCredential, this.setNotBeforeConstraint);
        }
    }

    SAMLIdPConfiguration(List<BaseSamlConfiguration.RemoteMetadataSource> list, boolean z, String str, String str2, int i, ResponseSigningPolicy responseSigningPolicy, AssertionSigningPolicy assertionSigningPolicy, String str3, String str4, Duration duration, Duration duration2, String str5, boolean z2, RequestAcceptancePolicy requestAcceptancePolicy, boolean z3, TrustedServiceProviders trustedServiceProviders, GroupChooser groupChooser, IdentityTypeMapper identityTypeMapper, UserImportConfigs userImportConfigs, TranslationProfile translationProfile, boolean z4, Set<ActiveValueClient> set, IdpPolicyAgreementsConfiguration idpPolicyAgreementsConfiguration, X509Credential x509Credential, X509CertChainValidator x509CertChainValidator, boolean z5, Optional<AdditionalyAdvertisedCredential> optional, boolean z6) {
        super(list, z, str, str2);
        this.attributesMapper = new DefaultSamlAttributesMapper();
        this.authenticationTimeout = i;
        this.signResponses = responseSigningPolicy;
        this.signAssertion = assertionSigningPolicy;
        this.credentialName = str3;
        this.truststore = str4;
        this.validityPeriod = duration;
        this.requestValidityPeriod = duration2;
        this.issuerURI = str5;
        this.returnSingleAssertion = z2;
        this.spAcceptPolicy = requestAcceptancePolicy;
        this.userCanEditConsent = z3;
        this.trustedServiceProviders = trustedServiceProviders;
        this.groupChooser = groupChooser;
        this.idTypeMapper = identityTypeMapper;
        this.userImportConfigs = userImportConfigs;
        this.translationProfile = translationProfile;
        this.skipConsent = z4;
        this.activeValueClient = Set.copyOf(set);
        this.policyAgreements = idpPolicyAgreementsConfiguration;
        this.credential = x509Credential;
        this.trustedValidator = x509CertChainValidator;
        this.signMetadata = z5;
        this.additionallyAdvertisedCredential = optional;
        this.setNotBeforeConstraint = z6;
        load();
    }

    public void load() {
        checkIssuer();
        ResponseSigningPolicy responseSigningPolicy = this.signResponses;
        this.signRespNever = false;
        this.signRespAlways = false;
        if (responseSigningPolicy == ResponseSigningPolicy.always) {
            this.signRespAlways = true;
        } else if (responseSigningPolicy == ResponseSigningPolicy.never) {
            this.signRespNever = true;
        }
        RequestAcceptancePolicy requestAcceptancePolicy = this.spAcceptPolicy;
        if (requestAcceptancePolicy == RequestAcceptancePolicy.all) {
            this.authnTrustChecker = new AcceptingSamlTrustChecker();
            log.info("All SPs will be authorized to submit authentication requests");
        } else if (requestAcceptancePolicy == RequestAcceptancePolicy.validSigner) {
            this.authnTrustChecker = new PKISamlTrustChecker(this.trustedValidator);
            log.info("All SPs using a valid certificate will be authorized to submit authentication requests");
        } else if (requestAcceptancePolicy == RequestAcceptancePolicy.strict) {
            this.authnTrustChecker = createStrictTrustChecker();
        } else {
            EnumeratedTrustChecker enumeratedTrustChecker = new EnumeratedTrustChecker();
            this.authnTrustChecker = enumeratedTrustChecker;
            initValidRequester(enumeratedTrustChecker);
        }
        for (TrustedServiceProvider trustedServiceProvider : this.trustedServiceProviders.getSPConfigs()) {
            if (trustedServiceProvider.encrypt && trustedServiceProvider.getCertificates().isEmpty()) {
                throw new ConfigurationException("Invalid specification of allowed Service Provider " + trustedServiceProvider.allowedKey + " must have the certificate defined to be able to encrypt assertions.");
            }
        }
        if (this.trustedValidator != null) {
            this.soapTrustChecker = new PKISamlTrustChecker(this.trustedValidator, true);
        } else {
            this.soapTrustChecker = new AcceptingSamlTrustChecker();
        }
        this.replayChecker = new ReplayAttackChecker();
    }

    private void checkIssuer() {
        try {
            new URI(this.issuerURI);
        } catch (URISyntaxException e) {
            throw new ConfigurationException("SAML endpoint's issuer is not a valid URI: " + e.getMessage(), e);
        }
    }

    public SamlTrustChecker getAuthnTrustChecker() {
        return this.authnTrustChecker;
    }

    public SamlTrustChecker getSoapTrustChecker() {
        return this.soapTrustChecker;
    }

    public ReplayAttackChecker getReplayChecker() {
        return this.replayChecker;
    }

    public TranslationProfile getOutputTranslationProfile() {
        return this.translationProfile;
    }

    public SamlAttributeMapper getAttributesMapper() {
        return this.attributesMapper;
    }

    public GroupChooser getGroupChooser() {
        return this.groupChooser;
    }

    private void initValidRequester(EnumeratedTrustChecker enumeratedTrustChecker) {
        for (TrustedServiceProvider trustedServiceProvider : this.trustedServiceProviders.getSPConfigs()) {
            String str = trustedServiceProvider.returnUrl;
            if (str == null) {
                throw new ConfigurationException("Invalid specification of allowed Service Provider " + trustedServiceProvider.entityId + ", return address is not set.");
            }
            if (trustedServiceProvider.entityId.id != null && trustedServiceProvider.entityId.dnSamlId != null) {
                throw new ConfigurationException("The allowed SP entry " + trustedServiceProvider.allowedKey + " has both the DN and SAML entity id defined. Please use only one, which is actually used by the SP to identify itself.");
            }
            String str2 = trustedServiceProvider.entityId.id;
            if (str2 != null) {
                this.allowedRequestersByIndex = initAllowedRequesters(trustedServiceProvider.returnUrls);
                enumeratedTrustChecker.addTrustedIssuer(str2, str);
                Iterator<String> it = this.allowedRequestersByIndex.values().iterator();
                while (it.hasNext()) {
                    enumeratedTrustChecker.addTrustedIssuer(str2, it.next());
                }
            } else {
                str2 = trustedServiceProvider.entityId.dnSamlId;
                if (str2 == null) {
                    throw new ConfigurationException("Invalid specification of allowed Service Provider " + trustedServiceProvider.allowedKey + ", neither Entity ID nor DN is set.");
                }
                enumeratedTrustChecker.addTrustedDNIssuer(str2, str);
            }
            log.debug("SP authorized to submit authentication requests: " + str2);
        }
    }

    public X509Certificate getEncryptionCertificateForRequester(NameIDType nameIDType) {
        X509Certificate x509Certificate = null;
        TrustedServiceProvider sPConfig = getSPConfig(nameIDType);
        if (sPConfig == null || !sPConfig.encrypt) {
            return null;
        }
        Date date = new Date();
        for (X509Certificate x509Certificate2 : sPConfig.getCertificates()) {
            if (x509Certificate2.getNotBefore().compareTo(date) >= 0) {
                if (x509Certificate == null) {
                    x509Certificate = x509Certificate2;
                } else if (x509Certificate2.getNotAfter().compareTo(x509Certificate.getNotAfter()) > 0) {
                    x509Certificate = x509Certificate2;
                }
            }
        }
        return x509Certificate;
    }

    public void configureKnownRequesters(UnityAuthnRequestValidator unityAuthnRequestValidator) {
        for (TrustedServiceProvider trustedServiceProvider : this.trustedServiceProviders.getSPConfigs()) {
            String str = trustedServiceProvider.entityId.id;
            if (str != null && trustedServiceProvider.returnUrl != null) {
                unityAuthnRequestValidator.addKnownRequester(str);
            }
        }
    }

    public X509Credential getSamlIssuerCredential() {
        return this.credential;
    }

    public X509Credential getAdditionalyAdvertisedCredential() {
        if (this.additionallyAdvertisedCredential.isPresent()) {
            return this.additionallyAdvertisedCredential.get().credential;
        }
        return null;
    }

    static Map<Integer, String> initAllowedRequesters(Set<String> set) {
        HashMap hashMap = new HashMap();
        Pattern compile = Pattern.compile("\\[([\\d]+)\\](.+)");
        for (String str : set) {
            Matcher matcher = compile.matcher(str);
            if (!matcher.matches()) {
                throw new ConfigurationException("SAML allowed endpoint '" + str + "' has incorrect syntax. Should be [N]URL");
            }
            String group = matcher.group(1);
            hashMap.put(Integer.valueOf(Integer.parseInt(group)), matcher.group(2));
        }
        return hashMap;
    }

    private StrictSamlTrustChecker createStrictTrustChecker() {
        StrictSamlTrustChecker strictSamlTrustChecker = new StrictSamlTrustChecker();
        for (TrustedServiceProvider trustedServiceProvider : this.trustedServiceProviders.getSPConfigs()) {
            String str = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity";
            String str2 = trustedServiceProvider.entityId.id;
            if (str2 == null) {
                str2 = trustedServiceProvider.entityId.dnSamlId;
                str = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName";
            }
            if (str2 == null) {
                throw new ConfigurationException("Invalid specification of allowed Service Provider " + trustedServiceProvider.allowedKey + ", neither Entity ID nor DN is set.");
            }
            Iterator<X509Certificate> it = trustedServiceProvider.getCertificates().iterator();
            while (it.hasNext()) {
                strictSamlTrustChecker.addTrustedIssuer(str2, str, it.next().getPublicKey());
            }
            log.debug("SP authorized to submit authentication requests: " + str2);
        }
        return strictSamlTrustChecker;
    }

    public String getReturnAddressForRequester(AuthnRequestType authnRequestType) {
        String assertionConsumerServiceURL = authnRequestType.getAssertionConsumerServiceURL();
        if (assertionConsumerServiceURL != null) {
            return assertionConsumerServiceURL;
        }
        TrustedServiceProvider sPConfig = getSPConfig(authnRequestType.getIssuer());
        if (sPConfig == null) {
            return null;
        }
        Integer valueOf = authnRequestType.isSetAssertionConsumerServiceIndex() ? Integer.valueOf(authnRequestType.getAssertionConsumerServiceIndex()) : null;
        return valueOf != null ? this.allowedRequestersByIndex.get(valueOf) : sPConfig.returnUrl;
    }

    public String getDisplayedNameForRequester(NameIDType nameIDType, MessageSource messageSource) {
        TrustedServiceProvider sPConfig = getSPConfig(nameIDType);
        if (sPConfig == null || sPConfig.name == null) {
            return null;
        }
        return sPConfig.name.getDefaultLocaleValue(messageSource);
    }

    public Resource getLogoForRequesterOrNull(NameIDType nameIDType, MessageSource messageSource, ImageAccessService imageAccessService) {
        TrustedServiceProvider sPConfig = getSPConfig(nameIDType);
        if (sPConfig == null || sPConfig.logoUri == null) {
            return null;
        }
        return (Resource) imageAccessService.getConfiguredImageResourceFromNullableUri(sPConfig.logoUri.getDefaultLocaleValue(messageSource)).orElse(null);
    }

    public TrustedServiceProvider getSPConfig(NameIDType nameIDType) {
        boolean z = nameIDType.getFormat() != null && nameIDType.getFormat().equals("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
        for (TrustedServiceProvider trustedServiceProvider : this.trustedServiceProviders.getSPConfigs()) {
            if (z) {
                String str = trustedServiceProvider.entityId.dnSamlId;
                if (str != null && X500NameUtils.equal(str, nameIDType.getStringValue())) {
                    return trustedServiceProvider;
                }
            } else {
                String str2 = trustedServiceProvider.entityId.id;
                if (str2 != null && str2.equals(nameIDType.getStringValue())) {
                    return trustedServiceProvider;
                }
            }
        }
        return null;
    }

    public List<PublicKey> getTrustedKeysForSamlEntity(NameIDType nameIDType) {
        TrustedServiceProvider sPConfig = getSPConfig(nameIDType);
        if (sPConfig == null) {
            return null;
        }
        return (List) sPConfig.getCertificates().stream().map((v0) -> {
            return v0.getPublicKey();
        }).collect(Collectors.toList());
    }

    public boolean isSignRespNever() {
        return this.signRespNever;
    }

    public boolean isSignRespAlways() {
        return this.signRespAlways;
    }

    public Duration getAuthenticationTimeoutDuration() {
        return Duration.of(this.authenticationTimeout, ChronoUnit.SECONDS);
    }

    @Override // pl.edu.icm.unity.saml.sp.config.BaseSamlConfiguration
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass() || !super.equals(obj)) {
            return false;
        }
        SAMLIdPConfiguration sAMLIdPConfiguration = (SAMLIdPConfiguration) obj;
        return this.authenticationTimeout == sAMLIdPConfiguration.authenticationTimeout && this.validityPeriod == sAMLIdPConfiguration.validityPeriod && this.requestValidityPeriod == sAMLIdPConfiguration.requestValidityPeriod && this.returnSingleAssertion == sAMLIdPConfiguration.returnSingleAssertion && this.userCanEditConsent == sAMLIdPConfiguration.userCanEditConsent && this.skipConsent == sAMLIdPConfiguration.skipConsent && this.signMetadata == sAMLIdPConfiguration.signMetadata && this.signRespNever == sAMLIdPConfiguration.signRespNever && this.signRespAlways == sAMLIdPConfiguration.signRespAlways && this.signResponses == sAMLIdPConfiguration.signResponses && this.signAssertion == sAMLIdPConfiguration.signAssertion && Objects.equals(this.credentialName, sAMLIdPConfiguration.credentialName) && Objects.equals(this.additionallyAdvertisedCredential, sAMLIdPConfiguration.additionallyAdvertisedCredential) && Objects.equals(this.truststore, sAMLIdPConfiguration.truststore) && Objects.equals(this.issuerURI, sAMLIdPConfiguration.issuerURI) && this.spAcceptPolicy == sAMLIdPConfiguration.spAcceptPolicy && Objects.equals(this.trustedServiceProviders, sAMLIdPConfiguration.trustedServiceProviders) && Objects.equals(this.userImportConfigs, sAMLIdPConfiguration.userImportConfigs) && Objects.equals(this.translationProfile, sAMLIdPConfiguration.translationProfile) && Objects.equals(this.activeValueClient, sAMLIdPConfiguration.activeValueClient) && Objects.equals(this.policyAgreements, sAMLIdPConfiguration.policyAgreements) && Objects.equals(this.credential, sAMLIdPConfiguration.credential) && Objects.equals(this.trustedValidator, sAMLIdPConfiguration.trustedValidator) && Objects.equals(this.groupChooser, sAMLIdPConfiguration.groupChooser) && Objects.equals(this.attributesMapper, sAMLIdPConfiguration.attributesMapper) && Objects.equals(this.idTypeMapper, sAMLIdPConfiguration.idTypeMapper) && Objects.equals(this.replayChecker, sAMLIdPConfiguration.replayChecker) && Objects.equals(this.authnTrustChecker, sAMLIdPConfiguration.authnTrustChecker) && Objects.equals(this.soapTrustChecker, sAMLIdPConfiguration.soapTrustChecker) && Objects.equals(this.allowedRequestersByIndex, sAMLIdPConfiguration.allowedRequestersByIndex) && Objects.equals(Boolean.valueOf(this.setNotBeforeConstraint), Boolean.valueOf(sAMLIdPConfiguration.setNotBeforeConstraint));
    }

    @Override // pl.edu.icm.unity.saml.sp.config.BaseSamlConfiguration
    public int hashCode() {
        return Objects.hash(Integer.valueOf(super.hashCode()), Integer.valueOf(this.authenticationTimeout), this.signResponses, this.signAssertion, this.credentialName, this.additionallyAdvertisedCredential, this.truststore, this.validityPeriod, this.requestValidityPeriod, this.issuerURI, Boolean.valueOf(this.returnSingleAssertion), this.spAcceptPolicy, Boolean.valueOf(this.userCanEditConsent), this.trustedServiceProviders, this.userImportConfigs, this.translationProfile, Boolean.valueOf(this.skipConsent), this.activeValueClient, this.policyAgreements, this.credential, this.trustedValidator, this.groupChooser, this.attributesMapper, this.idTypeMapper, Boolean.valueOf(this.signMetadata), Boolean.valueOf(this.signRespNever), Boolean.valueOf(this.signRespAlways), this.replayChecker, this.authnTrustChecker, this.soapTrustChecker, this.allowedRequestersByIndex, Boolean.valueOf(this.setNotBeforeConstraint));
    }

    public String toString() {
        return "SAMLIdPConfiguration{authenticationTimeout=" + this.authenticationTimeout + ", signResponses=" + this.signResponses + ", signAssertion=" + this.signAssertion + ", credentialName='" + this.credentialName + "', truststore='" + this.truststore + "', validityPeriod=" + this.validityPeriod + ", requestValidityPeriod=" + this.requestValidityPeriod + ", issuerURI='" + this.issuerURI + "', returnSingleAssertion=" + this.returnSingleAssertion + ", spAcceptPolicy=" + this.spAcceptPolicy + ", userCanEditConsent=" + this.userCanEditConsent + ", trustedServiceProviders=" + this.trustedServiceProviders + ", userImportConfigs=" + this.userImportConfigs + ", translationProfile=" + this.translationProfile + ", skipConsent=" + this.skipConsent + ", activeValueClient=" + this.activeValueClient + ", policyAgreements=" + this.policyAgreements + ", credential=" + this.credential + ", trustedValidator=" + this.trustedValidator + ", groupChooser=" + this.groupChooser + ", attributesMapper=" + this.attributesMapper + ", idTypeMapper=" + this.idTypeMapper + ", signMetadata=" + this.signMetadata + ", signRespNever=" + this.signRespNever + ", signRespAlways=" + this.signRespAlways + ", replayChecker=" + this.replayChecker + ", authnTrustChecker=" + this.authnTrustChecker + ", soapTrustChecker=" + this.soapTrustChecker + ", allowedRequestersByIndex=" + this.allowedRequestersByIndex + ", setNotBeforeConstraint=" + this.setNotBeforeConstraint + "}";
    }

    public static SAMLIdPConfigurationBuilder builder() {
        return new SAMLIdPConfigurationBuilder();
    }
}
