package pl.edu.icm.unity.saml.metadata.cfg;

import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.impl.X500NameUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.logging.log4j.Logger;
import org.apache.xmlbeans.XmlCursor;
import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlObject;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.engine.api.pki.NamedCertificate;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.saml.SamlProperties;
import xmlbeans.org.oasis.saml2.assertion.AttributeType;
import xmlbeans.org.oasis.saml2.metadata.EndpointType;
import xmlbeans.org.oasis.saml2.metadata.EntitiesDescriptorDocument;
import xmlbeans.org.oasis.saml2.metadata.EntitiesDescriptorType;
import xmlbeans.org.oasis.saml2.metadata.EntityDescriptorType;
import xmlbeans.org.oasis.saml2.metadata.ExtensionsType;
import xmlbeans.org.oasis.saml2.metadata.KeyDescriptorType;
import xmlbeans.org.oasis.saml2.metadata.KeyTypes;
import xmlbeans.org.oasis.saml2.metadata.extattribute.EntityAttributesDocument;
import xmlbeans.org.oasis.saml2.metadata.extattribute.EntityAttributesType;
import xmlbeans.org.w3.x2000.x09.xmldsig.X509DataType;

/* loaded from: input_file:pl/edu/icm/unity/saml/metadata/cfg/AbstractMetaToConfigConverter.class */
public abstract class AbstractMetaToConfigConverter {
    private static final Logger log = Log.getLogger("unity.server.saml", AbstractMetaToConfigConverter.class);
    protected PKIManagement pkiManagement;
    protected MessageSource msg;

    public AbstractMetaToConfigConverter(PKIManagement pKIManagement, MessageSource messageSource) {
        this.pkiManagement = pKIManagement;
        this.msg = messageSource;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void convertToProperties(EntitiesDescriptorDocument entitiesDescriptorDocument, Properties properties, SamlProperties samlProperties, String str) {
        convertToProperties(entitiesDescriptorDocument.getEntitiesDescriptor(), properties, samlProperties, str);
    }

    protected void convertToProperties(EntitiesDescriptorType entitiesDescriptorType, Properties properties, SamlProperties samlProperties, String str) {
        EntitiesDescriptorType[] entitiesDescriptorArray = entitiesDescriptorType.getEntitiesDescriptorArray();
        if (entitiesDescriptorArray != null) {
            for (EntitiesDescriptorType entitiesDescriptorType2 : entitiesDescriptorArray) {
                convertToProperties(entitiesDescriptorType2, properties, samlProperties, str);
            }
        }
        EntityDescriptorType[] entityDescriptorArray = entitiesDescriptorType.getEntityDescriptorArray();
        if (entityDescriptorArray != null) {
            for (EntityDescriptorType entityDescriptorType : entityDescriptorArray) {
                convertToProperties(entityDescriptorType, properties, samlProperties, str);
            }
        }
    }

    protected abstract void convertToProperties(EntityDescriptorType entityDescriptorType, Properties properties, SamlProperties samlProperties, String str);

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isDisabled(EntityAttributesType entityAttributesType) {
        if (entityAttributesType == null) {
            return false;
        }
        for (AttributeType attributeType : entityAttributesType.getAttributeArray()) {
            if ("http://macedir.org/entity-category".equals(attributeType.getName())) {
                for (XmlObject xmlObject : attributeType.getAttributeValueArray()) {
                    XmlCursor newCursor = xmlObject.newCursor();
                    String textValue = newCursor.getTextValue();
                    newCursor.dispose();
                    if (textValue.equals("http://refeds.org/category/hide-from-discovery")) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<X509Certificate> getSigningCerts(KeyDescriptorType[] keyDescriptorTypeArr, String str) {
        ArrayList arrayList = new ArrayList();
        for (KeyDescriptorType keyDescriptorType : keyDescriptorTypeArr) {
            if (!keyDescriptorType.isSetUse() || KeyTypes.SIGNING.equals(keyDescriptorType.getUse())) {
                X509DataType[] x509DataArray = keyDescriptorType.getKeyInfo().getX509DataArray();
                if (x509DataArray == null || x509DataArray.length == 0) {
                    log.info("Key in SAML metadata is ignored as it doesn't contain X.509 certificate. Entity " + str);
                } else {
                    for (X509DataType x509DataType : x509DataArray) {
                        try {
                            arrayList.add(CertificateUtils.loadCertificate(new ByteArrayInputStream(x509DataType.getX509CertificateArray()[0]), CertificateUtils.Encoding.DER));
                        } catch (IOException e) {
                            log.warn("Can not load/parse a certificate from metadata of " + str + ", ignoring it", e);
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updatePKICerts(List<X509Certificate> list, String str, String str2) throws EngineException {
        synchronized (this.pkiManagement) {
            for (X509Certificate x509Certificate : list) {
                String certificateKey = getCertificateKey(x509Certificate, str, str2);
                try {
                    if (!this.pkiManagement.getCertificate(certificateKey).value.equals(x509Certificate)) {
                        this.pkiManagement.updateCertificate(new NamedCertificate(certificateKey, x509Certificate));
                    }
                } catch (IllegalArgumentException e) {
                    this.pkiManagement.addVolatileCertificate(certificateKey, x509Certificate);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getCertificateKey(X509Certificate x509Certificate, String str, String str2) {
        return str2 + DigestUtils.md5Hex(str) + "#" + DigestUtils.md5Hex(X500NameUtils.getComparableForm(x509Certificate.getSubjectX500Principal().getName()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public EntityAttributesType parseMDAttributes(ExtensionsType extensionsType, String str) {
        if (extensionsType == null) {
            return null;
        }
        NodeList childNodes = extensionsType.getDomNode().getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item.getNodeType() == 1) {
                Element element = (Element) item;
                if ("EntityAttributes".equals(element.getLocalName()) && "urn:oasis:names:tc:SAML:metadata:attribute".equals(element.getNamespaceURI())) {
                    try {
                        return EntityAttributesDocument.Factory.parse(element).getEntityAttributes();
                    } catch (XmlException e) {
                        log.warn("Can not parse entity attributes metadata extension for " + str, e);
                    }
                }
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String convertBinding(String str) {
        if ("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST".equals(str)) {
            return SamlProperties.Binding.HTTP_POST.toString();
        }
        if ("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect".equals(str)) {
            return SamlProperties.Binding.HTTP_REDIRECT.toString();
        }
        if ("urn:oasis:names:tc:SAML:2.0:bindings:SOAP".equals(str)) {
            return SamlProperties.Binding.SOAP.toString();
        }
        throw new IllegalStateException("Unsupported binding: " + str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setSLOProperty(Properties properties, String str, boolean z, EndpointType endpointType, String str2, String str3) {
        if ((z || !properties.containsKey(str + str2)) && endpointType != null) {
            properties.setProperty(str + str2, endpointType.getLocation());
            if (str3 == null || endpointType.getResponseLocation() == null) {
                return;
            }
            properties.setProperty(str + str3, endpointType.getResponseLocation());
        }
    }
}
