package pl.edu.icm.unity.saml.metadata.cfg;

import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.saml.SamlProperties;
import pl.edu.icm.unity.saml.sp.SAMLSPProperties;
import xmlbeans.org.oasis.saml2.metadata.EndpointType;
import xmlbeans.org.oasis.saml2.metadata.EntitiesDescriptorDocument;
import xmlbeans.org.oasis.saml2.metadata.EntityDescriptorType;
import xmlbeans.org.oasis.saml2.metadata.SSODescriptorType;
import xmlbeans.org.oasis.saml2.metadata.extui.LogoType;
import xmlbeans.org.oasis.saml2.metadata.extui.UIInfoType;

/* loaded from: input_file:pl/edu/icm/unity/saml/metadata/cfg/MetaToSPConfigConverter.class */
public class MetaToSPConfigConverter extends AbstractMetaToConfigConverter {
    private static final Logger log = Log.getLogger("unity.server.saml", MetaToSPConfigConverter.class);
    private static final String SP_META_CERT = "_SP_METADATA_CERT_";

    public MetaToSPConfigConverter(PKIManagement pKIManagement, MessageSource messageSource) {
        super(pKIManagement, messageSource);
    }

    public void convertToProperties(EntitiesDescriptorDocument entitiesDescriptorDocument, Properties properties, SAMLSPProperties sAMLSPProperties, String str) {
        super.convertToProperties(entitiesDescriptorDocument, properties, (SamlProperties) sAMLSPProperties, str);
    }

    @Override // pl.edu.icm.unity.saml.metadata.cfg.AbstractMetaToConfigConverter
    protected void convertToProperties(EntityDescriptorType entityDescriptorType, Properties properties, SamlProperties samlProperties, String str) {
        SAMLSPProperties sAMLSPProperties = (SAMLSPProperties) samlProperties;
        SSODescriptorType[] iDPSSODescriptorArray = entityDescriptorType.getIDPSSODescriptorArray();
        if (iDPSSODescriptorArray == null || iDPSSODescriptorArray.length == 0) {
            return;
        }
        String entityID = entityDescriptorType.getEntityID();
        for (SSODescriptorType sSODescriptorType : iDPSSODescriptorArray) {
            if (!MetaToConfigConverterHelper.supportsSaml2(sSODescriptorType)) {
                log.trace("IDP of entity " + entityID + " doesn't support SAML2 - ignoring.");
            } else if (isDisabled(parseMDAttributes(entityDescriptorType.getExtensions(), entityID))) {
                log.trace("IDP of entity " + entityID + " is hidden from discovery - ignoring.");
            } else {
                List<X509Certificate> signingCerts = getSigningCerts(sSODescriptorType.getKeyDescriptorArray(), entityID);
                if (signingCerts.isEmpty()) {
                    log.info("No signing certificate found for IdP, skipping it: " + entityID);
                } else {
                    boolean isSetWantAuthnRequestsSigned = sSODescriptorType.isSetWantAuthnRequestsSigned();
                    EndpointType selectWebEndpoint = selectWebEndpoint(sSODescriptorType.getSingleSignOnServiceArray());
                    EndpointType selectEndpointByBinding = selectEndpointByBinding(sSODescriptorType.getSingleSignOnServiceArray(), "urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
                    EndpointType selectEndpointByBinding2 = selectEndpointByBinding(sSODescriptorType.getSingleLogoutServiceArray(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
                    EndpointType selectEndpointByBinding3 = selectEndpointByBinding(sSODescriptorType.getSingleLogoutServiceArray(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
                    EndpointType selectEndpointByBinding4 = selectEndpointByBinding(sSODescriptorType.getSingleLogoutServiceArray(), "urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
                    if (selectWebEndpoint != null || selectEndpointByBinding != null) {
                        try {
                            updatePKICerts(signingCerts, entityID, SP_META_CERT);
                            UIInfoType parseMDUIInfo = MetaToConfigConverterHelper.parseMDUIInfo(sSODescriptorType.getExtensions(), entityID);
                            Map<String, String> localizedNames = MetaToConfigConverterHelper.getLocalizedNames(this.msg, parseMDUIInfo, sSODescriptorType, entityDescriptorType);
                            Map<String, LogoType> localizedLogos = MetaToConfigConverterHelper.getLocalizedLogos(parseMDUIInfo);
                            if (selectWebEndpoint != null) {
                                addEntryToProperties(entityID, selectWebEndpoint, selectEndpointByBinding4, selectEndpointByBinding3, selectEndpointByBinding2, isSetWantAuthnRequestsSigned, sAMLSPProperties, str, properties, 1, signingCerts, localizedNames, localizedLogos);
                            }
                            if (selectEndpointByBinding != null) {
                                addEntryToProperties(entityID, selectEndpointByBinding, selectEndpointByBinding4, selectEndpointByBinding3, selectEndpointByBinding2, isSetWantAuthnRequestsSigned, sAMLSPProperties, str, properties, 2, signingCerts, localizedNames, localizedLogos);
                            }
                        } catch (EngineException e) {
                            log.error("Adding remote IDPs certs to local certs store failed, skipping IdP: " + entityID, e);
                        }
                    }
                }
            }
        }
    }

    private void addEntryToProperties(String str, EndpointType endpointType, EndpointType endpointType2, EndpointType endpointType3, EndpointType endpointType4, boolean z, SAMLSPProperties sAMLSPProperties, String str2, Properties properties, int i, List<X509Certificate> list, Map<String, String> map, Map<String, LogoType> map2) {
        String existingKey = getExistingKey(str, sAMLSPProperties);
        String value = sAMLSPProperties.getValue(str2 + SAMLSPProperties.IDPMETA_TRANSLATION_PROFILE);
        String value2 = sAMLSPProperties.getValue(str2 + SAMLSPProperties.IDPMETA_EMBEDDED_TRANSLATION_PROFILE);
        String value3 = sAMLSPProperties.getValue(str2 + SAMLSPProperties.IDPMETA_REGISTRATION_FORM);
        boolean z2 = existingKey == null;
        String md5Hex = DigestUtils.md5Hex(str);
        if (existingKey == null) {
            existingKey = "unity.saml.requester.remoteIdp._entryFromMetadata_" + md5Hex + "+" + i + ".";
        }
        if (z2 || !properties.containsKey(existingKey + SAMLSPProperties.IDP_ID)) {
            properties.setProperty(existingKey + SAMLSPProperties.IDP_ID, str);
        }
        if (z2 || !properties.containsKey(existingKey + SAMLSPProperties.IDP_BINDING)) {
            properties.setProperty(existingKey + SAMLSPProperties.IDP_BINDING, convertBinding(endpointType.getBinding()));
        }
        if (z2 || !properties.containsKey(existingKey + SAMLSPProperties.IDP_ADDRESS)) {
            properties.setProperty(existingKey + SAMLSPProperties.IDP_ADDRESS, endpointType.getLocation());
        }
        setSLOProperty(properties, existingKey, z2, endpointType2, SamlProperties.SOAP_LOGOUT_URL, null);
        setSLOProperty(properties, existingKey, z2, endpointType3, SamlProperties.POST_LOGOUT_URL, SamlProperties.POST_LOGOUT_RET_URL);
        setSLOProperty(properties, existingKey, z2, endpointType4, SamlProperties.REDIRECT_LOGOUT_URL, SamlProperties.REDIRECT_LOGOUT_RET_URL);
        if (z2 || !properties.containsKey(existingKey + "certificate")) {
            int i2 = 1;
            for (X509Certificate x509Certificate : list) {
                if (!properties.containsKey(existingKey + "certificates." + i2)) {
                    properties.setProperty(existingKey + "certificates." + i2, getCertificateKey(x509Certificate, str, SP_META_CERT));
                }
                i2++;
            }
        }
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String str3 = existingKey + "name" + entry.getKey();
            if (z2 || !properties.containsKey(str3)) {
                properties.setProperty(str3, entry.getValue());
            }
        }
        for (Map.Entry<String, LogoType> entry2 : map2.entrySet()) {
            String str4 = existingKey + "logoURI" + entry2.getKey();
            if (z2 || !properties.containsKey(str4)) {
                properties.setProperty(str4, entry2.getValue().getStringValue());
            }
        }
        if (z2 || !properties.containsKey(existingKey + SAMLSPProperties.IDP_SIGN_REQUEST)) {
            properties.setProperty(existingKey + SAMLSPProperties.IDP_SIGN_REQUEST, Boolean.toString(z));
        }
        if (value != null && (z2 || !properties.containsKey(existingKey + "translationProfile"))) {
            properties.setProperty(existingKey + "translationProfile", value);
        }
        if (value2 != null && (z2 || !properties.containsKey(existingKey + "embeddedTranslationProfile"))) {
            properties.setProperty(existingKey + "embeddedTranslationProfile", value2);
        }
        if (value3 != null && (z2 || !properties.containsKey(existingKey + "registrationFormForUnknown"))) {
            properties.setProperty(existingKey + "registrationFormForUnknown", value3);
        }
        log.debug("Added a trusted IdP loaded from SAML metadata: " + str + " with " + endpointType.getBinding() + " binding");
    }

    private String getExistingKey(String str, SAMLSPProperties sAMLSPProperties) {
        for (String str2 : sAMLSPProperties.getStructuredListKeys(SAMLSPProperties.IDP_PREFIX)) {
            if (str.equals(sAMLSPProperties.getValue(str2 + SAMLSPProperties.IDP_ID))) {
                return SAMLSPProperties.P + str2;
            }
        }
        return null;
    }

    private EndpointType selectWebEndpoint(EndpointType[] endpointTypeArr) {
        EndpointType endpointType = null;
        for (EndpointType endpointType2 : endpointTypeArr) {
            if (endpointType2.getBinding() != null && endpointType2.getLocation() != null) {
                if (endpointType2.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
                    return endpointType2;
                }
                if (endpointType2.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
                    endpointType = endpointType2;
                }
            }
        }
        return endpointType;
    }

    private EndpointType selectEndpointByBinding(EndpointType[] endpointTypeArr, String str) {
        for (EndpointType endpointType : endpointTypeArr) {
            if (endpointType.getBinding() != null && endpointType.getLocation() != null && endpointType.getBinding().equals(str)) {
                return endpointType;
            }
        }
        return null;
    }
}
