package org.springframework.security.saml2.provider.service.metadata;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.function.Consumer;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.NameIDFormat;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.security.credential.UsageType;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.X509Data;
import org.springframework.security.saml2.Saml2Exception;
import org.springframework.security.saml2.core.OpenSamlInitializationService;
import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
import org.springframework.util.Assert;

@Deprecated
/* loaded from: input_file:org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.class */
public final class OpenSamlMetadataResolver implements Saml2MetadataResolver {
    private final Log logger;
    private OpenSamlOperations saml;
    private Consumer<EntityDescriptorParameters> entityDescriptorCustomizer;
    private boolean usePrettyPrint;
    private boolean signMetadata;

    /* loaded from: input_file:org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver$EntityDescriptorParameters.class */
    public static final class EntityDescriptorParameters {
        private final EntityDescriptor entityDescriptor;
        private final RelyingPartyRegistration registration;

        public EntityDescriptorParameters(EntityDescriptor entityDescriptor, RelyingPartyRegistration relyingPartyRegistration) {
            this.entityDescriptor = entityDescriptor;
            this.registration = relyingPartyRegistration;
        }

        public EntityDescriptor getEntityDescriptor() {
            return this.entityDescriptor;
        }

        public RelyingPartyRegistration getRelyingPartyRegistration() {
            return this.registration;
        }
    }

    public OpenSamlMetadataResolver() {
        this.logger = LogFactory.getLog(getClass());
        this.saml = new OpenSaml4Template();
        this.entityDescriptorCustomizer = entityDescriptorParameters -> {
        };
        this.usePrettyPrint = true;
        this.signMetadata = false;
    }

    OpenSamlMetadataResolver(OpenSamlOperations openSamlOperations) {
        this.logger = LogFactory.getLog(getClass());
        this.saml = new OpenSaml4Template();
        this.entityDescriptorCustomizer = entityDescriptorParameters -> {
        };
        this.usePrettyPrint = true;
        this.signMetadata = false;
        this.saml = openSamlOperations;
    }

    @Override // org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver
    public String resolve(RelyingPartyRegistration relyingPartyRegistration) {
        return serialize(entityDescriptor(relyingPartyRegistration));
    }

    @Override // org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver
    public String resolve(Iterable<RelyingPartyRegistration> iterable) {
        ArrayList arrayList = new ArrayList();
        Iterator<RelyingPartyRegistration> it = iterable.iterator();
        while (it.hasNext()) {
            arrayList.add(entityDescriptor(it.next()));
        }
        if (arrayList.size() == 1) {
            return serialize((EntityDescriptor) arrayList.iterator().next());
        }
        EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) this.saml.build(EntitiesDescriptor.DEFAULT_ELEMENT_NAME);
        entitiesDescriptor.getEntityDescriptors().addAll(arrayList);
        return serialize(entitiesDescriptor);
    }

    /* JADX WARN: Type inference failed for: r0v20, types: [org.springframework.security.saml2.provider.service.metadata.OpenSamlOperations$SignatureConfigurer] */
    private EntityDescriptor entityDescriptor(RelyingPartyRegistration relyingPartyRegistration) {
        EntityDescriptor build = this.saml.build(EntityDescriptor.DEFAULT_ELEMENT_NAME);
        build.setEntityID(relyingPartyRegistration.getEntityId());
        build.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME).add(buildSpSsoDescriptor(relyingPartyRegistration));
        this.entityDescriptorCustomizer.accept(new EntityDescriptorParameters(build, relyingPartyRegistration));
        if (this.signMetadata) {
            return this.saml.withSigningKeys(relyingPartyRegistration.getSigningX509Credentials()).algorithms(relyingPartyRegistration.getAssertingPartyMetadata().getSigningAlgorithms()).sign(build);
        }
        this.logger.trace("Did not sign metadata since `signMetadata` is `false`");
        return build;
    }

    public void setEntityDescriptorCustomizer(Consumer<EntityDescriptorParameters> consumer) {
        Assert.notNull(consumer, "entityDescriptorCustomizer cannot be null");
        this.entityDescriptorCustomizer = consumer;
    }

    public void setUsePrettyPrint(boolean z) {
        this.usePrettyPrint = z;
    }

    private SPSSODescriptor buildSpSsoDescriptor(RelyingPartyRegistration relyingPartyRegistration) {
        SPSSODescriptor build = this.saml.build(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        build.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
        build.getKeyDescriptors().addAll(buildKeys(relyingPartyRegistration.getSigningX509Credentials(), UsageType.SIGNING));
        build.getKeyDescriptors().addAll(buildKeys(relyingPartyRegistration.getDecryptionX509Credentials(), UsageType.ENCRYPTION));
        build.getAssertionConsumerServices().add(buildAssertionConsumerService(relyingPartyRegistration));
        if (relyingPartyRegistration.getSingleLogoutServiceLocation() != null) {
            Iterator<Saml2MessageBinding> it = relyingPartyRegistration.getSingleLogoutServiceBindings().iterator();
            while (it.hasNext()) {
                build.getSingleLogoutServices().add(buildSingleLogoutService(relyingPartyRegistration, it.next()));
            }
        }
        if (relyingPartyRegistration.getNameIdFormat() != null) {
            build.getNameIDFormats().add(buildNameIDFormat(relyingPartyRegistration));
        }
        return build;
    }

    private List<KeyDescriptor> buildKeys(Collection<Saml2X509Credential> collection, UsageType usageType) {
        ArrayList arrayList = new ArrayList();
        Iterator<Saml2X509Credential> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(buildKeyDescriptor(usageType, it.next().getCertificate()));
        }
        return arrayList;
    }

    private KeyDescriptor buildKeyDescriptor(UsageType usageType, X509Certificate x509Certificate) {
        KeyDescriptor build = this.saml.build(KeyDescriptor.DEFAULT_ELEMENT_NAME);
        KeyInfo build2 = this.saml.build(KeyInfo.DEFAULT_ELEMENT_NAME);
        org.opensaml.xmlsec.signature.X509Certificate build3 = this.saml.build(org.opensaml.xmlsec.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
        X509Data build4 = this.saml.build(X509Data.DEFAULT_ELEMENT_NAME);
        try {
            build3.setValue(new String(Base64.getEncoder().encode(x509Certificate.getEncoded())));
            build4.getX509Certificates().add(build3);
            build2.getX509Datas().add(build4);
            build.setUse(usageType);
            build.setKeyInfo(build2);
            return build;
        } catch (CertificateEncodingException e) {
            throw new Saml2Exception("Cannot encode certificate " + x509Certificate.toString());
        }
    }

    private AssertionConsumerService buildAssertionConsumerService(RelyingPartyRegistration relyingPartyRegistration) {
        AssertionConsumerService build = this.saml.build(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
        build.setLocation(relyingPartyRegistration.getAssertionConsumerServiceLocation());
        build.setBinding(relyingPartyRegistration.getAssertionConsumerServiceBinding().getUrn());
        build.setIndex(1);
        return build;
    }

    private SingleLogoutService buildSingleLogoutService(RelyingPartyRegistration relyingPartyRegistration, Saml2MessageBinding saml2MessageBinding) {
        SingleLogoutService build = this.saml.build(SingleLogoutService.DEFAULT_ELEMENT_NAME);
        build.setLocation(relyingPartyRegistration.getSingleLogoutServiceLocation());
        build.setResponseLocation(relyingPartyRegistration.getSingleLogoutServiceResponseLocation());
        build.setBinding(saml2MessageBinding.getUrn());
        return build;
    }

    private NameIDFormat buildNameIDFormat(RelyingPartyRegistration relyingPartyRegistration) {
        NameIDFormat build = this.saml.build(NameIDFormat.DEFAULT_ELEMENT_NAME);
        build.setURI(relyingPartyRegistration.getNameIdFormat());
        return build;
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [org.springframework.security.saml2.provider.service.metadata.OpenSamlOperations$SerializationConfigurer] */
    private String serialize(EntityDescriptor entityDescriptor) {
        return this.saml.serialize((XMLObject) entityDescriptor).prettyPrint(this.usePrettyPrint).serialize();
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [org.springframework.security.saml2.provider.service.metadata.OpenSamlOperations$SerializationConfigurer] */
    private String serialize(EntitiesDescriptor entitiesDescriptor) {
        return this.saml.serialize((XMLObject) entitiesDescriptor).prettyPrint(this.usePrettyPrint).serialize();
    }

    public void setSignMetadata(boolean z) {
        this.signMetadata = z;
    }

    static {
        OpenSamlInitializationService.initialize();
    }
}
