package org.springframework.security.saml2.provider.service.metadata;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.function.Consumer;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.opensaml.core.xml.XMLObjectBuilder;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.NameIDFormat;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml.saml2.metadata.impl.EntitiesDescriptorMarshaller;
import org.opensaml.saml.saml2.metadata.impl.EntityDescriptorMarshaller;
import org.opensaml.security.credential.UsageType;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.X509Data;
import org.springframework.security.saml2.Saml2Exception;
import org.springframework.security.saml2.core.OpenSamlInitializationService;
import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver.class */
public final class OpenSamlMetadataResolver implements Saml2MetadataResolver {
    private final EntitiesDescriptorMarshaller entitiesDescriptorMarshaller;
    private Consumer<EntityDescriptorParameters> entityDescriptorCustomizer = entityDescriptorParameters -> {
    };
    private final EntityDescriptorMarshaller entityDescriptorMarshaller = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(EntityDescriptor.DEFAULT_ELEMENT_NAME);

    /* loaded from: input_file:org/springframework/security/saml2/provider/service/metadata/OpenSamlMetadataResolver$EntityDescriptorParameters.class */
    public static final class EntityDescriptorParameters {
        private final EntityDescriptor entityDescriptor;
        private final RelyingPartyRegistration registration;

        public EntityDescriptorParameters(EntityDescriptor entityDescriptor, RelyingPartyRegistration relyingPartyRegistration) {
            this.entityDescriptor = entityDescriptor;
            this.registration = relyingPartyRegistration;
        }

        public EntityDescriptor getEntityDescriptor() {
            return this.entityDescriptor;
        }

        public RelyingPartyRegistration getRelyingPartyRegistration() {
            return this.registration;
        }
    }

    public OpenSamlMetadataResolver() {
        Assert.notNull(this.entityDescriptorMarshaller, "entityDescriptorMarshaller cannot be null");
        this.entitiesDescriptorMarshaller = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(EntitiesDescriptor.DEFAULT_ELEMENT_NAME);
        Assert.notNull(this.entitiesDescriptorMarshaller, "entitiesDescriptorMarshaller cannot be null");
    }

    @Override // org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver
    public String resolve(RelyingPartyRegistration relyingPartyRegistration) {
        return serialize(entityDescriptor(relyingPartyRegistration));
    }

    @Override // org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver
    public String resolve(Iterable<RelyingPartyRegistration> iterable) {
        ArrayList arrayList = new ArrayList();
        Iterator<RelyingPartyRegistration> it = iterable.iterator();
        while (it.hasNext()) {
            arrayList.add(entityDescriptor(it.next()));
        }
        if (arrayList.size() == 1) {
            return serialize((EntityDescriptor) arrayList.iterator().next());
        }
        EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) build(EntitiesDescriptor.DEFAULT_ELEMENT_NAME);
        entitiesDescriptor.getEntityDescriptors().addAll(arrayList);
        return serialize(entitiesDescriptor);
    }

    private EntityDescriptor entityDescriptor(RelyingPartyRegistration relyingPartyRegistration) {
        EntityDescriptor entityDescriptor = (EntityDescriptor) build(EntityDescriptor.DEFAULT_ELEMENT_NAME);
        entityDescriptor.setEntityID(relyingPartyRegistration.getEntityId());
        entityDescriptor.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME).add(buildSpSsoDescriptor(relyingPartyRegistration));
        this.entityDescriptorCustomizer.accept(new EntityDescriptorParameters(entityDescriptor, relyingPartyRegistration));
        return entityDescriptor;
    }

    public void setEntityDescriptorCustomizer(Consumer<EntityDescriptorParameters> consumer) {
        Assert.notNull(consumer, "entityDescriptorCustomizer cannot be null");
        this.entityDescriptorCustomizer = consumer;
    }

    private SPSSODescriptor buildSpSsoDescriptor(RelyingPartyRegistration relyingPartyRegistration) {
        SPSSODescriptor sPSSODescriptor = (SPSSODescriptor) build(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        sPSSODescriptor.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
        sPSSODescriptor.getKeyDescriptors().addAll(buildKeys(relyingPartyRegistration.getSigningX509Credentials(), UsageType.SIGNING));
        sPSSODescriptor.getKeyDescriptors().addAll(buildKeys(relyingPartyRegistration.getDecryptionX509Credentials(), UsageType.ENCRYPTION));
        sPSSODescriptor.getAssertionConsumerServices().add(buildAssertionConsumerService(relyingPartyRegistration));
        if (relyingPartyRegistration.getSingleLogoutServiceLocation() != null) {
            Iterator<Saml2MessageBinding> it = relyingPartyRegistration.getSingleLogoutServiceBindings().iterator();
            while (it.hasNext()) {
                sPSSODescriptor.getSingleLogoutServices().add(buildSingleLogoutService(relyingPartyRegistration, it.next()));
            }
        }
        if (relyingPartyRegistration.getNameIdFormat() != null) {
            sPSSODescriptor.getNameIDFormats().add(buildNameIDFormat(relyingPartyRegistration));
        }
        return sPSSODescriptor;
    }

    private List<KeyDescriptor> buildKeys(Collection<Saml2X509Credential> collection, UsageType usageType) {
        ArrayList arrayList = new ArrayList();
        Iterator<Saml2X509Credential> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(buildKeyDescriptor(usageType, it.next().getCertificate()));
        }
        return arrayList;
    }

    private KeyDescriptor buildKeyDescriptor(UsageType usageType, X509Certificate x509Certificate) {
        KeyDescriptor keyDescriptor = (KeyDescriptor) build(KeyDescriptor.DEFAULT_ELEMENT_NAME);
        KeyInfo keyInfo = (KeyInfo) build(KeyInfo.DEFAULT_ELEMENT_NAME);
        org.opensaml.xmlsec.signature.X509Certificate x509Certificate2 = (org.opensaml.xmlsec.signature.X509Certificate) build(org.opensaml.xmlsec.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
        X509Data x509Data = (X509Data) build(X509Data.DEFAULT_ELEMENT_NAME);
        try {
            x509Certificate2.setValue(new String(Base64.getEncoder().encode(x509Certificate.getEncoded())));
            x509Data.getX509Certificates().add(x509Certificate2);
            keyInfo.getX509Datas().add(x509Data);
            keyDescriptor.setUse(usageType);
            keyDescriptor.setKeyInfo(keyInfo);
            return keyDescriptor;
        } catch (CertificateEncodingException e) {
            throw new Saml2Exception("Cannot encode certificate " + x509Certificate.toString());
        }
    }

    private AssertionConsumerService buildAssertionConsumerService(RelyingPartyRegistration relyingPartyRegistration) {
        AssertionConsumerService assertionConsumerService = (AssertionConsumerService) build(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
        assertionConsumerService.setLocation(relyingPartyRegistration.getAssertionConsumerServiceLocation());
        assertionConsumerService.setBinding(relyingPartyRegistration.getAssertionConsumerServiceBinding().getUrn());
        assertionConsumerService.setIndex(1);
        return assertionConsumerService;
    }

    private SingleLogoutService buildSingleLogoutService(RelyingPartyRegistration relyingPartyRegistration, Saml2MessageBinding saml2MessageBinding) {
        SingleLogoutService singleLogoutService = (SingleLogoutService) build(SingleLogoutService.DEFAULT_ELEMENT_NAME);
        singleLogoutService.setLocation(relyingPartyRegistration.getSingleLogoutServiceLocation());
        singleLogoutService.setResponseLocation(relyingPartyRegistration.getSingleLogoutServiceResponseLocation());
        singleLogoutService.setBinding(saml2MessageBinding.getUrn());
        return singleLogoutService;
    }

    private NameIDFormat buildNameIDFormat(RelyingPartyRegistration relyingPartyRegistration) {
        NameIDFormat nameIDFormat = (NameIDFormat) build(NameIDFormat.DEFAULT_ELEMENT_NAME);
        nameIDFormat.setURI(relyingPartyRegistration.getNameIdFormat());
        return nameIDFormat;
    }

    private <T> T build(QName qName) {
        XMLObjectBuilder builder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName);
        if (builder == null) {
            throw new Saml2Exception("Unable to resolve Builder for " + qName);
        }
        return (T) builder.buildObject(qName);
    }

    private String serialize(EntityDescriptor entityDescriptor) {
        try {
            return SerializeSupport.prettyPrintXML(this.entityDescriptorMarshaller.marshall(entityDescriptor));
        } catch (Exception e) {
            throw new Saml2Exception(e);
        }
    }

    private String serialize(EntitiesDescriptor entitiesDescriptor) {
        try {
            return SerializeSupport.prettyPrintXML(this.entitiesDescriptorMarshaller.marshall(entitiesDescriptor));
        } catch (Exception e) {
            throw new Saml2Exception(e);
        }
    }

    static {
        OpenSamlInitializationService.initialize();
    }
}
