package org.springframework.security.saml2.provider.service.registration;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.function.Consumer;
import org.opensaml.saml.ext.saml2alg.SigningMethod;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.Extensions;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.security.credential.UsageType;
import org.opensaml.xmlsec.keyinfo.KeyInfoSupport;
import org.springframework.security.saml2.Saml2Exception;
import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;

/* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.0.jar:org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.class */
public final class OpenSamlAssertingPartyDetails extends RelyingPartyRegistration.AssertingPartyDetails {
    private final EntityDescriptor descriptor;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.0.jar:org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails$Builder.class */
    public static final class Builder extends RelyingPartyRegistration.AssertingPartyDetails.Builder {
        private EntityDescriptor descriptor;

        private Builder(EntityDescriptor entityDescriptor) {
            this.descriptor = entityDescriptor;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        /* renamed from: entityId, reason: merged with bridge method [inline-methods] */
        public RelyingPartyRegistration.AssertingPartyDetails.Builder entityId2(String str) {
            return (Builder) super.entityId2(str);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        /* renamed from: wantAuthnRequestsSigned, reason: merged with bridge method [inline-methods] */
        public RelyingPartyRegistration.AssertingPartyDetails.Builder wantAuthnRequestsSigned2(boolean z) {
            return (Builder) super.wantAuthnRequestsSigned2(z);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        public RelyingPartyRegistration.AssertingPartyDetails.Builder signingAlgorithms(Consumer<List<String>> consumer) {
            return (Builder) super.signingAlgorithms(consumer);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        public RelyingPartyRegistration.AssertingPartyDetails.Builder verificationX509Credentials(Consumer<Collection<Saml2X509Credential>> consumer) {
            return (Builder) super.verificationX509Credentials(consumer);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        public RelyingPartyRegistration.AssertingPartyDetails.Builder encryptionX509Credentials(Consumer<Collection<Saml2X509Credential>> consumer) {
            return (Builder) super.encryptionX509Credentials(consumer);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        /* renamed from: singleSignOnServiceLocation, reason: merged with bridge method [inline-methods] */
        public RelyingPartyRegistration.AssertingPartyDetails.Builder singleSignOnServiceLocation2(String str) {
            return (Builder) super.singleSignOnServiceLocation2(str);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        /* renamed from: singleSignOnServiceBinding, reason: merged with bridge method [inline-methods] */
        public RelyingPartyRegistration.AssertingPartyDetails.Builder singleSignOnServiceBinding2(Saml2MessageBinding saml2MessageBinding) {
            return (Builder) super.singleSignOnServiceBinding2(saml2MessageBinding);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        /* renamed from: singleLogoutServiceLocation, reason: merged with bridge method [inline-methods] */
        public RelyingPartyRegistration.AssertingPartyDetails.Builder singleLogoutServiceLocation2(String str) {
            return (Builder) super.singleLogoutServiceLocation2(str);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        /* renamed from: singleLogoutServiceResponseLocation, reason: merged with bridge method [inline-methods] */
        public RelyingPartyRegistration.AssertingPartyDetails.Builder singleLogoutServiceResponseLocation2(String str) {
            return (Builder) super.singleLogoutServiceResponseLocation2(str);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        /* renamed from: singleLogoutServiceBinding, reason: merged with bridge method [inline-methods] */
        public RelyingPartyRegistration.AssertingPartyDetails.Builder singleLogoutServiceBinding2(Saml2MessageBinding saml2MessageBinding) {
            return (Builder) super.singleLogoutServiceBinding2(saml2MessageBinding);
        }

        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        public OpenSamlAssertingPartyDetails build() {
            return new OpenSamlAssertingPartyDetails(super.build(), this.descriptor);
        }

        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        /* renamed from: encryptionX509Credentials, reason: avoid collision after fix types in other method */
        public /* bridge */ /* synthetic */ RelyingPartyRegistration.AssertingPartyDetails.Builder encryptionX509Credentials2(Consumer consumer) {
            return encryptionX509Credentials((Consumer<Collection<Saml2X509Credential>>) consumer);
        }

        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        /* renamed from: verificationX509Credentials, reason: avoid collision after fix types in other method */
        public /* bridge */ /* synthetic */ RelyingPartyRegistration.AssertingPartyDetails.Builder verificationX509Credentials2(Consumer consumer) {
            return verificationX509Credentials((Consumer<Collection<Saml2X509Credential>>) consumer);
        }

        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        /* renamed from: signingAlgorithms, reason: avoid collision after fix types in other method */
        public /* bridge */ /* synthetic */ RelyingPartyRegistration.AssertingPartyDetails.Builder signingAlgorithms2(Consumer consumer) {
            return signingAlgorithms((Consumer<List<String>>) consumer);
        }

        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        public /* bridge */ /* synthetic */ RelyingPartyRegistration.AssertingPartyDetails.Builder encryptionX509Credentials(Consumer consumer) {
            return encryptionX509Credentials((Consumer<Collection<Saml2X509Credential>>) consumer);
        }

        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        public /* bridge */ /* synthetic */ RelyingPartyRegistration.AssertingPartyDetails.Builder verificationX509Credentials(Consumer consumer) {
            return verificationX509Credentials((Consumer<Collection<Saml2X509Credential>>) consumer);
        }

        @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
        public /* bridge */ /* synthetic */ RelyingPartyRegistration.AssertingPartyDetails.Builder signingAlgorithms(Consumer consumer) {
            return signingAlgorithms((Consumer<List<String>>) consumer);
        }
    }

    OpenSamlAssertingPartyDetails(RelyingPartyRegistration.AssertingPartyDetails assertingPartyDetails, EntityDescriptor entityDescriptor) {
        super(assertingPartyDetails.getEntityId(), assertingPartyDetails.getWantAuthnRequestsSigned(), assertingPartyDetails.getSigningAlgorithms(), assertingPartyDetails.getVerificationX509Credentials(), assertingPartyDetails.getEncryptionX509Credentials(), assertingPartyDetails.getSingleSignOnServiceLocation(), assertingPartyDetails.getSingleSignOnServiceBinding(), assertingPartyDetails.getSingleLogoutServiceLocation(), assertingPartyDetails.getSingleLogoutServiceResponseLocation(), assertingPartyDetails.getSingleLogoutServiceBinding());
        this.descriptor = entityDescriptor;
    }

    public EntityDescriptor getEntityDescriptor() {
        return this.descriptor;
    }

    public static Builder withEntityDescriptor(EntityDescriptor entityDescriptor) {
        Saml2MessageBinding saml2MessageBinding;
        Saml2MessageBinding saml2MessageBinding2;
        IDPSSODescriptor iDPSSODescriptor = entityDescriptor.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
        if (iDPSSODescriptor == null) {
            throw new Saml2Exception("Metadata response is missing the necessary IDPSSODescriptor element");
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (KeyDescriptor keyDescriptor : iDPSSODescriptor.getKeyDescriptors()) {
            if (keyDescriptor.getUse().equals(UsageType.SIGNING)) {
                Iterator<X509Certificate> it = certificates(keyDescriptor).iterator();
                while (it.hasNext()) {
                    arrayList.add(Saml2X509Credential.verification(it.next()));
                }
            }
            if (keyDescriptor.getUse().equals(UsageType.ENCRYPTION)) {
                Iterator<X509Certificate> it2 = certificates(keyDescriptor).iterator();
                while (it2.hasNext()) {
                    arrayList2.add(Saml2X509Credential.encryption(it2.next()));
                }
            }
            if (keyDescriptor.getUse().equals(UsageType.UNSPECIFIED)) {
                for (X509Certificate x509Certificate : certificates(keyDescriptor)) {
                    arrayList.add(Saml2X509Credential.verification(x509Certificate));
                    arrayList2.add(Saml2X509Credential.encryption(x509Certificate));
                }
            }
        }
        if (arrayList.isEmpty()) {
            throw new Saml2Exception("Metadata response is missing verification certificates, necessary for verifying SAML assertions");
        }
        Builder encryptionX509Credentials = new Builder(entityDescriptor).entityId2(entityDescriptor.getEntityID()).wantAuthnRequestsSigned2(Boolean.TRUE.equals(iDPSSODescriptor.getWantAuthnRequestsSigned())).verificationX509Credentials(collection -> {
            collection.addAll(arrayList);
        }).encryptionX509Credentials(collection2 -> {
            collection2.addAll(arrayList2);
        });
        for (SigningMethod signingMethod : signingMethods(iDPSSODescriptor)) {
            encryptionX509Credentials.signingAlgorithms(list -> {
                list.add(signingMethod.getAlgorithm());
            });
        }
        if (iDPSSODescriptor.getSingleSignOnServices().isEmpty()) {
            throw new Saml2Exception("Metadata response is missing a SingleSignOnService, necessary for sending AuthnRequests");
        }
        for (SingleSignOnService singleSignOnService : iDPSSODescriptor.getSingleSignOnServices()) {
            if (singleSignOnService.getBinding().equals(Saml2MessageBinding.POST.getUrn())) {
                saml2MessageBinding2 = Saml2MessageBinding.POST;
            } else if (singleSignOnService.getBinding().equals(Saml2MessageBinding.REDIRECT.getUrn())) {
                saml2MessageBinding2 = Saml2MessageBinding.REDIRECT;
            }
            encryptionX509Credentials.singleSignOnServiceLocation2(singleSignOnService.getLocation()).singleSignOnServiceBinding2(saml2MessageBinding2);
        }
        for (SingleLogoutService singleLogoutService : iDPSSODescriptor.getSingleLogoutServices()) {
            if (singleLogoutService.getBinding().equals(Saml2MessageBinding.POST.getUrn())) {
                saml2MessageBinding = Saml2MessageBinding.POST;
            } else if (singleLogoutService.getBinding().equals(Saml2MessageBinding.REDIRECT.getUrn())) {
                saml2MessageBinding = Saml2MessageBinding.REDIRECT;
            }
            encryptionX509Credentials.singleLogoutServiceLocation2(singleLogoutService.getLocation()).singleLogoutServiceResponseLocation2(singleLogoutService.getResponseLocation() == null ? singleLogoutService.getLocation() : singleLogoutService.getResponseLocation()).singleLogoutServiceBinding2(saml2MessageBinding);
            return encryptionX509Credentials;
        }
        return encryptionX509Credentials;
    }

    private static List<X509Certificate> certificates(KeyDescriptor keyDescriptor) {
        try {
            return KeyInfoSupport.getCertificates(keyDescriptor.getKeyInfo());
        } catch (CertificateException e) {
            throw new Saml2Exception(e);
        }
    }

    private static List<SigningMethod> signingMethods(IDPSSODescriptor iDPSSODescriptor) {
        List<SigningMethod> signingMethods = signingMethods(iDPSSODescriptor.getExtensions());
        return !signingMethods.isEmpty() ? signingMethods : signingMethods(((EntityDescriptor) iDPSSODescriptor.getParent()).getExtensions());
    }

    private static <T> List<T> signingMethods(Extensions extensions) {
        return extensions != null ? (List<T>) extensions.getUnknownXMLObjects(SigningMethod.DEFAULT_ELEMENT_NAME) : new ArrayList();
    }

    @Override // org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails, org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
    public Builder mutate() {
        return new Builder(this.descriptor).entityId2(getEntityId()).wantAuthnRequestsSigned2(getWantAuthnRequestsSigned()).signingAlgorithms(list -> {
            list.addAll(getSigningAlgorithms());
        }).verificationX509Credentials(collection -> {
            collection.addAll(getVerificationX509Credentials());
        }).encryptionX509Credentials(collection2 -> {
            collection2.addAll(getEncryptionX509Credentials());
        }).singleSignOnServiceLocation2(getSingleSignOnServiceLocation()).singleSignOnServiceBinding2(getSingleSignOnServiceBinding()).singleLogoutServiceLocation2(getSingleLogoutServiceLocation()).singleLogoutServiceResponseLocation2(getSingleLogoutServiceResponseLocation()).singleLogoutServiceBinding2(getSingleLogoutServiceBinding());
    }
}
