package com.evolveum.midpoint.web.security;

import com.evolveum.midpoint.web.security.util.MidpointSamlLocalServiceProviderConfiguration;
import java.util.Collections;
import java.util.LinkedList;
import org.springframework.security.saml.SamlMetadataCache;
import org.springframework.security.saml.SamlTransformer;
import org.springframework.security.saml.SamlValidator;
import org.springframework.security.saml.key.KeyType;
import org.springframework.security.saml.key.SimpleKey;
import org.springframework.security.saml.provider.config.LocalProviderConfiguration;
import org.springframework.security.saml.provider.config.SamlConfigurationRepository;
import org.springframework.security.saml.provider.provisioning.HostBasedSamlServiceProviderProvisioning;
import org.springframework.security.saml.provider.service.AuthenticationRequestEnhancer;
import org.springframework.security.saml.provider.service.HostedServiceProviderService;
import org.springframework.security.saml.provider.service.ServiceProviderService;
import org.springframework.security.saml.provider.service.config.LocalServiceProviderConfiguration;
import org.springframework.security.saml.saml2.metadata.ServiceProviderMetadata;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/evolveum/midpoint/web/security/MidpointHostBasedSamlServiceProviderProvisioning.class */
public class MidpointHostBasedSamlServiceProviderProvisioning extends HostBasedSamlServiceProviderProvisioning {
    private final AuthenticationRequestEnhancer authnRequestEnhancer;

    public MidpointHostBasedSamlServiceProviderProvisioning(SamlConfigurationRepository samlConfigurationRepository, SamlTransformer samlTransformer, SamlValidator samlValidator, SamlMetadataCache samlMetadataCache, AuthenticationRequestEnhancer authenticationRequestEnhancer) {
        super(samlConfigurationRepository, samlTransformer, samlValidator, samlMetadataCache, authenticationRequestEnhancer);
        this.authnRequestEnhancer = authenticationRequestEnhancer;
    }

    protected ServiceProviderService getHostedServiceProvider(LocalServiceProviderConfiguration localServiceProviderConfiguration) {
        String basePath = localServiceProviderConfiguration.getBasePath();
        LinkedList linkedList = new LinkedList();
        SimpleKey simpleKey = null;
        if (localServiceProviderConfiguration.getKeys() != null) {
            SimpleKey active = localServiceProviderConfiguration.getKeys().getActive();
            if (active != null) {
                linkedList.add(active);
                linkedList.add(active.clone(active.getName() + "-encryption", KeyType.ENCRYPTION));
            }
            linkedList.addAll(localServiceProviderConfiguration.getKeys().getStandBy());
            simpleKey = localServiceProviderConfiguration.isSignMetadata() ? localServiceProviderConfiguration.getKeys().getActive() : null;
        }
        ServiceProviderMetadata serviceProviderMetadata = serviceProviderMetadata(basePath, simpleKey, linkedList, StringUtils.hasText(localServiceProviderConfiguration.getPrefix()) ? localServiceProviderConfiguration.getPrefix() : "saml/sp/", getAliasPath(localServiceProviderConfiguration), localServiceProviderConfiguration.getDefaultSigningAlgorithm(), localServiceProviderConfiguration.getDefaultDigest());
        if (!localServiceProviderConfiguration.getNameIds().isEmpty()) {
            serviceProviderMetadata.getServiceProvider().setNameIds(localServiceProviderConfiguration.getNameIds());
        }
        if (!localServiceProviderConfiguration.isSingleLogoutEnabled()) {
            serviceProviderMetadata.getServiceProvider().setSingleLogoutService(Collections.emptyList());
        }
        if (StringUtils.hasText(localServiceProviderConfiguration.getEntityId())) {
            serviceProviderMetadata.setEntityId(localServiceProviderConfiguration.getEntityId());
        }
        if (StringUtils.hasText(localServiceProviderConfiguration.getAlias())) {
            serviceProviderMetadata.setEntityAlias(localServiceProviderConfiguration.getAlias());
        }
        serviceProviderMetadata.getServiceProvider().setWantAssertionsSigned(localServiceProviderConfiguration.isWantAssertionsSigned());
        serviceProviderMetadata.getServiceProvider().setAuthnRequestsSigned(localServiceProviderConfiguration.isSignRequests());
        return new HostedServiceProviderService(localServiceProviderConfiguration, serviceProviderMetadata, getTransformer(), getValidator(), getCache(), this.authnRequestEnhancer);
    }

    protected String getAliasPath(LocalProviderConfiguration localProviderConfiguration) {
        if (localProviderConfiguration instanceof MidpointSamlLocalServiceProviderConfiguration) {
            String aliasForPath = ((MidpointSamlLocalServiceProviderConfiguration) localProviderConfiguration).getAliasForPath();
            if (StringUtils.hasText(aliasForPath)) {
                return aliasForPath;
            }
        }
        return super.getAliasPath(localProviderConfiguration);
    }
}
