package org.springframework.security.saml2.provider.service.registration;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.function.Consumer;
import java.util.function.Function;
import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.security.saml2.credentials.Saml2X509Credential;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.class */
public final class RelyingPartyRegistration {
    private final String registrationId;
    private final String entityId;
    private final String assertionConsumerServiceLocation;
    private final Saml2MessageBinding assertionConsumerServiceBinding;
    private final ProviderDetails providerDetails;
    private final List<Saml2X509Credential> credentials;
    private final Collection<org.springframework.security.saml2.core.Saml2X509Credential> decryptionX509Credentials;
    private final Collection<org.springframework.security.saml2.core.Saml2X509Credential> signingX509Credentials;

    /* loaded from: input_file:org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration$AssertingPartyDetails.class */
    public static final class AssertingPartyDetails {
        private final String entityId;
        private final boolean wantAuthnRequestsSigned;
        private final Collection<org.springframework.security.saml2.core.Saml2X509Credential> verificationX509Credentials;
        private final Collection<org.springframework.security.saml2.core.Saml2X509Credential> encryptionX509Credentials;
        private final String singleSignOnServiceLocation;
        private final Saml2MessageBinding singleSignOnServiceBinding;

        /* loaded from: input_file:org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration$AssertingPartyDetails$Builder.class */
        public static final class Builder {
            private String entityId;
            private String singleSignOnServiceLocation;
            private boolean wantAuthnRequestsSigned = true;
            private Collection<org.springframework.security.saml2.core.Saml2X509Credential> verificationX509Credentials = new HashSet();
            private Collection<org.springframework.security.saml2.core.Saml2X509Credential> encryptionX509Credentials = new HashSet();
            private Saml2MessageBinding singleSignOnServiceBinding = Saml2MessageBinding.REDIRECT;

            public Builder entityId(String str) {
                this.entityId = str;
                return this;
            }

            public Builder wantAuthnRequestsSigned(boolean z) {
                this.wantAuthnRequestsSigned = z;
                return this;
            }

            public Builder verificationX509Credentials(Consumer<Collection<org.springframework.security.saml2.core.Saml2X509Credential>> consumer) {
                consumer.accept(this.verificationX509Credentials);
                return this;
            }

            public Builder encryptionX509Credentials(Consumer<Collection<org.springframework.security.saml2.core.Saml2X509Credential>> consumer) {
                consumer.accept(this.encryptionX509Credentials);
                return this;
            }

            public Builder singleSignOnServiceLocation(String str) {
                this.singleSignOnServiceLocation = str;
                return this;
            }

            public Builder singleSignOnServiceBinding(Saml2MessageBinding saml2MessageBinding) {
                this.singleSignOnServiceBinding = saml2MessageBinding;
                return this;
            }

            public AssertingPartyDetails build() {
                return new AssertingPartyDetails(this.entityId, this.wantAuthnRequestsSigned, this.verificationX509Credentials, this.encryptionX509Credentials, this.singleSignOnServiceLocation, this.singleSignOnServiceBinding);
            }
        }

        private AssertingPartyDetails(String str, boolean z, Collection<org.springframework.security.saml2.core.Saml2X509Credential> collection, Collection<org.springframework.security.saml2.core.Saml2X509Credential> collection2, String str2, Saml2MessageBinding saml2MessageBinding) {
            Assert.hasText(str, "entityId cannot be null or empty");
            Assert.notNull(collection, "verificationX509Credentials cannot be null");
            for (org.springframework.security.saml2.core.Saml2X509Credential saml2X509Credential : collection) {
                Assert.notNull(saml2X509Credential, "verificationX509Credentials cannot have null values");
                Assert.isTrue(saml2X509Credential.isVerificationCredential(), "All verificationX509Credentials must have a usage of VERIFICATION set");
            }
            Assert.notNull(collection2, "encryptionX509Credentials cannot be null");
            for (org.springframework.security.saml2.core.Saml2X509Credential saml2X509Credential2 : collection2) {
                Assert.notNull(saml2X509Credential2, "encryptionX509Credentials cannot have null values");
                Assert.isTrue(saml2X509Credential2.isEncryptionCredential(), "All encryptionX509Credentials must have a usage of ENCRYPTION set");
            }
            Assert.notNull(str2, "singleSignOnServiceLocation cannot be null");
            Assert.notNull(saml2MessageBinding, "singleSignOnServiceBinding cannot be null");
            this.entityId = str;
            this.wantAuthnRequestsSigned = z;
            this.verificationX509Credentials = collection;
            this.encryptionX509Credentials = collection2;
            this.singleSignOnServiceLocation = str2;
            this.singleSignOnServiceBinding = saml2MessageBinding;
        }

        public String getEntityId() {
            return this.entityId;
        }

        public boolean getWantAuthnRequestsSigned() {
            return this.wantAuthnRequestsSigned;
        }

        public Collection<org.springframework.security.saml2.core.Saml2X509Credential> getVerificationX509Credentials() {
            return this.verificationX509Credentials;
        }

        public Collection<org.springframework.security.saml2.core.Saml2X509Credential> getEncryptionX509Credentials() {
            return this.encryptionX509Credentials;
        }

        public String getSingleSignOnServiceLocation() {
            return this.singleSignOnServiceLocation;
        }

        public Saml2MessageBinding getSingleSignOnServiceBinding() {
            return this.singleSignOnServiceBinding;
        }
    }

    /* loaded from: input_file:org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration$Builder.class */
    public static final class Builder {
        private String registrationId;
        private String entityId;
        private Collection<org.springframework.security.saml2.core.Saml2X509Credential> signingX509Credentials;
        private Collection<org.springframework.security.saml2.core.Saml2X509Credential> decryptionX509Credentials;
        private String assertionConsumerServiceLocation;
        private Saml2MessageBinding assertionConsumerServiceBinding;
        private ProviderDetails.Builder providerDetails;
        private Collection<Saml2X509Credential> credentials;

        private Builder(String str) {
            this.entityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
            this.signingX509Credentials = new HashSet();
            this.decryptionX509Credentials = new HashSet();
            this.assertionConsumerServiceLocation = "{baseUrl}/login/saml2/sso/{registrationId}";
            this.assertionConsumerServiceBinding = Saml2MessageBinding.POST;
            this.providerDetails = new ProviderDetails.Builder();
            this.credentials = new HashSet();
            this.registrationId = str;
        }

        public Builder registrationId(String str) {
            this.registrationId = str;
            return this;
        }

        public Builder entityId(String str) {
            this.entityId = str;
            return this;
        }

        public Builder signingX509Credentials(Consumer<Collection<org.springframework.security.saml2.core.Saml2X509Credential>> consumer) {
            consumer.accept(this.signingX509Credentials);
            return this;
        }

        public Builder decryptionX509Credentials(Consumer<Collection<org.springframework.security.saml2.core.Saml2X509Credential>> consumer) {
            consumer.accept(this.decryptionX509Credentials);
            return this;
        }

        public Builder assertionConsumerServiceLocation(String str) {
            this.assertionConsumerServiceLocation = str;
            return this;
        }

        public Builder assertionConsumerServiceBinding(Saml2MessageBinding saml2MessageBinding) {
            this.assertionConsumerServiceBinding = saml2MessageBinding;
            return this;
        }

        public Builder assertingPartyDetails(Consumer<AssertingPartyDetails.Builder> consumer) {
            consumer.accept(this.providerDetails.assertingPartyDetailsBuilder);
            return this;
        }

        @Deprecated
        public Builder credentials(Consumer<Collection<Saml2X509Credential>> consumer) {
            consumer.accept(this.credentials);
            return this;
        }

        @Deprecated
        public Builder assertionConsumerServiceUrlTemplate(String str) {
            this.assertionConsumerServiceLocation = str;
            return this;
        }

        @Deprecated
        public Builder remoteIdpEntityId(String str) {
            assertingPartyDetails(builder -> {
                builder.entityId(str);
            });
            return this;
        }

        @Deprecated
        public Builder idpWebSsoUrl(String str) {
            assertingPartyDetails(builder -> {
                builder.singleSignOnServiceLocation(str);
            });
            return this;
        }

        @Deprecated
        public Builder localEntityIdTemplate(String str) {
            this.entityId = str;
            return this;
        }

        @Deprecated
        public Builder providerDetails(Consumer<ProviderDetails.Builder> consumer) {
            consumer.accept(this.providerDetails);
            return this;
        }

        public RelyingPartyRegistration build() {
            for (Saml2X509Credential saml2X509Credential : this.credentials) {
                org.springframework.security.saml2.core.Saml2X509Credential fromDeprecated = RelyingPartyRegistration.fromDeprecated(saml2X509Credential);
                if (saml2X509Credential.isSigningCredential()) {
                    signingX509Credentials(collection -> {
                        collection.add(fromDeprecated);
                    });
                }
                if (saml2X509Credential.isDecryptionCredential()) {
                    decryptionX509Credentials(collection2 -> {
                        collection2.add(fromDeprecated);
                    });
                }
                if (saml2X509Credential.isSignatureVerficationCredential()) {
                    this.providerDetails.assertingPartyDetailsBuilder.verificationX509Credentials(collection3 -> {
                        collection3.add(fromDeprecated);
                    });
                }
                if (saml2X509Credential.isEncryptionCredential()) {
                    this.providerDetails.assertingPartyDetailsBuilder.encryptionX509Credentials(collection4 -> {
                        collection4.add(fromDeprecated);
                    });
                }
            }
            Iterator<org.springframework.security.saml2.core.Saml2X509Credential> it = this.signingX509Credentials.iterator();
            while (it.hasNext()) {
                this.credentials.add(RelyingPartyRegistration.toDeprecated(it.next()));
            }
            Iterator<org.springframework.security.saml2.core.Saml2X509Credential> it2 = this.decryptionX509Credentials.iterator();
            while (it2.hasNext()) {
                this.credentials.add(RelyingPartyRegistration.toDeprecated(it2.next()));
            }
            Iterator it3 = this.providerDetails.assertingPartyDetailsBuilder.verificationX509Credentials.iterator();
            while (it3.hasNext()) {
                this.credentials.add(RelyingPartyRegistration.toDeprecated((org.springframework.security.saml2.core.Saml2X509Credential) it3.next()));
            }
            Iterator it4 = this.providerDetails.assertingPartyDetailsBuilder.encryptionX509Credentials.iterator();
            while (it4.hasNext()) {
                this.credentials.add(RelyingPartyRegistration.toDeprecated((org.springframework.security.saml2.core.Saml2X509Credential) it4.next()));
            }
            return new RelyingPartyRegistration(this.registrationId, this.entityId, this.assertionConsumerServiceLocation, this.assertionConsumerServiceBinding, this.providerDetails.build(), this.credentials, this.decryptionX509Credentials, this.signingX509Credentials);
        }
    }

    @Deprecated
    /* loaded from: input_file:org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration$ProviderDetails.class */
    public static final class ProviderDetails {
        private final AssertingPartyDetails assertingPartyDetails;

        @Deprecated
        /* loaded from: input_file:org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration$ProviderDetails$Builder.class */
        public static final class Builder {
            private final AssertingPartyDetails.Builder assertingPartyDetailsBuilder = new AssertingPartyDetails.Builder();

            public Builder entityId(String str) {
                this.assertingPartyDetailsBuilder.entityId(str);
                return this;
            }

            public Builder webSsoUrl(String str) {
                this.assertingPartyDetailsBuilder.singleSignOnServiceLocation(str);
                return this;
            }

            public Builder signAuthNRequest(boolean z) {
                this.assertingPartyDetailsBuilder.wantAuthnRequestsSigned(z);
                return this;
            }

            public Builder binding(Saml2MessageBinding saml2MessageBinding) {
                this.assertingPartyDetailsBuilder.singleSignOnServiceBinding(saml2MessageBinding);
                return this;
            }

            public ProviderDetails build() {
                return new ProviderDetails(this.assertingPartyDetailsBuilder.build());
            }
        }

        private ProviderDetails(AssertingPartyDetails assertingPartyDetails) {
            Assert.notNull("assertingPartyDetails cannot be null");
            this.assertingPartyDetails = assertingPartyDetails;
        }

        public String getEntityId() {
            return this.assertingPartyDetails.getEntityId();
        }

        public String getWebSsoUrl() {
            return this.assertingPartyDetails.getSingleSignOnServiceLocation();
        }

        public boolean isSignAuthNRequest() {
            return this.assertingPartyDetails.getWantAuthnRequestsSigned();
        }

        public Saml2MessageBinding getBinding() {
            return this.assertingPartyDetails.getSingleSignOnServiceBinding();
        }
    }

    private RelyingPartyRegistration(String str, String str2, String str3, Saml2MessageBinding saml2MessageBinding, ProviderDetails providerDetails, Collection<Saml2X509Credential> collection, Collection<org.springframework.security.saml2.core.Saml2X509Credential> collection2, Collection<org.springframework.security.saml2.core.Saml2X509Credential> collection3) {
        Assert.hasText(str, "registrationId cannot be empty");
        Assert.hasText(str2, "entityId cannot be empty");
        Assert.hasText(str3, "assertionConsumerServiceLocation cannot be empty");
        Assert.notNull(saml2MessageBinding, "assertionConsumerServiceBinding cannot be null");
        Assert.notNull(providerDetails, "providerDetails cannot be null");
        Assert.notEmpty(collection, "credentials cannot be empty");
        Iterator<Saml2X509Credential> it = collection.iterator();
        while (it.hasNext()) {
            Assert.notNull(it.next(), "credentials cannot contain null elements");
        }
        Assert.notNull(collection2, "decryptionX509Credentials cannot be null");
        for (org.springframework.security.saml2.core.Saml2X509Credential saml2X509Credential : collection2) {
            Assert.notNull(saml2X509Credential, "decryptionX509Credentials cannot contain null elements");
            Assert.isTrue(saml2X509Credential.isDecryptionCredential(), "All decryptionX509Credentials must have a usage of DECRYPTION set");
        }
        Assert.notNull(collection3, "signingX509Credentials cannot be null");
        for (org.springframework.security.saml2.core.Saml2X509Credential saml2X509Credential2 : collection3) {
            Assert.notNull(saml2X509Credential2, "signingX509Credentials cannot contain null elements");
            Assert.isTrue(saml2X509Credential2.isSigningCredential(), "All signingX509Credentials must have a usage of SIGNING set");
        }
        this.registrationId = str;
        this.entityId = str2;
        this.assertionConsumerServiceLocation = str3;
        this.assertionConsumerServiceBinding = saml2MessageBinding;
        this.providerDetails = providerDetails;
        this.credentials = Collections.unmodifiableList(new LinkedList(collection));
        this.decryptionX509Credentials = Collections.unmodifiableList(new LinkedList(collection2));
        this.signingX509Credentials = Collections.unmodifiableList(new LinkedList(collection3));
    }

    public String getRegistrationId() {
        return this.registrationId;
    }

    public String getEntityId() {
        return this.entityId;
    }

    public String getAssertionConsumerServiceLocation() {
        return this.assertionConsumerServiceLocation;
    }

    public Saml2MessageBinding getAssertionConsumerServiceBinding() {
        return this.assertionConsumerServiceBinding;
    }

    public Collection<org.springframework.security.saml2.core.Saml2X509Credential> getDecryptionX509Credentials() {
        return this.decryptionX509Credentials;
    }

    public Collection<org.springframework.security.saml2.core.Saml2X509Credential> getSigningX509Credentials() {
        return this.signingX509Credentials;
    }

    public AssertingPartyDetails getAssertingPartyDetails() {
        return this.providerDetails.assertingPartyDetails;
    }

    @Deprecated
    public String getRemoteIdpEntityId() {
        return this.providerDetails.getEntityId();
    }

    @Deprecated
    public String getAssertionConsumerServiceUrlTemplate() {
        return this.assertionConsumerServiceLocation;
    }

    @Deprecated
    public String getIdpWebSsoUrl() {
        return getAssertingPartyDetails().getSingleSignOnServiceLocation();
    }

    @Deprecated
    public ProviderDetails getProviderDetails() {
        return this.providerDetails;
    }

    @Deprecated
    public String getLocalEntityIdTemplate() {
        return this.entityId;
    }

    @Deprecated
    public List<Saml2X509Credential> getCredentials() {
        return this.credentials;
    }

    @Deprecated
    public List<Saml2X509Credential> getVerificationCredentials() {
        return filterCredentials((v0) -> {
            return v0.isSignatureVerficationCredential();
        });
    }

    @Deprecated
    public List<Saml2X509Credential> getSigningCredentials() {
        return filterCredentials((v0) -> {
            return v0.isSigningCredential();
        });
    }

    @Deprecated
    public List<Saml2X509Credential> getEncryptionCredentials() {
        return filterCredentials((v0) -> {
            return v0.isEncryptionCredential();
        });
    }

    @Deprecated
    public List<Saml2X509Credential> getDecryptionCredentials() {
        return filterCredentials((v0) -> {
            return v0.isDecryptionCredential();
        });
    }

    private List<Saml2X509Credential> filterCredentials(Function<Saml2X509Credential, Boolean> function) {
        LinkedList linkedList = new LinkedList();
        for (Saml2X509Credential saml2X509Credential : this.credentials) {
            if (function.apply(saml2X509Credential).booleanValue()) {
                linkedList.add(saml2X509Credential);
            }
        }
        return linkedList;
    }

    public static Builder withRegistrationId(String str) {
        Assert.hasText(str, "registrationId cannot be empty");
        return new Builder(str);
    }

    public static Builder withRelyingPartyRegistration(RelyingPartyRegistration relyingPartyRegistration) {
        Assert.notNull(relyingPartyRegistration, "registration cannot be null");
        return withRegistrationId(relyingPartyRegistration.getRegistrationId()).entityId(relyingPartyRegistration.getEntityId()).signingX509Credentials(collection -> {
            collection.addAll(relyingPartyRegistration.getSigningX509Credentials());
        }).decryptionX509Credentials(collection2 -> {
            collection2.addAll(relyingPartyRegistration.getDecryptionX509Credentials());
        }).assertionConsumerServiceLocation(relyingPartyRegistration.getAssertionConsumerServiceLocation()).assertionConsumerServiceBinding(relyingPartyRegistration.getAssertionConsumerServiceBinding()).assertingPartyDetails(builder -> {
            builder.entityId(relyingPartyRegistration.getAssertingPartyDetails().getEntityId()).wantAuthnRequestsSigned(relyingPartyRegistration.getAssertingPartyDetails().getWantAuthnRequestsSigned()).verificationX509Credentials(collection3 -> {
                collection3.addAll(relyingPartyRegistration.getAssertingPartyDetails().getVerificationX509Credentials());
            }).encryptionX509Credentials(collection4 -> {
                collection4.addAll(relyingPartyRegistration.getAssertingPartyDetails().getEncryptionX509Credentials());
            }).singleSignOnServiceLocation(relyingPartyRegistration.getAssertingPartyDetails().getSingleSignOnServiceLocation()).singleSignOnServiceBinding(relyingPartyRegistration.getAssertingPartyDetails().getSingleSignOnServiceBinding());
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static org.springframework.security.saml2.core.Saml2X509Credential fromDeprecated(Saml2X509Credential saml2X509Credential) {
        PrivateKey privateKey = saml2X509Credential.getPrivateKey();
        X509Certificate certificate = saml2X509Credential.getCertificate();
        HashSet hashSet = new HashSet();
        if (saml2X509Credential.isSigningCredential()) {
            hashSet.add(Saml2X509Credential.Saml2X509CredentialType.SIGNING);
        }
        if (saml2X509Credential.isSignatureVerficationCredential()) {
            hashSet.add(Saml2X509Credential.Saml2X509CredentialType.VERIFICATION);
        }
        if (saml2X509Credential.isEncryptionCredential()) {
            hashSet.add(Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION);
        }
        if (saml2X509Credential.isDecryptionCredential()) {
            hashSet.add(Saml2X509Credential.Saml2X509CredentialType.DECRYPTION);
        }
        return new org.springframework.security.saml2.core.Saml2X509Credential(privateKey, certificate, hashSet);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static org.springframework.security.saml2.credentials.Saml2X509Credential toDeprecated(org.springframework.security.saml2.core.Saml2X509Credential saml2X509Credential) {
        PrivateKey privateKey = saml2X509Credential.getPrivateKey();
        X509Certificate certificate = saml2X509Credential.getCertificate();
        HashSet hashSet = new HashSet();
        if (saml2X509Credential.isSigningCredential()) {
            hashSet.add(Saml2X509Credential.Saml2X509CredentialType.SIGNING);
        }
        if (saml2X509Credential.isVerificationCredential()) {
            hashSet.add(Saml2X509Credential.Saml2X509CredentialType.VERIFICATION);
        }
        if (saml2X509Credential.isEncryptionCredential()) {
            hashSet.add(Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION);
        }
        if (saml2X509Credential.isDecryptionCredential()) {
            hashSet.add(Saml2X509Credential.Saml2X509CredentialType.DECRYPTION);
        }
        return new org.springframework.security.saml2.credentials.Saml2X509Credential(privateKey, certificate, hashSet);
    }
}
