package org.nuxeo.ecm.platform.auth.saml;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.platform.auth.saml.binding.SAMLBinding;
import org.nuxeo.ecm.platform.auth.saml.key.KeyManager;
import org.nuxeo.runtime.api.Framework;
import org.opensaml.common.SAMLObject;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml2.metadata.NameIDFormat;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.security.SecurityConfiguration;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.signature.KeyInfo;

/* loaded from: input_file:org/nuxeo/ecm/platform/auth/saml/SAMLConfiguration.class */
public class SAMLConfiguration {
    public static final String ENTITY_ID = "nuxeo.saml2.entityId";
    public static final String LOGIN_BINDINGS = "nuxeo.saml2.loginBindings";
    public static final String AUTHN_REQUESTS_SIGNED = "nuxeo.saml2.authnRequestsSigned";
    public static final String WANT_ASSERTIONS_SIGNED = "nuxeo.saml2.wantAssertionsSigned";
    public static final String SKEW_TIME_MS = "nuxeo.saml2.skewTimeMs";
    public static final int DEFAULT_SKEW_TIME_MS = 60000;
    public static final String BINDING_PREFIX = "urn:oasis:names:tc:SAML:2.0:bindings";
    public static final String DEFAULT_LOGIN_BINDINGS = "HTTP-Redirect,HTTP-POST";
    protected static final Log log = LogFactory.getLog(SAMLConfiguration.class);
    public static final Collection<String> nameID = Arrays.asList("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");

    private SAMLConfiguration() {
    }

    public static String getEntityId() {
        return Framework.getProperty(ENTITY_ID, Framework.getProperty("nuxeo.url"));
    }

    public static List<String> getLoginBindings() {
        HashSet hashSet = new HashSet();
        Iterator<SAMLBinding> it = SAMLAuthenticationProvider.bindings.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getBindingURI());
        }
        ArrayList arrayList = new ArrayList();
        for (String str : Framework.getProperty(LOGIN_BINDINGS, DEFAULT_LOGIN_BINDINGS).split(",")) {
            String str2 = "urn:oasis:names:tc:SAML:2.0:bindings:" + str;
            if (hashSet.contains(str2)) {
                arrayList.add(str2);
            } else {
                log.warn("Unknown SAML binding " + str2);
            }
        }
        return arrayList;
    }

    public static boolean getAuthnRequestsSigned() {
        return Boolean.parseBoolean(Framework.getProperty(AUTHN_REQUESTS_SIGNED));
    }

    public static boolean getWantAssertionsSigned() {
        return Boolean.parseBoolean(Framework.getProperty(WANT_ASSERTIONS_SIGNED));
    }

    public static int getSkewTimeMillis() {
        String property = Framework.getProperty(SKEW_TIME_MS);
        return property != null ? Integer.parseInt(property) : DEFAULT_SKEW_TIME_MS;
    }

    public static EntityDescriptor getEntityDescriptor(String str) {
        EntityDescriptor build = build(EntityDescriptor.DEFAULT_ELEMENT_NAME);
        build.setEntityID(getEntityId());
        build.getRoleDescriptors().add(getSPSSODescriptor(str));
        return build;
    }

    public static SPSSODescriptor getSPSSODescriptor(String str) {
        SPSSODescriptor build = build(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        build.setAuthnRequestsSigned(Boolean.valueOf(getAuthnRequestsSigned()));
        build.setWantAssertionsSigned(Boolean.valueOf(getWantAssertionsSigned()));
        build.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
        build.getNameIDFormats().addAll(buildNameIDFormats(nameID));
        KeyManager keyManager = (KeyManager) Framework.getService(KeyManager.class);
        if (keyManager.getSigningCredential() != null) {
            build.getKeyDescriptors().add(buildKeyDescriptor(UsageType.SIGNING, generateKeyInfoForCredential(keyManager.getSigningCredential())));
        }
        if (keyManager.getEncryptionCredential() != null) {
            build.getKeyDescriptors().add(buildKeyDescriptor(UsageType.ENCRYPTION, generateKeyInfoForCredential(keyManager.getEncryptionCredential())));
        }
        if (keyManager.getTlsCredential() != null) {
            build.getKeyDescriptors().add(buildKeyDescriptor(UsageType.UNSPECIFIED, generateKeyInfoForCredential(keyManager.getTlsCredential())));
        }
        int i = 0;
        for (String str2 : getLoginBindings()) {
            AssertionConsumerService build2 = build(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
            build2.setLocation(str);
            build2.setBinding(str2);
            build2.setIsDefault(Boolean.valueOf(i == 0));
            int i2 = i;
            i++;
            build2.setIndex(Integer.valueOf(i2));
            build.getAssertionConsumerServices().add(build2);
        }
        SingleLogoutService build3 = build(SingleLogoutService.DEFAULT_ELEMENT_NAME);
        build3.setLocation(str);
        build3.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        build.getSingleLogoutServices().add(build3);
        return build;
    }

    private static KeyDescriptor buildKeyDescriptor(UsageType usageType, KeyInfo keyInfo) {
        KeyDescriptor build = build(KeyDescriptor.DEFAULT_ELEMENT_NAME);
        build.setUse(usageType);
        build.setKeyInfo(keyInfo);
        return build;
    }

    private static Collection<NameIDFormat> buildNameIDFormats(Collection<String> collection) {
        LinkedList linkedList = new LinkedList();
        for (String str : collection) {
            NameIDFormat build = build(NameIDFormat.DEFAULT_ELEMENT_NAME);
            build.setFormat(str);
            linkedList.add(build);
        }
        return linkedList;
    }

    private static KeyInfo generateKeyInfoForCredential(Credential credential) {
        try {
            return SecurityHelper.getKeyInfoGenerator(credential, (SecurityConfiguration) null, (String) null).generate(credential);
        } catch (SecurityException e) {
            log.error("Failed to  generate key info.");
            return null;
        }
    }

    private static <T extends SAMLObject> T build(QName qName) {
        return Configuration.getBuilderFactory().getBuilder(qName).buildObject(qName);
    }
}
