package net.shibboleth.idp.installer.metadata.impl;

import com.google.common.collect.ImmutableSet;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.xml.DOMTypeSupport;

/* loaded from: input_file:net/shibboleth/idp/installer/metadata/impl/MetadataGenerator.class */
public class MetadataGenerator {
    static final ImmutableSet<Endpoints> BACKCHANNEL_ENDPOINTS = ImmutableSet.copyOf(EnumSet.of(Endpoints.SAML1Artifact, Endpoints.SAML2Artifact, Endpoints.SOAPSLO, Endpoints.SAML1Query, Endpoints.SAML2Query));
    static final ImmutableSet<Endpoints> ARTIFACT_ENDPOINTS = ImmutableSet.copyOf(EnumSet.of(Endpoints.SAML1Artifact, Endpoints.SAML2Artifact));
    static final ImmutableSet<Endpoints> SSO_ENDPOINTS = ImmutableSet.copyOf(EnumSet.of(Endpoints.ShibbolethSSO, Endpoints.POSTSSO, Endpoints.POSTSimpleSignSSO, Endpoints.RedirectSSO));
    static final ImmutableSet<Endpoints> SLO_ENDPOINTS = ImmutableSet.copyOf(EnumSet.of(Endpoints.RedirectSLO, Endpoints.POSTSLO, Endpoints.POSTSimpleSignSLO, Endpoints.SOAPSLO));
    static final ImmutableSet<Endpoints> AA_ENDPOINTS = ImmutableSet.copyOf(EnumSet.of(Endpoints.SAML1Query, Endpoints.SAML2Query));
    private String entityID;
    private String dnsName;
    private String scope;
    private List<List<String>> signingCerts;
    private List<List<String>> encryptionCerts;
    private final BufferedWriter writer;
    private boolean saml2AttributeQueryCommented = true;
    private boolean saml2LogoutCommented = true;
    private EnumSet<Endpoints> endpoints = EnumSet.allOf(Endpoints.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/shibboleth/idp/installer/metadata/impl/MetadataGenerator$Endpoints.class */
    public enum Endpoints {
        SAML1Artifact,
        SAML2Artifact,
        RedirectSLO,
        POSTSLO,
        POSTSimpleSignSLO,
        SOAPSLO,
        ShibbolethSSO,
        POSTSSO,
        POSTSimpleSignSSO,
        RedirectSSO,
        SAML1Query,
        SAML2Query
    }

    public MetadataGenerator(@Nonnull File file) throws FileNotFoundException {
        this.writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream((File) Constraint.isNotNull(file, "provided file must be nonnull"))));
    }

    public String getEntityID() {
        return this.entityID;
    }

    public void setEntityID(String str) {
        this.entityID = str;
    }

    public String getScope() {
        return this.scope;
    }

    public void setScope(String str) {
        this.scope = str;
    }

    public String getDNSName() {
        return this.dnsName;
    }

    public void setDNSName(String str) {
        this.dnsName = str;
    }

    public List<List<String>> getSigningCerts() {
        return this.signingCerts;
    }

    public void setSigningCerts(List<List<String>> list) {
        this.signingCerts = list;
    }

    public List<List<String>> getEncryptionCerts() {
        return this.encryptionCerts;
    }

    public void setEncryptionCerts(List<List<String>> list) {
        this.encryptionCerts = list;
    }

    public void removeBackChannel() {
        this.endpoints.removeAll(BACKCHANNEL_ENDPOINTS);
    }

    public EnumSet<Endpoints> getEndpoints() {
        return this.endpoints;
    }

    public void setEndpoints(@Nonnull EnumSet<Endpoints> enumSet) {
        this.endpoints = (EnumSet) Constraint.isNotNull(enumSet, "supplied endpoints should not be null");
    }

    public boolean isSAML2AttributeQueryCommented() {
        return this.saml2AttributeQueryCommented;
    }

    public void setSAML2AttributeQueryCommented(boolean z) {
        this.saml2AttributeQueryCommented = z;
    }

    public boolean isSAML2LogoutCommented() {
        return this.saml2LogoutCommented;
    }

    public void setSAML2LogoutCommented(boolean z) {
        this.saml2LogoutCommented = z;
    }

    public void generate() throws IOException {
        this.writer.write("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
        this.writer.newLine();
        writeComments();
        this.writer.write("<");
        this.writer.write("EntityDescriptor");
        this.writer.write(32);
        writeNameSpace(null, "urn:oasis:names:tc:SAML:2.0:metadata");
        writeNameSpace("ds", "http://www.w3.org/2000/09/xmldsig#");
        writeNameSpace("shibmd", "urn:mace:shibboleth:metadata:1.0");
        writeNameSpace("xml", "http://www.w3.org/XML/1998/namespace");
        writeNameSpace("mdui", "urn:oasis:names:tc:SAML:metadata:ui");
        writeNameSpace("req-attr", "urn:oasis:names:tc:SAML:protocol:ext:req-attr");
        this.writer.write(" validUntil=\"" + DOMTypeSupport.longToDateTime(System.currentTimeMillis()) + "\"");
        this.writer.write(" entityID=\"");
        this.writer.write(getEntityID());
        this.writer.write("\">");
        this.writer.newLine();
        this.writer.newLine();
        writeIDPSSO();
        this.writer.newLine();
        this.writer.newLine();
        writeAttributeAuthorityDescriptor();
        this.writer.newLine();
        this.writer.write("</EntityDescriptor>");
        this.writer.newLine();
        this.writer.flush();
        this.writer.close();
    }

    protected void writeComments() throws IOException {
        this.writer.write("<!--");
        this.writer.newLine();
        this.writer.write("     This is example metadata only. Do *NOT* supply it as is without review,");
        this.writer.newLine();
        this.writer.write("     and do *NOT* provide it in real time to your partners.");
        this.writer.newLine();
        this.writer.newLine();
        this.writer.write("     This metadata is not dynamic - it will not change as your configuration changes.");
        this.writer.newLine();
        this.writer.write("-->");
        this.writer.newLine();
    }

    protected void writeNameSpace(@Nullable String str, @Nonnull String str2) throws IOException {
        this.writer.write(" xmlns");
        if (null != str) {
            this.writer.write(58);
            this.writer.write(str);
        }
        this.writer.write("=\"");
        this.writer.write(str2);
        this.writer.write("\"");
    }

    protected void writeIDPSSO() throws IOException {
        writeRoleDescriptor("IDPSSODescriptor", Arrays.asList("urn:oasis:names:tc:SAML:2.0:protocol", "urn:oasis:names:tc:SAML:1.1:protocol", "urn:mace:shibboleth:1.0"));
        this.writer.newLine();
        openExtensions();
        writeScope();
        writeMDUI();
        closeExtensions();
        this.writer.newLine();
        writeKeyDescriptors();
        Iterator it = ARTIFACT_ENDPOINTS.iterator();
        while (it.hasNext()) {
            Endpoints endpoints = (Endpoints) it.next();
            if (getEndpoints().contains(endpoints)) {
                outputEndpoint(endpoints);
            }
        }
        this.writer.newLine();
        if (isSAML2LogoutCommented()) {
            this.writer.write("        <!--");
            this.writer.newLine();
        }
        Iterator it2 = SLO_ENDPOINTS.iterator();
        while (it2.hasNext()) {
            Endpoints endpoints2 = (Endpoints) it2.next();
            if (getEndpoints().contains(endpoints2)) {
                outputEndpoint(endpoints2);
            }
        }
        if (isSAML2LogoutCommented()) {
            this.writer.write("        -->");
            this.writer.newLine();
        }
        this.writer.newLine();
        Iterator it3 = SSO_ENDPOINTS.iterator();
        while (it3.hasNext()) {
            Endpoints endpoints3 = (Endpoints) it3.next();
            if (getEndpoints().contains(endpoints3)) {
                outputEndpoint(endpoints3);
            }
        }
        this.writer.newLine();
        this.writer.write("    </");
        this.writer.write("IDPSSODescriptor");
        this.writer.write(">");
        this.writer.newLine();
    }

    private void writeAttributeAuthorityDescriptor() throws IOException {
        writeRoleDescriptor("AttributeAuthorityDescriptor", isSAML2AttributeQueryCommented() ? Collections.singletonList("urn:oasis:names:tc:SAML:1.1:protocol") : Arrays.asList("urn:oasis:names:tc:SAML:2.0:protocol", "urn:oasis:names:tc:SAML:1.1:protocol"));
        this.writer.newLine();
        openExtensions();
        writeScope();
        closeExtensions();
        this.writer.newLine();
        writeKeyDescriptors();
        Iterator it = AA_ENDPOINTS.iterator();
        while (it.hasNext()) {
            Endpoints endpoints = (Endpoints) it.next();
            if (getEndpoints().contains(endpoints)) {
                outputEndpoint(endpoints);
            }
        }
        this.writer.newLine();
        this.writer.write("    </");
        this.writer.write("AttributeAuthorityDescriptor");
        this.writer.write(62);
        this.writer.newLine();
    }

    protected void writeRoleDescriptor(String str, List<String> list) throws IOException {
        this.writer.write("    <");
        this.writer.write(str);
        this.writer.write(" protocolSupportEnumeration=\"");
        boolean z = true;
        for (String str2 : list) {
            if (!z) {
                this.writer.write(" ");
            }
            this.writer.write(str2);
            z = false;
        }
        this.writer.write("\">");
        this.writer.newLine();
    }

    protected void openExtensions() throws IOException {
        this.writer.write("        <");
        this.writer.write("Extensions");
        this.writer.write(62);
        this.writer.newLine();
    }

    protected void closeExtensions() throws IOException {
        this.writer.write("        </");
        this.writer.write("Extensions");
        this.writer.write(62);
        this.writer.newLine();
    }

    @Deprecated
    protected void writeExtensions() throws IOException {
        openExtensions();
        writeScope();
        writeMDUI();
        closeExtensions();
    }

    protected void writeScope() throws IOException {
        if (null == getScope() || getScope().isEmpty()) {
            return;
        }
        this.writer.write("            <");
        writeNameSpaceQualified("shibmd", "Scope");
        this.writer.write(" regexp=\"false\">");
        this.writer.write(getScope());
        this.writer.write("</");
        writeNameSpaceQualified("shibmd", "Scope");
        this.writer.write(62);
        this.writer.newLine();
    }

    protected void writeMDUI() throws IOException {
        this.writer.write("<!--");
        this.writer.newLine();
        this.writer.write("    Fill in the details for your IdP here ");
        this.writer.newLine();
        this.writer.newLine();
        this.writer.write("            <");
        writeNameSpaceQualified("mdui", "UIInfo");
        this.writer.write(62);
        this.writer.newLine();
        this.writer.write("                <");
        writeNameSpaceQualified("mdui", "DisplayName");
        this.writer.write(32);
        writeLangAttribute("en");
        this.writer.write(62);
        this.writer.write("A Name for the IdP at ");
        this.writer.write(getDNSName());
        this.writer.write("</");
        writeNameSpaceQualified("mdui", "DisplayName");
        this.writer.write(62);
        this.writer.newLine();
        this.writer.write("                <");
        writeNameSpaceQualified("mdui", "Description");
        this.writer.write(32);
        writeLangAttribute("en");
        this.writer.write(62);
        this.writer.write("Enter a description of your IdP at ");
        this.writer.write(getDNSName());
        this.writer.write("</");
        writeNameSpaceQualified("mdui", "Description");
        this.writer.write(62);
        this.writer.newLine();
        this.writer.write("                <");
        writeNameSpaceQualified("mdui", "Logo");
        this.writer.write(" height=\"80\" width=\"80\">");
        this.writer.write("https://");
        this.writer.write(getDNSName());
        this.writer.write("/Path/To/Logo.png");
        this.writer.write("</");
        writeNameSpaceQualified("mdui", "Logo");
        this.writer.write(62);
        this.writer.newLine();
        this.writer.write("            </");
        writeNameSpaceQualified("mdui", "UIInfo");
        this.writer.write(62);
        this.writer.newLine();
        this.writer.write("-->");
        this.writer.newLine();
    }

    protected void writeLangAttribute(String str) throws IOException {
        writeNameSpaceQualified("xml", "lang");
        this.writer.write("=\"");
        this.writer.write(str);
        this.writer.write(34);
    }

    protected void writeKeyDescriptors() throws IOException {
        if (getSigningCerts().size() == 2) {
            this.writer.write("        <!-- First signing certificate is BackChannel, the Second is FrontChannel -->");
            this.writer.newLine();
        }
        writeKeyDescriptors(getSigningCerts(), "signing");
        writeKeyDescriptors(getEncryptionCerts(), "encryption");
        this.writer.newLine();
    }

    protected void writeKeyDescriptors(@Nullable List<List<String>> list, @NotEmpty @Nonnull String str) throws IOException {
        if (null == list || list.isEmpty()) {
            return;
        }
        for (List<String> list2 : list) {
            this.writer.write("        <");
            this.writer.write("KeyDescriptor");
            this.writer.write(" use=\"");
            this.writer.write(str);
            this.writer.write("\">");
            this.writer.newLine();
            this.writer.write("            <");
            writeNameSpaceQualified("ds", "KeyInfo");
            this.writer.write(62);
            this.writer.newLine();
            this.writer.write("                    <");
            writeNameSpaceQualified("ds", "X509Data");
            this.writer.write(62);
            this.writer.newLine();
            this.writer.write("                        <");
            writeNameSpaceQualified("ds", "X509Certificate");
            this.writer.write(62);
            this.writer.newLine();
            Iterator<String> it = list2.iterator();
            while (it.hasNext()) {
                this.writer.write(it.next());
                this.writer.newLine();
            }
            this.writer.write("                        </");
            writeNameSpaceQualified("ds", "X509Certificate");
            this.writer.write(62);
            this.writer.newLine();
            this.writer.write("                    </");
            writeNameSpaceQualified("ds", "X509Data");
            this.writer.write(62);
            this.writer.newLine();
            this.writer.write("            </");
            writeNameSpaceQualified("ds", "KeyInfo");
            this.writer.write(62);
            this.writer.newLine();
            this.writer.newLine();
            this.writer.write("        </");
            this.writer.write("KeyDescriptor");
            this.writer.write(62);
            this.writer.newLine();
        }
    }

    protected void outputEndpoint(Endpoints endpoints) throws IOException {
        switch (endpoints) {
            case SAML1Artifact:
                this.writer.write("        ");
                this.writer.write("<");
                this.writer.write("ArtifactResolutionService");
                this.writer.write(" Binding=\"");
                this.writer.write("urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding");
                this.writer.write("\" Location=\"https://");
                this.writer.write(getDNSName());
                this.writer.write(":8443/idp/profile/SAML1/SOAP/ArtifactResolution\"");
                this.writer.write(" index=\"1\"/>");
                this.writer.newLine();
                return;
            case SAML2Artifact:
                this.writer.write("        ");
                this.writer.write("<");
                this.writer.write("ArtifactResolutionService");
                this.writer.write(" Binding=\"");
                this.writer.write("urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
                this.writer.write("\" Location=\"https://");
                this.writer.write(getDNSName());
                this.writer.write(":8443/idp/profile/SAML2/SOAP/ArtifactResolution\"");
                this.writer.write(" index=\"2\"/>");
                this.writer.newLine();
                return;
            case RedirectSLO:
                this.writer.write("        ");
                this.writer.write("<");
                this.writer.write("SingleLogoutService");
                this.writer.write(" Binding=\"");
                this.writer.write("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
                this.writer.write("\" Location=\"https://");
                this.writer.write(getDNSName());
                this.writer.write("/idp/profile/SAML2/Redirect/SLO\"/>");
                this.writer.newLine();
                return;
            case POSTSLO:
                this.writer.write("        ");
                this.writer.write("<");
                this.writer.write("SingleLogoutService");
                this.writer.write(" Binding=\"");
                this.writer.write("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
                this.writer.write("\" Location=\"https://");
                this.writer.write(getDNSName());
                this.writer.write("/idp/profile/SAML2/POST/SLO\"/>");
                this.writer.newLine();
                return;
            case POSTSimpleSignSLO:
                this.writer.write("        ");
                this.writer.write("<");
                this.writer.write("SingleLogoutService");
                this.writer.write(" Binding=\"");
                this.writer.write("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign");
                this.writer.write("\" Location=\"https://");
                this.writer.write(getDNSName());
                this.writer.write("/idp/profile/SAML2/POST-SimpleSign/SLO\"/>");
                this.writer.newLine();
                return;
            case SOAPSLO:
                this.writer.write("        ");
                this.writer.write("<");
                this.writer.write("SingleLogoutService");
                this.writer.write(" Binding=\"");
                this.writer.write("urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
                this.writer.write("\" Location=\"https://");
                this.writer.write(getDNSName());
                this.writer.write(":8443/idp/profile/SAML2/SOAP/SLO\"/>");
                this.writer.newLine();
                return;
            case ShibbolethSSO:
                this.writer.write("        ");
                this.writer.write("<");
                this.writer.write("SingleSignOnService");
                this.writer.write(" Binding=\"urn:mace:shibboleth:1.0:profiles:AuthnRequest\"");
                this.writer.write(" Location=\"https://");
                this.writer.write(getDNSName());
                this.writer.write("/idp/profile/Shibboleth/SSO\"/>");
                this.writer.newLine();
                return;
            case POSTSSO:
                this.writer.write("        ");
                this.writer.write("<");
                this.writer.write("SingleSignOnService");
                this.writer.write(" Binding=\"");
                this.writer.write("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
                this.writer.write("\" ");
                writeNameSpaceQualified("req-attr", "supportsRequestedAttributes");
                this.writer.write("=\"true\" Location=\"https://");
                this.writer.write(getDNSName());
                this.writer.write("/idp/profile/SAML2/POST/SSO\"/>");
                this.writer.newLine();
                return;
            case POSTSimpleSignSSO:
                this.writer.write("        ");
                this.writer.write("<");
                this.writer.write("SingleSignOnService");
                this.writer.write(" Binding=\"");
                this.writer.write("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign");
                this.writer.write("\" ");
                writeNameSpaceQualified("req-attr", "supportsRequestedAttributes");
                this.writer.write("=\"true\" Location=\"https://");
                this.writer.write(getDNSName());
                this.writer.write("/idp/profile/SAML2/POST-SimpleSign/SSO\"/>");
                this.writer.newLine();
                return;
            case RedirectSSO:
                this.writer.write("        ");
                this.writer.write("<");
                this.writer.write("SingleSignOnService");
                this.writer.write(" Binding=\"");
                this.writer.write("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
                this.writer.write("\" ");
                writeNameSpaceQualified("req-attr", "supportsRequestedAttributes");
                this.writer.write("=\"true\" Location=\"https://");
                this.writer.write(getDNSName());
                this.writer.write("/idp/profile/SAML2/Redirect/SSO\"/>");
                this.writer.newLine();
                return;
            case SAML1Query:
                this.writer.write("        ");
                this.writer.write("<");
                this.writer.write("AttributeService");
                this.writer.write(" Binding=\"");
                this.writer.write("urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding");
                this.writer.write("\" Location=\"https://");
                this.writer.write(getDNSName());
                this.writer.write(":8443/idp/profile/SAML1/SOAP/AttributeQuery\"/>");
                this.writer.newLine();
                return;
            case SAML2Query:
                this.writer.write("        ");
                if (isSAML2AttributeQueryCommented()) {
                    this.writer.write("<!-- ");
                }
                this.writer.write("<");
                this.writer.write("AttributeService");
                this.writer.write(" Binding=\"");
                this.writer.write("urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
                this.writer.write("\" Location=\"https://");
                this.writer.write(getDNSName());
                this.writer.write(":8443/idp/profile/SAML2/SOAP/AttributeQuery\"/>");
                if (isSAML2AttributeQueryCommented()) {
                    this.writer.write(" -->");
                    this.writer.newLine();
                    this.writer.write("        ");
                    this.writer.write("<!-- If you uncomment the above you should add urn:oasis:names:tc:SAML:2.0:protocol to the protocolSupportEnumeration above -->");
                }
                this.writer.newLine();
                return;
            default:
                return;
        }
    }

    protected void writeNameSpaceQualified(@Nonnull String str, String str2) throws IOException {
        this.writer.write(str);
        this.writer.write(58);
        this.writer.write(str2);
    }
}
