package org.pac4j.saml.metadata;

import java.util.Collection;
import java.util.LinkedList;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml2.metadata.NameIDFormat;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.provider.AbstractMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.io.MarshallerFactory;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.util.XMLHelper;
import org.pac4j.saml.client.Saml2Client;
import org.pac4j.saml.crypto.CredentialProvider;
import org.pac4j.saml.exceptions.SamlException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-saml-1.6.0-RC1.jar:org/pac4j/saml/metadata/Saml2MetadataGenerator.class */
public class Saml2MetadataGenerator {
    protected static final Logger logger = LoggerFactory.getLogger(Saml2MetadataGenerator.class);
    protected CredentialProvider credentialProvider;
    protected String entityId;
    protected String assertionConsumerServiceUrl;
    protected String singleLogoutServiceUrl;
    protected XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
    protected MarshallerFactory marshallerFactory = Configuration.getMarshallerFactory();
    protected boolean authnRequestSigned = false;
    protected boolean wantAssertionSigned = true;
    protected int defaultACSIndex = 0;

    public AbstractMetadataProvider buildMetadataProvider() {
        final EntityDescriptor buildMetadata = buildMetadata();
        return new AbstractMetadataProvider() { // from class: org.pac4j.saml.metadata.Saml2MetadataGenerator.1
            @Override // org.opensaml.saml2.metadata.provider.AbstractMetadataProvider
            protected XMLObject doGetMetadata() throws MetadataProviderException {
                return buildMetadata;
            }
        };
    }

    public String printMetadata() throws MarshallingException {
        EntityDescriptor buildMetadata = buildMetadata();
        return XMLHelper.nodeToString(this.marshallerFactory.getMarshaller(buildMetadata).marshall(buildMetadata));
    }

    public EntityDescriptor buildMetadata() {
        EntityDescriptor entityDescriptor = (EntityDescriptor) ((SAMLObjectBuilder) this.builderFactory.getBuilder(EntityDescriptor.DEFAULT_ELEMENT_NAME)).mo1169buildObject();
        entityDescriptor.setEntityID(this.entityId);
        entityDescriptor.getRoleDescriptors().add(buildSPSSODescriptor());
        return entityDescriptor;
    }

    protected KeyInfo generateKeyInfoForCredential(Credential credential) {
        try {
            return SecurityHelper.getKeyInfoGenerator(credential, null, Saml2Client.SAML_METADATA_KEY_INFO_GENERATOR).generate(credential);
        } catch (SecurityException e) {
            throw new SamlException("Unable to generate keyInfo from given credential", e);
        }
    }

    protected SPSSODescriptor buildSPSSODescriptor() {
        SPSSODescriptor sPSSODescriptor = (SPSSODescriptor) ((SAMLObjectBuilder) this.builderFactory.getBuilder(SPSSODescriptor.DEFAULT_ELEMENT_NAME)).mo1169buildObject();
        sPSSODescriptor.setAuthnRequestsSigned(Boolean.valueOf(this.authnRequestSigned));
        sPSSODescriptor.setWantAssertionsSigned(Boolean.valueOf(this.wantAssertionSigned));
        sPSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
        sPSSODescriptor.getNameIDFormats().addAll(buildNameIDFormat());
        sPSSODescriptor.getAssertionConsumerServices().add(getAssertionConsumerService(SAMLConstants.SAML2_POST_BINDING_URI, 0, this.defaultACSIndex == 0 + 1));
        if (this.credentialProvider != null) {
            sPSSODescriptor.getKeyDescriptors().add(getKeyDescriptor(UsageType.SIGNING, getKeyInfo()));
            sPSSODescriptor.getKeyDescriptors().add(getKeyDescriptor(UsageType.ENCRYPTION, getKeyInfo()));
        }
        return sPSSODescriptor;
    }

    protected Collection<NameIDFormat> buildNameIDFormat() {
        SAMLObjectBuilder sAMLObjectBuilder = (SAMLObjectBuilder) this.builderFactory.getBuilder(NameIDFormat.DEFAULT_ELEMENT_NAME);
        LinkedList linkedList = new LinkedList();
        NameIDFormat nameIDFormat = (NameIDFormat) sAMLObjectBuilder.mo1169buildObject();
        nameIDFormat.setFormat(NameIDType.TRANSIENT);
        linkedList.add(nameIDFormat);
        NameIDFormat nameIDFormat2 = (NameIDFormat) sAMLObjectBuilder.mo1169buildObject();
        nameIDFormat2.setFormat(NameIDType.PERSISTENT);
        linkedList.add(nameIDFormat2);
        NameIDFormat nameIDFormat3 = (NameIDFormat) sAMLObjectBuilder.mo1169buildObject();
        nameIDFormat3.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        linkedList.add(nameIDFormat3);
        NameIDFormat nameIDFormat4 = (NameIDFormat) sAMLObjectBuilder.mo1169buildObject();
        nameIDFormat4.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        linkedList.add(nameIDFormat4);
        return linkedList;
    }

    protected AssertionConsumerService getAssertionConsumerService(String str, int i, boolean z) {
        AssertionConsumerService assertionConsumerService = (AssertionConsumerService) ((SAMLObjectBuilder) this.builderFactory.getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME)).mo1169buildObject();
        assertionConsumerService.setLocation(this.assertionConsumerServiceUrl);
        assertionConsumerService.setBinding(str);
        if (z) {
            assertionConsumerService.setIsDefault((Boolean) true);
        }
        assertionConsumerService.setIndex(Integer.valueOf(i));
        return assertionConsumerService;
    }

    protected SingleLogoutService getSingleLogoutService(String str) {
        SingleLogoutService singleLogoutService = (SingleLogoutService) ((SAMLObjectBuilder) this.builderFactory.getBuilder(SingleLogoutService.DEFAULT_ELEMENT_NAME)).mo1169buildObject();
        singleLogoutService.setLocation(this.singleLogoutServiceUrl);
        singleLogoutService.setBinding(str);
        return singleLogoutService;
    }

    protected KeyDescriptor getKeyDescriptor(UsageType usageType, KeyInfo keyInfo) {
        KeyDescriptor keyDescriptor = (KeyDescriptor) ((SAMLObjectBuilder) Configuration.getBuilderFactory().getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME)).mo1169buildObject();
        keyDescriptor.setUse(usageType);
        keyDescriptor.setKeyInfo(keyInfo);
        return keyDescriptor;
    }

    private KeyInfo getKeyInfo() {
        return generateKeyInfoForCredential(this.credentialProvider.getCredential());
    }

    public CredentialProvider getCredentialProvider() {
        return this.credentialProvider;
    }

    public void setCredentialProvider(CredentialProvider credentialProvider) {
        this.credentialProvider = credentialProvider;
    }

    public String getEntityId() {
        return this.entityId;
    }

    public void setEntityId(String str) {
        this.entityId = str;
    }

    public boolean isAuthnRequestSigned() {
        return this.authnRequestSigned;
    }

    public void setAuthnRequestSigned(boolean z) {
        this.authnRequestSigned = z;
    }

    public boolean isWantAssertionSigned() {
        return this.wantAssertionSigned;
    }

    public void setWantAssertionSigned(boolean z) {
        this.wantAssertionSigned = z;
    }

    public int getDefaultACSIndex() {
        return this.defaultACSIndex;
    }

    public void setDefaultACSIndex(int i) {
        this.defaultACSIndex = i;
    }

    public void setAssertionConsumerServiceUrl(String str) {
        this.assertionConsumerServiceUrl = str;
    }

    public void setSingleLogoutServiceUrl(String str) {
        this.singleLogoutServiceUrl = str;
    }
}
