package org.jenkinsci.plugins.saml;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.Util;
import hudson.model.Descriptor;
import hudson.model.User;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import hudson.security.UserMayOrMayNotExistException;
import hudson.tasks.Mailer;
import hudson.util.FormValidation;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nonnull;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpSession;
import jenkins.model.Jenkins;
import jenkins.security.SecurityListener;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.saml.conf.Attribute;
import org.jenkinsci.plugins.saml.conf.AttributeEntry;
import org.jenkinsci.plugins.saml.user.SamlCustomProperty;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.Header;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.interceptor.RequirePOST;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.pac4j.core.client.RedirectAction;
import org.pac4j.saml.profile.SAML2Profile;
import org.springframework.dao.DataAccessException;

/* loaded from: input_file:WEB-INF/lib/saml.jar:org/jenkinsci/plugins/saml/SamlSecurityRealm.class */
public class SamlSecurityRealm extends SecurityRealm {
    public static final String DEFAULT_DISPLAY_NAME_ATTRIBUTE_NAME = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name";
    public static final String DEFAULT_GROUPS_ATTRIBUTE_NAME = "http://schemas.xmlsoap.org/claims/Group";
    public static final int DEFAULT_MAXIMUM_AUTHENTICATION_LIFETIME = 86400;
    public static final String DEFAULT_USERNAME_CASE_CONVERSION = "none";
    public static final String SP_METADATA_FILE_NAME = "/saml-sp-metadata.xml";
    public static final String IDP_METADATA_FILE_NAME = "/saml-idp-metadata.xml";
    public static final String ERROR_ONLY_SPACES_FIELD_VALUE = "The field should have a value different than spaces";
    public static final String ERROR_NOT_VALID_NUMBER = "The field should be a number greater than 0 and lower than 2147483647.";
    public static final String ERROR_MALFORMED_URL = "The url is malformed.";
    public static final String ERROR_IDP_METADATA_EMPTY = "The IdP Metadata can not be empty.";
    public static final String WARN_RECOMMENDED_TO_SET_THE_GROUPS_ATTRIBUTE = "It is recommended to set the groups attribute.";
    public static final String WARN_RECOMMENDED_TO_SET_THE_USERNAME_ATTRIBUTE = "It is recommended to set the username attribute.";
    public static final String ERROR_NOT_POSSIBLE_TO_READ_KS_FILE = "It is not possible to read the keystore file.";
    public static final String ERROR_CERTIFICATES_COULD_NOT_BE_LOADED = "Any of the certificates in the keystore could not be loaded";
    public static final String ERROR_ALGORITHM_CANNOT_BE_FOUND = "the algorithm used to check the integrity of the keystore cannot be found";
    public static final String ERROR_NO_PROVIDER_SUPPORTS_A_KS_SPI_IMPL = "No Provider supports a KeyStoreSpi implementation for the specified type.";
    public static final String ERROR_WRONG_INFO_OR_PASSWORD = "The entry is a PrivateKeyEntry or SecretKeyEntry and the specified protParam does not contain the information needed to recover the key (e.g. wrong password)";
    public static final String ERROR_INSUFFICIENT_OR_INVALID_INFO = "The specified protParam were insufficient or invalid";
    public static final String CONSUMER_SERVICE_URL_PATH = "securityRealm/finishLogin";
    private static final Logger LOG = Logger.getLogger(SamlSecurityRealm.class.getName());
    private static final String REFERER_ATTRIBUTE = SamlSecurityRealm.class.getName() + ".referer";
    public static final String WARN_THERE_IS_NOT_KEY_STORE = "There is not keyStore to validate";
    public static final String ERROR_NOT_KEY_FOUND = "Not key found";
    public static final String SUCCESS = "Success";
    public static final String NOT_POSSIBLE_TO_GET_THE_METADATA = "Was not possible to get the Metadata from the URL";
    public static final String CHECK_TROUBLESHOOTING_GUIDE = "\nIf you have issues check the troubleshoting guide at https://github.com/jenkinsci/saml-plugin/blob/master/doc/TROUBLESHOOTING.md";
    public static final String CHECK_MAX_AUTH_LIFETIME = "\nFor more info check 'Maximum Authentication Lifetime' at https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md#configuring-plugin-settings";
    private String displayNameAttributeName;
    private String groupsAttributeName;
    private int maximumAuthenticationLifetime;
    private String emailAttributeName;
    private final String usernameCaseConversion;
    private final String usernameAttributeName;
    private final String logoutUrl;
    private String binding;
    private SamlEncryptionData encryptionData;
    private SamlAdvancedConfiguration advancedConfiguration;

    @Deprecated
    private transient String idpMetadata;
    private IdpMetadataConfiguration idpMetadataConfiguration;
    private List<AttributeEntry> samlCustomAttributes;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/saml.jar:org/jenkinsci/plugins/saml/SamlSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public DescriptorImpl() {
        }

        public DescriptorImpl(Class<? extends SecurityRealm> cls) {
            super(cls);
        }

        public String getDisplayName() {
            return "SAML 2.0";
        }

        public FormValidation doCheckLogoutUrl(@QueryParameter String str) {
            if (StringUtils.isEmpty(str)) {
                return FormValidation.ok();
            }
            try {
                new URL(str);
                return FormValidation.ok();
            } catch (MalformedURLException e) {
                return FormValidation.error(SamlSecurityRealm.ERROR_MALFORMED_URL, new Object[]{e});
            }
        }

        public FormValidation doCheckDisplayNameAttributeName(@QueryParameter String str) {
            if (!StringUtils.isEmpty(str) && StringUtils.isBlank(str)) {
                return FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE);
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckGroupsAttributeName(@QueryParameter String str) {
            return StringUtils.isEmpty(str) ? FormValidation.warning(SamlSecurityRealm.WARN_RECOMMENDED_TO_SET_THE_GROUPS_ATTRIBUTE) : StringUtils.isBlank(str) ? FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE) : FormValidation.ok();
        }

        public FormValidation doCheckUsernameAttributeName(@QueryParameter String str) {
            return StringUtils.isEmpty(str) ? FormValidation.warning(SamlSecurityRealm.WARN_RECOMMENDED_TO_SET_THE_USERNAME_ATTRIBUTE) : StringUtils.isBlank(str) ? FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE) : FormValidation.ok();
        }

        public FormValidation doCheckEmailAttributeName(@QueryParameter String str) {
            if (!StringUtils.isEmpty(str) && StringUtils.isBlank(str)) {
                return FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE);
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckMaximumAuthenticationLifetime(@QueryParameter String str) {
            if (StringUtils.isEmpty(str)) {
                return FormValidation.ok();
            }
            try {
                long parseLong = Long.parseLong(str);
                if (parseLong >= 0 && parseLong <= 2147483647L) {
                    return FormValidation.ok();
                }
                return FormValidation.error(SamlSecurityRealm.ERROR_NOT_VALID_NUMBER);
            } catch (NumberFormatException e) {
                return FormValidation.error(SamlSecurityRealm.ERROR_NOT_VALID_NUMBER, new Object[]{e});
            }
        }
    }

    @DataBoundConstructor
    public SamlSecurityRealm(IdpMetadataConfiguration idpMetadataConfiguration, String str, String str2, Integer num, String str3, String str4, String str5, SamlAdvancedConfiguration samlAdvancedConfiguration, SamlEncryptionData samlEncryptionData, String str6, String str7, List<AttributeEntry> list) throws IOException {
        this.idpMetadataConfiguration = idpMetadataConfiguration;
        this.usernameAttributeName = Util.fixEmptyAndTrim(str3);
        this.usernameCaseConversion = StringUtils.defaultIfBlank(str6, DEFAULT_USERNAME_CASE_CONVERSION);
        this.logoutUrl = Util.fixEmptyAndTrim(str5);
        this.displayNameAttributeName = DEFAULT_DISPLAY_NAME_ATTRIBUTE_NAME;
        this.groupsAttributeName = DEFAULT_GROUPS_ATTRIBUTE_NAME;
        this.maximumAuthenticationLifetime = 86400;
        if (str != null && !str.isEmpty()) {
            this.displayNameAttributeName = str;
        }
        if (str2 != null && !str2.isEmpty()) {
            this.groupsAttributeName = str2;
        }
        if (num != null && num.intValue() > 0) {
            this.maximumAuthenticationLifetime = num.intValue();
        }
        if (StringUtils.isNotBlank(str4)) {
            this.emailAttributeName = Util.fixEmptyAndTrim(str4);
        }
        this.advancedConfiguration = samlAdvancedConfiguration;
        this.encryptionData = samlEncryptionData;
        this.binding = str7;
        this.samlCustomAttributes = list;
        this.idpMetadataConfiguration.createIdPMetadataFile();
        LOG.finer(toString());
    }

    public Object readResolve() {
        if (this.idpMetadataConfiguration == null) {
            this.idpMetadataConfiguration = new IdpMetadataConfiguration(this.idpMetadata);
        }
        if (!new File(getIDPMetadataFilePath()).exists() && this.idpMetadataConfiguration != null && this.idpMetadataConfiguration.getXml() != null) {
            try {
                this.idpMetadataConfiguration.createIdPMetadataFile();
            } catch (IOException e) {
                LOG.log(Level.SEVERE, e.getMessage(), (Throwable) e);
            }
        }
        if (StringUtils.isEmpty(getBinding())) {
            this.binding = SAMLConstants.SAML2_REDIRECT_BINDING_URI;
        }
        return this;
    }

    public boolean allowsSignup() {
        return false;
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() {
        LOG.finer("createSecurityComponents");
        return new SecurityRealm.SecurityComponents(new AuthenticationManager() { // from class: org.jenkinsci.plugins.saml.SamlSecurityRealm.1
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                if (authentication instanceof SamlAuthenticationToken) {
                    return authentication;
                }
                throw new BadCredentialsException("Unexpected authentication type: " + authentication);
            }
        }, new SamlUserDetailsService());
    }

    public String getLoginUrl() {
        return "securityRealm/commenceLogin";
    }

    public HttpResponse doCommenceLogin(StaplerRequest staplerRequest, StaplerResponse staplerResponse, @QueryParameter String str, @Header("Referer") String str2) {
        LOG.fine("SamlSecurityRealm.doCommenceLogin called. Using consumerServiceUrl " + getSamlPluginConfig().getConsumerServiceUrl());
        staplerRequest.getSession().setAttribute(REFERER_ATTRIBUTE, calculateSafeRedirect(str, str2));
        RedirectAction redirectAction = new SamlRedirectActionWrapper(getSamlPluginConfig(), staplerRequest, staplerResponse).get();
        if (redirectAction.getType() == RedirectAction.RedirectType.REDIRECT) {
            LOG.fine("REDIRECT : " + redirectAction.getLocation());
            return HttpResponses.redirectTo(redirectAction.getLocation());
        }
        if (redirectAction.getType() != RedirectAction.RedirectType.SUCCESS) {
            throw new IllegalStateException("Received unexpected response type " + redirectAction.getType());
        }
        LOG.fine("SUCCESS : " + redirectAction.getContent());
        return HttpResponses.html(redirectAction.getContent());
    }

    private String calculateSafeRedirect(String str, String str2) {
        String rootUrl = Jenkins.getInstance().getRootUrl();
        String str3 = (str == null || !Util.isSafeToRedirectTo(str)) ? (str2 == null || !(str2.startsWith(rootUrl) || Util.isSafeToRedirectTo(str2))) ? rootUrl : str2 : str;
        LOG.fine("Safe URL redirection: " + str3);
        return str3;
    }

    @RequirePOST
    public HttpResponse doFinishLogin(StaplerRequest staplerRequest, StaplerResponse staplerResponse) {
        LOG.finer("SamlSecurityRealm.doFinishLogin called");
        String str = (String) staplerRequest.getSession().getAttribute(REFERER_ATTRIBUTE);
        String baseUrl = str != null ? str : baseUrl();
        recreateSession(staplerRequest);
        logSamlResponse(staplerRequest);
        try {
            SAML2Profile sAML2Profile = new SamlProfileWrapper(getSamlPluginConfig(), staplerRequest, staplerResponse).get();
            String loadUserName = loadUserName(sAML2Profile);
            List<GrantedAuthority> loadGrantedAuthorities = loadGrantedAuthorities(sAML2Profile);
            SamlUserDetails samlUserDetails = new SamlUserDetails(loadUserName, (GrantedAuthority[]) loadGrantedAuthorities.toArray(new GrantedAuthority[loadGrantedAuthorities.size()]));
            SecurityContextHolder.getContext().setAuthentication(new SamlAuthenticationToken(samlUserDetails));
            SecurityListener.fireAuthenticated(samlUserDetails);
            User current = User.current();
            boolean modifyUserFullName = false | modifyUserFullName(current, sAML2Profile) | modifyUserEmail(current, (List) sAML2Profile.getAttribute(getEmailAttributeName())) | modifyUserSamlCustomAttributes(current, sAML2Profile);
            if (current != null && modifyUserFullName) {
                try {
                    current.save();
                } catch (IOException e) {
                    LOG.log(Level.WARNING, "Unable to save updated user data", (Throwable) e);
                }
            }
            SecurityListener.fireLoggedIn(samlUserDetails.getUsername());
            return HttpResponses.redirectTo(baseUrl);
        } catch (BadCredentialsException e2) {
            LOG.log(Level.WARNING, "Unable to validate the SAML Response: " + e2.getMessage() + CHECK_MAX_AUTH_LIFETIME + CHECK_TROUBLESHOOTING_GUIDE, e2);
            return HttpResponses.redirectTo(getEffectiveLogoutUrl());
        }
    }

    private String getEffectiveLogoutUrl() {
        return StringUtils.isNotBlank(getLogoutUrl()) ? getLogoutUrl() : Jenkins.getInstance().getRootUrl() + "samlLogout";
    }

    private void recreateSession(StaplerRequest staplerRequest) {
        HttpSession session = staplerRequest.getSession(false);
        if (session != null) {
            LOG.finest("Invalidate previous session");
            session.invalidate();
        }
        staplerRequest.getSession(true);
    }

    private boolean modifyUserSamlCustomAttributes(User user, SAML2Profile sAML2Profile) {
        boolean z = false;
        if (!getSamlCustomAttributes().isEmpty() && user != null) {
            SamlCustomProperty samlCustomProperty = new SamlCustomProperty(new ArrayList());
            for (AttributeEntry attributeEntry : getSamlCustomAttributes()) {
                if (attributeEntry instanceof Attribute) {
                    Attribute attribute = (Attribute) attributeEntry;
                    SamlCustomProperty.Attribute attribute2 = new SamlCustomProperty.Attribute(attribute.getName(), attribute.getDisplayName());
                    attribute2.setValue(sAML2Profile.getAttribute(attribute.getName()).toString());
                    samlCustomProperty.getAttributes().add(attribute2);
                }
            }
            try {
                user.addProperty(samlCustomProperty);
            } catch (IOException e) {
                LOG.log(Level.SEVERE, "Could not update user SAML custom attributes", (Throwable) e);
            }
            z = true;
        }
        return z;
    }

    private void logSamlResponse(StaplerRequest staplerRequest) {
        if (LOG.isLoggable(Level.FINEST)) {
            try {
                String parameter = staplerRequest.getParameter("SAMLResponse");
                if (Base64.isBase64(parameter)) {
                    LOG.finest("SAMLResponse XML:" + new String(Base64.decodeBase64(parameter), staplerRequest.getCharacterEncoding()));
                } else {
                    LOG.finest("SAMLResponse XML:" + parameter);
                }
            } catch (Exception e) {
                LOG.finest("No UTF-8 SAMLResponse XML");
                try {
                    ServletInputStream inputStream = staplerRequest.getInputStream();
                    Throwable th = null;
                    try {
                        try {
                            LOG.finest(IOUtils.toString(inputStream, staplerRequest.getCharacterEncoding()));
                            if (inputStream != null) {
                                if (0 != 0) {
                                    try {
                                        inputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    inputStream.close();
                                }
                            }
                        } catch (Throwable th3) {
                            th = th3;
                            throw th3;
                        }
                    } finally {
                    }
                } catch (IOException e2) {
                    LOG.finest("Was not possible to read the request");
                }
            }
        }
    }

    private String baseUrl() {
        return Jenkins.getInstance().getRootUrl();
    }

    private String loadUserName(SAML2Profile sAML2Profile) {
        String usernameFromProfile = getUsernameFromProfile(sAML2Profile);
        if ("lowercase".compareTo(getUsernameCaseConversion()) == 0) {
            usernameFromProfile = usernameFromProfile.toLowerCase();
        } else if ("uppercase".compareTo(getUsernameCaseConversion()) == 0) {
            usernameFromProfile = usernameFromProfile.toUpperCase();
        }
        return usernameFromProfile;
    }

    private boolean modifyUserFullName(User user, SAML2Profile sAML2Profile) {
        boolean z = false;
        String str = null;
        List list = (List) sAML2Profile.getAttribute(getDisplayNameAttributeName());
        if (list != null && !list.isEmpty()) {
            str = (String) list.get(0);
        }
        if (user != null && StringUtils.isNotBlank(str) && str.compareTo(user.getFullName()) != 0) {
            user.setFullName(str);
            z = true;
        }
        return z;
    }

    private List<GrantedAuthority> loadGrantedAuthorities(SAML2Profile sAML2Profile) {
        List list = (List) sAML2Profile.getAttribute(getGroupsAttributeName());
        if (list == null) {
            list = new ArrayList();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(AUTHENTICATED_AUTHORITY);
        if (!list.isEmpty()) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(new SamlGroupAuthority((String) it.next()));
            }
        }
        return arrayList;
    }

    private boolean modifyUserEmail(User user, List<String> list) {
        Mailer.UserProperty property;
        String str = null;
        boolean z = false;
        if (list == null || list.isEmpty()) {
            LOG.warning("There is not Email attribute '" + getEmailAttributeName() + "' for user : " + user.getId());
            return false;
        }
        Iterator<String> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (StringUtils.isNotEmpty(next)) {
                str = next;
                break;
            }
        }
        if (StringUtils.isBlank(str)) {
            LOG.warning("The Email is blank for user : " + user.getId());
        }
        if (user != null) {
            try {
                if (StringUtils.isNotBlank(str) && ((property = user.getProperty(Mailer.UserProperty.class)) == null || str.compareTo(StringUtils.defaultIfBlank(property.getAddress(), "")) != 0)) {
                    user.addProperty(new Mailer.UserProperty(str));
                    z = true;
                }
            } catch (IOException e) {
                LOG.log(Level.SEVERE, "Could not update user email", (Throwable) e);
            }
        }
        return z;
    }

    private String getUsernameFromProfile(SAML2Profile sAML2Profile) {
        if (getUsernameAttributeName() != null) {
            Object attribute = sAML2Profile.getAttribute(getUsernameAttributeName());
            if (attribute instanceof String) {
                return (String) attribute;
            }
            if (attribute instanceof List) {
                return (String) ((List) attribute).get(0);
            }
            LOG.log(Level.SEVERE, "Unable to get username from attribute {0} value {1}, Saml Profile {2}", new Object[]{getUsernameAttributeName(), attribute, sAML2Profile});
            LOG.log(Level.SEVERE, "Falling back to NameId {0}", sAML2Profile.getId());
        }
        return sAML2Profile.getId();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getIDPMetadataFilePath() {
        return Jenkins.getInstance().getRootDir().getAbsolutePath() + IDP_METADATA_FILE_NAME;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getSPMetadataFilePath() {
        return Jenkins.getInstance().getRootDir().getAbsolutePath() + SP_METADATA_FILE_NAME;
    }

    public HttpResponse doMetadata(StaplerRequest staplerRequest, StaplerResponse staplerResponse) {
        return new SamlSPMetadataWrapper(getSamlPluginConfig(), staplerRequest, staplerResponse).get();
    }

    protected String getPostLogOutUrl(StaplerRequest staplerRequest, @Nonnull Authentication authentication) {
        LOG.log(Level.FINE, "Doing Logout {}", authentication.getPrincipal());
        return (Jenkins.getInstance().hasPermission(Jenkins.READ) && StringUtils.isBlank(getLogoutUrl())) ? super.getPostLogOutUrl(staplerRequest, authentication) : getEffectiveLogoutUrl();
    }

    public void doLogout(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws IOException, ServletException {
        super.doLogout(staplerRequest, staplerResponse);
        LOG.log(Level.FINEST, "Here we could do the SAML Single Logout");
    }

    public GroupDetails loadGroupByGroupname(String str) throws UsernameNotFoundException, DataAccessException {
        SamlGroupDetails samlGroupDetails = new SamlGroupDetails(str);
        if (samlGroupDetails.getMembers().isEmpty()) {
            throw new UserMayOrMayNotExistException(str);
        }
        return samlGroupDetails;
    }

    public GroupDetails loadGroupByGroupname(String str, boolean z) throws UsernameNotFoundException, DataAccessException {
        GroupDetails loadGroupByGroupname = loadGroupByGroupname(str);
        if (z) {
            loadGroupByGroupname.getMembers();
        }
        return loadGroupByGroupname;
    }

    public SamlPluginConfig getSamlPluginConfig() {
        return new SamlPluginConfig(this.displayNameAttributeName, this.groupsAttributeName, this.maximumAuthenticationLifetime, this.emailAttributeName, this.idpMetadataConfiguration, this.usernameCaseConversion, this.usernameAttributeName, this.logoutUrl, this.binding, this.encryptionData, this.advancedConfiguration);
    }

    public String getUsernameAttributeName() {
        return this.usernameAttributeName;
    }

    public String getDisplayNameAttributeName() {
        return this.displayNameAttributeName;
    }

    public String getGroupsAttributeName() {
        return this.groupsAttributeName;
    }

    public Integer getMaximumAuthenticationLifetime() {
        return Integer.valueOf(this.maximumAuthenticationLifetime);
    }

    public SamlAdvancedConfiguration getAdvancedConfiguration() {
        return this.advancedConfiguration;
    }

    public String getBinding() {
        return this.binding;
    }

    public SamlEncryptionData getEncryptionData() {
        return this.encryptionData;
    }

    public String getUsernameCaseConversion() {
        return this.usernameCaseConversion;
    }

    public String getEmailAttributeName() {
        return this.emailAttributeName;
    }

    public String getLogoutUrl() {
        return this.logoutUrl;
    }

    public IdpMetadataConfiguration getIdpMetadataConfiguration() {
        return this.idpMetadataConfiguration;
    }

    @NonNull
    public List<AttributeEntry> getSamlCustomAttributes() {
        return this.samlCustomAttributes == null ? Collections.emptyList() : this.samlCustomAttributes;
    }

    public void setSamlCustomAttribute(List<AttributeEntry> list) {
        this.samlCustomAttributes = list;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("SamlSecurityRealm{");
        stringBuffer.append(getSamlPluginConfig().toString());
        stringBuffer.append('}');
        return stringBuffer.toString();
    }
}
