package dk.itst.oiosaml.sp.metadata;

import dk.itst.oiosaml.configuration.SAMLConfiguration;
import dk.itst.oiosaml.configuration.SAMLConfigurationFactory;
import dk.itst.oiosaml.error.Layer;
import dk.itst.oiosaml.error.WrappedException;
import dk.itst.oiosaml.logging.Logger;
import dk.itst.oiosaml.logging.LoggerFactory;
import dk.itst.oiosaml.security.SecurityHelper;
import dk.itst.oiosaml.sp.service.util.Constants;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.metadata.ArtifactResolutionService;
import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
import org.opensaml.saml2.metadata.AttributeService;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.signature.X509Data;

/* loaded from: input_file:dk/itst/oiosaml/sp/metadata/IdpMetadata.class */
public class IdpMetadata {
    public static final String VERSION = "$Id: IdpMetadata.java 2964 2008-06-02 11:34:06Z jre $";
    public static final String METADATA_DIRECTORY = "common.saml2.metadata.idp.directory";
    private static IdpMetadata instance;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) IdpMetadata.class);
    private final Map<String, Metadata> metadata = new HashMap();

    /* loaded from: input_file:dk/itst/oiosaml/sp/metadata/IdpMetadata$Metadata.class */
    public static class Metadata {
        private EntityDescriptor entityDescriptor;
        private IDPSSODescriptor idpSSODescriptor;
        private Collection<X509Certificate> certificates;
        private Map<X509Certificate, Date> validCertificates;

        private Metadata(EntityDescriptor entityDescriptor, String str) {
            this.certificates = new ArrayList();
            this.validCertificates = new HashMap();
            this.entityDescriptor = entityDescriptor;
            this.idpSSODescriptor = entityDescriptor.getIDPSSODescriptor(str);
            try {
                this.certificates.add(SecurityHelper.buildJavaX509Cert(getCertificateNode().getValue()));
            } catch (CertificateException e) {
                throw new WrappedException(Layer.BUSINESS, e);
            }
        }

        public void addCertificates(Collection<X509Certificate> collection) {
            this.certificates.addAll(collection);
        }

        public String getEntityID() {
            return this.entityDescriptor.getEntityID();
        }

        public String getArtifactResolutionServiceLocation(String str) throws IllegalArgumentException {
            for (ArtifactResolutionService artifactResolutionService : this.idpSSODescriptor.getArtifactResolutionServices()) {
                if ("urn:oasis:names:tc:SAML:2.0:bindings:SOAP".equals(artifactResolutionService.getBinding())) {
                    return artifactResolutionService.getLocation();
                }
            }
            throw new IllegalArgumentException("No artifact resolution service for binding " + str);
        }

        public String getSingleSignonServiceLocation(String str) throws IllegalArgumentException {
            for (SingleSignOnService singleSignOnService : this.idpSSODescriptor.getSingleSignOnServices()) {
                if (singleSignOnService.getBinding().equals(str)) {
                    return singleSignOnService.getLocation();
                }
            }
            throw new IllegalArgumentException("Binding " + str + " not found");
        }

        public String getAttributeQueryServiceLocation(String str) throws IllegalArgumentException {
            AttributeAuthorityDescriptor attributeAuthorityDescriptor = this.entityDescriptor.getAttributeAuthorityDescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
            if (attributeAuthorityDescriptor == null) {
                throw new IllegalArgumentException("Metadata does not contain a AttributeAuthorityDescriptor");
            }
            for (AttributeService attributeService : attributeAuthorityDescriptor.getAttributeServices()) {
                if (str.equals(attributeService.getBinding())) {
                    return attributeService.getLocation();
                }
            }
            throw new IllegalArgumentException("Binding " + str + " not found in AttributeServices");
        }

        public List<SingleSignOnService> getSingleSignonServices() {
            return this.idpSSODescriptor.getSingleSignOnServices();
        }

        public String getSingleLogoutServiceLocation() {
            String str = null;
            if (this.idpSSODescriptor.getSingleLogoutServices().size() > 0) {
                str = ((SingleLogoutService) this.idpSSODescriptor.getSingleLogoutServices().get(0)).getLocation();
            }
            return str;
        }

        public String getSingleLogoutServiceResponseLocation() {
            if (this.idpSSODescriptor.getSingleLogoutServices().size() <= 0) {
                return null;
            }
            List singleLogoutServices = this.idpSSODescriptor.getSingleLogoutServices();
            SingleLogoutService singleLogoutService = (SingleLogoutService) this.idpSSODescriptor.getSingleLogoutServices().get(0);
            Iterator it = singleLogoutServices.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SingleLogoutService singleLogoutService2 = (SingleLogoutService) it.next();
                if (singleLogoutService2.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
                    singleLogoutService = singleLogoutService2;
                    break;
                }
            }
            String responseLocation = singleLogoutService.getResponseLocation();
            if (responseLocation == null) {
                responseLocation = singleLogoutService.getLocation();
            }
            return responseLocation;
        }

        private org.opensaml.xml.signature.X509Certificate getCertificateNode() {
            if (this.idpSSODescriptor != null && this.idpSSODescriptor.getKeyDescriptors().size() > 0) {
                KeyDescriptor keyDescriptor = null;
                KeyDescriptor keyDescriptor2 = null;
                for (KeyDescriptor keyDescriptor3 : this.idpSSODescriptor.getKeyDescriptors()) {
                    if (keyDescriptor3.getUse().equals(UsageType.SIGNING)) {
                        keyDescriptor = keyDescriptor3;
                    } else if (keyDescriptor3.getUse().equals(UsageType.UNSPECIFIED)) {
                        keyDescriptor2 = keyDescriptor3;
                    }
                }
                if (keyDescriptor == null) {
                    keyDescriptor = keyDescriptor2;
                }
                if (keyDescriptor == null) {
                    throw new IllegalStateException("IdP Metadata does not contain a KeyDescriptor for signing: " + getEntityID());
                }
                if (keyDescriptor.getKeyInfo().getX509Datas().size() > 0) {
                    X509Data x509Data = (X509Data) keyDescriptor.getKeyInfo().getX509Datas().get(0);
                    if (x509Data.getX509Certificates().size() > 0) {
                        return (org.opensaml.xml.signature.X509Certificate) x509Data.getX509Certificates().get(0);
                    }
                }
            }
            throw new IllegalStateException("IdP Metadata does not contain a certificate: " + getEntityID());
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Collection<X509Certificate> getAllCertificates() {
            return this.certificates;
        }

        public Collection<X509Certificate> getCertificates() {
            ArrayList arrayList = new ArrayList();
            for (X509Certificate x509Certificate : this.certificates) {
                if (x509Certificate.getNotAfter().after(new Date())) {
                    arrayList.add(x509Certificate);
                } else {
                    IdpMetadata.log.debug("Local Metadata certificateValidated for " + getEntityID() + " expired at " + x509Certificate.getNotAfter() + ", current: " + new Date());
                }
            }
            return arrayList;
        }

        public Collection<X509Certificate> getValidCertificates() {
            ArrayList arrayList = new ArrayList();
            for (X509Certificate x509Certificate : this.validCertificates.keySet()) {
                if (x509Certificate.getNotAfter().after(new Date())) {
                    arrayList.add(x509Certificate);
                } else {
                    IdpMetadata.log.debug("Local Metadata certificateValidated for " + getEntityID() + " expired at " + x509Certificate.getNotAfter() + ", current: " + new Date());
                }
            }
            return arrayList;
        }

        public void setCertificateValid(X509Certificate x509Certificate, boolean z) {
            if (z) {
                this.validCertificates.put(x509Certificate, new Date());
            } else {
                this.validCertificates.remove(x509Certificate);
            }
        }

        public Date getLastTimeForCertificationValidation(X509Certificate x509Certificate) {
            return this.validCertificates.get(x509Certificate);
        }

        public Endpoint findLoginEndpoint(String[] strArr) {
            if (strArr == null) {
                throw new IllegalArgumentException("bindings cannot be null");
            }
            for (String str : strArr) {
                for (SingleSignOnService singleSignOnService : this.idpSSODescriptor.getSingleSignOnServices()) {
                    if (singleSignOnService.getBinding().equalsIgnoreCase(str)) {
                        return singleSignOnService;
                    }
                }
            }
            throw new IllegalArgumentException("No SingleSignonService found for " + Arrays.toString(strArr));
        }

        public String getAttributeNameFormat(String str, String str2) {
            for (Attribute attribute : this.idpSSODescriptor.getAttributes()) {
                if (str.equals(attribute.getName())) {
                    return attribute.getNameFormat();
                }
            }
            return str2;
        }

        public Collection<PublicKey> getPublicKeys() {
            ArrayList arrayList = new ArrayList();
            Iterator<X509Certificate> it = getCertificates().iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getPublicKey());
            }
            return arrayList;
        }
    }

    public IdpMetadata(String str, EntityDescriptor... entityDescriptorArr) {
        for (EntityDescriptor entityDescriptor : entityDescriptorArr) {
            if (this.metadata.containsKey(entityDescriptor.getEntityID())) {
                this.metadata.get(entityDescriptor.getEntityID()).addCertificates(new Metadata(entityDescriptor, str).getCertificates());
            } else {
                this.metadata.put(entityDescriptor.getEntityID(), new Metadata(entityDescriptor, str));
            }
        }
    }

    public static IdpMetadata getInstance() {
        if (instance == null) {
            SAMLConfiguration configuration = SAMLConfigurationFactory.getConfiguration();
            String string = configuration.getSystemConfiguration().getString(Constants.PROP_PROTOCOL);
            List<XMLObject> listOfIdpMetadata = configuration.getListOfIdpMetadata();
            instance = new IdpMetadata(string, (EntityDescriptor[]) listOfIdpMetadata.toArray(new EntityDescriptor[listOfIdpMetadata.size()]));
        }
        return instance;
    }

    public static void setMetadata(IdpMetadata idpMetadata) {
        instance = idpMetadata;
    }

    public Metadata getMetadata(String str) {
        Metadata metadata = this.metadata.get(str);
        if (metadata == null) {
            throw new IllegalArgumentException("No metadata found for " + str);
        }
        return metadata;
    }

    public boolean enableDiscovery() {
        return this.metadata.size() > 1;
    }

    public Metadata getFirstMetadata() {
        return getMetadata(getEntityIDs().iterator().next());
    }

    public Collection<String> getEntityIDs() {
        return this.metadata.keySet();
    }

    public Metadata findSupportedEntity(String... strArr) {
        for (String str : strArr) {
            Metadata metadata = this.metadata.get(str);
            if (metadata != null) {
                return metadata;
            }
        }
        log.debug("No supported idp found in " + Arrays.toString(strArr) + ". Supported ids: " + this.metadata.keySet());
        return null;
    }
}
