package org.keycloak.protocol.saml.installation;

import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriBuilder;
import java.net.URI;
import org.keycloak.Config;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.ClientInstallationProvider;
import org.keycloak.protocol.saml.SamlClient;
import org.keycloak.protocol.util.ClientCliInstallationUtil;
import org.keycloak.services.resources.RealmsResource;

/* loaded from: input_file:org/keycloak/protocol/saml/installation/KeycloakSamlSubsystemCliInstallation.class */
public class KeycloakSamlSubsystemCliInstallation implements ClientInstallationProvider {
    public Response generateInstallation(KeycloakSession keycloakSession, RealmModel realmModel, ClientModel clientModel, URI uri) {
        SamlClient samlClient = new SamlClient(clientModel);
        StringBuilder sb = new StringBuilder();
        String baseUrl = clientModel.getBaseUrl() == null ? "SPECIFY YOUR entityID!" : clientModel.getBaseUrl();
        String uri2 = RealmsResource.protocolUrl(UriBuilder.fromUri(uri)).build(new Object[]{realmModel.getName(), "saml"}).toString();
        sb.append("/subsystem=keycloak-saml/secure-deployment=YOUR-WAR.war/:add\n\n").append("/subsystem=keycloak-saml/secure-deployment=YOUR-WAR.war/SP=").append(ClientCliInstallationUtil.quote(baseUrl)).append("/:add(sslPolicy=").append(realmModel.getSslRequired().name()).append(",logoutPage=").append(ClientCliInstallationUtil.quote("SPECIFY YOUR LOGOUT PAGE!")).append("\n\n");
        if (samlClient.requiresClientSignature()) {
            sb.append("/subsystem=keycloak-saml/secure-deployment=YOUR-WAR.war/SP=").append(ClientCliInstallationUtil.quote(baseUrl)).append("/Key=KEY1:add(signing=true, \\\nPrivateKeyPem=").append(ClientCliInstallationUtil.quote(samlClient.getClientSigningPrivateKey() == null ? "PRIVATE KEY NOT SET UP OR KNOWN" : samlClient.getClientSigningPrivateKey())).append(", \\\nCertificatePem=").append(ClientCliInstallationUtil.quote(samlClient.getClientSigningCertificate() == null ? "YOU MUST CONFIGURE YOUR_CLIENT's SIGNING CERTIFICATE" : samlClient.getClientSigningCertificate())).append(")\n\n");
        }
        if (samlClient.requiresEncryption()) {
            sb.append("/subsystem=keycloak-saml/secure-deployment=YOUR-WAR.war/SP=").append(ClientCliInstallationUtil.quote(baseUrl)).append("/Key=KEY2:add(encryption=true,PrivateKeyPem=").append(ClientCliInstallationUtil.quote(samlClient.getClientEncryptingPrivateKey() == null ? "PRIVATE KEY NOT SET UP OR KNOWN" : samlClient.getClientEncryptingPrivateKey())).append(")\n\n");
        }
        sb.append("/subsystem=keycloak-saml/secure-deployment=YOUR-WAR.war/SP=").append(ClientCliInstallationUtil.quote(baseUrl)).append("/IDP=idp/:add( \\\n    SingleSignOnService={ \\\n        signRequest=").append(Boolean.toString(samlClient.requiresClientSignature())).append(", \\\n        validateResponseSignature=").append(Boolean.toString(samlClient.requiresRealmSignature())).append(", \\\n        validateAssertionSignature=").append(Boolean.toString(samlClient.requiresAssertionSignature())).append(", \\\n        requestBinding=POST, \\\n        bindingUrl=").append(uri2).append("}, \\\n    SingleLogoutService={ \\\n        signRequest=").append(Boolean.toString(samlClient.requiresClientSignature())).append(", \\\n        signResponse=").append(Boolean.toString(samlClient.requiresClientSignature())).append(", \\\n        validateRequestSignature=").append(Boolean.toString(samlClient.requiresRealmSignature())).append(", \\\n        validateResponseSignature=").append(Boolean.toString(samlClient.requiresRealmSignature())).append(", \\\n        requestBinding=POST, \\\n        responseBinding=POST, \\\n        postBindingUrl=").append(uri2).append(", \\\n        redirectBindingUrl=").append(uri2).append("} \\\n)\n\n");
        if (samlClient.requiresClientSignature()) {
            sb.append("/subsystem=keycloak-saml/secure-deployment=YOUR-WAR.war/SP=").append(ClientCliInstallationUtil.quote(baseUrl)).append("/IDP=idp/:write-attribute(name=signatureAlgorithm,value=").append(samlClient.getSignatureAlgorithm()).append(")\n\n");
            if (samlClient.getCanonicalizationMethod() != null) {
                sb.append("/subsystem=keycloak-saml/secure-deployment=YOUR-WAR.war/SP=").append(ClientCliInstallationUtil.quote(baseUrl)).append("/IDP=idp/:write-attribute(name=signatureCanonicalizationMethod,value=").append(samlClient.getCanonicalizationMethod()).append(")\n");
            }
        }
        return Response.ok(sb.toString(), MediaType.TEXT_PLAIN_TYPE).build();
    }

    public String getProtocol() {
        return "saml";
    }

    public String getDisplayType() {
        return "Keycloak SAML JBoss Subsystem CLI";
    }

    public String getHelpText() {
        return "CLI script you must edit and apply to your client app server. This type of configuration is useful when you can't or don't want to crack open your WAR file.";
    }

    public String getFilename() {
        return "keycloak-saml-subsystem.cli";
    }

    public String getMediaType() {
        return "text/plain";
    }

    public boolean isDownloadOnly() {
        return false;
    }

    public void close() {
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public ClientInstallationProvider m440create(KeycloakSession keycloakSession) {
        return this;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public String getId() {
        return "keycloak-saml-subsystem-cli";
    }
}
