package ddf.security.samlp.impl;

import com.google.common.collect.ImmutableSet;
import ddf.security.samlp.SamlProtocol;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Predicate;
import javax.annotation.concurrent.Immutable;
import org.apache.commons.lang.StringUtils;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.Endpoint;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.security.credential.UsageType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Immutable
/* loaded from: input_file:ddf-security-common-2.9.1.jar:ddf/security/samlp/impl/EntityInformation.class */
public class EntityInformation {
    private final String signingCertificate;
    private final String encryptionCertificate;
    private final ServiceInfo defaultAssertionConsumerService;
    private final Map<SamlProtocol.Binding, ServiceInfo> assertionConsumerServices;
    private final Map<SamlProtocol.Binding, ServiceInfo> logoutServices;
    private final Set<SamlProtocol.Binding> supportedBindings;
    private static final Logger LOGGER = LoggerFactory.getLogger(EntityInformation.class);
    protected static final SamlProtocol.Binding PREFERRED_BINDING = SamlProtocol.Binding.HTTP_REDIRECT;

    /* loaded from: input_file:ddf-security-common-2.9.1.jar:ddf/security/samlp/impl/EntityInformation$Builder.class */
    public static class Builder {
        private static final ImmutableSet<UsageType> SIGNING_TYPES = ImmutableSet.of(UsageType.UNSPECIFIED, UsageType.SIGNING);
        private final SPSSODescriptor spssoDescriptor;
        private final Set<SamlProtocol.Binding> supportedBindings;
        private String signingCertificate;
        private String encryptionCertificate;
        private ServiceInfo defaultAssertionConsumerService;
        private final Map<SamlProtocol.Binding, ServiceInfo> assertionConsumerServices = new HashMap();
        private final Map<SamlProtocol.Binding, ServiceInfo> logoutServices = new HashMap();

        public Builder(EntityDescriptor entityDescriptor, Set<SamlProtocol.Binding> set) {
            this.spssoDescriptor = getSpssoDescriptor(entityDescriptor);
            this.supportedBindings = set;
        }

        public EntityInformation build() {
            if (this.spssoDescriptor != null) {
                return new EntityInformation(parseSigningCertificate().parseEncryptionCertificate().parseAssertionConsumerServiceInfo().parseLogoutServices());
            }
            EntityInformation.LOGGER.warn("Unable to build EntityInformation without a descriptor");
            return null;
        }

        SPSSODescriptor getSpssoDescriptor(EntityDescriptor entityDescriptor) {
            SPSSODescriptor sPSSODescriptor = entityDescriptor.getSPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
            if (sPSSODescriptor == null) {
                EntityInformation.LOGGER.warn("Unable to find supported protocol in EntityDescriptor {}", entityDescriptor.getEntityID());
            }
            return sPSSODescriptor;
        }

        Builder parseSigningCertificate() {
            this.signingCertificate = extractCertificate(this.spssoDescriptor, keyDescriptor -> {
                return SIGNING_TYPES.contains(keyDescriptor.getUse());
            });
            return this;
        }

        Builder parseEncryptionCertificate() {
            this.encryptionCertificate = extractCertificate(this.spssoDescriptor, keyDescriptor -> {
                return UsageType.ENCRYPTION.equals(keyDescriptor.getUse());
            });
            return this;
        }

        Builder parseAssertionConsumerServiceInfo() {
            AssertionConsumerService defaultAssertionConsumerService = this.spssoDescriptor.getDefaultAssertionConsumerService();
            if (defaultAssertionConsumerService != null && this.supportedBindings.contains(SamlProtocol.Binding.from(defaultAssertionConsumerService.getBinding()))) {
                EntityInformation.LOGGER.debug("Using AssertionConsumerServiceURL from default assertion consumer service: {}", defaultAssertionConsumerService.getLocation());
                this.defaultAssertionConsumerService = new ServiceInfo(defaultAssertionConsumerService.getLocation(), SamlProtocol.Binding.from(defaultAssertionConsumerService.getBinding()));
            }
            putAllSupported(this.assertionConsumerServices, this.spssoDescriptor.getAssertionConsumerServices());
            return this;
        }

        Builder parseLogoutServices() {
            putAllSupported(this.logoutServices, this.spssoDescriptor.getSingleLogoutServices());
            return this;
        }

        void putAllSupported(Map<SamlProtocol.Binding, ServiceInfo> map, List<? extends Endpoint> list) {
            for (SamlProtocol.Binding binding : this.supportedBindings) {
                ServiceInfo parseServiceInfo = parseServiceInfo(list, endpoint -> {
                    return binding.isEqual(endpoint.getBinding());
                });
                if (parseServiceInfo.url != null) {
                    map.put(binding, parseServiceInfo);
                }
            }
        }

        ServiceInfo parseServiceInfo(List<? extends Endpoint> list, Predicate<Endpoint> predicate) {
            return (ServiceInfo) list.stream().filter(predicate).findFirst().map(endpoint -> {
                return new ServiceInfo(endpoint.getLocation(), SamlProtocol.Binding.from(endpoint.getBinding()));
            }).orElse(new ServiceInfo(null, null));
        }

        String extractCertificate(SPSSODescriptor sPSSODescriptor, Predicate<KeyDescriptor> predicate) {
            return (String) sPSSODescriptor.getKeyDescriptors().stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).filter(keyDescriptor -> {
                return Objects.nonNull(keyDescriptor.getUse());
            }).filter(predicate).filter(keyDescriptor2 -> {
                return Objects.nonNull(extractCertificateFromKeyDescriptor(keyDescriptor2));
            }).reduce((keyDescriptor3, keyDescriptor4) -> {
                return (keyDescriptor4.getUse().equals(UsageType.SIGNING) || keyDescriptor3 == null) ? keyDescriptor4 : keyDescriptor3;
            }).map(this::extractCertificateFromKeyDescriptor).orElse(null);
        }

        String extractCertificateFromKeyDescriptor(KeyDescriptor keyDescriptor) {
            return (String) keyDescriptor.getKeyInfo().getX509Datas().stream().flatMap(x509Data -> {
                return x509Data.getX509Certificates().stream();
            }).map((v0) -> {
                return v0.getValue();
            }).filter(StringUtils::isNotBlank).findFirst().orElse(null);
        }
    }

    /* loaded from: input_file:ddf-security-common-2.9.1.jar:ddf/security/samlp/impl/EntityInformation$ServiceInfo.class */
    public static class ServiceInfo {
        private final String url;
        private final SamlProtocol.Binding binding;

        ServiceInfo(String str, SamlProtocol.Binding binding) {
            this.url = str;
            this.binding = binding;
        }

        public String getUrl() {
            return this.url;
        }

        public SamlProtocol.Binding getBinding() {
            return this.binding;
        }
    }

    private EntityInformation(Builder builder) {
        this.signingCertificate = builder.signingCertificate;
        this.encryptionCertificate = builder.encryptionCertificate;
        this.defaultAssertionConsumerService = builder.defaultAssertionConsumerService;
        this.assertionConsumerServices = builder.assertionConsumerServices;
        this.logoutServices = builder.logoutServices;
        this.supportedBindings = builder.supportedBindings;
    }

    public String getSigningCertificate() {
        return this.signingCertificate;
    }

    public String getEncryptionCertificate() {
        return this.encryptionCertificate;
    }

    public ServiceInfo getLogoutService() {
        return getLogoutService(null);
    }

    public ServiceInfo getLogoutService(SamlProtocol.Binding binding) {
        ServiceInfo serviceInfo = this.logoutServices.get(getBinding(null, binding));
        if (serviceInfo == null) {
            serviceInfo = this.logoutServices.values().stream().findFirst().orElse(null);
        }
        return serviceInfo;
    }

    SamlProtocol.Binding getBinding(AuthnRequest authnRequest, SamlProtocol.Binding binding) {
        return (authnRequest == null || authnRequest.getProtocolBinding() == null || !this.supportedBindings.contains(SamlProtocol.Binding.from(authnRequest.getProtocolBinding()))) ? binding != null ? binding : PREFERRED_BINDING : SamlProtocol.Binding.from(authnRequest.getProtocolBinding());
    }

    public ServiceInfo getAssertionConsumerService(AuthnRequest authnRequest, SamlProtocol.Binding binding) {
        ServiceInfo serviceInfo;
        if (authnRequest != null && authnRequest.getProtocolBinding() != null && this.supportedBindings.contains(SamlProtocol.Binding.from(authnRequest.getProtocolBinding())) && (serviceInfo = this.assertionConsumerServices.get(SamlProtocol.Binding.from(authnRequest.getProtocolBinding()))) != null) {
            return serviceInfo;
        }
        ServiceInfo serviceInfo2 = this.assertionConsumerServices.get(binding != null ? binding : PREFERRED_BINDING);
        return serviceInfo2 != null ? serviceInfo2 : this.defaultAssertionConsumerService != null ? this.defaultAssertionConsumerService : this.assertionConsumerServices.values().stream().findFirst().orElse(null);
    }
}
