package org.keycloak.protocol.saml.installation;

import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.io.StringWriter;
import java.net.URI;
import java.util.Collections;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.dom.saml.v2.metadata.KeyDescriptorType;
import org.keycloak.dom.saml.v2.metadata.KeyTypes;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.ClientInstallationProvider;
import org.keycloak.protocol.saml.SamlClient;
import org.keycloak.protocol.saml.SamlProtocol;
import org.keycloak.saml.SPMetadataDescriptor;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.util.StaxUtil;
import org.keycloak.saml.processing.core.saml.v2.writers.SAMLMetadataWriter;

/* loaded from: input_file:org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.class */
public class SamlSPDescriptorClientInstallation implements ClientInstallationProvider {
    protected static final Logger logger = Logger.getLogger(SamlSPDescriptorClientInstallation.class);
    public static final String SAML_CLIENT_INSTALATION_SP_DESCRIPTOR = "saml-sp-descriptor";
    private static final String FALLBACK_ERROR_URL_STRING = "ERROR:ENDPOINT_NOT_SET";

    public static String getSPDescriptorForClient(ClientModel clientModel) {
        String attribute;
        String attribute2;
        URI uri;
        try {
            SamlClient samlClient = new SamlClient(clientModel);
            URI uri2 = null;
            if (samlClient.forcePostBinding()) {
                attribute = clientModel.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE);
                attribute2 = clientModel.getAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE);
                uri = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.getUri();
            } else {
                attribute = clientModel.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE);
                attribute2 = clientModel.getAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE);
                uri = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri();
            }
            if (samlClient.forceArtifactBinding()) {
                if (clientModel.getAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_ARTIFACT_ATTRIBUTE) != null) {
                    uri2 = JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri();
                    attribute2 = clientModel.getAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_ARTIFACT_ATTRIBUTE);
                } else {
                    uri2 = uri;
                }
                attribute = clientModel.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_ARTIFACT_ATTRIBUTE);
                uri = JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri();
            }
            if (attribute == null || attribute.trim().isEmpty()) {
                attribute = clientModel.getManagementUrl();
            }
            if (attribute == null || attribute.trim().isEmpty()) {
                attribute = FALLBACK_ERROR_URL_STRING;
            }
            if (attribute2 == null || attribute2.trim().isEmpty()) {
                attribute2 = clientModel.getManagementUrl();
            }
            if (attribute2 == null || attribute2.trim().isEmpty()) {
                attribute2 = FALLBACK_ERROR_URL_STRING;
            }
            if (uri2 == null) {
                uri2 = uri;
            }
            String nameIDFormat = samlClient.getNameIDFormat();
            if (nameIDFormat == null) {
                nameIDFormat = SamlProtocol.SAML_DEFAULT_NAMEID_FORMAT;
            }
            KeyDescriptorType buildKeyDescriptorType = SPMetadataDescriptor.buildKeyDescriptorType(SPMetadataDescriptor.buildKeyInfoElement((String) null, samlClient.getClientSigningCertificate()), KeyTypes.SIGNING, (String[]) null);
            KeyDescriptorType buildKeyDescriptorType2 = SPMetadataDescriptor.buildKeyDescriptorType(SPMetadataDescriptor.buildKeyInfoElement((String) null, samlClient.getClientEncryptingCertificate()), KeyTypes.ENCRYPTION, (String[]) null);
            StringWriter stringWriter = new StringWriter();
            new SAMLMetadataWriter(StaxUtil.getXMLStreamWriter(stringWriter)).writeEntityDescriptor(SPMetadataDescriptor.buildSPDescriptor(uri, uri2, new URI(attribute), new URI(attribute2), samlClient.requiresClientSignature(), samlClient.requiresAssertionSignature(), samlClient.requiresEncryption(), clientModel.getClientId(), nameIDFormat, Collections.singletonList(buildKeyDescriptorType), Collections.singletonList(buildKeyDescriptorType2)));
            return stringWriter.toString();
        } catch (Exception e) {
            logger.error("Cannot generate SP metadata", e);
            return "";
        }
    }

    public Response generateInstallation(KeycloakSession keycloakSession, RealmModel realmModel, ClientModel clientModel, URI uri) {
        return Response.ok(getSPDescriptorForClient(clientModel), MediaType.TEXT_PLAIN_TYPE).build();
    }

    public String getProtocol() {
        return "saml";
    }

    public String getDisplayType() {
        return "SAML Metadata SPSSODescriptor";
    }

    public String getHelpText() {
        return "SAML SP Metadata EntityDescriptor or rather SPSSODescriptor. This is an XML file.";
    }

    public String getFilename() {
        return "saml-sp-metadata.xml";
    }

    public String getMediaType() {
        return org.keycloak.utils.MediaType.APPLICATION_XML;
    }

    public boolean isDownloadOnly() {
        return false;
    }

    public void close() {
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public ClientInstallationProvider m445create(KeycloakSession keycloakSession) {
        return this;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public String getId() {
        return SAML_CLIENT_INSTALATION_SP_DESCRIPTOR;
    }
}
