package org.keycloak.protocol.saml.installation;

import java.net.URI;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.keycloak.Config;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.ClientInstallationProvider;
import org.keycloak.protocol.saml.SamlClient;
import org.keycloak.services.resources.RealmsResource;

/* loaded from: input_file:org/keycloak/protocol/saml/installation/KeycloakSamlClientInstallation.class */
public class KeycloakSamlClientInstallation implements ClientInstallationProvider {
    public Response generateInstallation(KeycloakSession keycloakSession, RealmModel realmModel, ClientModel clientModel, URI uri) {
        SamlClient samlClient = new SamlClient(clientModel);
        StringBuilder sb = new StringBuilder();
        sb.append("<keycloak-saml-adapter>\n");
        baseXml(keycloakSession, realmModel, clientModel, uri, samlClient, sb);
        sb.append("</keycloak-saml-adapter>\n");
        return Response.ok(sb.toString(), MediaType.TEXT_PLAIN_TYPE).build();
    }

    public static void baseXml(KeycloakSession keycloakSession, RealmModel realmModel, ClientModel clientModel, URI uri, SamlClient samlClient, StringBuilder sb) {
        sb.append("    <SP entityID=\"").append(clientModel.getClientId()).append("\"\n");
        sb.append("        sslPolicy=\"").append(realmModel.getSslRequired().name()).append("\"\n");
        sb.append("        logoutPage=\"SPECIFY YOUR LOGOUT PAGE!\">\n");
        if (samlClient.requiresClientSignature() || samlClient.requiresEncryption()) {
            sb.append("        <Keys>\n");
            if (samlClient.requiresClientSignature()) {
                sb.append("            <Key signing=\"true\">\n");
                sb.append("                <PrivateKeyPem>\n");
                if (samlClient.getClientSigningPrivateKey() == null) {
                    sb.append("                    PRIVATE KEY NOT SET UP OR KNOWN\n");
                } else {
                    sb.append("                    ").append(samlClient.getClientSigningPrivateKey()).append("\n");
                }
                sb.append("                </PrivateKeyPem>\n");
                sb.append("                <CertificatePem>\n");
                if (samlClient.getClientSigningCertificate() == null) {
                    sb.append("                    YOU MUST CONFIGURE YOUR CLIENT's SIGNING CERTIFICATE\n");
                } else {
                    sb.append("                    ").append(samlClient.getClientSigningCertificate()).append("\n");
                }
                sb.append("                </CertificatePem>\n");
                sb.append("            </Key>\n");
            }
            if (samlClient.requiresEncryption()) {
                sb.append("            <Key encryption=\"true\">\n");
                sb.append("                <PrivateKeyPem>\n");
                if (samlClient.getClientEncryptingPrivateKey() == null) {
                    sb.append("                    PRIVATE KEY NOT SET UP OR KNOWN\n");
                } else {
                    sb.append("                    ").append(samlClient.getClientEncryptingPrivateKey()).append("\n");
                }
                sb.append("                </PrivateKeyPem>\n");
                sb.append("            </Key>\n");
            }
            sb.append("        </Keys>\n");
        }
        sb.append("        <IDP entityID=\"idp\"");
        if (samlClient.requiresClientSignature()) {
            sb.append("\n             signatureAlgorithm=\"").append(samlClient.getSignatureAlgorithm()).append("\"");
            if (samlClient.getCanonicalizationMethod() != null) {
                sb.append("\n             signatureCanonicalizationMethod=\"").append(samlClient.getCanonicalizationMethod()).append("\"");
            }
        }
        sb.append(">\n");
        sb.append("            <SingleSignOnService signRequest=\"").append(Boolean.toString(samlClient.requiresClientSignature())).append("\"\n");
        sb.append("                                 validateResponseSignature=\"").append(Boolean.toString(samlClient.requiresRealmSignature())).append("\"\n");
        sb.append("                                 validateAssertionSignature=\"").append(Boolean.toString(samlClient.requiresAssertionSignature())).append("\"\n");
        sb.append("                                 requestBinding=\"POST\"\n");
        String uri2 = RealmsResource.protocolUrl(UriBuilder.fromUri(uri)).build(new Object[]{realmModel.getName(), "saml"}).toString();
        sb.append("                                 bindingUrl=\"").append(uri2).append("\"/>\n");
        sb.append("            <SingleLogoutService signRequest=\"").append(Boolean.toString(samlClient.requiresClientSignature())).append("\"\n");
        sb.append("                                 signResponse=\"").append(Boolean.toString(samlClient.requiresClientSignature())).append("\"\n");
        sb.append("                                 validateRequestSignature=\"").append(Boolean.toString(samlClient.requiresRealmSignature())).append("\"\n");
        sb.append("                                 validateResponseSignature=\"").append(Boolean.toString(samlClient.requiresRealmSignature())).append("\"\n");
        sb.append("                                 requestBinding=\"POST\"\n");
        sb.append("                                 responseBinding=\"POST\"\n");
        sb.append("                                 postBindingUrl=\"").append(uri2).append("\"\n");
        sb.append("                                 redirectBindingUrl=\"").append(uri2).append("\"");
        sb.append("/>\n");
        sb.append("        </IDP>\n");
        sb.append("    </SP>\n");
    }

    public String getProtocol() {
        return "saml";
    }

    public String getDisplayType() {
        return "Keycloak SAML Adapter keycloak-saml.xml";
    }

    public String getHelpText() {
        return "Keycloak SAML adapter configuration file.  Put this in WEB-INF directory of your WAR.";
    }

    public String getFilename() {
        return "keycloak-saml.xml";
    }

    public String getMediaType() {
        return org.keycloak.utils.MediaType.APPLICATION_XML;
    }

    public boolean isDownloadOnly() {
        return false;
    }

    public void close() {
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public ClientInstallationProvider m313create(KeycloakSession keycloakSession) {
        return this;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public String getId() {
        return "keycloak-saml";
    }
}
