package org.springframework.security.saml.spi.opensaml;

import java.io.ByteArrayInputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.time.Clock;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.crypto.SecretKey;
import javax.xml.datatype.Duration;
import javax.xml.namespace.QName;
import javax.xml.validation.Schema;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import net.shibboleth.utilities.java.support.xml.BasicParserPool;
import net.shibboleth.utilities.java.support.xml.DOMTypeSupport;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.utils.Base64;
import org.joda.time.DateTime;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.config.InitializationService;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallerFactory;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallerFactory;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.schema.XSAny;
import org.opensaml.core.xml.schema.XSBase64Binary;
import org.opensaml.core.xml.schema.XSBoolean;
import org.opensaml.core.xml.schema.XSBooleanValue;
import org.opensaml.core.xml.schema.XSDateTime;
import org.opensaml.core.xml.schema.XSInteger;
import org.opensaml.core.xml.schema.XSString;
import org.opensaml.core.xml.schema.XSURI;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.SAMLObjectContentReference;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.ext.idpdisco.DiscoveryResponse;
import org.opensaml.saml.ext.saml2mdreqinit.RequestInitiator;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.AttributeValue;
import org.opensaml.saml.saml2.core.Audience;
import org.opensaml.saml.saml2.core.AuthenticatingAuthority;
import org.opensaml.saml.saml2.core.AuthnContext;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Condition;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.EncryptedAttribute;
import org.opensaml.saml.saml2.core.EncryptedElementType;
import org.opensaml.saml.saml2.core.EncryptedID;
import org.opensaml.saml.saml2.core.IDPEntry;
import org.opensaml.saml.saml2.core.IDPList;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.NameIDType;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml.saml2.core.RequesterID;
import org.opensaml.saml.saml2.core.Scoping;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.core.StatusMessage;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.saml.saml2.encryption.Encrypter;
import org.opensaml.saml.saml2.metadata.ArtifactResolutionService;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.Extensions;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.IndexedEndpoint;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.NameIDFormat;
import org.opensaml.saml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.credential.impl.KeyStoreCredentialResolver;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap;
import org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;
import org.opensaml.xmlsec.encryption.support.DecryptionException;
import org.opensaml.xmlsec.encryption.support.EncryptionException;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters;
import org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
import org.opensaml.xmlsec.signature.X509Certificate;
import org.opensaml.xmlsec.signature.X509Data;
import org.opensaml.xmlsec.signature.impl.SignatureImpl;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureSupport;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
import org.opensaml.xmlsec.signature.support.Signer;
import org.springframework.security.saml.SamlException;
import org.springframework.security.saml.SamlKeyException;
import org.springframework.security.saml.key.KeyType;
import org.springframework.security.saml.key.SimpleKey;
import org.springframework.security.saml.saml2.ImplementationHolder;
import org.springframework.security.saml.saml2.Namespace;
import org.springframework.security.saml.saml2.Saml2Object;
import org.springframework.security.saml.saml2.attribute.Attribute;
import org.springframework.security.saml.saml2.attribute.AttributeNameFormat;
import org.springframework.security.saml.saml2.authentication.Assertion;
import org.springframework.security.saml.saml2.authentication.AssertionCondition;
import org.springframework.security.saml.saml2.authentication.AudienceRestriction;
import org.springframework.security.saml.saml2.authentication.AuthenticationContext;
import org.springframework.security.saml.saml2.authentication.AuthenticationContextClassReference;
import org.springframework.security.saml.saml2.authentication.AuthenticationRequest;
import org.springframework.security.saml.saml2.authentication.AuthenticationStatement;
import org.springframework.security.saml.saml2.authentication.LogoutReason;
import org.springframework.security.saml.saml2.authentication.LogoutRequest;
import org.springframework.security.saml.saml2.authentication.LogoutResponse;
import org.springframework.security.saml.saml2.authentication.NameIdPolicy;
import org.springframework.security.saml.saml2.authentication.NameIdPrincipal;
import org.springframework.security.saml.saml2.authentication.OneTimeUse;
import org.springframework.security.saml.saml2.authentication.RequestedAuthenticationContext;
import org.springframework.security.saml.saml2.authentication.Response;
import org.springframework.security.saml.saml2.authentication.SubjectConfirmationMethod;
import org.springframework.security.saml.saml2.encrypt.DataEncryptionMethod;
import org.springframework.security.saml.saml2.encrypt.KeyEncryptionMethod;
import org.springframework.security.saml.saml2.metadata.Binding;
import org.springframework.security.saml.saml2.metadata.Endpoint;
import org.springframework.security.saml.saml2.metadata.IdentityProvider;
import org.springframework.security.saml.saml2.metadata.IdentityProviderMetadata;
import org.springframework.security.saml.saml2.metadata.Metadata;
import org.springframework.security.saml.saml2.metadata.NameId;
import org.springframework.security.saml.saml2.metadata.Provider;
import org.springframework.security.saml.saml2.metadata.ServiceProvider;
import org.springframework.security.saml.saml2.metadata.ServiceProviderMetadata;
import org.springframework.security.saml.saml2.metadata.SsoProvider;
import org.springframework.security.saml.saml2.signature.AlgorithmMethod;
import org.springframework.security.saml.saml2.signature.CanonicalizationMethod;
import org.springframework.security.saml.saml2.signature.DigestMethod;
import org.springframework.security.saml.saml2.signature.Signature;
import org.springframework.security.saml.spi.SamlKeyStoreProvider;
import org.springframework.security.saml.spi.SpringSecuritySaml;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:org/springframework/security/saml/spi/opensaml/OpenSamlImplementation.class */
public class OpenSamlImplementation extends SpringSecuritySaml<OpenSamlImplementation> {
    private static final Log logger = LogFactory.getLog(OpenSamlImplementation.class);
    private BasicParserPool parserPool;
    private ChainingEncryptedKeyResolver encryptedKeyResolver;
    private SamlKeyStoreProvider samlKeyStoreProvider;

    public OpenSamlImplementation(Clock clock) {
        super(clock);
        this.samlKeyStoreProvider = new SamlKeyStoreProvider() { // from class: org.springframework.security.saml.spi.opensaml.OpenSamlImplementation.1
        };
        this.parserPool = new BasicParserPool();
    }

    public SamlKeyStoreProvider getSamlKeyStoreProvider() {
        return this.samlKeyStoreProvider;
    }

    public OpenSamlImplementation setSamlKeyStoreProvider(SamlKeyStoreProvider samlKeyStoreProvider) {
        this.samlKeyStoreProvider = samlKeyStoreProvider;
        return this;
    }

    public BasicParserPool getParserPool() {
        return this.parserPool;
    }

    public MarshallerFactory getMarshallerFactory() {
        return XMLObjectProviderRegistrySupport.getMarshallerFactory();
    }

    public UnmarshallerFactory getUnmarshallerFactory() {
        return XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
    }

    public EntityDescriptor getEntityDescriptor() {
        return getBuilderFactory().getBuilder(EntityDescriptor.DEFAULT_ELEMENT_NAME).buildObject();
    }

    public SPSSODescriptor getSPSSODescriptor() {
        return getBuilderFactory().getBuilder(SPSSODescriptor.DEFAULT_ELEMENT_NAME).buildObject();
    }

    public IDPSSODescriptor getIDPSSODescriptor() {
        return getBuilderFactory().getBuilder(IDPSSODescriptor.DEFAULT_ELEMENT_NAME).buildObject();
    }

    public Extensions getMetadataExtensions() {
        return getBuilderFactory().getBuilder(Extensions.DEFAULT_ELEMENT_NAME).buildObject();
    }

    public XMLObjectBuilderFactory getBuilderFactory() {
        return XMLObjectProviderRegistrySupport.getBuilderFactory();
    }

    @Override // org.springframework.security.saml.spi.SpringSecuritySaml
    protected void bootstrap() {
        XMLObjectProviderRegistry xMLObjectProviderRegistry;
        this.parserPool.setMaxPoolSize(50);
        this.parserPool.setCoalescing(true);
        this.parserPool.setExpandEntityReferences(false);
        this.parserPool.setIgnoreComments(true);
        this.parserPool.setIgnoreElementContentWhitespace(true);
        this.parserPool.setNamespaceAware(true);
        this.parserPool.setSchema((Schema) null);
        this.parserPool.setDTDValidating(false);
        this.parserPool.setXincludeAware(false);
        this.parserPool.setBuilderAttributes(new HashMap());
        HashMap hashMap = new HashMap();
        hashMap.put("http://apache.org/xml/features/disallow-doctype-decl", Boolean.TRUE);
        hashMap.put("http://javax.xml.XMLConstants/feature/secure-processing", Boolean.TRUE);
        hashMap.put("http://xml.org/sax/features/external-general-entities", Boolean.FALSE);
        hashMap.put("http://apache.org/xml/features/validation/schema/normalized-value", Boolean.FALSE);
        hashMap.put("http://xml.org/sax/features/external-parameter-entities", Boolean.FALSE);
        hashMap.put("http://apache.org/xml/features/dom/defer-node-expansion", Boolean.FALSE);
        this.parserPool.setBuilderFeatures(hashMap);
        try {
            this.parserPool.initialize();
            try {
                InitializationService.initialize();
                synchronized (ConfigurationService.class) {
                    xMLObjectProviderRegistry = (XMLObjectProviderRegistry) ConfigurationService.get(XMLObjectProviderRegistry.class);
                    if (xMLObjectProviderRegistry == null) {
                        xMLObjectProviderRegistry = new XMLObjectProviderRegistry();
                        ConfigurationService.register(XMLObjectProviderRegistry.class, xMLObjectProviderRegistry);
                    }
                }
                xMLObjectProviderRegistry.setParserPool(this.parserPool);
                this.encryptedKeyResolver = new ChainingEncryptedKeyResolver(Arrays.asList(new InlineEncryptedKeyResolver(), new EncryptedElementTypeEncryptedKeyResolver(), new SimpleRetrievalMethodEncryptedKeyResolver()));
            } catch (InitializationException e) {
                throw new SamlException("Unable to initialize OpenSaml v3", e);
            }
        } catch (ComponentInitializationException e2) {
            throw new SamlException("Unable to initialize OpenSaml v3 ParserPool", e2);
        }
    }

    @Override // org.springframework.security.saml.spi.SpringSecuritySaml
    public long toMillis(Duration duration) {
        if (Objects.isNull(duration)) {
            return -1L;
        }
        return DOMTypeSupport.durationToLong(duration);
    }

    @Override // org.springframework.security.saml.spi.SpringSecuritySaml
    public Duration toDuration(long j) {
        if (j < 0) {
            return null;
        }
        return DOMTypeSupport.getDataTypeFactory().newDuration(j);
    }

    @Override // org.springframework.security.saml.spi.SpringSecuritySaml
    public String toXml(Saml2Object saml2Object) {
        AuthnRequest authnRequest = null;
        if (saml2Object instanceof AuthenticationRequest) {
            authnRequest = internalToXml((AuthenticationRequest) saml2Object);
        } else if (saml2Object instanceof Assertion) {
            authnRequest = internalToXml((Assertion) saml2Object);
        } else if (saml2Object instanceof Metadata) {
            authnRequest = internalToXml((Metadata<? extends Metadata>) saml2Object);
        } else if (saml2Object instanceof Response) {
            authnRequest = internalToXml((Response) saml2Object);
        } else if (saml2Object instanceof LogoutRequest) {
            authnRequest = internalToXml((LogoutRequest) saml2Object);
        } else if (saml2Object instanceof LogoutResponse) {
            authnRequest = internalToXml((LogoutResponse) saml2Object);
        }
        if (authnRequest != null) {
            return marshallToXml(authnRequest);
        }
        throw new SamlException(new StringBuilder().append("To xml transformation not supported for: ").append(saml2Object).toString() != null ? saml2Object.getClass().getName() : "null");
    }

    @Override // org.springframework.security.saml.spi.SpringSecuritySaml
    public Saml2Object resolve(String str, List<SimpleKey> list, List<SimpleKey> list2) {
        return resolve(str.getBytes(StandardCharsets.UTF_8), list, list2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v48, types: [org.springframework.security.saml.saml2.metadata.EntityDescriptor] */
    @Override // org.springframework.security.saml.spi.SpringSecuritySaml
    public Saml2Object resolve(byte[] bArr, List<SimpleKey> list, List<SimpleKey> list2) {
        XMLObject parse = parse(bArr);
        Signature validateSignature = validateSignature((SignableSAMLObject) parse, list);
        Saml2Object saml2Object = null;
        if (parse instanceof EntityDescriptor) {
            saml2Object = resolveMetadata((EntityDescriptor) parse).setSignature(validateSignature);
        } else if (parse instanceof EntitiesDescriptor) {
            saml2Object = resolveMetadata((EntitiesDescriptor) parse, list, list2);
        } else if (parse instanceof AuthnRequest) {
            saml2Object = resolveAuthenticationRequest((AuthnRequest) parse).setSignature(validateSignature);
        } else if (parse instanceof org.opensaml.saml.saml2.core.Assertion) {
            saml2Object = resolveAssertion((org.opensaml.saml.saml2.core.Assertion) parse, list, list2);
        } else if (parse instanceof org.opensaml.saml.saml2.core.Response) {
            saml2Object = resolveResponse((org.opensaml.saml.saml2.core.Response) parse, list, list2).setSignature(validateSignature);
        } else if (parse instanceof org.opensaml.saml.saml2.core.LogoutRequest) {
            saml2Object = resolveLogoutRequest((org.opensaml.saml.saml2.core.LogoutRequest) parse, list, list2).setSignature(validateSignature);
        } else if (parse instanceof org.opensaml.saml.saml2.core.LogoutResponse) {
            saml2Object = resolveLogoutResponse((org.opensaml.saml.saml2.core.LogoutResponse) parse, list, list2).setSignature(validateSignature);
        }
        if (saml2Object == null) {
            throw new SamlException("Deserialization not yet supported for class: " + parse.getClass());
        }
        if (saml2Object instanceof ImplementationHolder) {
            ((ImplementationHolder) saml2Object).setImplementation(parse);
            ((ImplementationHolder) saml2Object).setOriginalXML(new String(bArr, StandardCharsets.UTF_8));
        }
        return saml2Object;
    }

    @Override // org.springframework.security.saml.spi.SpringSecuritySaml
    public Signature validateSignature(Saml2Object saml2Object, List<SimpleKey> list) {
        if (saml2Object == null || saml2Object.getImplementation() == null) {
            throw new SamlException("No object to validate signature against.");
        }
        if (list == null || list.isEmpty()) {
            throw new SamlKeyException("At least one verification key has to be provided");
        }
        if (saml2Object.getImplementation() instanceof SignableSAMLObject) {
            return validateSignature((SignableSAMLObject) saml2Object.getImplementation(), list);
        }
        throw new SamlException("Unrecognized object type:" + saml2Object.getImplementation().getClass().getName());
    }

    public Signature validateSignature(SignableSAMLObject signableSAMLObject, List<SimpleKey> list) {
        Signature signature = null;
        if (signableSAMLObject.isSigned() && list != null && !list.isEmpty()) {
            SignatureException signatureException = null;
            for (SimpleKey simpleKey : list) {
                try {
                    SignatureValidator.validate(signableSAMLObject.getSignature(), getCredential(simpleKey, getCredentialsResolver(simpleKey)));
                    signatureException = null;
                    signature = getSignature(signableSAMLObject).setValidated(true).setValidatingKey(simpleKey);
                    break;
                } catch (SignatureException e) {
                    signatureException = e;
                }
            }
            if (signatureException != null) {
                throw new org.springframework.security.saml.saml2.signature.SignatureException("Signature validation against a " + signableSAMLObject.getClass().getName() + " object failed using " + list.size() + (list.size() == 1 ? " key." : " keys."), signatureException);
            }
        }
        return signature;
    }

    public Credential getCredential(SimpleKey simpleKey, KeyStoreCredentialResolver keyStoreCredentialResolver) {
        try {
            CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new EntityIdCriterion(simpleKey.getName()));
            return keyStoreCredentialResolver.resolveSingle(criteriaSet);
        } catch (ResolverException e) {
            throw new SamlKeyException("Can't obtain SP private key", e);
        }
    }

    public KeyStoreCredentialResolver getCredentialsResolver(SimpleKey simpleKey) {
        return new KeyStoreCredentialResolver(getSamlKeyStoreProvider().getKeyStore(simpleKey), StringUtils.hasText(simpleKey.getPrivateKey()) ? Collections.singletonMap(simpleKey.getName(), simpleKey.getPassphrase()) : Collections.emptyMap());
    }

    protected Signature getSignature(SignableSAMLObject signableSAMLObject) {
        SignatureImpl signature = signableSAMLObject.getSignature();
        Signature signature2 = null;
        if (signature != null && (signature instanceof SignatureImpl)) {
            SignatureImpl signatureImpl = signature;
            try {
                signature2 = new Signature().setSignatureAlgorithm(AlgorithmMethod.fromUrn(signatureImpl.getSignatureAlgorithm())).setCanonicalizationAlgorithm(CanonicalizationMethod.fromUrn(signatureImpl.getCanonicalizationAlgorithm())).setSignatureValue(Base64.encode(signatureImpl.getXMLSignature().getSignatureValue()));
                for (SAMLObjectContentReference sAMLObjectContentReference : (List) Optional.ofNullable(signature.getContentReferences()).orElse(Collections.emptyList())) {
                    if (sAMLObjectContentReference instanceof SAMLObjectContentReference) {
                        signature2.setDigestAlgorithm(DigestMethod.fromUrn(sAMLObjectContentReference.getDigestAlgorithm()));
                    }
                }
            } catch (XMLSignatureException e) {
            }
        }
        return signature2;
    }

    protected EncryptedAssertion encryptAssertion(org.opensaml.saml.saml2.core.Assertion assertion, SimpleKey simpleKey, KeyEncryptionMethod keyEncryptionMethod, DataEncryptionMethod dataEncryptionMethod) {
        Encrypter encrypter = getEncrypter(simpleKey, keyEncryptionMethod, dataEncryptionMethod);
        try {
            encrypter.setKeyPlacement(Encrypter.KeyPlacement.valueOf(System.getProperty("spring.security.saml.encrypt.key.placement", "PEER")));
            return encrypter.encrypt(assertion);
        } catch (EncryptionException e) {
            throw new SamlException("Unable to encrypt assertion.", e);
        }
    }

    protected SAMLObject decrypt(EncryptedElementType encryptedElementType, List<SimpleKey> list) {
        Iterator<SimpleKey> it = list.iterator();
        while (it.hasNext()) {
            try {
                return getDecrypter(it.next()).decryptData(encryptedElementType.getEncryptedData());
            } catch (DecryptionException e) {
                logger.debug(String.format("Unable to decrypt element:%s", encryptedElementType), e);
            }
        }
        if (0 != 0) {
            throw new SamlKeyException("Unable to decrypt object.", null);
        }
        return null;
    }

    protected Encrypter getEncrypter(SimpleKey simpleKey, KeyEncryptionMethod keyEncryptionMethod, DataEncryptionMethod dataEncryptionMethod) {
        Credential credential = getCredential(simpleKey, getCredentialsResolver(simpleKey));
        BasicCredential basicCredential = new BasicCredential(generateKeyFromURI(dataEncryptionMethod));
        DataEncryptionParameters dataEncryptionParameters = new DataEncryptionParameters();
        dataEncryptionParameters.setEncryptionCredential(basicCredential);
        dataEncryptionParameters.setAlgorithm(dataEncryptionMethod.toString());
        KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
        keyEncryptionParameters.setEncryptionCredential(credential);
        keyEncryptionParameters.setAlgorithm(keyEncryptionMethod.toString());
        return new Encrypter(dataEncryptionParameters, Arrays.asList(keyEncryptionParameters));
    }

    public static SecretKey generateKeyFromURI(DataEncryptionMethod dataEncryptionMethod) {
        try {
            return KeySupport.generateKey(JCEMapper.getJCEKeyAlgorithmFromURI(dataEncryptionMethod.toString()), JCEMapper.getKeyLengthFromURI(dataEncryptionMethod.toString()), (String) null);
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new SamlException(e);
        }
    }

    protected Decrypter getDecrypter(SimpleKey simpleKey) {
        Decrypter decrypter = new Decrypter((KeyInfoCredentialResolver) null, new StaticKeyInfoCredentialResolver(getCredential(simpleKey, getCredentialsResolver(simpleKey))), this.encryptedKeyResolver);
        decrypter.setRootInNewDocument(true);
        return decrypter;
    }

    protected XMLObject parse(byte[] bArr) {
        try {
            Element documentElement = getParserPool().parse(new ByteArrayInputStream(bArr)).getDocumentElement();
            return getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
        } catch (UnmarshallingException | XMLParserException e) {
            throw new SamlException((Throwable) e);
        }
    }

    protected List<? extends Provider> getSsoProviders(EntityDescriptor entityDescriptor) {
        LinkedList linkedList = new LinkedList();
        for (RoleDescriptor roleDescriptor : entityDescriptor.getRoleDescriptors()) {
            if ((roleDescriptor instanceof IDPSSODescriptor) || (roleDescriptor instanceof SPSSODescriptor)) {
                linkedList.add(getSsoProvider(roleDescriptor));
            } else {
                logger.debug("Ignoring unknown metadata descriptor:" + roleDescriptor.getClass().getName());
            }
        }
        return linkedList;
    }

    protected SsoProvider getSsoProvider(RoleDescriptor roleDescriptor) {
        if (roleDescriptor instanceof SPSSODescriptor) {
            SPSSODescriptor sPSSODescriptor = (SPSSODescriptor) roleDescriptor;
            ServiceProvider serviceProvider = new ServiceProvider();
            serviceProvider.setId(sPSSODescriptor.getID());
            serviceProvider.setValidUntil(sPSSODescriptor.getValidUntil());
            if (sPSSODescriptor.getCacheDuration() != null) {
                serviceProvider.setCacheDuration(toDuration(sPSSODescriptor.getCacheDuration().longValue()));
            }
            serviceProvider.setProtocolSupportEnumeration(sPSSODescriptor.getSupportedProtocols());
            serviceProvider.setNameIds(getNameIDs(sPSSODescriptor.getNameIDFormats()));
            serviceProvider.setArtifactResolutionService(getEndpoints(sPSSODescriptor.getArtifactResolutionServices()));
            serviceProvider.setSingleLogoutService(getEndpoints(sPSSODescriptor.getSingleLogoutServices()));
            serviceProvider.setManageNameIDService(getEndpoints(sPSSODescriptor.getManageNameIDServices()));
            serviceProvider.setAuthnRequestsSigned(sPSSODescriptor.isAuthnRequestsSigned().booleanValue());
            serviceProvider.setWantAssertionsSigned(sPSSODescriptor.getWantAssertionsSigned().booleanValue());
            serviceProvider.setAssertionConsumerService(getEndpoints(sPSSODescriptor.getAssertionConsumerServices()));
            serviceProvider.setRequestedAttributes(getRequestAttributes(sPSSODescriptor));
            serviceProvider.setKeys(getProviderKeys(roleDescriptor));
            serviceProvider.setDiscovery(getDiscovery(sPSSODescriptor));
            serviceProvider.setRequestInitiation(getRequestInitiation(sPSSODescriptor));
            return serviceProvider;
        }
        if (!(roleDescriptor instanceof IDPSSODescriptor)) {
            throw new UnsupportedOperationException(roleDescriptor == null ? null : roleDescriptor.getClass().getName());
        }
        IDPSSODescriptor iDPSSODescriptor = (IDPSSODescriptor) roleDescriptor;
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setId(iDPSSODescriptor.getID());
        identityProvider.setValidUntil(iDPSSODescriptor.getValidUntil());
        if (iDPSSODescriptor.getCacheDuration() != null) {
            identityProvider.setCacheDuration(toDuration(iDPSSODescriptor.getCacheDuration().longValue()));
        }
        identityProvider.setProtocolSupportEnumeration(iDPSSODescriptor.getSupportedProtocols());
        identityProvider.setNameIds(getNameIDs(iDPSSODescriptor.getNameIDFormats()));
        identityProvider.setArtifactResolutionService(getEndpoints(iDPSSODescriptor.getArtifactResolutionServices()));
        identityProvider.setSingleLogoutService(getEndpoints(iDPSSODescriptor.getSingleLogoutServices()));
        identityProvider.setManageNameIDService(getEndpoints(iDPSSODescriptor.getManageNameIDServices()));
        identityProvider.setWantAuthnRequestsSigned(iDPSSODescriptor.getWantAuthnRequestsSigned().booleanValue());
        identityProvider.setSingleSignOnService(getEndpoints(iDPSSODescriptor.getSingleSignOnServices()));
        identityProvider.setKeys(getProviderKeys(roleDescriptor));
        identityProvider.setDiscovery(getDiscovery(iDPSSODescriptor));
        identityProvider.setRequestInitiation(getRequestInitiation(iDPSSODescriptor));
        return identityProvider;
    }

    protected List<Attribute> getRequestAttributes(SPSSODescriptor sPSSODescriptor) {
        LinkedList linkedList = new LinkedList();
        if (sPSSODescriptor.getDefaultAttributeConsumingService() != null) {
            linkedList.addAll(getRequestedAttributes(sPSSODescriptor.getDefaultAttributeConsumingService().getRequestAttributes()));
        } else {
            Iterator it = ((List) Optional.ofNullable(sPSSODescriptor.getAttributeConsumingServices()).orElse(Collections.emptyList())).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AttributeConsumingService attributeConsumingService = (AttributeConsumingService) it.next();
                if (attributeConsumingService != null) {
                    linkedList.addAll(getRequestedAttributes(attributeConsumingService.getRequestAttributes()));
                    break;
                }
            }
        }
        return linkedList;
    }

    protected Endpoint getRequestInitiation(RoleDescriptor roleDescriptor) {
        if (roleDescriptor.getExtensions() == null) {
            return null;
        }
        Endpoint endpoint = null;
        for (RequestInitiator requestInitiator : roleDescriptor.getExtensions().getUnknownXMLObjects()) {
            if (requestInitiator instanceof RequestInitiator) {
                RequestInitiator requestInitiator2 = requestInitiator;
                endpoint = new Endpoint().setIndex(0).setDefault(false).setBinding(Binding.fromUrn(requestInitiator2.getBinding())).setLocation(requestInitiator2.getLocation()).setResponseLocation(requestInitiator2.getResponseLocation());
            }
        }
        return endpoint;
    }

    protected Endpoint getDiscovery(RoleDescriptor roleDescriptor) {
        if (roleDescriptor.getExtensions() == null) {
            return null;
        }
        Endpoint endpoint = null;
        for (DiscoveryResponse discoveryResponse : roleDescriptor.getExtensions().getUnknownXMLObjects()) {
            if (discoveryResponse instanceof DiscoveryResponse) {
                DiscoveryResponse discoveryResponse2 = discoveryResponse;
                endpoint = new Endpoint().setDefault(discoveryResponse2.isDefault().booleanValue()).setIndex(discoveryResponse2.getIndex().intValue()).setBinding(Binding.fromUrn(discoveryResponse2.getBinding())).setLocation(discoveryResponse2.getLocation()).setResponseLocation(discoveryResponse2.getResponseLocation());
            }
        }
        return endpoint;
    }

    protected List<SimpleKey> getProviderKeys(RoleDescriptor roleDescriptor) {
        LinkedList linkedList = new LinkedList();
        for (KeyDescriptor keyDescriptor : (List) Optional.ofNullable(roleDescriptor.getKeyDescriptors()).orElse(Collections.emptyList())) {
            if (keyDescriptor != null) {
                linkedList.addAll(getKeyFromDescriptor(keyDescriptor));
            }
        }
        return linkedList;
    }

    protected List<SimpleKey> getKeyFromDescriptor(KeyDescriptor keyDescriptor) {
        LinkedList linkedList = new LinkedList();
        if (keyDescriptor.getKeyInfo() == null) {
            return null;
        }
        KeyType valueOf = keyDescriptor.getUse() != null ? KeyType.valueOf(keyDescriptor.getUse().name()) : KeyType.UNSPECIFIED;
        int i = 0;
        Iterator it = ((List) Optional.ofNullable(keyDescriptor.getKeyInfo().getX509Datas()).orElse(Collections.emptyList())).iterator();
        while (it.hasNext()) {
            Iterator it2 = ((List) Optional.ofNullable(((X509Data) it.next()).getX509Certificates()).orElse(Collections.emptyList())).iterator();
            while (it2.hasNext()) {
                int i2 = i;
                i++;
                linkedList.add(new SimpleKey(valueOf.getTypeName() + "-" + i2, null, ((X509Certificate) it2.next()).getValue(), null, valueOf));
            }
        }
        return linkedList;
    }

    protected List<Endpoint> getEndpoints(List<? extends org.opensaml.saml.saml2.metadata.Endpoint> list) {
        LinkedList linkedList = new LinkedList();
        if (list != null) {
            list.stream().forEach(endpoint -> {
                Endpoint responseLocation = new Endpoint().setBinding(Binding.fromUrn(endpoint.getBinding())).setLocation(endpoint.getLocation()).setResponseLocation(endpoint.getResponseLocation());
                linkedList.add(responseLocation);
                if (endpoint instanceof IndexedEndpoint) {
                    IndexedEndpoint indexedEndpoint = (IndexedEndpoint) endpoint;
                    responseLocation.setIndex(indexedEndpoint.getIndex().intValue()).setDefault(indexedEndpoint.isDefault().booleanValue());
                }
            });
        }
        return linkedList;
    }

    protected List<NameId> getNameIDs(List<NameIDFormat> list) {
        LinkedList linkedList = new LinkedList();
        if (list != null) {
            list.stream().forEach(nameIDFormat -> {
                linkedList.add(NameId.fromUrn(nameIDFormat.getFormat()));
            });
        }
        return linkedList;
    }

    protected org.opensaml.saml.saml2.core.Response internalToXml(Response response) {
        org.opensaml.saml.saml2.core.Response response2 = (org.opensaml.saml.saml2.core.Response) buildSAMLObject(org.opensaml.saml.saml2.core.Response.class);
        response2.setConsent(response.getConsent());
        response2.setID((String) Optional.ofNullable(response.getId()).orElse("RP" + UUID.randomUUID().toString()));
        response2.setInResponseTo(response.getInResponseTo());
        response2.setVersion(SAMLVersion.VERSION_20);
        response2.setIssueInstant(response.getIssueInstant());
        response2.setDestination(response.getDestination());
        response2.setIssuer(toIssuer(response.getIssuer()));
        if (response.getStatus() == null || response.getStatus().getCode() == null) {
            throw new SamlException("Status cannot be null on a response");
        }
        Status status = (Status) buildSAMLObject(Status.class);
        StatusCode statusCode = (StatusCode) buildSAMLObject(StatusCode.class);
        statusCode.setValue(response.getStatus().getCode().toString());
        status.setStatusCode(statusCode);
        if (StringUtils.hasText(response.getStatus().getMessage())) {
            StatusMessage statusMessage = (StatusMessage) buildSAMLObject(StatusMessage.class);
            statusMessage.setMessage(response.getStatus().getMessage());
            status.setStatusMessage(statusMessage);
        }
        response2.setStatus(status);
        for (Assertion assertion : (List) Optional.ofNullable(response.getAssertions()).orElse(Collections.emptyList())) {
            org.opensaml.saml.saml2.core.Assertion internalToXml = internalToXml(assertion);
            if (assertion.getEncryptionKey() != null) {
                response2.getEncryptedAssertions().add(encryptAssertion(internalToXml, assertion.getEncryptionKey(), assertion.getKeyAlgorithm(), assertion.getDataAlgorithm()));
            } else {
                response2.getAssertions().add(internalToXml);
            }
        }
        if (response.getSigningKey() != null) {
            signObject(response2, response.getSigningKey(), response.getAlgorithm(), response.getDigest());
        }
        return response2;
    }

    protected EntityDescriptor internalToXml(Metadata<? extends Metadata> metadata) {
        EntityDescriptor entityDescriptor = getEntityDescriptor();
        entityDescriptor.setEntityID(metadata.getEntityId());
        if (StringUtils.hasText(metadata.getId())) {
            entityDescriptor.setID(metadata.getId());
        } else {
            entityDescriptor.setID("M" + UUID.randomUUID().toString());
        }
        entityDescriptor.getRoleDescriptors().addAll(getRoleDescriptors(metadata));
        if (metadata.getSigningKey() != null) {
            signObject(entityDescriptor, metadata.getSigningKey(), metadata.getAlgorithm(), metadata.getDigest());
        }
        return entityDescriptor;
    }

    protected List<RoleDescriptor> getRoleDescriptors(Metadata<? extends Metadata> metadata) {
        LinkedList linkedList = new LinkedList();
        for (SsoProvider ssoProvider : metadata.getSsoProviders()) {
            SPSSODescriptor sPSSODescriptor = null;
            if (ssoProvider instanceof ServiceProvider) {
                ServiceProvider serviceProvider = (ServiceProvider) ssoProvider;
                SPSSODescriptor sPSSODescriptor2 = getSPSSODescriptor();
                sPSSODescriptor = sPSSODescriptor2;
                sPSSODescriptor2.setAuthnRequestsSigned(Boolean.valueOf(serviceProvider.isAuthnRequestsSigned()));
                sPSSODescriptor2.setWantAssertionsSigned(Boolean.valueOf(serviceProvider.isWantAssertionsSigned()));
                Iterator<NameId> it = ssoProvider.getNameIds().iterator();
                while (it.hasNext()) {
                    sPSSODescriptor2.getNameIDFormats().add(getNameIDFormat(it.next()));
                }
                for (int i = 0; i < serviceProvider.getAssertionConsumerService().size(); i++) {
                    sPSSODescriptor2.getAssertionConsumerServices().add(getAssertionConsumerService(serviceProvider.getAssertionConsumerService().get(i), i));
                }
                for (int i2 = 0; i2 < serviceProvider.getArtifactResolutionService().size(); i2++) {
                    sPSSODescriptor2.getArtifactResolutionServices().add(getArtifactResolutionService(serviceProvider.getArtifactResolutionService().get(i2), i2));
                }
                for (int i3 = 0; i3 < serviceProvider.getSingleLogoutService().size(); i3++) {
                    sPSSODescriptor2.getSingleLogoutServices().add(getSingleLogoutService(serviceProvider.getSingleLogoutService().get(i3)));
                }
                if (serviceProvider.getRequestedAttributes() != null && !serviceProvider.getRequestedAttributes().isEmpty()) {
                    sPSSODescriptor2.getAttributeConsumingServices().add(getAttributeConsumingService(serviceProvider.getRequestedAttributes()));
                }
            } else if (ssoProvider instanceof IdentityProvider) {
                IdentityProvider identityProvider = (IdentityProvider) ssoProvider;
                SPSSODescriptor iDPSSODescriptor = getIDPSSODescriptor();
                sPSSODescriptor = iDPSSODescriptor;
                iDPSSODescriptor.setWantAuthnRequestsSigned(Boolean.valueOf(identityProvider.getWantAuthnRequestsSigned()));
                Iterator<NameId> it2 = ssoProvider.getNameIds().iterator();
                while (it2.hasNext()) {
                    iDPSSODescriptor.getNameIDFormats().add(getNameIDFormat(it2.next()));
                }
                for (int i4 = 0; i4 < identityProvider.getSingleSignOnService().size(); i4++) {
                    iDPSSODescriptor.getSingleSignOnServices().add(getSingleSignOnService(identityProvider.getSingleSignOnService().get(i4), i4));
                }
                for (int i5 = 0; i5 < ssoProvider.getSingleLogoutService().size(); i5++) {
                    iDPSSODescriptor.getSingleLogoutServices().add(getSingleLogoutService(ssoProvider.getSingleLogoutService().get(i5)));
                }
                for (int i6 = 0; i6 < ssoProvider.getArtifactResolutionService().size(); i6++) {
                    iDPSSODescriptor.getArtifactResolutionServices().add(getArtifactResolutionService(ssoProvider.getArtifactResolutionService().get(i6), i6));
                }
            }
            long millis = getTime().millis();
            if (ssoProvider.getCacheDuration() != null) {
                sPSSODescriptor.setCacheDuration(Long.valueOf(ssoProvider.getCacheDuration().getTimeInMillis(new Date(millis))));
            }
            sPSSODescriptor.setValidUntil(ssoProvider.getValidUntil());
            sPSSODescriptor.addSupportedProtocol(Namespace.NS_PROTOCOL);
            sPSSODescriptor.setID((String) Optional.ofNullable(ssoProvider.getId()).orElse("RD" + UUID.randomUUID().toString()));
            Iterator<SimpleKey> it3 = ssoProvider.getKeys().iterator();
            while (it3.hasNext()) {
                sPSSODescriptor.getKeyDescriptors().add(getKeyDescriptor(it3.next()));
            }
            Endpoint requestInitiation = ssoProvider.getRequestInitiation();
            Endpoint discovery = ssoProvider.getDiscovery();
            if (requestInitiation != null || discovery != null) {
                sPSSODescriptor.setExtensions(getBuilderFactory().getBuilder(Extensions.DEFAULT_ELEMENT_NAME).buildObject());
                if (requestInitiation != null) {
                    RequestInitiator buildObject = getBuilderFactory().getBuilder(RequestInitiator.DEFAULT_ELEMENT_NAME).buildObject();
                    buildObject.setBinding(requestInitiation.getBinding().toString());
                    buildObject.setLocation(requestInitiation.getLocation());
                    buildObject.setResponseLocation(requestInitiation.getResponseLocation());
                    sPSSODescriptor.getExtensions().getUnknownXMLObjects().add(buildObject);
                }
                if (discovery != null) {
                    DiscoveryResponse buildObject2 = getBuilderFactory().getBuilder(DiscoveryResponse.DEFAULT_ELEMENT_NAME).buildObject(DiscoveryResponse.DEFAULT_ELEMENT_NAME);
                    buildObject2.setBinding(discovery.getBinding().toString());
                    buildObject2.setLocation(discovery.getLocation());
                    buildObject2.setResponseLocation(discovery.getResponseLocation());
                    buildObject2.setIsDefault(Boolean.valueOf(discovery.isDefault()));
                    buildObject2.setIndex(Integer.valueOf(discovery.getIndex()));
                    sPSSODescriptor.getExtensions().getUnknownXMLObjects().add(buildObject2);
                }
            }
            linkedList.add(sPSSODescriptor);
        }
        return linkedList;
    }

    protected AttributeConsumingService getAttributeConsumingService(List<Attribute> list) {
        AttributeConsumingService attributeConsumingService = (AttributeConsumingService) buildSAMLObject(AttributeConsumingService.class);
        attributeConsumingService.setIsDefault(true);
        attributeConsumingService.setIndex(0);
        LinkedList linkedList = new LinkedList();
        for (Attribute attribute : list) {
            RequestedAttribute requestedAttribute = (RequestedAttribute) buildSAMLObject(RequestedAttribute.class);
            requestedAttribute.setIsRequired(Boolean.valueOf(attribute.isRequired()));
            requestedAttribute.setFriendlyName(attribute.getFriendlyName());
            requestedAttribute.setName(attribute.getName());
            requestedAttribute.setNameFormat(attribute.getNameFormat().toString());
            linkedList.add(requestedAttribute);
        }
        attributeConsumingService.getRequestAttributes().addAll(linkedList);
        return attributeConsumingService;
    }

    protected ArtifactResolutionService getArtifactResolutionService(Endpoint endpoint, int i) {
        ArtifactResolutionService artifactResolutionService = (ArtifactResolutionService) buildSAMLObject(ArtifactResolutionService.class);
        artifactResolutionService.setLocation(endpoint.getLocation());
        artifactResolutionService.setBinding(endpoint.getBinding().toString());
        artifactResolutionService.setIndex(Integer.valueOf(i));
        artifactResolutionService.setIsDefault(Boolean.valueOf(endpoint.isDefault()));
        artifactResolutionService.setResponseLocation(endpoint.getResponseLocation());
        return artifactResolutionService;
    }

    protected org.opensaml.saml.saml2.core.LogoutResponse internalToXml(LogoutResponse logoutResponse) {
        org.opensaml.saml.saml2.core.LogoutResponse logoutResponse2 = (org.opensaml.saml.saml2.core.LogoutResponse) buildSAMLObject(org.opensaml.saml.saml2.core.LogoutResponse.class);
        logoutResponse2.setInResponseTo(logoutResponse.getInResponseTo());
        logoutResponse2.setID(logoutResponse.getId());
        logoutResponse2.setIssueInstant(logoutResponse.getIssueInstant());
        logoutResponse2.setDestination(logoutResponse.getDestination());
        Issuer issuer = (Issuer) buildSAMLObject(Issuer.class);
        issuer.setValue(logoutResponse.getIssuer().getValue());
        issuer.setNameQualifier(logoutResponse.getIssuer().getNameQualifier());
        issuer.setSPNameQualifier(logoutResponse.getIssuer().getSpNameQualifier());
        logoutResponse2.setIssuer(issuer);
        Status status = (Status) buildSAMLObject(Status.class);
        StatusCode statusCode = (StatusCode) buildSAMLObject(StatusCode.class);
        statusCode.setValue(logoutResponse.getStatus().getCode().toString());
        status.setStatusCode(statusCode);
        if (StringUtils.hasText(logoutResponse.getStatus().getMessage())) {
            StatusMessage statusMessage = (StatusMessage) buildSAMLObject(StatusMessage.class);
            statusMessage.setMessage(logoutResponse.getStatus().getMessage());
            status.setStatusMessage(statusMessage);
        }
        logoutResponse2.setStatus(status);
        if (logoutResponse.getSigningKey() != null) {
            signObject(logoutResponse2, logoutResponse.getSigningKey(), logoutResponse.getAlgorithm(), logoutResponse.getDigest());
        }
        return logoutResponse2;
    }

    protected org.opensaml.saml.saml2.core.LogoutRequest internalToXml(LogoutRequest logoutRequest) {
        org.opensaml.saml.saml2.core.LogoutRequest logoutRequest2 = (org.opensaml.saml.saml2.core.LogoutRequest) buildSAMLObject(org.opensaml.saml.saml2.core.LogoutRequest.class);
        logoutRequest2.setDestination(logoutRequest.getDestination().getLocation());
        logoutRequest2.setID(logoutRequest.getId());
        logoutRequest2.setVersion(SAMLVersion.VERSION_20);
        Issuer issuer = (Issuer) buildSAMLObject(Issuer.class);
        issuer.setValue(logoutRequest.getIssuer().getValue());
        issuer.setNameQualifier(logoutRequest.getIssuer().getNameQualifier());
        issuer.setSPNameQualifier(logoutRequest.getIssuer().getSpNameQualifier());
        logoutRequest2.setIssuer(issuer);
        logoutRequest2.setIssueInstant(logoutRequest.getIssueInstant());
        logoutRequest2.setNotOnOrAfter(logoutRequest.getNotOnOrAfter());
        NameID nameID = (NameID) buildSAMLObject(NameID.class);
        nameID.setFormat(logoutRequest.getNameId().getFormat().toString());
        nameID.setValue(logoutRequest.getNameId().getValue());
        nameID.setSPNameQualifier(logoutRequest.getNameId().getSpNameQualifier());
        nameID.setNameQualifier(logoutRequest.getNameId().getNameQualifier());
        logoutRequest2.setNameID(nameID);
        if (logoutRequest.getSigningKey() != null) {
            signObject(logoutRequest2, logoutRequest.getSigningKey(), logoutRequest.getAlgorithm(), logoutRequest.getDigest());
        }
        return logoutRequest2;
    }

    protected org.opensaml.saml.saml2.core.Assertion internalToXml(Assertion assertion) {
        org.opensaml.saml.saml2.core.Assertion assertion2 = (org.opensaml.saml.saml2.core.Assertion) buildSAMLObject(org.opensaml.saml.saml2.core.Assertion.class);
        assertion2.setVersion(SAMLVersion.VERSION_20);
        assertion2.setIssueInstant(assertion.getIssueInstant());
        assertion2.setID(assertion.getId());
        Issuer issuer = (Issuer) buildSAMLObject(Issuer.class);
        issuer.setValue(assertion.getIssuer().getValue());
        assertion2.setIssuer(issuer);
        NameIdPrincipal principal = assertion.getSubject().getPrincipal();
        NameID nameID = (NameID) buildSAMLObject(NameID.class);
        nameID.setValue(principal.getValue());
        nameID.setFormat(principal.getFormat().toString());
        nameID.setSPNameQualifier(principal.getSpNameQualifier());
        SubjectConfirmationData subjectConfirmationData = (SubjectConfirmationData) buildSAMLObject(SubjectConfirmationData.class);
        subjectConfirmationData.setInResponseTo(assertion.getSubject().getConfirmations().get(0).getConfirmationData().getInResponseTo());
        subjectConfirmationData.setNotBefore(assertion.getSubject().getConfirmations().get(0).getConfirmationData().getNotBefore());
        subjectConfirmationData.setNotOnOrAfter(assertion.getSubject().getConfirmations().get(0).getConfirmationData().getNotOnOrAfter());
        subjectConfirmationData.setRecipient(assertion.getSubject().getConfirmations().get(0).getConfirmationData().getRecipient());
        SubjectConfirmation subjectConfirmation = (SubjectConfirmation) buildSAMLObject(SubjectConfirmation.class);
        subjectConfirmation.setMethod(assertion.getSubject().getConfirmations().get(0).getMethod().toString());
        subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
        Subject subject = (Subject) buildSAMLObject(Subject.class);
        assertion2.setSubject(subject);
        subject.setNameID(nameID);
        subject.getSubjectConfirmations().add(subjectConfirmation);
        Conditions conditions = (Conditions) buildSAMLObject(Conditions.class);
        conditions.setNotBefore(assertion.getConditions().getNotBefore());
        conditions.setNotOnOrAfter(assertion.getConditions().getNotOnOrAfter());
        assertion2.setConditions(conditions);
        assertion.getConditions().getCriteria().forEach(assertionCondition -> {
            addCondition(conditions, assertionCondition);
        });
        for (AuthenticationStatement authenticationStatement : assertion.getAuthenticationStatements()) {
            AuthnStatement authnStatement = (AuthnStatement) buildSAMLObject(AuthnStatement.class);
            AuthnContext authnContext = (AuthnContext) buildSAMLObject(AuthnContext.class);
            AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) buildSAMLObject(AuthnContextClassRef.class);
            AuthenticationContext authenticationContext = authenticationStatement.getAuthenticationContext();
            authnContextClassRef.setAuthnContextClassRef(authenticationContext.getClassReference().toString());
            authnContext.setAuthnContextClassRef(authnContextClassRef);
            if (!CollectionUtils.isEmpty(authenticationContext.getAuthenticatingAuthorities())) {
                authnContext.getAuthenticatingAuthorities().addAll((Collection) authenticationContext.getAuthenticatingAuthorities().stream().map(str -> {
                    AuthenticatingAuthority authenticatingAuthority = (AuthenticatingAuthority) buildSAMLObject(AuthenticatingAuthority.class);
                    authenticatingAuthority.setURI(str);
                    return authenticatingAuthority;
                }).collect(Collectors.toList()));
            }
            authnStatement.setAuthnContext(authnContext);
            assertion2.getAuthnStatements().add(authnStatement);
            authnStatement.setSessionIndex(authenticationStatement.getSessionIndex());
            authnStatement.setSessionNotOnOrAfter(authenticationStatement.getSessionNotOnOrAfter());
            authnStatement.setAuthnInstant(authenticationStatement.getAuthInstant());
        }
        AttributeStatement attributeStatement = (AttributeStatement) buildSAMLObject(AttributeStatement.class);
        for (Attribute attribute : assertion.getAttributes()) {
            org.opensaml.saml.saml2.core.Attribute attribute2 = (org.opensaml.saml.saml2.core.Attribute) buildSAMLObject(org.opensaml.saml.saml2.core.Attribute.class);
            attribute2.setName(attribute.getName());
            attribute2.setFriendlyName(attribute.getFriendlyName());
            attribute2.setNameFormat(attribute.getNameFormat().toString());
            attribute.getValues().stream().forEach(obj -> {
                attribute2.getAttributeValues().add(objectToXmlObject(obj));
            });
            attributeStatement.getAttributes().add(attribute2);
        }
        assertion2.getAttributeStatements().add(attributeStatement);
        if (assertion.getSigningKey() != null) {
            signObject(assertion2, assertion.getSigningKey(), assertion.getAlgorithm(), assertion.getDigest());
        }
        return assertion2;
    }

    protected void addCondition(Conditions conditions, AssertionCondition assertionCondition) {
        if (!(assertionCondition instanceof AudienceRestriction)) {
            if (assertionCondition instanceof OneTimeUse) {
                conditions.getConditions().add((org.opensaml.saml.saml2.core.OneTimeUse) buildSAMLObject(org.opensaml.saml.saml2.core.OneTimeUse.class));
                return;
            }
            return;
        }
        org.opensaml.saml.saml2.core.AudienceRestriction audienceRestriction = (org.opensaml.saml.saml2.core.AudienceRestriction) buildSAMLObject(org.opensaml.saml.saml2.core.AudienceRestriction.class);
        for (String str : ((AudienceRestriction) assertionCondition).getAudiences()) {
            Audience audience = (Audience) buildSAMLObject(Audience.class);
            audience.setAudienceURI(str);
            audienceRestriction.getAudiences().add(audience);
        }
        conditions.getAudienceRestrictions().add(audienceRestriction);
    }

    protected AuthnRequest internalToXml(AuthenticationRequest authenticationRequest) {
        AuthnRequest authnRequest = (AuthnRequest) buildSAMLObject(AuthnRequest.class);
        authnRequest.setID(authenticationRequest.getId());
        authnRequest.setVersion(SAMLVersion.VERSION_20);
        authnRequest.setIssueInstant(authenticationRequest.getIssueInstant());
        authnRequest.setForceAuthn(authenticationRequest.isForceAuth());
        authnRequest.setIsPassive(authenticationRequest.isPassive());
        authnRequest.setProtocolBinding(authenticationRequest.getBinding().toString());
        authnRequest.setAssertionConsumerServiceURL(authenticationRequest.getAssertionConsumerService().getLocation());
        authnRequest.setDestination(authenticationRequest.getDestination().getLocation());
        authnRequest.setNameIDPolicy(getNameIDPolicy(authenticationRequest.getNameIdPolicy()));
        authnRequest.setRequestedAuthnContext(getRequestedAuthenticationContext(authenticationRequest));
        authnRequest.setIssuer(toIssuer(authenticationRequest.getIssuer()));
        authnRequest.setScoping(getScoping(authenticationRequest.getScoping()));
        if (authenticationRequest.getSigningKey() != null) {
            signObject(authnRequest, authenticationRequest.getSigningKey(), authenticationRequest.getAlgorithm(), authenticationRequest.getDigest());
        }
        return authnRequest;
    }

    protected String marshallToXml(XMLObject xMLObject) {
        try {
            return SerializeSupport.nodeToString(getMarshallerFactory().getMarshaller(xMLObject).marshall(xMLObject));
        } catch (MarshallingException e) {
            throw new SamlException((Throwable) e);
        }
    }

    protected RequestedAuthnContext getRequestedAuthenticationContext(AuthenticationRequest authenticationRequest) {
        RequestedAuthnContext requestedAuthnContext = null;
        if (authenticationRequest.getRequestedAuthenticationContext() != null) {
            requestedAuthnContext = (RequestedAuthnContext) buildSAMLObject(RequestedAuthnContext.class);
            switch (authenticationRequest.getRequestedAuthenticationContext()) {
                case exact:
                    requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
                    break;
                case better:
                    requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.BETTER);
                    break;
                case maximum:
                    requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM);
                    break;
                case minimum:
                    requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM);
                    break;
                default:
                    requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
                    break;
            }
            if (!StringUtils.isEmpty(authenticationRequest.getAuthenticationContextClassReferences())) {
                requestedAuthnContext.getAuthnContextClassRefs().addAll((List) authenticationRequest.getAuthenticationContextClassReferences().stream().map(authenticationContextClassReference -> {
                    AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) buildSAMLObject(AuthnContextClassRef.class);
                    authnContextClassRef.setAuthnContextClassRef(authenticationContextClassReference.getValue());
                    return authnContextClassRef;
                }).collect(Collectors.toList()));
            }
        }
        return requestedAuthnContext;
    }

    protected NameIDPolicy getNameIDPolicy(NameIdPolicy nameIdPolicy) {
        NameIDPolicy nameIDPolicy = null;
        if (nameIdPolicy != null) {
            nameIDPolicy = (NameIDPolicy) buildSAMLObject(NameIDPolicy.class);
            nameIDPolicy.setAllowCreate(nameIdPolicy.getAllowCreate());
            nameIDPolicy.setFormat(nameIdPolicy.getFormat().toString());
            nameIDPolicy.setSPNameQualifier(nameIdPolicy.getSpNameQualifier());
        }
        return nameIDPolicy;
    }

    protected NameIdPolicy fromNameIDPolicy(NameIDPolicy nameIDPolicy) {
        NameIdPolicy nameIdPolicy = null;
        if (nameIDPolicy != null) {
            nameIdPolicy = new NameIdPolicy().setAllowCreate(nameIDPolicy.getAllowCreate()).setFormat(NameId.fromUrn(nameIDPolicy.getFormat())).setSpNameQualifier(nameIDPolicy.getSPNameQualifier());
        }
        return nameIdPolicy;
    }

    protected Scoping getScoping(org.springframework.security.saml.saml2.authentication.Scoping scoping) {
        Scoping scoping2 = null;
        if (scoping != null) {
            scoping2 = (Scoping) buildSAMLObject(Scoping.class);
            List<String> idpList = scoping.getIdpList();
            if (!CollectionUtils.isEmpty(idpList)) {
                IDPList iDPList = (IDPList) buildSAMLObject(IDPList.class);
                iDPList.getIDPEntrys().addAll((List) idpList.stream().map(str -> {
                    IDPEntry iDPEntry = (IDPEntry) buildSAMLObject(IDPEntry.class);
                    iDPEntry.setProviderID(str);
                    return iDPEntry;
                }).collect(Collectors.toList()));
                scoping2.setIDPList(iDPList);
            }
            scoping2.setProxyCount(scoping.getProxyCount());
            List<String> requesterIds = scoping.getRequesterIds();
            if (!CollectionUtils.isEmpty(requesterIds)) {
                scoping2.getRequesterIDs().addAll((List) requesterIds.stream().map(str2 -> {
                    RequesterID requesterID = (RequesterID) buildSAMLObject(RequesterID.class);
                    requesterID.setRequesterID(str2);
                    return requesterID;
                }).collect(Collectors.toList()));
            }
        }
        return scoping2;
    }

    protected org.springframework.security.saml.saml2.authentication.Scoping fromScoping(Scoping scoping) {
        org.springframework.security.saml.saml2.authentication.Scoping scoping2 = null;
        if (scoping != null) {
            IDPList iDPList = scoping.getIDPList();
            List requesterIDs = scoping.getRequesterIDs();
            scoping2 = new org.springframework.security.saml.saml2.authentication.Scoping(iDPList != null ? (List) iDPList.getIDPEntrys().stream().map(iDPEntry -> {
                return iDPEntry.getProviderID();
            }).collect(Collectors.toList()) : Collections.emptyList(), requesterIDs != null ? (List) requesterIDs.stream().map(requesterID -> {
                return requesterID.getRequesterID();
            }).collect(Collectors.toList()) : Collections.emptyList(), scoping.getProxyCount());
        }
        return scoping2;
    }

    protected Response resolveResponse(org.opensaml.saml.saml2.core.Response response, List<SimpleKey> list, List<SimpleKey> list2) {
        Response assertions = new Response().setConsent(response.getConsent()).setDestination(response.getDestination()).setId(response.getID()).setInResponseTo(response.getInResponseTo()).setIssueInstant(response.getIssueInstant()).setIssuer(getIssuer(response.getIssuer())).setVersion(response.getVersion().toString()).setStatus(getStatus(response.getStatus())).setAssertions((List) response.getAssertions().stream().map(assertion -> {
            return resolveAssertion(assertion, list, list2);
        }).collect(Collectors.toList()));
        if (response.getEncryptedAssertions() != null && !response.getEncryptedAssertions().isEmpty()) {
            response.getEncryptedAssertions().stream().forEach(encryptedAssertion -> {
                assertions.addAssertion(resolveAssertion((org.opensaml.saml.saml2.core.Assertion) decrypt(encryptedAssertion, list2), list, list2));
            });
        }
        return assertions;
    }

    protected LogoutResponse resolveLogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse logoutResponse, List<SimpleKey> list, List<SimpleKey> list2) {
        return new LogoutResponse().setId(logoutResponse.getID()).setInResponseTo(logoutResponse.getInResponseTo()).setConsent(logoutResponse.getConsent()).setVersion(logoutResponse.getVersion().toString()).setIssueInstant(logoutResponse.getIssueInstant()).setIssuer(getIssuer(logoutResponse.getIssuer())).setDestination(logoutResponse.getDestination()).setStatus(getStatus(logoutResponse.getStatus()));
    }

    protected LogoutRequest resolveLogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest logoutRequest, List<SimpleKey> list, List<SimpleKey> list2) {
        LogoutRequest destination = new LogoutRequest().setId(logoutRequest.getID()).setConsent(logoutRequest.getConsent()).setVersion(logoutRequest.getVersion().toString()).setNotOnOrAfter(logoutRequest.getNotOnOrAfter()).setIssueInstant(logoutRequest.getIssueInstant()).setReason(LogoutReason.fromUrn(logoutRequest.getReason())).setIssuer(getIssuer(logoutRequest.getIssuer())).setDestination(new Endpoint().setLocation(logoutRequest.getDestination()));
        destination.setNameId(getNameIdPrincipal(getNameID(logoutRequest.getNameID(), logoutRequest.getEncryptedID(), list2)));
        return destination;
    }

    protected org.springframework.security.saml.saml2.authentication.Status getStatus(Status status) {
        return new org.springframework.security.saml.saml2.authentication.Status().setCode(org.springframework.security.saml.saml2.authentication.StatusCode.fromUrn(status.getStatusCode().getValue())).setMessage(status.getStatusMessage() != null ? status.getStatusMessage().getMessage() : null);
    }

    protected Assertion resolveAssertion(org.opensaml.saml.saml2.core.Assertion assertion, List<SimpleKey> list, List<SimpleKey> list2) {
        return new Assertion().setSignature(validateSignature((SignableSAMLObject) assertion, list)).setId(assertion.getID()).setIssueInstant(assertion.getIssueInstant()).setVersion(assertion.getVersion().toString()).setIssuer(getIssuer(assertion.getIssuer())).setSubject(getSubject(assertion.getSubject(), list2)).setConditions(getConditions(assertion.getConditions())).setAuthenticationStatements(getAuthenticationStatements(assertion.getAuthnStatements())).setAttributes(getAttributes(assertion.getAttributeStatements(), list2));
    }

    protected List<Attribute> getRequestedAttributes(List<RequestedAttribute> list) {
        LinkedList linkedList = new LinkedList();
        for (RequestedAttribute requestedAttribute : (List) Optional.ofNullable(list).orElse(Collections.emptyList())) {
            linkedList.add(new Attribute().setFriendlyName(requestedAttribute.getFriendlyName()).setName(requestedAttribute.getName()).setNameFormat(AttributeNameFormat.fromUrn(requestedAttribute.getNameFormat())).setValues(getJavaValues(requestedAttribute.getAttributeValues())).setRequired(requestedAttribute.isRequired().booleanValue()));
        }
        return linkedList;
    }

    protected List<Attribute> getAttributes(List<AttributeStatement> list, List<SimpleKey> list2) {
        LinkedList linkedList = new LinkedList();
        for (AttributeStatement attributeStatement : (List) Optional.ofNullable(list).orElse(Collections.emptyList())) {
            for (org.opensaml.saml.saml2.core.Attribute attribute : (List) Optional.ofNullable(attributeStatement.getAttributes()).orElse(Collections.emptyList())) {
                linkedList.add(new Attribute().setFriendlyName(attribute.getFriendlyName()).setName(attribute.getName()).setNameFormat(AttributeNameFormat.fromUrn(attribute.getNameFormat())).setValues(getJavaValues(attribute.getAttributeValues())));
            }
            Iterator it = ((List) Optional.ofNullable(attributeStatement.getEncryptedAttributes()).orElse(Collections.emptyList())).iterator();
            while (it.hasNext()) {
                org.opensaml.saml.saml2.core.Attribute decrypt = decrypt((EncryptedAttribute) it.next(), list2);
                linkedList.add(new Attribute().setFriendlyName(decrypt.getFriendlyName()).setName(decrypt.getName()).setNameFormat(AttributeNameFormat.fromUrn(decrypt.getNameFormat())).setValues(getJavaValues(decrypt.getAttributeValues())));
            }
        }
        return linkedList;
    }

    protected List<Object> getJavaValues(List<XMLObject> list) {
        LinkedList linkedList = new LinkedList();
        for (XSURI xsuri : (List) Optional.ofNullable(list).orElse(Collections.emptyList())) {
            if (xsuri != null) {
                if (xsuri instanceof XSString) {
                    linkedList.add(((XSString) xsuri).getValue());
                } else if (xsuri instanceof XSURI) {
                    try {
                        linkedList.add(new URI(xsuri.getValue()));
                    } catch (URISyntaxException e) {
                        linkedList.add(xsuri.getValue());
                    }
                } else if (xsuri instanceof XSBoolean) {
                    linkedList.add(((XSBoolean) xsuri).getValue().getValue());
                } else if (xsuri instanceof XSDateTime) {
                    linkedList.add(((XSDateTime) xsuri).getValue());
                } else if (xsuri instanceof XSInteger) {
                    linkedList.add(((XSInteger) xsuri).getValue());
                } else if (xsuri instanceof XSAny) {
                    XSAny xSAny = (XSAny) xsuri;
                    String textContent = xSAny.getTextContent();
                    if (!StringUtils.isEmpty(textContent) || CollectionUtils.isEmpty(xSAny.getUnknownXMLObjects())) {
                        linkedList.add(textContent);
                    } else {
                        NameIDType nameIDType = (XMLObject) xSAny.getUnknownXMLObjects().get(0);
                        if (nameIDType instanceof NameIDType) {
                            linkedList.add(nameIDType.getValue());
                        }
                    }
                } else {
                    linkedList.add(xsuri);
                }
            }
        }
        return linkedList;
    }

    protected List<AuthenticationStatement> getAuthenticationStatements(List<AuthnStatement> list) {
        LinkedList linkedList = new LinkedList();
        for (AuthnStatement authnStatement : (List) Optional.ofNullable(list).orElse(Collections.emptyList())) {
            AuthnContext authnContext = authnStatement.getAuthnContext();
            AuthnContextClassRef authnContextClassRef = authnContext.getAuthnContextClassRef();
            String authnContextClassRef2 = authnContextClassRef.getAuthnContextClassRef() != null ? authnContextClassRef.getAuthnContextClassRef() : null;
            List authenticatingAuthorities = authnContext.getAuthenticatingAuthorities();
            linkedList.add(new AuthenticationStatement().setSessionIndex(authnStatement.getSessionIndex()).setAuthInstant(authnStatement.getAuthnInstant()).setSessionNotOnOrAfter(authnStatement.getSessionNotOnOrAfter()).setAuthenticationContext(authnContext != null ? new AuthenticationContext().setClassReference(AuthenticationContextClassReference.fromUrn(authnContextClassRef2)).setAuthenticatingAuthorities(authenticatingAuthorities != null ? (List) authenticatingAuthorities.stream().map(authenticatingAuthority -> {
                return authenticatingAuthority.getURI();
            }).collect(Collectors.toList()) : null) : null));
        }
        return linkedList;
    }

    protected org.springframework.security.saml.saml2.authentication.Conditions getConditions(Conditions conditions) {
        return new org.springframework.security.saml.saml2.authentication.Conditions().setNotBefore(conditions.getNotBefore()).setNotOnOrAfter(conditions.getNotOnOrAfter()).setCriteria(getCriteria(conditions.getConditions()));
    }

    protected List<AssertionCondition> getCriteria(List<Condition> list) {
        LinkedList linkedList = new LinkedList();
        Iterator<Condition> it = list.iterator();
        while (it.hasNext()) {
            org.opensaml.saml.saml2.core.AudienceRestriction audienceRestriction = (Condition) it.next();
            if (audienceRestriction instanceof org.opensaml.saml.saml2.core.AudienceRestriction) {
                org.opensaml.saml.saml2.core.AudienceRestriction audienceRestriction2 = audienceRestriction;
                if (audienceRestriction2.getAudiences() != null) {
                    linkedList.add(new AudienceRestriction().setAudiences((List) audienceRestriction2.getAudiences().stream().map(audience -> {
                        return audience.getAudienceURI();
                    }).collect(Collectors.toList())));
                }
            } else if (audienceRestriction instanceof org.opensaml.saml.saml2.core.OneTimeUse) {
                linkedList.add(new OneTimeUse());
            }
        }
        return linkedList;
    }

    protected org.springframework.security.saml.saml2.authentication.Subject getSubject(Subject subject, List<SimpleKey> list) {
        return new org.springframework.security.saml.saml2.authentication.Subject().setPrincipal(getPrincipal(subject, list)).setConfirmations(getConfirmations(subject.getSubjectConfirmations(), list));
    }

    protected List<org.springframework.security.saml.saml2.authentication.SubjectConfirmation> getConfirmations(List<SubjectConfirmation> list, List<SimpleKey> list2) {
        LinkedList linkedList = new LinkedList();
        for (SubjectConfirmation subjectConfirmation : list) {
            NameID nameID = getNameID(subjectConfirmation.getNameID(), subjectConfirmation.getEncryptedID(), list2);
            linkedList.add(new org.springframework.security.saml.saml2.authentication.SubjectConfirmation().setNameId(nameID != null ? nameID.getValue() : null).setFormat(nameID != null ? NameId.fromUrn(nameID.getFormat()) : null).setMethod(SubjectConfirmationMethod.fromUrn(subjectConfirmation.getMethod())).setConfirmationData(new org.springframework.security.saml.saml2.authentication.SubjectConfirmationData().setRecipient(subjectConfirmation.getSubjectConfirmationData().getRecipient()).setNotOnOrAfter(subjectConfirmation.getSubjectConfirmationData().getNotOnOrAfter()).setNotBefore(subjectConfirmation.getSubjectConfirmationData().getNotBefore()).setInResponseTo(subjectConfirmation.getSubjectConfirmationData().getInResponseTo())));
        }
        return linkedList;
    }

    protected NameID getNameID(NameID nameID, EncryptedID encryptedID, List<SimpleKey> list) {
        NameID nameID2 = nameID;
        if (nameID2 == null && encryptedID != null && encryptedID.getEncryptedData() != null) {
            nameID2 = (NameID) decrypt(encryptedID, list);
        }
        return nameID2;
    }

    protected NameIdPrincipal getPrincipal(Subject subject, List<SimpleKey> list) {
        NameID nameID = getNameID(subject.getNameID(), subject.getEncryptedID(), list);
        if (nameID != null) {
            return getNameIdPrincipal(nameID);
        }
        throw new UnsupportedOperationException("Currently only supporting NameID subject principals");
    }

    protected NameIdPrincipal getNameIdPrincipal(NameID nameID) {
        return new NameIdPrincipal().setSpNameQualifier(nameID.getSPNameQualifier()).setNameQualifier(nameID.getNameQualifier()).setFormat(NameId.fromUrn(nameID.getFormat())).setSpProvidedId(nameID.getSPProvidedID()).setValue(nameID.getValue());
    }

    protected Issuer toIssuer(org.springframework.security.saml.saml2.authentication.Issuer issuer) {
        Issuer issuer2 = (Issuer) buildSAMLObject(Issuer.class);
        issuer2.setValue(issuer.getValue());
        if (issuer.getFormat() != null) {
            issuer2.setFormat(issuer.getFormat().toString());
        }
        issuer2.setSPNameQualifier(issuer.getSpNameQualifier());
        issuer2.setNameQualifier(issuer.getNameQualifier());
        return issuer2;
    }

    protected org.springframework.security.saml.saml2.authentication.Issuer getIssuer(Issuer issuer) {
        if (issuer == null) {
            return null;
        }
        return new org.springframework.security.saml.saml2.authentication.Issuer().setValue(issuer.getValue()).setFormat(NameId.fromUrn(issuer.getFormat())).setSpNameQualifier(issuer.getSPNameQualifier()).setNameQualifier(issuer.getNameQualifier());
    }

    protected AuthenticationRequest resolveAuthenticationRequest(AuthnRequest authnRequest) {
        return new AuthenticationRequest().setBinding(Binding.fromUrn(authnRequest.getProtocolBinding())).setAssertionConsumerService(getEndpoint(authnRequest.getAssertionConsumerServiceURL(), Binding.fromUrn(authnRequest.getProtocolBinding()), ((Integer) Optional.ofNullable(authnRequest.getAssertionConsumerServiceIndex()).orElse(-1)).intValue(), false)).setDestination(getEndpoint(authnRequest.getDestination(), Binding.fromUrn(authnRequest.getProtocolBinding()), -1, false)).setIssuer(getIssuer(authnRequest.getIssuer())).setForceAuth(authnRequest.isForceAuthn()).setPassive(authnRequest.isPassive()).setId(authnRequest.getID()).setIssueInstant(authnRequest.getIssueInstant()).setVersion(authnRequest.getVersion().toString()).setRequestedAuthenticationContext(getRequestedAuthenticationContext(authnRequest)).setAuthenticationContextClassReferences(getAuthenticationContextClassReferences(authnRequest)).setNameIdPolicy(fromNameIDPolicy(authnRequest.getNameIDPolicy())).setScoping(fromScoping(authnRequest.getScoping()));
    }

    protected List<AuthenticationContextClassReference> getAuthenticationContextClassReferences(AuthnRequest authnRequest) {
        List<AuthenticationContextClassReference> list = null;
        RequestedAuthnContext requestedAuthnContext = authnRequest.getRequestedAuthnContext();
        if (requestedAuthnContext != null && !CollectionUtils.isEmpty(requestedAuthnContext.getAuthnContextClassRefs())) {
            list = (List) requestedAuthnContext.getAuthnContextClassRefs().stream().map(authnContextClassRef -> {
                return AuthenticationContextClassReference.fromUrn(authnContextClassRef.getAuthnContextClassRef());
            }).collect(Collectors.toList());
        }
        return list;
    }

    protected RequestedAuthenticationContext getRequestedAuthenticationContext(AuthnRequest authnRequest) {
        AuthnContextComparisonTypeEnumeration comparison;
        RequestedAuthenticationContext requestedAuthenticationContext = null;
        if (authnRequest.getRequestedAuthnContext() != null && null != (comparison = authnRequest.getRequestedAuthnContext().getComparison())) {
            requestedAuthenticationContext = RequestedAuthenticationContext.valueOf(comparison.toString());
        }
        return requestedAuthenticationContext;
    }

    protected Metadata resolveMetadata(EntitiesDescriptor entitiesDescriptor, List<SimpleKey> list, List<SimpleKey> list2) {
        Metadata metadata;
        Metadata metadata2 = null;
        Metadata metadata3 = null;
        for (EntityDescriptor entityDescriptor : entitiesDescriptor.getEntityDescriptors()) {
            if (metadata2 == null) {
                metadata2 = resolveMetadata(entityDescriptor);
                metadata = metadata2;
            } else {
                Metadata resolveMetadata = resolveMetadata(entityDescriptor);
                metadata3.setNext(resolveMetadata);
                metadata = resolveMetadata;
            }
            metadata3 = metadata;
            metadata3.setSignature(validateSignature((SignableSAMLObject) entityDescriptor, list));
        }
        return metadata2;
    }

    protected Metadata resolveMetadata(EntityDescriptor entityDescriptor) {
        Metadata metadata = getMetadata(getSsoProviders(entityDescriptor));
        metadata.setCacheDuration(toDuration(entityDescriptor.getCacheDuration() != null ? entityDescriptor.getCacheDuration().longValue() : -1L));
        metadata.setEntityId(entityDescriptor.getEntityID());
        metadata.setEntityAlias(entityDescriptor.getEntityID());
        metadata.setId(entityDescriptor.getID());
        metadata.setValidUntil(entityDescriptor.getValidUntil());
        return metadata;
    }

    protected Metadata getMetadata(List<? extends Provider> list) {
        Metadata determineMetadataType = determineMetadataType(list);
        determineMetadataType.setProviders(list);
        return determineMetadataType;
    }

    private Metadata determineMetadataType(List<? extends Provider> list) {
        Metadata metadata = new Metadata();
        long count = list.stream().filter(provider -> {
            return provider instanceof ServiceProvider;
        }).count();
        long count2 = list.stream().filter(provider2 -> {
            return provider2 instanceof IdentityProvider;
        }).count();
        if (list.size() == count) {
            metadata = new ServiceProviderMetadata();
        } else if (list.size() == count2) {
            metadata = new IdentityProviderMetadata();
        }
        metadata.setProviders(list);
        return metadata;
    }

    protected XMLObject objectToXmlObject(Object obj) {
        if (obj == null) {
            return null;
        }
        if (obj instanceof String) {
            XSString buildObject = getBuilderFactory().getBuilder(XSString.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
            buildObject.setValue((String) obj);
            return buildObject;
        }
        if ((obj instanceof URI) || (obj instanceof URL)) {
            XSURI buildObject2 = getBuilderFactory().getBuilder(XSURI.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSURI.TYPE_NAME);
            buildObject2.setValue(obj.toString());
            return buildObject2;
        }
        if (obj instanceof Boolean) {
            XSBoolean buildObject3 = getBuilderFactory().getBuilder(XSBoolean.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSBoolean.TYPE_NAME);
            buildObject3.setValue(XSBooleanValue.valueOf(obj.toString()));
            return buildObject3;
        }
        if (obj instanceof DateTime) {
            XSDateTime buildObject4 = getBuilderFactory().getBuilder(XSDateTime.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSDateTime.TYPE_NAME);
            buildObject4.setValue((DateTime) obj);
            return buildObject4;
        }
        if (obj instanceof Integer) {
            XSInteger buildObject5 = getBuilderFactory().getBuilder(XSInteger.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
            buildObject5.setValue(Integer.valueOf(((Integer) obj).intValue()));
            return buildObject5;
        }
        XSAny buildObject6 = getBuilderFactory().getBuilder(XSAny.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME);
        buildObject6.setTextContent(obj.toString());
        return buildObject6;
    }

    protected String xmlObjectToString(XMLObject xMLObject) {
        String str = null;
        if (xMLObject instanceof XSString) {
            str = ((XSString) xMLObject).getValue();
        } else if (xMLObject instanceof XSURI) {
            str = ((XSURI) xMLObject).getValue();
        } else if (xMLObject instanceof XSBoolean) {
            str = ((XSBoolean) xMLObject).getValue().getValue().booleanValue() ? "1" : "0";
        } else if (xMLObject instanceof XSInteger) {
            str = ((XSInteger) xMLObject).getValue().toString();
        } else if (xMLObject instanceof XSDateTime) {
            DateTime value = ((XSDateTime) xMLObject).getValue();
            if (value != null) {
                str = ((XSDateTime) xMLObject).getDateTimeFormatter().print(value);
            }
        } else if (xMLObject instanceof XSBase64Binary) {
            str = ((XSBase64Binary) xMLObject).getValue();
        } else if (xMLObject instanceof XSAny) {
            XSAny xSAny = (XSAny) xMLObject;
            if (xSAny.getUnknownAttributes().isEmpty() && xSAny.getUnknownXMLObjects().isEmpty()) {
                str = xSAny.getTextContent();
            }
        }
        if (str != null) {
            return str;
        }
        return null;
    }

    protected Endpoint getEndpoint(String str, Binding binding, int i, boolean z) {
        return new Endpoint().setIndex(i).setBinding(binding).setLocation(str).setDefault(z).setIndex(i);
    }

    public NameIDFormat getNameIDFormat(NameId nameId) {
        NameIDFormat buildObject = getBuilderFactory().getBuilder(NameIDFormat.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setFormat(nameId.toString());
        return buildObject;
    }

    public SingleSignOnService getSingleSignOnService(Endpoint endpoint, int i) {
        SingleSignOnService buildObject = getBuilderFactory().getBuilder(SingleSignOnService.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setLocation(endpoint.getLocation());
        buildObject.setBinding(endpoint.getBinding().toString());
        return buildObject;
    }

    public AssertionConsumerService getAssertionConsumerService(Endpoint endpoint, int i) {
        AssertionConsumerService buildObject = getBuilderFactory().getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setLocation(endpoint.getLocation());
        buildObject.setBinding(endpoint.getBinding().toString());
        buildObject.setIsDefault(Boolean.valueOf(endpoint.isDefault()));
        buildObject.setIndex(Integer.valueOf(i));
        return buildObject;
    }

    public SingleLogoutService getSingleLogoutService(Endpoint endpoint) {
        SingleLogoutService buildObject = getBuilderFactory().getBuilder(SingleLogoutService.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setBinding(endpoint.getBinding().toString());
        buildObject.setLocation(endpoint.getLocation());
        return buildObject;
    }

    public KeyDescriptor getKeyDescriptor(SimpleKey simpleKey) {
        KeyDescriptor buildObject = getBuilderFactory().getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME).buildObject();
        Credential credential = getCredential(simpleKey, getCredentialsResolver(simpleKey));
        try {
            buildObject.setKeyInfo(getKeyInfoGenerator(credential).generate(credential));
            if (simpleKey.getType() != null) {
                buildObject.setUse(UsageType.valueOf(simpleKey.getType().toString()));
            } else {
                buildObject.setUse(UsageType.SIGNING);
            }
            return buildObject;
        } catch (SecurityException e) {
            throw new SamlKeyException((Throwable) e);
        }
    }

    public KeyInfoGenerator getKeyInfoGenerator(Credential credential) {
        return DefaultSecurityConfigurationBootstrap.buildBasicKeyInfoGeneratorManager().getDefaultManager().getFactory(credential).newInstance();
    }

    public void signObject(SignableSAMLObject signableSAMLObject, SimpleKey simpleKey, AlgorithmMethod algorithmMethod, DigestMethod digestMethod) {
        Credential credential = getCredential(simpleKey, getCredentialsResolver(simpleKey));
        org.opensaml.xmlsec.signature.Signature buildObject = getBuilderFactory().getBuilder(org.opensaml.xmlsec.signature.Signature.DEFAULT_ELEMENT_NAME).buildObject(org.opensaml.xmlsec.signature.Signature.DEFAULT_ELEMENT_NAME);
        signableSAMLObject.setSignature(buildObject);
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(credential);
        signatureSigningParameters.setKeyInfoGenerator(getKeyInfoGenerator(credential));
        signatureSigningParameters.setSignatureAlgorithm(algorithmMethod.toString());
        signatureSigningParameters.setSignatureReferenceDigestMethod(digestMethod.toString());
        signatureSigningParameters.setSignatureCanonicalizationAlgorithm(CanonicalizationMethod.ALGO_ID_C14N_EXCL_OMIT_COMMENTS.toString());
        try {
            SignatureSupport.prepareSignatureParams(buildObject, signatureSigningParameters);
            XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(signableSAMLObject).marshall(signableSAMLObject);
            Signer.signObject(buildObject);
        } catch (SecurityException | MarshallingException | SignatureException e) {
            throw new SamlKeyException((Throwable) e);
        }
    }

    public <T> T buildSAMLObject(Class<T> cls) {
        try {
            QName qName = (QName) cls.getDeclaredField("DEFAULT_ELEMENT_NAME").get(null);
            return (T) getBuilderFactory().getBuilder(qName).buildObject(qName);
        } catch (IllegalAccessException e) {
            throw new SamlException("Could not create SAML object", e);
        } catch (NoSuchFieldException e2) {
            throw new SamlException("Could not create SAML object", e2);
        }
    }
}
