package org.wso2.carbon.identity.sso.saml.admin;

import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.util.Optional;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.sp.metadata.saml2.exception.InvalidMetadataException;
import org.wso2.carbon.identity.sp.metadata.saml2.util.Parser;
import org.wso2.carbon.identity.sso.saml.Error;
import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
import org.wso2.carbon.identity.sso.saml.SSOServiceProviderConfigManager;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderInfoDTO;
import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2ClientException;
import org.wso2.carbon.identity.sso.saml.internal.IdentitySAMLSSOServiceComponent;
import org.wso2.carbon.identity.sso.saml.internal.IdentitySAMLSSOServiceComponentHolder;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.AuditLog;
import org.wso2.carbon.utils.security.KeystoreUtils;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.class */
public class SAMLSSOConfigAdmin {
    private static final Log log = LogFactory.getLog(SAMLSSOConfigAdmin.class);
    private UserRegistry registry;
    private final int tenantId;
    private boolean enableAuditing;

    public SAMLSSOConfigAdmin(Registry registry) {
        this.enableAuditing = true;
        this.registry = (UserRegistry) registry;
        this.tenantId = ((UserRegistry) registry).getTenantId();
    }

    public SAMLSSOConfigAdmin(Registry registry, boolean z) {
        this(registry);
        this.enableAuditing = z;
    }

    public boolean addRelyingPartyServiceProvider(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO) throws IdentityException {
        SAMLSSOServiceProviderDO createSAMLSSOServiceProviderDO = createSAMLSSOServiceProviderDO(sAMLSSOServiceProviderDTO);
        try {
            String issuerWithQualifier = getIssuerWithQualifier(createSAMLSSOServiceProviderDO);
            if (SSOServiceProviderConfigManager.getInstance().getServiceProvider(issuerWithQualifier) != null) {
                log.error("A Service Provider with the name " + issuerWithQualifier + " is already loaded from the file system.");
                return false;
            }
            boolean addServiceProvider = IdentitySAMLSSOServiceComponentHolder.getInstance().getSAMLSSOServiceProviderManager().addServiceProvider(createSAMLSSOServiceProviderDO, this.tenantId);
            if (addServiceProvider && ApplicationMgtUtil.isEnableV2AuditLogs() && this.enableAuditing) {
                Optional<String> initiatorId = getInitiatorId();
                if (initiatorId.isPresent()) {
                    LoggerUtils.triggerAuditLogEvent(new AuditLog.AuditLogBuilder(initiatorId.get(), LoggerUtils.Initiator.User.name(), issuerWithQualifier, LoggerUtils.Target.Application.name(), SAMLSSOConstants.LogConstants.CREATE_SAML_APPLICATION).data(SAMLSSOUtil.buildSPData(createSAMLSSOServiceProviderDO)), true);
                } else {
                    log.error("Error getting the logged in userId");
                }
            }
            return addServiceProvider;
        } catch (IdentityException e) {
            throw new IdentityException("Error obtaining a registry for adding a new service provider", e);
        }
    }

    public boolean updateRelyingPartyServiceProvider(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO, String str) throws IdentityException {
        SAMLSSOServiceProviderDO createSAMLSSOServiceProviderDO = createSAMLSSOServiceProviderDO(sAMLSSOServiceProviderDTO);
        String issuerWithQualifier = getIssuerWithQualifier(createSAMLSSOServiceProviderDO);
        if (SSOServiceProviderConfigManager.getInstance().getServiceProvider(issuerWithQualifier) == null) {
            return IdentitySAMLSSOServiceComponentHolder.getInstance().getSAMLSSOServiceProviderManager().updateServiceProvider(createSAMLSSOServiceProviderDO, str, this.tenantId);
        }
        log.error("A Service Provider with the name " + issuerWithQualifier + " is already loaded from the file system.");
        return false;
    }

    public SAMLSSOServiceProviderDTO addSAMLServiceProvider(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO) throws IdentityException {
        SAMLSSOServiceProviderDO createSAMLSSOServiceProviderDO = createSAMLSSOServiceProviderDO(sAMLSSOServiceProviderDTO);
        try {
            String issuerWithQualifier = getIssuerWithQualifier(createSAMLSSOServiceProviderDO);
            if (SSOServiceProviderConfigManager.getInstance().getServiceProvider(issuerWithQualifier) != null) {
                throw buildClientException(Error.CONFLICTING_SAML_ISSUER, "A Service Provider with the name: " + issuerWithQualifier + " is already loaded from the file system.");
            }
            SAMLSSOServiceProviderDTO persistSAMLServiceProvider = persistSAMLServiceProvider(createSAMLSSOServiceProviderDO);
            persistSAMLServiceProvider.setAuditLogData(SAMLSSOUtil.buildSPDataJSONString(createSAMLSSOServiceProviderDO));
            if (ApplicationMgtUtil.isEnableV2AuditLogs() && this.enableAuditing) {
                Optional<String> initiatorId = getInitiatorId();
                if (initiatorId.isPresent()) {
                    LoggerUtils.triggerAuditLogEvent(new AuditLog.AuditLogBuilder(initiatorId.get(), LoggerUtils.Initiator.User.name(), issuerWithQualifier, LoggerUtils.Target.Application.name(), SAMLSSOConstants.LogConstants.CREATE_SAML_APPLICATION).data(SAMLSSOUtil.buildSPData(createSAMLSSOServiceProviderDO)), true);
                } else {
                    log.error("Error getting the logged in userId");
                }
            }
            return persistSAMLServiceProvider;
        } catch (IdentitySAML2ClientException e) {
            throw e;
        } catch (IdentityException e2) {
            throw new IdentityException("Error obtaining a registry for adding a new service provider", e2);
        }
    }

    private String getLoggedInTenantDomain() {
        return !IdentityTenantUtil.isTenantedSessionsEnabled() ? getTenantDomain() : IdentityTenantUtil.resolveTenantDomain();
    }

    private Optional<AuthenticatedUser> getLoggedInUser(String str) {
        return Optional.ofNullable(CarbonContext.getThreadLocalCarbonContext().getUsername()).filter(StringUtils::isNotEmpty).map(str2 -> {
            return buildAuthenticatedUser(str2, str);
        });
    }

    private AuthenticatedUser buildAuthenticatedUser(String str, String str2) {
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserName(UserCoreUtil.removeDomainFromName(str));
        authenticatedUser.setTenantDomain(str2);
        authenticatedUser.setUserStoreDomain(IdentityUtil.extractDomainFromName(str));
        return authenticatedUser;
    }

    public SAMLSSOServiceProviderDTO updateSAMLServiceProvider(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO, String str) throws IdentityException {
        SAMLSSOServiceProviderDO createSAMLSSOServiceProviderDO = createSAMLSSOServiceProviderDO(sAMLSSOServiceProviderDTO);
        String issuerWithQualifier = getIssuerWithQualifier(createSAMLSSOServiceProviderDO);
        if (SSOServiceProviderConfigManager.getInstance().getServiceProvider(issuerWithQualifier) != null) {
            throw buildClientException(Error.CONFLICTING_SAML_ISSUER, "A Service Provider with the name: " + issuerWithQualifier + " is already loaded from the file system.");
        }
        SAMLSSOServiceProviderDTO persistSAMLServiceProvider = persistSAMLServiceProvider(createSAMLSSOServiceProviderDO, str);
        if (persistSAMLServiceProvider == null) {
            return null;
        }
        persistSAMLServiceProvider.setAuditLogData(SAMLSSOUtil.buildSPDataJSONString(createSAMLSSOServiceProviderDO));
        if (ApplicationMgtUtil.isEnableV2AuditLogs() && this.enableAuditing) {
            Optional<String> initiatorId = getInitiatorId();
            if (initiatorId.isPresent()) {
                LoggerUtils.triggerAuditLogEvent(new AuditLog.AuditLogBuilder(initiatorId.get(), LoggerUtils.Initiator.User.name(), createSAMLSSOServiceProviderDO.getIssuer(), LoggerUtils.Target.Application.name(), SAMLSSOConstants.LogConstants.UPDATE_SAML_APPLICATION).data(SAMLSSOUtil.buildSPData(createSAMLSSOServiceProviderDO)), true);
            } else {
                log.error("Error getting the logged in userId");
            }
        }
        return persistSAMLServiceProvider;
    }

    private String getIssuerWithQualifier(SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) {
        return SAMLSSOUtil.getIssuerWithQualifier(sAMLSSOServiceProviderDO.getIssuer(), sAMLSSOServiceProviderDO.getIssuerQualifier());
    }

    private SAMLSSOServiceProviderDTO persistSAMLServiceProvider(SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) throws IdentityException {
        if (IdentitySAMLSSOServiceComponentHolder.getInstance().getSAMLSSOServiceProviderManager().addServiceProvider(sAMLSSOServiceProviderDO, this.tenantId)) {
            return createSAMLSSOServiceProviderDTO(sAMLSSOServiceProviderDO);
        }
        throw buildClientException(Error.CONFLICTING_SAML_ISSUER, "An application with the SAML issuer: " + sAMLSSOServiceProviderDO.getIssuer() + " already exists in tenantDomain: " + getTenantDomain());
    }

    private SAMLSSOServiceProviderDTO persistSAMLServiceProvider(SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO, String str) throws IdentityException {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        if (IdentitySAMLSSOServiceComponentHolder.getInstance().getSAMLSSOServiceProviderManager().updateServiceProvider(sAMLSSOServiceProviderDO, str, this.tenantId)) {
            return createSAMLSSOServiceProviderDTO(sAMLSSOServiceProviderDO);
        }
        throw buildClientException(Error.CONFLICTING_SAML_ISSUER, "An application with the SAML issuer: " + sAMLSSOServiceProviderDO.getIssuer() + " already exists in tenantDomain: " + getTenantDomain());
    }

    private void saveCertificateToKeyStore(SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) throws Exception {
        KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(this.tenantId, IdentitySAMLSSOServiceComponent.getServerConfigurationService(), IdentityTenantUtil.getRegistryService());
        if (-1234 != this.tenantId) {
            String keyStoreName = getKeyStoreName(this.tenantId);
            KeyStore keyStore = keyStoreManager.getKeyStore(keyStoreName);
            keyStore.setCertificateEntry(sAMLSSOServiceProviderDO.getIssuer(), sAMLSSOServiceProviderDO.getX509Certificate());
            keyStoreManager.updateKeyStore(keyStoreName, keyStore);
            return;
        }
        String certificateAlias = keyStoreManager.getPrimaryKeyStore().getCertificateAlias(sAMLSSOServiceProviderDO.getX509Certificate());
        if (StringUtils.isBlank(certificateAlias)) {
            sAMLSSOServiceProviderDO.setCertAlias((String) null);
        } else {
            sAMLSSOServiceProviderDO.setCertAlias(certificateAlias);
        }
    }

    private String getKeyStoreName(int i) {
        return KeystoreUtils.getKeyStoreFileLocation(IdentityTenantUtil.getTenantDomain(i));
    }

    public SAMLSSOServiceProviderDTO uploadRelyingPartyServiceProvider(String str) throws IdentityException {
        try {
            SAMLSSOServiceProviderDO parse = new Parser(this.registry).parse(str, new SAMLSSOServiceProviderDO());
            if (parse.getX509Certificate() != null) {
                try {
                    saveCertificateToKeyStore(parse);
                } catch (Exception e) {
                    throw new IdentityException("Error occurred while setting certificate and alias", e);
                }
            }
            SAMLSSOServiceProviderDTO persistSAMLServiceProvider = persistSAMLServiceProvider(parse);
            persistSAMLServiceProvider.setAuditLogData(SAMLSSOUtil.buildSPDataJSONString(parse));
            if (ApplicationMgtUtil.isEnableV2AuditLogs() && this.enableAuditing) {
                Optional<String> initiatorId = getInitiatorId();
                if (initiatorId.isPresent()) {
                    LoggerUtils.triggerAuditLogEvent(new AuditLog.AuditLogBuilder(initiatorId.get(), LoggerUtils.Initiator.User.name(), parse.getIssuer(), LoggerUtils.Target.Application.name(), SAMLSSOConstants.LogConstants.CREATE_SAML_APPLICATION).data(SAMLSSOUtil.buildSPData(parse)), true);
                } else {
                    log.error("Error getting the logged in userId");
                }
            }
            return persistSAMLServiceProvider;
        } catch (InvalidMetadataException e2) {
            throw buildClientException(Error.INVALID_REQUEST, "Error parsing SAML SP metadata.", e2);
        }
    }

    public SAMLSSOServiceProviderDTO updateRelyingPartyServiceProviderWithMetadata(String str, String str2) throws IdentityException {
        try {
            SAMLSSOServiceProviderDO parse = new Parser(this.registry).parse(str, new SAMLSSOServiceProviderDO());
            if (parse.getX509Certificate() != null) {
                try {
                    saveCertificateToKeyStore(parse);
                } catch (Exception e) {
                    throw new IdentityException("Error occurred while setting certificate and alias", e);
                }
            }
            SAMLSSOServiceProviderDTO persistSAMLServiceProvider = persistSAMLServiceProvider(parse, str2);
            if (persistSAMLServiceProvider == null) {
                return null;
            }
            persistSAMLServiceProvider.setAuditLogData(SAMLSSOUtil.buildSPDataJSONString(parse));
            if (ApplicationMgtUtil.isEnableV2AuditLogs() && this.enableAuditing) {
                Optional<String> initiatorId = getInitiatorId();
                if (initiatorId.isPresent()) {
                    LoggerUtils.triggerAuditLogEvent(new AuditLog.AuditLogBuilder(initiatorId.get(), LoggerUtils.Initiator.User.name(), parse.getIssuer(), LoggerUtils.Target.Application.name(), SAMLSSOConstants.LogConstants.UPDATE_SAML_APPLICATION).data(SAMLSSOUtil.buildSPData(parse)), true);
                } else {
                    log.error("Error getting the logged in userId");
                }
            }
            return persistSAMLServiceProvider;
        } catch (InvalidMetadataException e2) {
            throw buildClientException(Error.INVALID_REQUEST, "Error parsing SAML SP metadata.", e2);
        }
    }

    private IdentitySAML2ClientException buildClientException(Error error, String str) {
        return new IdentitySAML2ClientException(error.getErrorCode(), str);
    }

    private IdentitySAML2ClientException buildClientException(Error error, String str, Exception exc) {
        return new IdentitySAML2ClientException(error.getErrorCode(), str, exc);
    }

    private SAMLSSOServiceProviderDO createSAMLSSOServiceProviderDO(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO) throws IdentityException {
        SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO = new SAMLSSOServiceProviderDO();
        validateIssuer(sAMLSSOServiceProviderDTO.getIssuer());
        sAMLSSOServiceProviderDO.setIssuer(sAMLSSOServiceProviderDTO.getIssuer());
        validateIssuerQualifier(sAMLSSOServiceProviderDTO.getIssuerQualifier());
        sAMLSSOServiceProviderDO.setIssuerQualifier(sAMLSSOServiceProviderDTO.getIssuerQualifier());
        sAMLSSOServiceProviderDO.setAssertionConsumerUrls(sAMLSSOServiceProviderDTO.getAssertionConsumerUrls());
        sAMLSSOServiceProviderDO.setDefaultAssertionConsumerUrl(sAMLSSOServiceProviderDTO.getDefaultAssertionConsumerUrl());
        sAMLSSOServiceProviderDO.setCertAlias(sAMLSSOServiceProviderDTO.getCertAlias());
        sAMLSSOServiceProviderDO.setDoSingleLogout(sAMLSSOServiceProviderDTO.isDoSingleLogout());
        sAMLSSOServiceProviderDO.setDoFrontChannelLogout(sAMLSSOServiceProviderDTO.isDoFrontChannelLogout());
        sAMLSSOServiceProviderDO.setFrontChannelLogoutBinding(sAMLSSOServiceProviderDTO.getFrontChannelLogoutBinding());
        sAMLSSOServiceProviderDO.setSloResponseURL(sAMLSSOServiceProviderDTO.getSloResponseURL());
        sAMLSSOServiceProviderDO.setSloRequestURL(sAMLSSOServiceProviderDTO.getSloRequestURL());
        sAMLSSOServiceProviderDO.setLoginPageURL(sAMLSSOServiceProviderDTO.getLoginPageURL());
        sAMLSSOServiceProviderDO.setDoSignResponse(sAMLSSOServiceProviderDTO.isDoSignResponse());
        sAMLSSOServiceProviderDO.setDoSignAssertions(true);
        sAMLSSOServiceProviderDO.setNameIdClaimUri(sAMLSSOServiceProviderDTO.getNameIdClaimUri());
        sAMLSSOServiceProviderDO.setSigningAlgorithmUri(sAMLSSOServiceProviderDTO.getSigningAlgorithmURI());
        sAMLSSOServiceProviderDO.setDigestAlgorithmUri(sAMLSSOServiceProviderDTO.getDigestAlgorithmURI());
        sAMLSSOServiceProviderDO.setAssertionEncryptionAlgorithmUri(sAMLSSOServiceProviderDTO.getAssertionEncryptionAlgorithmURI());
        sAMLSSOServiceProviderDO.setKeyEncryptionAlgorithmUri(sAMLSSOServiceProviderDTO.getKeyEncryptionAlgorithmURI());
        sAMLSSOServiceProviderDO.setAssertionQueryRequestProfileEnabled(sAMLSSOServiceProviderDTO.isAssertionQueryRequestProfileEnabled());
        sAMLSSOServiceProviderDO.setSupportedAssertionQueryRequestTypes(sAMLSSOServiceProviderDTO.getSupportedAssertionQueryRequestTypes());
        sAMLSSOServiceProviderDO.setEnableSAML2ArtifactBinding(sAMLSSOServiceProviderDTO.isEnableSAML2ArtifactBinding());
        sAMLSSOServiceProviderDO.setDoValidateSignatureInArtifactResolve(sAMLSSOServiceProviderDTO.isDoValidateSignatureInArtifactResolve());
        if (sAMLSSOServiceProviderDTO.getNameIDFormat() == null) {
            sAMLSSOServiceProviderDTO.setNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        } else {
            sAMLSSOServiceProviderDTO.setNameIDFormat(sAMLSSOServiceProviderDTO.getNameIDFormat().replace(SAMLSSOConstants.COOKIE_ROOT_PATH, ":"));
        }
        sAMLSSOServiceProviderDO.setNameIDFormat(sAMLSSOServiceProviderDTO.getNameIDFormat());
        if (sAMLSSOServiceProviderDTO.isEnableAttributeProfile()) {
            String attributeConsumingServiceIndex = sAMLSSOServiceProviderDTO.getAttributeConsumingServiceIndex();
            if (StringUtils.isNotEmpty(attributeConsumingServiceIndex)) {
                sAMLSSOServiceProviderDO.setAttributeConsumingServiceIndex(attributeConsumingServiceIndex);
            } else {
                sAMLSSOServiceProviderDO.setAttributeConsumingServiceIndex(Integer.toString(IdentityUtil.getRandomInteger()));
            }
            sAMLSSOServiceProviderDO.setEnableAttributesByDefault(sAMLSSOServiceProviderDTO.isEnableAttributesByDefault());
        } else {
            sAMLSSOServiceProviderDO.setAttributeConsumingServiceIndex("");
            if (sAMLSSOServiceProviderDO.isEnableAttributesByDefault()) {
                log.warn("Enable Attribute Profile must be selected to activate it by default. EnableAttributesByDefault will be disabled.");
            }
            sAMLSSOServiceProviderDO.setEnableAttributesByDefault(false);
        }
        if (sAMLSSOServiceProviderDTO.getRequestedAudiences() != null && sAMLSSOServiceProviderDTO.getRequestedAudiences().length != 0) {
            sAMLSSOServiceProviderDO.setRequestedAudiences(sAMLSSOServiceProviderDTO.getRequestedAudiences());
        }
        if (sAMLSSOServiceProviderDTO.getRequestedRecipients() != null && sAMLSSOServiceProviderDTO.getRequestedRecipients().length != 0) {
            sAMLSSOServiceProviderDO.setRequestedRecipients(sAMLSSOServiceProviderDTO.getRequestedRecipients());
        }
        sAMLSSOServiceProviderDO.setIdPInitSSOEnabled(sAMLSSOServiceProviderDTO.isIdPInitSSOEnabled());
        sAMLSSOServiceProviderDO.setIdPInitSLOEnabled(sAMLSSOServiceProviderDTO.isIdPInitSLOEnabled());
        sAMLSSOServiceProviderDO.setIdpInitSLOReturnToURLs(sAMLSSOServiceProviderDTO.getIdpInitSLOReturnToURLs());
        sAMLSSOServiceProviderDO.setDoEnableEncryptedAssertion(sAMLSSOServiceProviderDTO.isDoEnableEncryptedAssertion());
        sAMLSSOServiceProviderDO.setDoValidateSignatureInRequests(sAMLSSOServiceProviderDTO.isDoValidateSignatureInRequests());
        sAMLSSOServiceProviderDO.setIdpEntityIDAlias(sAMLSSOServiceProviderDTO.getIdpEntityIDAlias());
        return sAMLSSOServiceProviderDO;
    }

    private void validateIssuerQualifier(String str) throws IdentitySAML2ClientException {
        if (StringUtils.isNotBlank(str) && str.contains("@")) {
            throw buildClientException(Error.INVALID_REQUEST, "'@' is a reserved character. Cannot be used for Service Provider Qualifier Value.");
        }
    }

    private void validateIssuer(String str) throws IdentitySAML2ClientException {
        if (StringUtils.isBlank(str)) {
            throw buildClientException(Error.INVALID_REQUEST, "A value for the Issuer is mandatory.");
        }
        if (str.contains("@")) {
            throw buildClientException(Error.INVALID_REQUEST, "'@' is a reserved character. Cannot be used for Service Provider Entity ID.");
        }
    }

    private SAMLSSOServiceProviderDTO createSAMLSSOServiceProviderDTO(SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) throws IdentityException {
        SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO = new SAMLSSOServiceProviderDTO();
        validateIssuer(sAMLSSOServiceProviderDO.getIssuer());
        sAMLSSOServiceProviderDTO.setIssuer(sAMLSSOServiceProviderDO.getIssuer());
        validateIssuerQualifier(sAMLSSOServiceProviderDO.getIssuerQualifier());
        sAMLSSOServiceProviderDTO.setIssuerQualifier(sAMLSSOServiceProviderDO.getIssuerQualifier());
        sAMLSSOServiceProviderDTO.setAssertionConsumerUrls(sAMLSSOServiceProviderDO.getAssertionConsumerUrls());
        sAMLSSOServiceProviderDTO.setDefaultAssertionConsumerUrl(sAMLSSOServiceProviderDO.getDefaultAssertionConsumerUrl());
        sAMLSSOServiceProviderDTO.setCertAlias(sAMLSSOServiceProviderDO.getCertAlias());
        try {
            if (sAMLSSOServiceProviderDO.getX509Certificate() != null) {
                sAMLSSOServiceProviderDTO.setCertificateContent(IdentityUtil.convertCertificateToPEM(sAMLSSOServiceProviderDO.getX509Certificate()));
            }
            sAMLSSOServiceProviderDTO.setDoSingleLogout(sAMLSSOServiceProviderDO.isDoSingleLogout());
            sAMLSSOServiceProviderDTO.setDoFrontChannelLogout(sAMLSSOServiceProviderDO.isDoFrontChannelLogout());
            sAMLSSOServiceProviderDTO.setFrontChannelLogoutBinding(sAMLSSOServiceProviderDO.getFrontChannelLogoutBinding());
            sAMLSSOServiceProviderDTO.setLoginPageURL(sAMLSSOServiceProviderDO.getLoginPageURL());
            sAMLSSOServiceProviderDTO.setSloRequestURL(sAMLSSOServiceProviderDO.getSloRequestURL());
            sAMLSSOServiceProviderDTO.setSloResponseURL(sAMLSSOServiceProviderDO.getSloResponseURL());
            sAMLSSOServiceProviderDTO.setDoSignResponse(sAMLSSOServiceProviderDO.isDoSignResponse());
            sAMLSSOServiceProviderDTO.setDoSignAssertions(true);
            sAMLSSOServiceProviderDTO.setNameIdClaimUri(sAMLSSOServiceProviderDO.getNameIdClaimUri());
            sAMLSSOServiceProviderDTO.setSigningAlgorithmURI(sAMLSSOServiceProviderDO.getSigningAlgorithmUri());
            sAMLSSOServiceProviderDTO.setDigestAlgorithmURI(sAMLSSOServiceProviderDO.getDigestAlgorithmUri());
            sAMLSSOServiceProviderDTO.setAssertionEncryptionAlgorithmURI(sAMLSSOServiceProviderDO.getAssertionEncryptionAlgorithmUri());
            sAMLSSOServiceProviderDTO.setKeyEncryptionAlgorithmURI(sAMLSSOServiceProviderDO.getKeyEncryptionAlgorithmUri());
            sAMLSSOServiceProviderDTO.setAssertionQueryRequestProfileEnabled(sAMLSSOServiceProviderDO.isAssertionQueryRequestProfileEnabled());
            sAMLSSOServiceProviderDTO.setSupportedAssertionQueryRequestTypes(sAMLSSOServiceProviderDO.getSupportedAssertionQueryRequestTypes());
            sAMLSSOServiceProviderDTO.setEnableAttributesByDefault(sAMLSSOServiceProviderDO.isEnableAttributesByDefault());
            sAMLSSOServiceProviderDTO.setEnableSAML2ArtifactBinding(sAMLSSOServiceProviderDO.isEnableSAML2ArtifactBinding());
            sAMLSSOServiceProviderDTO.setDoValidateSignatureInArtifactResolve(sAMLSSOServiceProviderDO.isDoValidateSignatureInArtifactResolve());
            if (sAMLSSOServiceProviderDO.getNameIDFormat() == null) {
                sAMLSSOServiceProviderDO.setNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
            } else {
                sAMLSSOServiceProviderDO.setNameIDFormat(sAMLSSOServiceProviderDO.getNameIDFormat().replace(SAMLSSOConstants.COOKIE_ROOT_PATH, ":"));
            }
            sAMLSSOServiceProviderDTO.setNameIDFormat(sAMLSSOServiceProviderDO.getNameIDFormat());
            if (StringUtils.isNotBlank(sAMLSSOServiceProviderDO.getAttributeConsumingServiceIndex())) {
                sAMLSSOServiceProviderDTO.setAttributeConsumingServiceIndex(sAMLSSOServiceProviderDO.getAttributeConsumingServiceIndex());
                sAMLSSOServiceProviderDTO.setEnableAttributeProfile(true);
            }
            if (sAMLSSOServiceProviderDO.getRequestedAudiences() != null && sAMLSSOServiceProviderDO.getRequestedAudiences().length != 0) {
                sAMLSSOServiceProviderDTO.setRequestedAudiences(sAMLSSOServiceProviderDO.getRequestedAudiences());
            }
            if (sAMLSSOServiceProviderDO.getRequestedRecipients() != null && sAMLSSOServiceProviderDO.getRequestedRecipients().length != 0) {
                sAMLSSOServiceProviderDTO.setRequestedRecipients(sAMLSSOServiceProviderDO.getRequestedRecipients());
            }
            sAMLSSOServiceProviderDTO.setIdPInitSSOEnabled(sAMLSSOServiceProviderDO.isIdPInitSSOEnabled());
            sAMLSSOServiceProviderDTO.setDoEnableEncryptedAssertion(sAMLSSOServiceProviderDO.isDoEnableEncryptedAssertion());
            sAMLSSOServiceProviderDTO.setDoValidateSignatureInRequests(sAMLSSOServiceProviderDO.isDoValidateSignatureInRequests());
            sAMLSSOServiceProviderDTO.setIdpEntityIDAlias(sAMLSSOServiceProviderDO.getIdpEntityIDAlias());
            return sAMLSSOServiceProviderDTO;
        } catch (CertificateException e) {
            throw new IdentityException("An error occurred while converting the application certificate to PEM content.", e);
        }
    }

    public SAMLSSOServiceProviderInfoDTO getServiceProviders() throws IdentityException {
        try {
            SAMLSSOServiceProviderDO[] serviceProviders = IdentitySAMLSSOServiceComponentHolder.getInstance().getSAMLSSOServiceProviderManager().getServiceProviders(this.tenantId);
            SAMLSSOServiceProviderDTO[] sAMLSSOServiceProviderDTOArr = new SAMLSSOServiceProviderDTO[serviceProviders.length];
            for (int i = 0; i < serviceProviders.length; i++) {
                SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO = serviceProviders[i];
                SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO = new SAMLSSOServiceProviderDTO();
                sAMLSSOServiceProviderDTO.setIssuer(sAMLSSOServiceProviderDO.getIssuer());
                sAMLSSOServiceProviderDTO.setIssuerQualifier(sAMLSSOServiceProviderDO.getIssuerQualifier());
                sAMLSSOServiceProviderDTO.setAssertionConsumerUrls(sAMLSSOServiceProviderDO.getAssertionConsumerUrls());
                sAMLSSOServiceProviderDTO.setDefaultAssertionConsumerUrl(sAMLSSOServiceProviderDO.getDefaultAssertionConsumerUrl());
                sAMLSSOServiceProviderDTO.setSigningAlgorithmURI(sAMLSSOServiceProviderDO.getSigningAlgorithmUri());
                sAMLSSOServiceProviderDTO.setDigestAlgorithmURI(sAMLSSOServiceProviderDO.getDigestAlgorithmUri());
                sAMLSSOServiceProviderDTO.setAssertionEncryptionAlgorithmURI(sAMLSSOServiceProviderDO.getAssertionEncryptionAlgorithmUri());
                sAMLSSOServiceProviderDTO.setKeyEncryptionAlgorithmURI(sAMLSSOServiceProviderDO.getKeyEncryptionAlgorithmUri());
                sAMLSSOServiceProviderDTO.setCertAlias(sAMLSSOServiceProviderDO.getCertAlias());
                sAMLSSOServiceProviderDTO.setAttributeConsumingServiceIndex(sAMLSSOServiceProviderDO.getAttributeConsumingServiceIndex());
                if (StringUtils.isNotBlank(sAMLSSOServiceProviderDO.getAttributeConsumingServiceIndex())) {
                    sAMLSSOServiceProviderDTO.setEnableAttributeProfile(true);
                }
                sAMLSSOServiceProviderDTO.setDoSignResponse(sAMLSSOServiceProviderDO.isDoSignResponse());
                sAMLSSOServiceProviderDTO.setDoSignAssertions(true);
                sAMLSSOServiceProviderDTO.setDoSingleLogout(sAMLSSOServiceProviderDO.isDoSingleLogout());
                sAMLSSOServiceProviderDTO.setDoFrontChannelLogout(sAMLSSOServiceProviderDO.isDoFrontChannelLogout());
                sAMLSSOServiceProviderDTO.setFrontChannelLogoutBinding(sAMLSSOServiceProviderDO.getFrontChannelLogoutBinding());
                sAMLSSOServiceProviderDTO.setAssertionQueryRequestProfileEnabled(sAMLSSOServiceProviderDO.isAssertionQueryRequestProfileEnabled());
                sAMLSSOServiceProviderDTO.setSupportedAssertionQueryRequestTypes(sAMLSSOServiceProviderDO.getSupportedAssertionQueryRequestTypes());
                sAMLSSOServiceProviderDTO.setEnableSAML2ArtifactBinding(sAMLSSOServiceProviderDO.isEnableSAML2ArtifactBinding());
                sAMLSSOServiceProviderDTO.setDoValidateSignatureInArtifactResolve(sAMLSSOServiceProviderDO.isDoValidateSignatureInArtifactResolve());
                if (sAMLSSOServiceProviderDO.getLoginPageURL() == null || "null".equals(sAMLSSOServiceProviderDO.getLoginPageURL())) {
                    sAMLSSOServiceProviderDTO.setLoginPageURL("");
                } else {
                    sAMLSSOServiceProviderDTO.setLoginPageURL(sAMLSSOServiceProviderDO.getLoginPageURL());
                }
                sAMLSSOServiceProviderDTO.setSloResponseURL(sAMLSSOServiceProviderDO.getSloResponseURL());
                sAMLSSOServiceProviderDTO.setSloRequestURL(sAMLSSOServiceProviderDO.getSloRequestURL());
                sAMLSSOServiceProviderDTO.setRequestedClaims(sAMLSSOServiceProviderDO.getRequestedClaims());
                sAMLSSOServiceProviderDTO.setRequestedAudiences(sAMLSSOServiceProviderDO.getRequestedAudiences());
                sAMLSSOServiceProviderDTO.setRequestedRecipients(sAMLSSOServiceProviderDO.getRequestedRecipients());
                sAMLSSOServiceProviderDTO.setEnableAttributesByDefault(sAMLSSOServiceProviderDO.isEnableAttributesByDefault());
                sAMLSSOServiceProviderDTO.setNameIdClaimUri(sAMLSSOServiceProviderDO.getNameIdClaimUri());
                sAMLSSOServiceProviderDTO.setNameIDFormat(sAMLSSOServiceProviderDO.getNameIDFormat());
                if (sAMLSSOServiceProviderDTO.getNameIDFormat() == null) {
                    sAMLSSOServiceProviderDTO.setNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
                }
                sAMLSSOServiceProviderDTO.setNameIDFormat(sAMLSSOServiceProviderDTO.getNameIDFormat().replace(":", SAMLSSOConstants.COOKIE_ROOT_PATH));
                sAMLSSOServiceProviderDTO.setIdPInitSSOEnabled(sAMLSSOServiceProviderDO.isIdPInitSSOEnabled());
                sAMLSSOServiceProviderDTO.setIdPInitSLOEnabled(sAMLSSOServiceProviderDO.isIdPInitSLOEnabled());
                sAMLSSOServiceProviderDTO.setIdpInitSLOReturnToURLs(sAMLSSOServiceProviderDO.getIdpInitSLOReturnToURLs());
                sAMLSSOServiceProviderDTO.setDoEnableEncryptedAssertion(sAMLSSOServiceProviderDO.isDoEnableEncryptedAssertion());
                sAMLSSOServiceProviderDTO.setDoValidateSignatureInRequests(sAMLSSOServiceProviderDO.isDoValidateSignatureInRequests());
                sAMLSSOServiceProviderDTO.setIdpEntityIDAlias(sAMLSSOServiceProviderDO.getIdpEntityIDAlias());
                sAMLSSOServiceProviderDTOArr[i] = sAMLSSOServiceProviderDTO;
            }
            SAMLSSOServiceProviderInfoDTO sAMLSSOServiceProviderInfoDTO = new SAMLSSOServiceProviderInfoDTO();
            sAMLSSOServiceProviderInfoDTO.setServiceProviders(sAMLSSOServiceProviderDTOArr);
            if (this.tenantId == 0) {
                sAMLSSOServiceProviderInfoDTO.setTenantZero(true);
            }
            return sAMLSSOServiceProviderInfoDTO;
        } catch (IdentityException e) {
            throw new IdentityException("Error obtaining a registry instance for reading service provider list", e);
        }
    }

    public boolean removeServiceProvider(String str) throws IdentityException {
        try {
            boolean removeServiceProvider = IdentitySAMLSSOServiceComponentHolder.getInstance().getSAMLSSOServiceProviderManager().removeServiceProvider(str, this.tenantId);
            if (removeServiceProvider && ApplicationMgtUtil.isEnableV2AuditLogs() && this.enableAuditing) {
                Optional<String> initiatorId = getInitiatorId();
                if (initiatorId.isPresent()) {
                    LoggerUtils.triggerAuditLogEvent(new AuditLog.AuditLogBuilder(initiatorId.get(), LoggerUtils.Initiator.User.name(), str, LoggerUtils.Target.Application.name(), SAMLSSOConstants.LogConstants.DELETE_SAML_APPLICATION), true);
                } else {
                    log.error("Error getting the logged in userId");
                }
            }
            return removeServiceProvider;
        } catch (IdentityException e) {
            throw new IdentityException("Error removing a Service Provider with issuer: " + str, e);
        }
    }

    private Optional<String> getInitiatorId() {
        return Optional.ofNullable(CarbonContext.getThreadLocalCarbonContext().getUserId()).filter(StringUtils::isNotBlank).or(() -> {
            return getLoggedInUser(getLoggedInTenantDomain()).map(authenticatedUser -> {
                return IdentityUtil.getInitiatorId(authenticatedUser.getUserName(), getLoggedInTenantDomain());
            });
        });
    }

    protected String getTenantDomain() {
        return CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
    }
}
