package org.openmetadata.service.security.saml;

import com.onelogin.saml2.settings.Saml2Settings;
import com.onelogin.saml2.settings.SettingsBuilder;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Map;
import org.openmetadata.catalog.security.client.SamlSSOClientConfig;
import org.openmetadata.catalog.type.SamlSecurityConfig;
import org.openmetadata.common.utils.CommonUtil;
import org.openmetadata.service.OpenMetadataApplicationConfig;

/* loaded from: input_file:org/openmetadata/service/security/saml/SamlSettingsHolder.class */
public class SamlSettingsHolder {
    private static SamlSettingsHolder INSTANCE;
    private Map<String, Object> samlData = new HashMap();
    private SettingsBuilder builder = new SettingsBuilder();
    private Saml2Settings saml2Settings;
    private String relayState;
    private long tokenValidity;
    private String domain;

    private SamlSettingsHolder() {
    }

    public static SamlSettingsHolder getInstance() {
        if (INSTANCE == null) {
            INSTANCE = new SamlSettingsHolder();
        }
        return INSTANCE;
    }

    public void initDefaultSettings(OpenMetadataApplicationConfig openMetadataApplicationConfig) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        SamlSSOClientConfig samlConfiguration = openMetadataApplicationConfig.getAuthenticationConfiguration().getSamlConfiguration();
        this.tokenValidity = samlConfiguration.getSecurity().getTokenValidity().intValue();
        this.domain = openMetadataApplicationConfig.getAuthorizerConfiguration().getPrincipalDomain();
        if (this.samlData == null) {
            this.samlData = new HashMap();
        }
        if (this.builder == null) {
            this.builder = new SettingsBuilder();
        }
        this.samlData.put("onelogin.saml2.debug", samlConfiguration.getDebugMode());
        this.samlData.put("onelogin.saml2.sp.entityid", samlConfiguration.getSp().getEntityId());
        this.samlData.put("onelogin.saml2.sp.assertion_consumer_service.url", samlConfiguration.getSp().getAcs());
        this.samlData.put("onelogin.saml2.sp.assertion_consumer_service.binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        this.samlData.put("onelogin.saml2.sp.single_logout_service.binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        this.samlData.put("onelogin.saml2.sp.nameidformat", samlConfiguration.getIdp().getNameId());
        this.relayState = samlConfiguration.getSp().getCallback();
        this.samlData.put("onelogin.saml2.idp.entityid", samlConfiguration.getIdp().getEntityId());
        this.samlData.put("onelogin.saml2.idp.single_sign_on_service.url", samlConfiguration.getIdp().getSsoLoginUrl());
        this.samlData.put("onelogin.saml2.idp.single_sign_on_service.binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        this.samlData.put("onelogin.saml2.idp.single_logout_service.binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        this.samlData.put("onelogin.saml2.idp.x509cert", samlConfiguration.getIdp().getIdpX509Certificate());
        SamlSecurityConfig security = samlConfiguration.getSecurity();
        this.samlData.put("onelogin.saml2.strict", security.getStrictMode());
        this.samlData.put("onelogin.saml2.security.nameid_encrypted", security.getSendEncryptedNameId());
        this.samlData.put("onelogin.saml2.security.authnrequest_signed", security.getSendSignedAuthRequest());
        this.samlData.put("onelogin.saml2.security.want_messages_signed", security.getWantMessagesSigned());
        this.samlData.put("onelogin.saml2.security.want_assertions_signed", security.getWantAssertionsSigned());
        this.samlData.put("onelogin.saml2.security.sign_metadata", security.getSignSpMetadata());
        this.samlData.put("onelogin.saml2.security.want_assertions_encrypted", security.getWantAssertionEncrypted());
        this.samlData.put("onelogin.saml2.security.want_nameid_encrypted", security.getWantNameIdEncrypted());
        this.samlData.put("onelogin.saml2.security.requested_authncontextcomparison", "exact");
        this.samlData.put("onelogin.saml2.security.signature_algorithm", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        this.samlData.put("onelogin.saml2.security.digest_algorithm", "http://www.w3.org/2001/04/xmlenc#sha256");
        if (security.getSendSignedAuthRequest().booleanValue() || security.getWantAssertionEncrypted().booleanValue() || security.getWantNameIdEncrypted().booleanValue()) {
            if (!CommonUtil.nullOrEmpty(security.getKeyStoreFilePath()) && !CommonUtil.nullOrEmpty(security.getKeyStorePassword()) && !CommonUtil.nullOrEmpty(security.getKeyStoreAlias())) {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(new FileInputStream(security.getKeyStoreFilePath()), security.getKeyStorePassword().toCharArray());
                this.samlData.put("onelogin.saml2.keystore.store", keyStore);
                this.samlData.put("onelogin.saml2.keystore.alias", security.getKeyStoreAlias());
                this.samlData.put("onelogin.saml2.keystore.key.password", security.getKeyStorePassword());
            } else {
                if (CommonUtil.nullOrEmpty(samlConfiguration.getSp().getSpX509Certificate()) && CommonUtil.nullOrEmpty(samlConfiguration.getSp().getSpPrivateKey())) {
                    throw new IllegalArgumentException("Either Specify (KeyStoreFilePath, KeyStoreAlias and KeyStorePassword) or (Sp X509 Certificate and Private Key) as one of both is mandatory.");
                }
                this.samlData.put("onelogin.saml2.sp.privatekey", samlConfiguration.getSp().getSpPrivateKey());
                this.samlData.put("onelogin.saml2.sp.x509cert", samlConfiguration.getSp().getSpX509Certificate());
            }
        }
        this.samlData.put("onelogin.saml2.unique_id_prefix", "OPENMETADATA_");
        this.saml2Settings = this.builder.fromValues(this.samlData).build();
    }

    public Saml2Settings getSaml2Settings() {
        return this.saml2Settings;
    }

    public String getRelayState() {
        return this.relayState;
    }

    public long getTokenValidity() {
        return this.tokenValidity;
    }

    public String getDomain() {
        return this.domain;
    }
}
