package org.cloudfoundry.identity.uaa.provider.saml.idp;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.Map;
import java.util.TreeMap;
import javax.xml.namespace.QName;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.SAMLRuntimeException;
import org.opensaml.saml2.common.Extensions;
import org.opensaml.saml2.common.impl.ExtensionsBuilder;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml2.metadata.NameIDFormat;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.samlext.idpdisco.DiscoveryResponse;
import org.opensaml.util.URLBuilder;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.security.SecurityConfiguration;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.util.Pair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.saml.SAMLDiscovery;
import org.springframework.security.saml.SAMLEntryPoint;
import org.springframework.security.saml.SAMLLogoutProcessingFilter;
import org.springframework.security.saml.SAMLProcessingFilter;
import org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter;
import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.util.SAMLUtil;

/* loaded from: input_file:org/cloudfoundry/identity/uaa/provider/saml/idp/IdpMetadataGenerator.class */
public class IdpMetadataGenerator {
    private String id;
    private String entityId;
    private String entityBaseURL;
    private IdpExtendedMetadata extendedMetadata;
    private static TreeMap<String, String> aliases = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
    private boolean includeDiscoveryExtension;
    public static final Collection<String> defaultNameID;
    protected KeyManager keyManager;
    protected SAMLProcessingFilter samlWebSSOFilter;
    protected SAMLWebSSOHoKProcessingFilter samlWebSSOHoKFilter;
    protected SAMLLogoutProcessingFilter samlLogoutProcessingFilter;
    protected SAMLEntryPoint samlEntryPoint;
    protected SAMLDiscovery samlDiscovery;
    protected static final Logger log;
    private boolean wantAuthnRequestSigned = true;
    private int assertionConsumerIndex = 0;
    private Collection<String> bindingsSSO = Arrays.asList("post", "redirect");
    private Collection<String> bindingsHoKSSO = Collections.emptyList();
    private Collection<String> bindingsSLO = Collections.emptyList();
    private Collection<String> nameID = null;
    protected XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();

    public EntityDescriptor generateMetadata() {
        boolean isWantAuthnRequestSigned = isWantAuthnRequestSigned();
        Collection<String> nameID = getNameID();
        String entityId = getEntityId();
        String entityBaseURL = getEntityBaseURL();
        String entityAlias = getEntityAlias();
        validateRequiredAttributes(entityId, entityBaseURL);
        if (this.id == null) {
            this.id = SAMLUtil.getNCNameString(entityId);
        }
        EntityDescriptor buildObject = this.builderFactory.getBuilder(EntityDescriptor.DEFAULT_ELEMENT_NAME).buildObject();
        if (this.id != null) {
            buildObject.setID(this.id);
        }
        buildObject.setEntityID(entityId);
        IDPSSODescriptor buildIDPSSODescriptor = buildIDPSSODescriptor(entityBaseURL, entityAlias, isWantAuthnRequestSigned, nameID);
        if (buildIDPSSODescriptor != null) {
            buildObject.getRoleDescriptors().add(buildIDPSSODescriptor);
        }
        return buildObject;
    }

    protected void validateRequiredAttributes(String str, String str2) {
        if (str == null || str2 == null) {
            throw new RuntimeException("Required attributes entityId or entityBaseURL weren't set");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyInfo getServerKeyInfo(String str) {
        Credential credential = this.keyManager.getCredential(str);
        if (credential == null) {
            throw new RuntimeException("Key for alias " + str + " not found");
        }
        if (credential.getPrivateKey() == null) {
            throw new RuntimeException("Key with alias " + str + " doesn't have a private key");
        }
        return generateKeyInfoForCredential(credential);
    }

    public IdpExtendedMetadata generateExtendedMetadata() {
        IdpExtendedMetadata m104clone = this.extendedMetadata != null ? this.extendedMetadata.m104clone() : new IdpExtendedMetadata();
        String entityBaseURL = getEntityBaseURL();
        String entityAlias = getEntityAlias();
        if (isIncludeDiscovery()) {
            m104clone.setIdpDiscoveryURL(getDiscoveryURL(entityBaseURL, entityAlias));
            m104clone.setIdpDiscoveryResponseURL(getDiscoveryResponseURL(entityBaseURL, entityAlias));
        } else {
            m104clone.setIdpDiscoveryURL(null);
            m104clone.setIdpDiscoveryResponseURL(null);
        }
        m104clone.setLocal(true);
        m104clone.setAssertionTimeToLiveSeconds(getAssertionTimeToLiveSeconds());
        m104clone.setAssertionsSigned(isAssertionsSigned());
        return m104clone;
    }

    protected KeyInfo generateKeyInfoForCredential(Credential credential) {
        try {
            String str = "MetadataKeyInfoGenerator";
            if (this.extendedMetadata != null && this.extendedMetadata.getKeyInfoGeneratorName() != null) {
                str = this.extendedMetadata.getKeyInfoGeneratorName();
            }
            return SecurityHelper.getKeyInfoGenerator(credential, (SecurityConfiguration) null, str).generate(credential);
        } catch (SecurityException e) {
            log.error("Can't obtain key from the keystore or generate key info for credential: " + credential, e);
            throw new SAMLRuntimeException("Can't obtain key from keystore or generate key info", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public IDPSSODescriptor buildIDPSSODescriptor(String str, String str2, boolean z, Collection<String> collection) {
        IDPSSODescriptor buildObject = this.builderFactory.getBuilder(IDPSSODescriptor.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setWantAuthnRequestsSigned(Boolean.valueOf(z));
        buildObject.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
        buildObject.getNameIDFormats().addAll(getNameIDFormat(collection));
        Collection<String> mapAliases = mapAliases(getBindingsSSO());
        Collection<String> mapAliases2 = mapAliases(getBindingsSLO());
        for (String str3 : mapAliases) {
            if (str3.equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
                buildObject.getSingleSignOnServices().add(getSingleSignOnService(str, str2, getSAMLWebSSOProcessingFilterPath(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"));
            }
            if (str3.equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
                buildObject.getSingleSignOnServices().add(getSingleSignOnService(str, str2, getSAMLWebSSOProcessingFilterPath(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"));
            }
        }
        for (String str4 : mapAliases2) {
            if (str4.equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
                buildObject.getSingleLogoutServices().add(getSingleLogoutService(str, str2, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"));
            }
            if (str4.equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
                buildObject.getSingleLogoutServices().add(getSingleLogoutService(str, str2, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"));
            }
            if (str4.equals("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")) {
                buildObject.getSingleLogoutServices().add(getSingleLogoutService(str, str2, "urn:oasis:names:tc:SAML:2.0:bindings:SOAP"));
            }
        }
        Extensions buildExtensions = buildExtensions(str, str2);
        if (buildExtensions != null) {
            buildObject.setExtensions(buildExtensions);
        }
        String signingKey = getSigningKey();
        String encryptionKey = getEncryptionKey();
        String tLSKey = getTLSKey();
        if (signingKey != null) {
            buildObject.getKeyDescriptors().add(getKeyDescriptor(UsageType.SIGNING, getServerKeyInfo(signingKey)));
        } else {
            log.info("Generating metadata without signing key, KeyStore doesn't contain any default private key, or the signingKey specified in ExtendedMetadata cannot be found");
        }
        if (encryptionKey != null) {
            buildObject.getKeyDescriptors().add(getKeyDescriptor(UsageType.ENCRYPTION, getServerKeyInfo(encryptionKey)));
        } else {
            log.info("Generating metadata without encryption key, KeyStore doesn't contain any default private key, or the encryptionKey specified in ExtendedMetadata cannot be found");
        }
        if (tLSKey != null && !tLSKey.equals(encryptionKey) && !tLSKey.equals(signingKey)) {
            buildObject.getKeyDescriptors().add(getKeyDescriptor(UsageType.UNSPECIFIED, getServerKeyInfo(tLSKey)));
        }
        return buildObject;
    }

    protected Collection<String> mapAliases(Collection<String> collection) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (String str : collection) {
            String str2 = aliases.get(str);
            if (str2 != null) {
                linkedHashSet.add(str2);
            } else {
                log.warn("Unsupported value " + str + " found");
            }
        }
        return linkedHashSet;
    }

    protected Extensions buildExtensions(String str, String str2) {
        boolean z = false;
        Extensions buildObject = new ExtensionsBuilder().buildObject();
        if (isIncludeDiscoveryExtension()) {
            buildObject.getUnknownXMLObjects().add(getDiscoveryService(str, str2));
            z = true;
        }
        if (z) {
            return buildObject;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyDescriptor getKeyDescriptor(UsageType usageType, KeyInfo keyInfo) {
        KeyDescriptor buildObject = Configuration.getBuilderFactory().getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setUse(usageType);
        buildObject.setKeyInfo(keyInfo);
        return buildObject;
    }

    protected Collection<NameIDFormat> getNameIDFormat(Collection<String> collection) {
        Collection<String> mapAliases = mapAliases(collection);
        LinkedList linkedList = new LinkedList();
        SAMLObjectBuilder builder = this.builderFactory.getBuilder(NameIDFormat.DEFAULT_ELEMENT_NAME);
        for (String str : mapAliases) {
            if (str.equals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")) {
                NameIDFormat buildObject = builder.buildObject();
                buildObject.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
                linkedList.add(buildObject);
            }
            if (str.equals("urn:oasis:names:tc:SAML:2.0:nameid-format:transient")) {
                NameIDFormat buildObject2 = builder.buildObject();
                buildObject2.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
                linkedList.add(buildObject2);
            }
            if (str.equals("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent")) {
                NameIDFormat buildObject3 = builder.buildObject();
                buildObject3.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
                linkedList.add(buildObject3);
            }
            if (str.equals("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified")) {
                NameIDFormat buildObject4 = builder.buildObject();
                buildObject4.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
                linkedList.add(buildObject4);
            }
            if (str.equals("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName")) {
                NameIDFormat buildObject5 = builder.buildObject();
                buildObject5.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
                linkedList.add(buildObject5);
            }
        }
        return linkedList;
    }

    protected SingleSignOnService getSingleSignOnService(String str, String str2, String str3, String str4) {
        SingleSignOnService buildObject = this.builderFactory.getBuilder(SingleSignOnService.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setLocation(getServerURL(str, str2, str3));
        buildObject.setBinding(str4);
        return buildObject;
    }

    protected SingleSignOnService getHoKSingleSignOnService(String str, String str2, String str3, String str4) {
        SingleSignOnService singleSignOnService = getSingleSignOnService(str, str2, str3, "urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser");
        singleSignOnService.getUnknownAttributes().put(new QName("urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser", "ProtocolBinding", "hoksso"), str4);
        return singleSignOnService;
    }

    protected DiscoveryResponse getDiscoveryService(String str, String str2) {
        DiscoveryResponse buildObject = this.builderFactory.getBuilder(DiscoveryResponse.DEFAULT_ELEMENT_NAME).buildObject(DiscoveryResponse.DEFAULT_ELEMENT_NAME);
        buildObject.setBinding("urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol");
        buildObject.setLocation(getDiscoveryResponseURL(str, str2));
        return buildObject;
    }

    protected SingleLogoutService getSingleLogoutService(String str, String str2, String str3) {
        SingleLogoutService buildObject = this.builderFactory.getBuilder(SingleLogoutService.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setLocation(getServerURL(str, str2, getSAMLLogoutFilterPath()));
        buildObject.setBinding(str3);
        return buildObject;
    }

    private String getServerURL(String str, String str2, String str3) {
        return getServerURL(str, str2, str3, null);
    }

    private String getServerURL(String str, String str2, String str3, Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        if (!str3.startsWith("/")) {
            sb.append("/");
        }
        sb.append(str3);
        if (str2 != null) {
            if (!str3.endsWith("/")) {
                sb.append("/");
            }
            sb.append("alias/");
            sb.append(str2);
        }
        String sb2 = sb.toString();
        if (map == null || map.size() == 0) {
            return sb2;
        }
        URLBuilder uRLBuilder = new URLBuilder(sb2);
        for (Map.Entry<String, String> entry : map.entrySet()) {
            uRLBuilder.getQueryParams().add(new Pair(entry.getKey(), entry.getValue()));
        }
        return uRLBuilder.buildURL();
    }

    private String getSAMLWebSSOProcessingFilterPath() {
        return this.samlWebSSOFilter != null ? this.samlWebSSOFilter.getFilterProcessesUrl() : "/saml/SSO";
    }

    private String getSAMLEntryPointPath() {
        return this.samlEntryPoint != null ? this.samlEntryPoint.getFilterProcessesUrl() : "/saml/login";
    }

    private String getSAMLDiscoveryPath() {
        return this.samlDiscovery != null ? this.samlDiscovery.getFilterProcessesUrl() : "/saml/discovery";
    }

    private String getSAMLLogoutFilterPath() {
        return this.samlLogoutProcessingFilter != null ? this.samlLogoutProcessingFilter.getFilterProcessesUrl() : "/saml/SingleLogout";
    }

    @Autowired(required = false)
    @Qualifier("samlWebSSOProcessingFilter")
    public void setSamlWebSSOFilter(SAMLProcessingFilter sAMLProcessingFilter) {
        this.samlWebSSOFilter = sAMLProcessingFilter;
    }

    @Autowired(required = false)
    @Qualifier("samlWebSSOHoKProcessingFilter")
    public void setSamlWebSSOHoKFilter(SAMLWebSSOHoKProcessingFilter sAMLWebSSOHoKProcessingFilter) {
        this.samlWebSSOHoKFilter = sAMLWebSSOHoKProcessingFilter;
    }

    @Autowired(required = false)
    public void setSamlLogoutProcessingFilter(SAMLLogoutProcessingFilter sAMLLogoutProcessingFilter) {
        this.samlLogoutProcessingFilter = sAMLLogoutProcessingFilter;
    }

    @Autowired(required = false)
    public void setSamlEntryPoint(SAMLEntryPoint sAMLEntryPoint) {
        this.samlEntryPoint = sAMLEntryPoint;
    }

    public boolean isWantAuthnRequestSigned() {
        return this.wantAuthnRequestSigned;
    }

    public void setWantAuthnRequestSigned(boolean z) {
        this.wantAuthnRequestSigned = z;
    }

    public Collection<String> getNameID() {
        return this.nameID == null ? defaultNameID : this.nameID;
    }

    public void setNameID(Collection<String> collection) {
        this.nameID = collection;
    }

    public String getEntityBaseURL() {
        return this.entityBaseURL;
    }

    public void setEntityBaseURL(String str) {
        this.entityBaseURL = str;
    }

    @Autowired
    public void setKeyManager(KeyManager keyManager) {
        this.keyManager = keyManager;
    }

    public void setId(String str) {
        this.id = str;
    }

    public String getId() {
        return this.id;
    }

    public void setEntityId(String str) {
        this.entityId = str;
    }

    public String getEntityId() {
        return this.entityId;
    }

    public Collection<String> getBindingsSSO() {
        return this.bindingsSSO;
    }

    public void setBindingsSSO(Collection<String> collection) {
        if (collection == null) {
            this.bindingsSSO = Collections.emptyList();
        } else {
            this.bindingsSSO = collection;
        }
    }

    public Collection<String> getBindingsSLO() {
        return this.bindingsSLO;
    }

    public void setBindingsSLO(Collection<String> collection) {
        if (collection == null) {
            this.bindingsSLO = Collections.emptyList();
        } else {
            this.bindingsSLO = collection;
        }
    }

    public Collection<String> getBindingsHoKSSO() {
        return this.bindingsHoKSSO;
    }

    public void setBindingsHoKSSO(Collection<String> collection) {
        if (collection == null) {
            this.bindingsHoKSSO = Collections.emptyList();
        } else {
            this.bindingsHoKSSO = collection;
        }
    }

    public boolean isIncludeDiscoveryExtension() {
        return this.includeDiscoveryExtension;
    }

    public void setIncludeDiscoveryExtension(boolean z) {
        this.includeDiscoveryExtension = z;
    }

    public int getAssertionConsumerIndex() {
        return this.assertionConsumerIndex;
    }

    public void setAssertionConsumerIndex(int i) {
        this.assertionConsumerIndex = i;
    }

    protected boolean isIncludeDiscovery() {
        return this.extendedMetadata != null && this.extendedMetadata.isIdpDiscoveryEnabled();
    }

    protected String getDiscoveryURL(String str, String str2) {
        return (this.extendedMetadata == null || this.extendedMetadata.getIdpDiscoveryURL() == null || this.extendedMetadata.getIdpDiscoveryURL().length() <= 0) ? getServerURL(str, str2, getSAMLDiscoveryPath()) : this.extendedMetadata.getIdpDiscoveryURL();
    }

    protected String getDiscoveryResponseURL(String str, String str2) {
        if (this.extendedMetadata != null && this.extendedMetadata.getIdpDiscoveryResponseURL() != null && this.extendedMetadata.getIdpDiscoveryResponseURL().length() > 0) {
            return this.extendedMetadata.getIdpDiscoveryResponseURL();
        }
        HashMap hashMap = new HashMap();
        hashMap.put("disco", "true");
        return getServerURL(str, str2, getSAMLEntryPointPath(), hashMap);
    }

    protected String getSigningKey() {
        return (this.extendedMetadata == null || this.extendedMetadata.getSigningKey() == null) ? this.keyManager.getDefaultCredentialName() : this.extendedMetadata.getSigningKey();
    }

    protected String getEncryptionKey() {
        return (this.extendedMetadata == null || this.extendedMetadata.getEncryptionKey() == null) ? this.keyManager.getDefaultCredentialName() : this.extendedMetadata.getEncryptionKey();
    }

    protected String getTLSKey() {
        if (this.extendedMetadata == null || this.extendedMetadata.getTlsKey() == null) {
            return null;
        }
        return this.extendedMetadata.getTlsKey();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getEntityAlias() {
        if (this.extendedMetadata != null) {
            return this.extendedMetadata.getAlias();
        }
        return null;
    }

    public boolean isAssertionsSigned() {
        if (this.extendedMetadata != null) {
            return this.extendedMetadata.isAssertionsSigned();
        }
        return true;
    }

    public int getAssertionTimeToLiveSeconds() {
        if (this.extendedMetadata != null) {
            return this.extendedMetadata.getAssertionTimeToLiveSeconds();
        }
        return 600;
    }

    public ExtendedMetadata getExtendedMetadata() {
        return this.extendedMetadata;
    }

    public void setExtendedMetadata(IdpExtendedMetadata idpExtendedMetadata) {
        this.extendedMetadata = idpExtendedMetadata;
    }

    static {
        aliases.put("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        aliases.put("post", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        aliases.put("http-post", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        aliases.put("urn:oasis:names:tc:SAML:2.0:bindings:PAOS", "urn:oasis:names:tc:SAML:2.0:bindings:PAOS");
        aliases.put("paos", "urn:oasis:names:tc:SAML:2.0:bindings:PAOS");
        aliases.put("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        aliases.put("redirect", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        aliases.put("http-redirect", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        aliases.put("urn:oasis:names:tc:SAML:2.0:bindings:SOAP", "urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
        aliases.put("soap", "urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
        aliases.put("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        aliases.put("email", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        aliases.put("urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        aliases.put("transient", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        aliases.put("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        aliases.put("persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        aliases.put("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        aliases.put("unspecified", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        aliases.put("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
        aliases.put("x509_subject", "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
        defaultNameID = Arrays.asList("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
        log = LoggerFactory.getLogger(IdpMetadataGenerator.class);
    }
}
