package org.cloudfoundry.identity.uaa.provider.saml.idp;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.xml.security.credential.UsageType;
import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.util.SAMLUtil;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.20.0.jar:org/cloudfoundry/identity/uaa/provider/saml/idp/ZoneAwareIdpMetadataGenerator.class */
public class ZoneAwareIdpMetadataGenerator extends IdpMetadataGenerator {
    @Override // org.cloudfoundry.identity.uaa.provider.saml.idp.IdpMetadataGenerator
    public boolean isAssertionsSigned() {
        return !IdentityZoneHolder.isUaa() ? getZoneDefinition().getSamlConfig().isAssertionSigned() : super.isAssertionsSigned();
    }

    @Override // org.cloudfoundry.identity.uaa.provider.saml.idp.IdpMetadataGenerator
    public int getAssertionTimeToLiveSeconds() {
        return !IdentityZoneHolder.isUaa() ? getZoneDefinition().getSamlConfig().getAssertionTimeToLiveSeconds() : super.getAssertionTimeToLiveSeconds();
    }

    @Override // org.cloudfoundry.identity.uaa.provider.saml.idp.IdpMetadataGenerator
    public IdpExtendedMetadata generateExtendedMetadata() {
        IdpExtendedMetadata generateExtendedMetadata = super.generateExtendedMetadata();
        generateExtendedMetadata.setAlias(UaaUrlUtils.getSubdomain() + generateExtendedMetadata.getAlias());
        return generateExtendedMetadata;
    }

    @Override // org.cloudfoundry.identity.uaa.provider.saml.idp.IdpMetadataGenerator
    public String getEntityId() {
        String entityId = super.getEntityId();
        return StringUtils.hasText(IdentityZoneHolder.get().getConfig().getSamlConfig().getEntityID()) ? IdentityZoneHolder.get().getConfig().getSamlConfig().getEntityID() : UaaUrlUtils.isUrl(entityId) ? UaaUrlUtils.addSubdomainToUrl(entityId) : UaaUrlUtils.getSubdomain() + entityId;
    }

    @Override // org.cloudfoundry.identity.uaa.provider.saml.idp.IdpMetadataGenerator
    public String getEntityBaseURL() {
        return UaaUrlUtils.addSubdomainToUrl(super.getEntityBaseURL());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.cloudfoundry.identity.uaa.provider.saml.idp.IdpMetadataGenerator
    public String getEntityAlias() {
        return UaaUrlUtils.getSubdomain() + super.getEntityAlias();
    }

    @Override // org.cloudfoundry.identity.uaa.provider.saml.idp.IdpMetadataGenerator
    public boolean isWantAuthnRequestSigned() {
        return !IdentityZoneHolder.isUaa() ? getZoneDefinition().getSamlConfig().isWantAuthnRequestSigned() : super.isWantAuthnRequestSigned();
    }

    protected IdentityZoneConfiguration getZoneDefinition() {
        IdentityZoneConfiguration config = IdentityZoneHolder.get().getConfig();
        return config != null ? config : new IdentityZoneConfiguration();
    }

    @Override // org.cloudfoundry.identity.uaa.provider.saml.idp.IdpMetadataGenerator
    public EntityDescriptor generateMetadata() {
        EntityDescriptor generateMetadata = super.generateMetadata();
        generateMetadata.setID(SAMLUtil.getNCNameString(generateMetadata.getEntityID()));
        return generateMetadata;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.cloudfoundry.identity.uaa.provider.saml.idp.IdpMetadataGenerator
    public IDPSSODescriptor buildIDPSSODescriptor(String str, String str2, boolean z, Collection<String> collection) {
        IDPSSODescriptor buildIDPSSODescriptor = super.buildIDPSSODescriptor(str, str2, z, collection);
        KeyManager samlSPKeyManager = IdentityZoneHolder.getSamlSPKeyManager();
        if (samlSPKeyManager != null && samlSPKeyManager.getAvailableCredentials() != null) {
            HashSet hashSet = new HashSet(samlSPKeyManager.getAvailableCredentials());
            hashSet.remove(samlSPKeyManager.getDefaultCredentialName());
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                buildIDPSSODescriptor.getKeyDescriptors().add(getKeyDescriptor(UsageType.SIGNING, getServerKeyInfo((String) it.next())));
            }
        }
        return buildIDPSSODescriptor;
    }
}
