package org.cloudfoundry.identity.uaa.provider.saml;

import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.provider.AbstractIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.ExternalIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderWrapper;
import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.24.0.jar:org/cloudfoundry/identity/uaa/provider/saml/BootstrapSamlIdentityProviderData.class */
public class BootstrapSamlIdentityProviderData implements InitializingBean {
    private static Log logger = LogFactory.getLog(BootstrapSamlIdentityProviderData.class);
    private String legacyIdpIdentityAlias;
    private volatile String legacyIdpMetaData;
    private String legacyNameId;
    private int legacyAssertionConsumerIndex;
    private boolean legacyMetadataTrustCheck = true;
    private boolean legacyShowSamlLink = true;
    private List<IdentityProviderWrapper<SamlIdentityProviderDefinition>> samlProviders = new LinkedList();
    private Map<String, Map<String, Object>> providers = null;

    public List<SamlIdentityProviderDefinition> getIdentityProviderDefinitions() {
        return Collections.unmodifiableList((List) this.samlProviders.stream().map(identityProviderWrapper -> {
            return (SamlIdentityProviderDefinition) identityProviderWrapper.getProvider().getConfig();
        }).collect(Collectors.toList()));
    }

    protected void parseIdentityProviderDefinitions() {
        if (getLegacyIdpMetaData() != null) {
            SamlIdentityProviderDefinition samlIdentityProviderDefinition = new SamlIdentityProviderDefinition();
            samlIdentityProviderDefinition.setMetaDataLocation(getLegacyIdpMetaData());
            samlIdentityProviderDefinition.setMetadataTrustCheck(isLegacyMetadataTrustCheck());
            samlIdentityProviderDefinition.setNameID(getLegacyNameId());
            samlIdentityProviderDefinition.setAssertionConsumerIndex(getLegacyAssertionConsumerIndex());
            String legacyIdpIdentityAlias = getLegacyIdpIdentityAlias();
            if (legacyIdpIdentityAlias == null) {
                throw new IllegalArgumentException("Invalid IDP - Alias must be not null for deprecated IDP.");
            }
            samlIdentityProviderDefinition.setIdpEntityAlias(legacyIdpIdentityAlias);
            samlIdentityProviderDefinition.setShowSamlLink(isLegacyShowSamlLink());
            samlIdentityProviderDefinition.setLinkText("Use your corporate credentials");
            samlIdentityProviderDefinition.setZoneId(IdentityZone.getUaa().getId());
            logger.debug("Legacy SAML provider configured with alias: " + legacyIdpIdentityAlias);
            IdentityProviderWrapper<SamlIdentityProviderDefinition> identityProviderWrapper = new IdentityProviderWrapper<>(parseSamlProvider(samlIdentityProviderDefinition));
            identityProviderWrapper.setOverride(true);
            this.samlProviders.add(identityProviderWrapper);
        }
        HashSet hashSet = new HashSet();
        Iterator<IdentityProviderWrapper<SamlIdentityProviderDefinition>> it = this.samlProviders.iterator();
        while (it.hasNext()) {
            String uniqueAlias = getUniqueAlias(it.next().getProvider().getConfig());
            if (hashSet.contains(uniqueAlias)) {
                throw new IllegalStateException("Duplicate IDP alias found:" + uniqueAlias);
            }
            hashSet.add(uniqueAlias);
        }
    }

    protected String getUniqueAlias(SamlIdentityProviderDefinition samlIdentityProviderDefinition) {
        return samlIdentityProviderDefinition.getUniqueAlias();
    }

    public void setIdentityProviders(Map<String, Map<String, Object>> map) {
        if (map == null) {
            return;
        }
        this.providers = map;
        for (Map.Entry<String, Map<String, Object>> entry : map.entrySet()) {
            String key = entry.getKey();
            Map<String, Object> value = entry.getValue();
            String str = (String) value.get("idpMetadata");
            String str2 = (String) value.get("nameID");
            Integer num = (Integer) value.get("assertionConsumerIndex");
            Boolean bool = (Boolean) value.get("metadataTrustCheck");
            Boolean bool2 = (Boolean) entry.getValue().get("showSamlLoginLink");
            String str3 = (String) value.get("socketFactoryClassName");
            String str4 = (String) entry.getValue().get("linkText");
            String str5 = (String) entry.getValue().get("iconUrl");
            String str6 = (String) entry.getValue().get("zoneId");
            String str7 = (String) entry.getValue().get("groupMappingMode");
            String str8 = (String) entry.getValue().get(AbstractIdentityProviderDefinition.PROVIDER_DESCRIPTION);
            Boolean bool3 = (Boolean) entry.getValue().get("addShadowUserOnLogin");
            Boolean bool4 = (Boolean) entry.getValue().get("skipSslValidation");
            Boolean bool5 = (Boolean) entry.getValue().get(ExternalIdentityProviderDefinition.STORE_CUSTOM_ATTRIBUTES_NAME);
            Boolean bool6 = (Boolean) entry.getValue().get("override");
            List<String> list = (List) value.get("authnContext");
            if (bool5 == null) {
                bool5 = true;
            }
            if (bool4 == null) {
                bool4 = str3 == null;
            }
            List<String> list2 = (List) value.get(AbstractIdentityProviderDefinition.EMAIL_DOMAIN_ATTR);
            List<String> list3 = (List) value.get(ExternalIdentityProviderDefinition.EXTERNAL_GROUPS_WHITELIST);
            Map<String, Object> map2 = (Map) value.get(ExternalIdentityProviderDefinition.ATTRIBUTE_MAPPINGS);
            SamlIdentityProviderDefinition samlIdentityProviderDefinition = new SamlIdentityProviderDefinition();
            samlIdentityProviderDefinition.setStoreCustomAttributes(bool5.booleanValue());
            if (StringUtils.hasText(str8)) {
                samlIdentityProviderDefinition.setProviderDescription(str8);
            }
            if (key == null) {
                throw new IllegalArgumentException("Invalid IDP - alias must not be null [" + str + "]");
            }
            if (str == null) {
                throw new IllegalArgumentException("Invalid IDP - metaDataLocation must not be null [" + key + "]");
            }
            samlIdentityProviderDefinition.setIdpEntityAlias(key);
            samlIdentityProviderDefinition.setAssertionConsumerIndex(num == null ? 0 : num.intValue());
            samlIdentityProviderDefinition.setMetaDataLocation(str);
            samlIdentityProviderDefinition.setNameID(str2);
            samlIdentityProviderDefinition.setMetadataTrustCheck(bool == null ? true : bool.booleanValue());
            if (StringUtils.hasText(str7)) {
                samlIdentityProviderDefinition.setGroupMappingMode(SamlIdentityProviderDefinition.ExternalGroupMappingMode.valueOf(str7));
            }
            samlIdentityProviderDefinition.setShowSamlLink(bool2 == null ? true : bool2.booleanValue());
            samlIdentityProviderDefinition.setSocketFactoryClassName(str3);
            samlIdentityProviderDefinition.setLinkText(str4);
            samlIdentityProviderDefinition.setIconUrl(str5);
            samlIdentityProviderDefinition.setEmailDomain(list2);
            samlIdentityProviderDefinition.setExternalGroupsWhitelist(list3);
            samlIdentityProviderDefinition.setAttributeMappings(map2);
            samlIdentityProviderDefinition.setZoneId(StringUtils.hasText(str6) ? str6 : IdentityZone.getUaa().getId());
            samlIdentityProviderDefinition.setAddShadowUserOnLogin(bool3 == null ? true : bool3.booleanValue());
            samlIdentityProviderDefinition.setSkipSslValidation(bool4.booleanValue());
            samlIdentityProviderDefinition.setAuthnContext(list);
            IdentityProviderWrapper<SamlIdentityProviderDefinition> identityProviderWrapper = new IdentityProviderWrapper<>(parseSamlProvider(samlIdentityProviderDefinition));
            identityProviderWrapper.setOverride(bool6 == null ? true : bool6.booleanValue());
            this.samlProviders.add(identityProviderWrapper);
        }
    }

    public static IdentityProvider<SamlIdentityProviderDefinition> parseSamlProvider(SamlIdentityProviderDefinition samlIdentityProviderDefinition) {
        IdentityProvider<SamlIdentityProviderDefinition> identityProvider = new IdentityProvider<>();
        identityProvider.setType(OriginKeys.SAML);
        identityProvider.setOriginKey(samlIdentityProviderDefinition.getIdpEntityAlias());
        identityProvider.setName("UAA SAML Identity Provider[" + identityProvider.getOriginKey() + "]");
        identityProvider.setActive(true);
        try {
            identityProvider.setConfig(samlIdentityProviderDefinition);
            return identityProvider;
        } catch (JsonUtils.JsonUtilException e) {
            throw new RuntimeException("Non serializable SAML config");
        }
    }

    public String getLegacyIdpIdentityAlias() {
        return this.legacyIdpIdentityAlias;
    }

    public void setLegacyIdpIdentityAlias(String str) {
        if ("null".equals(str)) {
            this.legacyIdpIdentityAlias = null;
        } else {
            this.legacyIdpIdentityAlias = str;
        }
    }

    public String getLegacyIdpMetaData() {
        return this.legacyIdpMetaData;
    }

    public void setLegacyIdpMetaData(String str) {
        if ("null".equals(str)) {
            this.legacyIdpMetaData = null;
        } else {
            this.legacyIdpMetaData = str;
        }
    }

    public String getLegacyNameId() {
        return this.legacyNameId;
    }

    public void setLegacyNameId(String str) {
        this.legacyNameId = str;
    }

    public int getLegacyAssertionConsumerIndex() {
        return this.legacyAssertionConsumerIndex;
    }

    public void setLegacyAssertionConsumerIndex(int i) {
        this.legacyAssertionConsumerIndex = i;
    }

    public boolean isLegacyMetadataTrustCheck() {
        return this.legacyMetadataTrustCheck;
    }

    public void setLegacyMetadataTrustCheck(boolean z) {
        this.legacyMetadataTrustCheck = z;
    }

    public boolean isLegacyShowSamlLink() {
        return this.legacyShowSamlLink;
    }

    public void setLegacyShowSamlLink(boolean z) {
        this.legacyShowSamlLink = z;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        parseIdentityProviderDefinitions();
    }

    public List<IdentityProviderWrapper<SamlIdentityProviderDefinition>> getSamlProviders() {
        return (List) Optional.ofNullable(this.samlProviders).orElse(Collections.emptyList());
    }
}
