package org.wso2.carbon.identity.outbound.metadata.saml2.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.util.Base64;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.provider.DOMMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.signature.X509Certificate;
import org.opensaml.xml.signature.X509Data;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/wso2/carbon/identity/outbound/metadata/saml2/util/SAML2SSOFederatedAuthenticatorConfigBuilder.class */
public class SAML2SSOFederatedAuthenticatorConfigBuilder {
    private static Log log = LogFactory.getLog(SAML2SSOFederatedAuthenticatorConfigBuilder.class);

    private static EntityDescriptor generateMetadataObjectFromString(String str) throws IdentityApplicationManagementException {
        try {
            DOMMetadataProvider dOMMetadataProvider = new DOMMetadataProvider(IdentityUtil.getSecuredDocumentBuilderFactory().newDocumentBuilder().parse(new ByteArrayInputStream(str.getBytes())).getDocumentElement());
            dOMMetadataProvider.setRequireValidMetadata(true);
            dOMMetadataProvider.setParserPool(new BasicParserPool());
            dOMMetadataProvider.initialize();
            return dOMMetadataProvider.getMetadata();
        } catch (MetadataProviderException | IOException | ParserConfigurationException | SAXException e) {
            throw new IdentityApplicationManagementException("Error while converting file content to entity descriptor");
        }
    }

    private static FederatedAuthenticatorConfig parse(EntityDescriptor entityDescriptor, FederatedAuthenticatorConfig federatedAuthenticatorConfig, StringBuilder sb) throws IdentityApplicationManagementException {
        if (entityDescriptor != null) {
            List roleDescriptors = entityDescriptor.getRoleDescriptors();
            if (!CollectionUtils.isNotEmpty(roleDescriptors)) {
                throw new IdentityApplicationManagementException("No Role Descriptors found, invalid file content");
            }
            IDPSSODescriptor iDPSSODescriptor = (RoleDescriptor) roleDescriptors.get(0);
            if (iDPSSODescriptor != null) {
                try {
                    IDPSSODescriptor iDPSSODescriptor2 = iDPSSODescriptor;
                    Property[] propertyArr = new Property[24];
                    Property property = new Property();
                    property.setName("IdPEntityId");
                    if (entityDescriptor.getEntityID() == null) {
                        property.setValue("");
                        throw new IdentityApplicationManagementException("No Entity ID found, invalid file content");
                    }
                    property.setValue(entityDescriptor.getEntityID());
                    propertyArr[0] = property;
                    Property property2 = new Property();
                    property2.setName("SPEntityId");
                    property2.setValue("");
                    propertyArr[1] = property2;
                    Property property3 = new Property();
                    property3.setName("SSOUrl");
                    List singleSignOnServices = iDPSSODescriptor2.getSingleSignOnServices();
                    if (!CollectionUtils.isNotEmpty(singleSignOnServices)) {
                        property3.setValue("");
                        throw new IdentityApplicationManagementException("No SSO URL, invalid file content");
                    }
                    boolean z = false;
                    int i = 0;
                    while (true) {
                        if (i >= singleSignOnServices.size()) {
                            break;
                        }
                        SingleSignOnService singleSignOnService = (SingleSignOnService) singleSignOnServices.get(i);
                        if (singleSignOnService != null && singleSignOnService.getLocation() != null) {
                            property3.setValue(singleSignOnService.getLocation());
                            z = true;
                            break;
                        }
                        i++;
                    }
                    if (!z) {
                        property3.setValue("");
                        throw new IdentityApplicationManagementException("No SSO URL, invalid file content");
                    }
                    propertyArr[2] = property3;
                    Property property4 = new Property();
                    property4.setName("ISAuthnReqSigned");
                    if (iDPSSODescriptor2.getWantAuthnRequestsSigned() == null || !iDPSSODescriptor2.getWantAuthnRequestsSigned().booleanValue()) {
                        property4.setValue("false");
                    } else {
                        property4.setValue("true");
                    }
                    propertyArr[3] = property4;
                    Property property5 = new Property();
                    property5.setName("IsLogoutEnabled");
                    List singleLogoutServices = iDPSSODescriptor2.getSingleLogoutServices();
                    if (CollectionUtils.isNotEmpty(singleLogoutServices)) {
                        property5.setValue("true");
                    } else {
                        property5.setValue("false");
                    }
                    propertyArr[4] = property5;
                    Property property6 = new Property();
                    property6.setName("LogoutReqUrl");
                    if (CollectionUtils.isNotEmpty(singleLogoutServices)) {
                        boolean z2 = false;
                        Iterator it = singleLogoutServices.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            SingleLogoutService singleLogoutService = (SingleLogoutService) it.next();
                            if (singleLogoutService != null && singleLogoutService.getBinding() != null && singleLogoutService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST") && singleLogoutService.getLocation() != null) {
                                property6.setValue(singleLogoutService.getLocation());
                                z2 = true;
                                break;
                            }
                        }
                        if (!z2) {
                            Iterator it2 = singleLogoutServices.iterator();
                            while (true) {
                                if (!it2.hasNext()) {
                                    break;
                                }
                                SingleLogoutService singleLogoutService2 = (SingleLogoutService) it2.next();
                                if (singleLogoutService2 != null && singleLogoutService2.getBinding() != null && singleLogoutService2.getLocation() != null) {
                                    property6.setValue(singleLogoutService2.getLocation());
                                    z2 = true;
                                    break;
                                }
                            }
                        }
                        if (!z2) {
                            property6.setValue("");
                        }
                    } else {
                        property6.setValue("");
                    }
                    propertyArr[5] = property6;
                    Property property7 = new Property();
                    property7.setName("IsLogoutReqSigned");
                    property7.setValue("");
                    propertyArr[6] = property7;
                    Property property8 = new Property();
                    property8.setName("IsAuthnRespSigned");
                    property8.setValue("");
                    propertyArr[7] = property8;
                    Property property9 = new Property();
                    property9.setName("IsUserIdInClaims");
                    property9.setValue("");
                    propertyArr[8] = property9;
                    Property property10 = new Property();
                    property10.setName("IsAssertionEncrypted");
                    property10.setValue("");
                    propertyArr[9] = property10;
                    Property property11 = new Property();
                    property11.setName("isAssertionSigned");
                    property11.setValue("");
                    propertyArr[10] = property11;
                    List keyDescriptors = iDPSSODescriptor2.getKeyDescriptors();
                    if (CollectionUtils.isNotEmpty(keyDescriptors)) {
                        for (int i2 = 0; i2 < keyDescriptors.size(); i2++) {
                            KeyDescriptor keyDescriptor = (KeyDescriptor) keyDescriptors.get(i2);
                            if (keyDescriptor != null) {
                                String str = "";
                                try {
                                    str = keyDescriptor.getUse().name().toString();
                                } catch (Exception e) {
                                    log.error("Error !!!!", e);
                                }
                                if (str != null && str.equals("SIGNING")) {
                                    propertyArr[10].setValue("true");
                                } else if (str != null && str.equals("ENCRYPTION")) {
                                    propertyArr[9].setValue("true");
                                }
                            }
                        }
                    }
                    Property property12 = new Property();
                    property12.setName("commonAuthQueryParams");
                    property12.setValue("");
                    propertyArr[11] = property12;
                    Property property13 = new Property();
                    property13.setName("RequestMethod");
                    property13.setValue("");
                    propertyArr[12] = property13;
                    Property property14 = new Property();
                    property14.setName("SignatureAlgorithm");
                    property14.setValue("");
                    propertyArr[13] = property14;
                    Property property15 = new Property();
                    property15.setName("DigestAlgorithm");
                    property15.setValue("");
                    propertyArr[14] = property15;
                    Property property16 = new Property();
                    property16.setName("AuthnContextComparisonLevel");
                    property16.setValue("");
                    propertyArr[15] = property16;
                    Property property17 = new Property();
                    property17.setName("IncludeNameIDPolicy");
                    property17.setValue("");
                    propertyArr[16] = property17;
                    Property property18 = new Property();
                    property18.setName("ForceAuthentication");
                    property18.setValue("");
                    propertyArr[17] = property18;
                    Property property19 = new Property();
                    property19.setName("SignatureAlgorithmPost");
                    property19.setValue("");
                    propertyArr[18] = property19;
                    Property property20 = new Property();
                    property20.setName("AuthnContextClassRef");
                    property20.setValue("");
                    propertyArr[19] = property20;
                    Property property21 = new Property();
                    property21.setName("AttributeConsumingServiceIndex");
                    property21.setValue("");
                    propertyArr[20] = property21;
                    Property property22 = new Property();
                    property22.setName("IncludeCert");
                    property22.setValue("");
                    propertyArr[21] = property22;
                    Property property23 = new Property();
                    property23.setName("IncludeAuthnContext");
                    property23.setValue("");
                    propertyArr[22] = property23;
                    Property property24 = new Property();
                    property24.setName("IncludeProtocolBinding");
                    property24.setValue("");
                    propertyArr[23] = property24;
                    federatedAuthenticatorConfig.setProperties(propertyArr);
                    if (CollectionUtils.isNotEmpty(keyDescriptors)) {
                        for (int i3 = 0; i3 < keyDescriptors.size(); i3++) {
                            KeyDescriptor keyDescriptor2 = (KeyDescriptor) keyDescriptors.get(i3);
                            if (keyDescriptor2 != null && keyDescriptor2.getUse() != null && "SIGNING".equals(keyDescriptor2.getUse().toString())) {
                                try {
                                    if (keyDescriptor2.getKeyInfo() != null && keyDescriptor2.getKeyInfo().getX509Datas() != null && keyDescriptor2.getKeyInfo().getX509Datas().size() > 0) {
                                        for (int i4 = 0; i4 < keyDescriptor2.getKeyInfo().getX509Datas().size(); i4++) {
                                            if (keyDescriptor2.getKeyInfo().getX509Datas().get(i4) != null && ((X509Data) keyDescriptor2.getKeyInfo().getX509Datas().get(i4)).getX509Certificates() != null && ((X509Data) keyDescriptor2.getKeyInfo().getX509Datas().get(0)).getX509Certificates().size() > 0) {
                                                for (int i5 = 0; i5 < ((X509Data) keyDescriptor2.getKeyInfo().getX509Datas().get(i4)).getX509Certificates().size(); i5++) {
                                                    if (((X509Data) keyDescriptor2.getKeyInfo().getX509Datas().get(i4)).getX509Certificates().get(i5) != null && ((X509Certificate) ((X509Data) keyDescriptor2.getKeyInfo().getX509Datas().get(i4)).getX509Certificates().get(i5)).getValue() != null && ((X509Certificate) ((X509Data) keyDescriptor2.getKeyInfo().getX509Datas().get(i4)).getX509Certificates().get(i5)).getValue().length() > 0) {
                                                        sb.append(Base64.encode(((X509Certificate) ((X509Data) keyDescriptor2.getKeyInfo().getX509Datas().get(i4)).getX509Certificates().get(i5)).getValue().toString().getBytes()));
                                                        return federatedAuthenticatorConfig;
                                                    }
                                                }
                                            }
                                        }
                                    }
                                } catch (Exception e2) {
                                    log.error("Error While setting Certificate", e2);
                                }
                            }
                        }
                    }
                } catch (ClassCastException e3) {
                    throw new IdentityApplicationManagementException("No IDP Descriptors found, invalid file content");
                }
            }
        }
        return federatedAuthenticatorConfig;
    }

    public static FederatedAuthenticatorConfig build(OMElement oMElement, StringBuilder sb) throws IdentityApplicationManagementException {
        FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
        EntityDescriptor generateMetadataObjectFromString = generateMetadataObjectFromString(oMElement.toString());
        if (generateMetadataObjectFromString != null) {
            return parse(generateMetadataObjectFromString, federatedAuthenticatorConfig, sb);
        }
        throw new IdentityApplicationManagementException("Error while trying to convert to metadata, Invalid file content");
    }
}
