package org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.saml;

import java.util.List;
import java.util.function.Consumer;
import java.util.function.Function;
import org.apache.commons.collections.CollectionUtils;
import org.wso2.carbon.identity.api.server.application.management.v1.AssertionEncryptionConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.IdpInitiatedSingleLogout;
import org.wso2.carbon.identity.api.server.application.management.v1.SAML2ServiceProvider;
import org.wso2.carbon.identity.api.server.application.management.v1.SAMLAssertionConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.SAMLAttributeProfile;
import org.wso2.carbon.identity.api.server.application.management.v1.SAMLRequestValidation;
import org.wso2.carbon.identity.api.server.application.management.v1.SAMLResponseSigning;
import org.wso2.carbon.identity.api.server.application.management.v1.SingleLogoutProfile;
import org.wso2.carbon.identity.api.server.application.management.v1.SingleSignOnProfile;
import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.Utils;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.server.application.management.v1-1.0.270.jar:org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/saml/ApiModelToSAMLSSOServiceProvider.class */
public class ApiModelToSAMLSSOServiceProvider implements Function<SAML2ServiceProvider, SAMLSSOServiceProviderDTO> {
    @Override // java.util.function.Function
    public SAMLSSOServiceProviderDTO apply(SAML2ServiceProvider sAML2ServiceProvider) {
        SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO = new SAMLSSOServiceProviderDTO();
        sAMLSSOServiceProviderDTO.setIssuer(sAML2ServiceProvider.getIssuer());
        sAMLSSOServiceProviderDTO.setIssuerQualifier(sAML2ServiceProvider.getServiceProviderQualifier());
        sAMLSSOServiceProviderDTO.setAssertionConsumerUrls(getAssertionConsumerUrls(sAML2ServiceProvider));
        sAMLSSOServiceProviderDTO.setDefaultAssertionConsumerUrl(getDefaultAssertionConsumerUrl(sAML2ServiceProvider));
        sAMLSSOServiceProviderDTO.setIdpEntityIDAlias(sAML2ServiceProvider.getIdpEntityIdAlias());
        updateSingleSignOnProfile(sAMLSSOServiceProviderDTO, sAML2ServiceProvider.getSingleSignOnProfile());
        updateAttributeProfile(sAMLSSOServiceProviderDTO, sAML2ServiceProvider.getAttributeProfile());
        updateSingleLogoutProfile(sAMLSSOServiceProviderDTO, sAML2ServiceProvider.getSingleLogoutProfile());
        updateRequestSignatureValidationConfig(sAMLSSOServiceProviderDTO, sAML2ServiceProvider.getRequestValidation());
        updateResponseSigningConfig(sAMLSSOServiceProviderDTO, sAML2ServiceProvider.getResponseSigning());
        Boolean enableAssertionQueryProfile = sAML2ServiceProvider.getEnableAssertionQueryProfile();
        sAMLSSOServiceProviderDTO.getClass();
        Utils.setIfNotNull(enableAssertionQueryProfile, (Consumer<Boolean>) (v1) -> {
            r1.setAssertionQueryRequestProfileEnabled(v1);
        });
        sAMLSSOServiceProviderDTO.setAssertionQueryRequestProfileEnabled(sAML2ServiceProvider.getEnableAssertionQueryProfile().booleanValue());
        return sAMLSSOServiceProviderDTO;
    }

    private void updateResponseSigningConfig(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO, SAMLResponseSigning sAMLResponseSigning) {
        sAMLSSOServiceProviderDTO.setDoSignAssertions(true);
        if (sAMLResponseSigning != null) {
            Boolean enabled = sAMLResponseSigning.getEnabled();
            sAMLSSOServiceProviderDTO.getClass();
            Utils.setIfNotNull(enabled, (Consumer<Boolean>) (v1) -> {
                r1.setDoSignResponse(v1);
            });
            sAMLSSOServiceProviderDTO.setSigningAlgorithmURI(sAMLResponseSigning.getSigningAlgorithm());
        }
    }

    private void updateRequestSignatureValidationConfig(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO, SAMLRequestValidation sAMLRequestValidation) {
        if (sAMLRequestValidation != null) {
            Boolean enableSignatureValidation = sAMLRequestValidation.getEnableSignatureValidation();
            sAMLSSOServiceProviderDTO.getClass();
            Utils.setIfNotNull(enableSignatureValidation, (Consumer<Boolean>) (v1) -> {
                r1.setDoValidateSignatureInRequests(v1);
            });
            sAMLSSOServiceProviderDTO.setCertAlias(sAMLRequestValidation.getSignatureValidationCertAlias());
        }
    }

    private void updateSingleLogoutProfile(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO, SingleLogoutProfile singleLogoutProfile) {
        if (singleLogoutProfile != null) {
            Boolean enabled = singleLogoutProfile.getEnabled();
            sAMLSSOServiceProviderDTO.getClass();
            Utils.setIfNotNull(enabled, (Consumer<Boolean>) (v1) -> {
                r1.setDoSingleLogout(v1);
            });
            sAMLSSOServiceProviderDTO.setSloRequestURL(singleLogoutProfile.getLogoutRequestUrl());
            sAMLSSOServiceProviderDTO.setSloResponseURL(singleLogoutProfile.getLogoutResponseUrl());
            updateLogoutMechanism(sAMLSSOServiceProviderDTO, singleLogoutProfile);
            IdpInitiatedSingleLogout idpInitiatedSingleLogout = singleLogoutProfile.getIdpInitiatedSingleLogout();
            if (idpInitiatedSingleLogout != null) {
                Boolean enabled2 = idpInitiatedSingleLogout.getEnabled();
                sAMLSSOServiceProviderDTO.getClass();
                Utils.setIfNotNull(enabled2, (Consumer<Boolean>) (v1) -> {
                    r1.setIdPInitSLOEnabled(v1);
                });
                sAMLSSOServiceProviderDTO.setIdpInitSLOReturnToURLs(toArray(idpInitiatedSingleLogout.getReturnToUrls()));
            }
        }
    }

    private void updateLogoutMechanism(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO, SingleLogoutProfile singleLogoutProfile) {
        SingleLogoutProfile.LogoutMethodEnum logoutMethod = singleLogoutProfile.getLogoutMethod();
        if (isFrontChannelLogoutEnabled(logoutMethod)) {
            sAMLSSOServiceProviderDTO.setDoFrontChannelLogout(true);
            if (logoutMethod == SingleLogoutProfile.LogoutMethodEnum.FRONTCHANNEL_HTTP_POST) {
                sAMLSSOServiceProviderDTO.setFrontChannelLogoutBinding("HTTPPostBinding");
            }
            if (logoutMethod == SingleLogoutProfile.LogoutMethodEnum.FRONTCHANNEL_HTTP_REDIRECT) {
                sAMLSSOServiceProviderDTO.setFrontChannelLogoutBinding("HTTPRedirectBinding");
            }
        }
    }

    private void updateAttributeProfile(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO, SAMLAttributeProfile sAMLAttributeProfile) {
        if (sAMLAttributeProfile != null) {
            Boolean enabled = sAMLAttributeProfile.getEnabled();
            sAMLSSOServiceProviderDTO.getClass();
            Utils.setIfNotNull(enabled, (Consumer<Boolean>) (v1) -> {
                r1.setEnableAttributeProfile(v1);
            });
            Boolean alwaysIncludeAttributesInResponse = sAMLAttributeProfile.getAlwaysIncludeAttributesInResponse();
            sAMLSSOServiceProviderDTO.getClass();
            Utils.setIfNotNull(alwaysIncludeAttributesInResponse, (Consumer<Boolean>) (v1) -> {
                r1.setEnableAttributesByDefault(v1);
            });
        }
    }

    private void updateSingleSignOnProfile(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO, SingleSignOnProfile singleSignOnProfile) {
        if (singleSignOnProfile != null) {
            List<SingleSignOnProfile.BindingsEnum> bindings = singleSignOnProfile.getBindings();
            if (CollectionUtils.isNotEmpty(bindings) && bindings.contains(SingleSignOnProfile.BindingsEnum.ARTIFACT)) {
                sAMLSSOServiceProviderDTO.setEnableSAML2ArtifactBinding(true);
            }
            sAMLSSOServiceProviderDTO.setDoValidateSignatureInArtifactResolve(singleSignOnProfile.getEnableSignatureValidationForArtifactBinding().booleanValue());
            sAMLSSOServiceProviderDTO.setIdPInitSSOEnabled(singleSignOnProfile.getEnableIdpInitiatedSingleSignOn().booleanValue());
            SAMLAssertionConfiguration assertion = singleSignOnProfile.getAssertion();
            if (assertion != null) {
                sAMLSSOServiceProviderDTO.setNameIDFormat(assertion.getNameIdFormat());
                sAMLSSOServiceProviderDTO.setRequestedAudiences(toArray(assertion.getAudiences()));
                sAMLSSOServiceProviderDTO.setRequestedRecipients(toArray(assertion.getRecipients()));
                sAMLSSOServiceProviderDTO.setDigestAlgorithmURI(assertion.getDigestAlgorithm());
                AssertionEncryptionConfiguration encryption = assertion.getEncryption();
                if (encryption != null) {
                    Boolean enabled = encryption.getEnabled();
                    sAMLSSOServiceProviderDTO.getClass();
                    Utils.setIfNotNull(enabled, (Consumer<Boolean>) (v1) -> {
                        r1.setDoEnableEncryptedAssertion(v1);
                    });
                    sAMLSSOServiceProviderDTO.setAssertionEncryptionAlgorithmURI(encryption.getAssertionEncryptionAlgorithm());
                    sAMLSSOServiceProviderDTO.setKeyEncryptionAlgorithmURI(encryption.getKeyEncryptionAlgorithm());
                }
            }
        }
    }

    private String[] getAssertionConsumerUrls(SAML2ServiceProvider sAML2ServiceProvider) {
        if (CollectionUtils.isEmpty(sAML2ServiceProvider.getAssertionConsumerUrls())) {
            throw Utils.buildBadRequestError("At least one assertion consumer URL is required for a SAML Application.");
        }
        return toArray(sAML2ServiceProvider.getAssertionConsumerUrls());
    }

    private boolean isFrontChannelLogoutEnabled(SingleLogoutProfile.LogoutMethodEnum logoutMethodEnum) {
        return (logoutMethodEnum == null || logoutMethodEnum == SingleLogoutProfile.LogoutMethodEnum.BACKCHANNEL) ? false : true;
    }

    private String getDefaultAssertionConsumerUrl(SAML2ServiceProvider sAML2ServiceProvider) {
        return sAML2ServiceProvider.getAssertionConsumerUrls().contains(sAML2ServiceProvider.getDefaultAssertionConsumerUrl()) ? sAML2ServiceProvider.getDefaultAssertionConsumerUrl() : sAML2ServiceProvider.getAssertionConsumerUrls().get(0);
    }

    private String[] toArray(List<String> list) {
        return CollectionUtils.isEmpty(list) ? new String[0] : (String[]) list.toArray(new String[0]);
    }
}
