package org.cloudfoundry.identity.uaa.login.saml;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Timer;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
import org.apache.http.client.utils.URIBuilder;
import org.cloudfoundry.identity.uaa.login.util.FileLocator;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.parse.BasicParserPool;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.config.http.PortMappingsBeanDefinitionParser;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-2.4.0.jar:org/cloudfoundry/identity/uaa/login/saml/IdentityProviderConfigurator.class */
public class IdentityProviderConfigurator implements InitializingBean {
    private String legacyIdpIdentityAlias;
    private volatile String legacyIdpMetaData;
    private String legacyNameId;
    private int legacyAssertionConsumerIndex;
    private boolean legacyMetadataTrustCheck = true;
    private boolean legacyShowSamlLink = true;
    private List<IdentityProviderDefinition> identityProviders = new LinkedList();
    private Timer metadataFetchingHttpClientTimer;
    private HttpClient httpClient;
    private BasicParserPool parserPool;

    public List<IdentityProviderDefinition> getIdentityProviderDefinitions() {
        return Collections.unmodifiableList(this.identityProviders);
    }

    public List<IdentityProviderDefinition> getIdentityProviderDefinitionsForZone(IdentityZone identityZone) {
        LinkedList linkedList = new LinkedList();
        for (IdentityProviderDefinition identityProviderDefinition : getIdentityProviderDefinitions()) {
            if (identityZone.getId().equals(identityProviderDefinition.getZoneId())) {
                linkedList.add(identityProviderDefinition);
            }
        }
        return linkedList;
    }

    public List<IdentityProviderDefinition> getIdentityProviderDefinitions(List<String> list, IdentityZone identityZone) {
        List<IdentityProviderDefinition> identityProviderDefinitionsForZone = getIdentityProviderDefinitionsForZone(identityZone);
        if (list == null) {
            return identityProviderDefinitionsForZone;
        }
        LinkedList linkedList = new LinkedList();
        for (IdentityProviderDefinition identityProviderDefinition : identityProviderDefinitionsForZone) {
            if (list.contains(identityProviderDefinition.getIdpEntityAlias())) {
                linkedList.add(identityProviderDefinition);
            }
        }
        return linkedList;
    }

    protected List<IdentityProviderDefinition> parseIdentityProviderDefinitions() {
        LinkedList linkedList = new LinkedList(this.identityProviders);
        if (getLegacyIdpMetaData() != null) {
            IdentityProviderDefinition identityProviderDefinition = new IdentityProviderDefinition();
            identityProviderDefinition.setMetaDataLocation(getLegacyIdpMetaData());
            identityProviderDefinition.setMetadataTrustCheck(isLegacyMetadataTrustCheck());
            identityProviderDefinition.setNameID(getLegacyNameId());
            identityProviderDefinition.setAssertionConsumerIndex(getLegacyAssertionConsumerIndex());
            String legacyIdpIdentityAlias = getLegacyIdpIdentityAlias();
            if (legacyIdpIdentityAlias == null) {
                throw new IllegalArgumentException("Invalid IDP - Alias must be not null for deprecated IDP.");
            }
            identityProviderDefinition.setIdpEntityAlias(legacyIdpIdentityAlias);
            identityProviderDefinition.setShowSamlLink(isLegacyShowSamlLink());
            identityProviderDefinition.setLinkText("Use your corporate credentials");
            identityProviderDefinition.setZoneId(IdentityZone.getUaa().getId());
            linkedList.add(identityProviderDefinition);
        }
        HashSet hashSet = new HashSet();
        Iterator it = linkedList.iterator();
        while (it.hasNext()) {
            String uniqueAlias = getUniqueAlias((IdentityProviderDefinition) it.next());
            if (hashSet.contains(uniqueAlias)) {
                throw new IllegalStateException("Duplicate IDP alias found:" + uniqueAlias);
            }
            hashSet.add(uniqueAlias);
        }
        this.identityProviders = linkedList;
        return getIdentityProviderDefinitions();
    }

    protected String getUniqueAlias(IdentityProviderDefinition identityProviderDefinition) {
        return getUniqueAlias(identityProviderDefinition.getIdpEntityAlias(), identityProviderDefinition.getZoneId());
    }

    protected String getUniqueAlias(String str, String str2) {
        return str + "###" + str2;
    }

    public synchronized ExtendedMetadataDelegate addIdentityProviderDefinition(IdentityProviderDefinition identityProviderDefinition) {
        if (identityProviderDefinition == null) {
            throw new NullPointerException();
        }
        if (!StringUtils.hasText(identityProviderDefinition.getIdpEntityAlias())) {
            throw new NullPointerException("SAML IDP Alias must be set");
        }
        if (!StringUtils.hasText(identityProviderDefinition.getZoneId())) {
            throw new NullPointerException("IDP Zone Id must be set");
        }
        Iterator<IdentityProviderDefinition> it = getIdentityProviderDefinitions().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            IdentityProviderDefinition next = it.next();
            if (getUniqueAlias(identityProviderDefinition).equals(getUniqueAlias(next))) {
                this.identityProviders.remove(next);
                break;
            }
        }
        IdentityProviderDefinition m2045clone = identityProviderDefinition.m2045clone();
        this.identityProviders.add(m2045clone);
        return getExtendedMetadataDelegate(m2045clone);
    }

    public synchronized List<IdentityProviderDefinition> refreshProviders(List<IdentityProviderDefinition> list) {
        LinkedList linkedList = new LinkedList();
        Iterator<IdentityProviderDefinition> it = list.iterator();
        while (it.hasNext()) {
            linkedList.add(it.next().m2045clone());
        }
        this.legacyIdpMetaData = null;
        this.identityProviders = linkedList;
        return getIdentityProviderDefinitions();
    }

    public synchronized void removeIdentityProviderDefinition(IdentityProviderDefinition identityProviderDefinition) {
        for (IdentityProviderDefinition identityProviderDefinition2 : getIdentityProviderDefinitions()) {
            if (getUniqueAlias(identityProviderDefinition).equals(getUniqueAlias(identityProviderDefinition2))) {
                this.identityProviders.remove(identityProviderDefinition2);
                return;
            }
        }
    }

    public List<ExtendedMetadataDelegate> getIdentityProviders() {
        return getIdentityProviders(null);
    }

    public List<ExtendedMetadataDelegate> getIdentityProviders(IdentityZone identityZone) {
        LinkedList linkedList = new LinkedList();
        for (IdentityProviderDefinition identityProviderDefinition : getIdentityProviderDefinitions()) {
            if (identityZone == null || identityZone.getId().equals(identityProviderDefinition.getZoneId())) {
                linkedList.add(getExtendedMetadataDelegate(identityProviderDefinition));
            }
        }
        return linkedList;
    }

    public ExtendedMetadataDelegate getExtendedMetadataDelegate(IdentityProviderDefinition identityProviderDefinition) {
        ExtendedMetadataDelegate configureURLMetadata;
        switch (identityProviderDefinition.getType()) {
            case DATA:
                configureURLMetadata = configureXMLMetadata(identityProviderDefinition);
                break;
            case FILE:
                configureURLMetadata = configureFileMetadata(identityProviderDefinition);
                break;
            case URL:
                configureURLMetadata = configureURLMetadata(identityProviderDefinition);
                break;
            default:
                throw new IllegalArgumentException("Invalid metadata type for alias[" + identityProviderDefinition.getIdpEntityAlias() + "]:" + identityProviderDefinition.getMetaDataLocation());
        }
        return configureURLMetadata;
    }

    protected ExtendedMetadataDelegate configureXMLMetadata(IdentityProviderDefinition identityProviderDefinition) {
        ConfigMetadataProvider configMetadataProvider = new ConfigMetadataProvider(identityProviderDefinition.getZoneId(), identityProviderDefinition.getIdpEntityAlias(), identityProviderDefinition.getMetaDataLocation());
        configMetadataProvider.setParserPool(getParserPool());
        ExtendedMetadata extendedMetadata = new ExtendedMetadata();
        extendedMetadata.setLocal(false);
        extendedMetadata.setAlias(identityProviderDefinition.getIdpEntityAlias());
        ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(configMetadataProvider, extendedMetadata);
        extendedMetadataDelegate.setMetadataTrustCheck(identityProviderDefinition.isMetadataTrustCheck());
        return extendedMetadataDelegate;
    }

    protected ExtendedMetadataDelegate configureFileMetadata(IdentityProviderDefinition identityProviderDefinition) {
        try {
            FilesystemMetadataProvider filesystemMetadataProvider = new FilesystemMetadataProvider(identityProviderDefinition.getZoneId(), identityProviderDefinition.getIdpEntityAlias(), getMetadataFetchingHttpClientTimer(), FileLocator.locate(identityProviderDefinition.getMetaDataLocation()));
            filesystemMetadataProvider.setParserPool(getParserPool());
            ExtendedMetadata extendedMetadata = new ExtendedMetadata();
            extendedMetadata.setAlias(identityProviderDefinition.getIdpEntityAlias());
            extendedMetadata.setLocal(false);
            ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(filesystemMetadataProvider, extendedMetadata);
            extendedMetadataDelegate.setMetadataTrustCheck(identityProviderDefinition.isMetadataTrustCheck());
            return extendedMetadataDelegate;
        } catch (IOException e) {
            throw new IllegalArgumentException("Invalid metadata file for alias[" + identityProviderDefinition.getIdpEntityAlias() + "]:" + identityProviderDefinition.getMetaDataLocation());
        } catch (MetadataProviderException e2) {
            throw new IllegalArgumentException("Invalid metadata for alias[" + identityProviderDefinition.getIdpEntityAlias() + "]:" + identityProviderDefinition.getMetaDataLocation());
        }
    }

    protected ExtendedMetadataDelegate configureURLMetadata(IdentityProviderDefinition identityProviderDefinition) {
        try {
            Class<?> cls = Class.forName(identityProviderDefinition.getSocketFactoryClassName());
            ExtendedMetadata extendedMetadata = new ExtendedMetadata();
            extendedMetadata.setAlias(identityProviderDefinition.getIdpEntityAlias());
            FixedHttpMetaDataProvider fixedHttpMetaDataProvider = new FixedHttpMetaDataProvider(identityProviderDefinition.getZoneId(), identityProviderDefinition.getIdpEntityAlias(), getMetadataFetchingHttpClientTimer(), getHttpClient(), adjustURIForPort(identityProviderDefinition.getMetaDataLocation()));
            fixedHttpMetaDataProvider.setParserPool(getParserPool());
            fixedHttpMetaDataProvider.setSocketFactory((ProtocolSocketFactory) cls.newInstance());
            ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(fixedHttpMetaDataProvider, extendedMetadata);
            extendedMetadataDelegate.setMetadataTrustCheck(identityProviderDefinition.isMetadataTrustCheck());
            return extendedMetadataDelegate;
        } catch (ClassNotFoundException e) {
            throw new IllegalArgumentException("Invalid socket factory:" + identityProviderDefinition.getSocketFactoryClassName(), e);
        } catch (IllegalAccessException e2) {
            throw new IllegalArgumentException("Invalid socket factory:" + identityProviderDefinition.getSocketFactoryClassName(), e2);
        } catch (InstantiationException e3) {
            throw new IllegalArgumentException("Invalid socket factory:" + identityProviderDefinition.getSocketFactoryClassName(), e3);
        } catch (URISyntaxException e4) {
            throw new IllegalArgumentException("Invalid socket factory(invalid URI):" + identityProviderDefinition.getMetaDataLocation(), e4);
        } catch (MetadataProviderException e5) {
            throw new IllegalArgumentException("Invalid meta data", e5);
        }
    }

    protected String adjustURIForPort(String str) throws URISyntaxException {
        URI uri = new URI(str);
        if (uri.getPort() >= 0) {
            return str;
        }
        String scheme = uri.getScheme();
        boolean z = -1;
        switch (scheme.hashCode()) {
            case 3213448:
                if (scheme.equals("http")) {
                    z = true;
                    break;
                }
                break;
            case 99617003:
                if (scheme.equals(PortMappingsBeanDefinitionParser.ATT_HTTPS_PORT)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new URIBuilder(str).setPort(443).build().toString();
            case true:
                return new URIBuilder(str).setPort(80).build().toString();
            default:
                return str;
        }
    }

    public void setIdentityProviders(Map<String, Map<String, Object>> map) {
        this.identityProviders.clear();
        if (map == null) {
            return;
        }
        for (Map.Entry<String, Map<String, Object>> entry : map.entrySet()) {
            String key = entry.getKey();
            Map<String, Object> value = entry.getValue();
            String str = (String) value.get("idpMetadata");
            String str2 = (String) value.get("nameID");
            Integer num = (Integer) value.get("assertionConsumerIndex");
            Boolean bool = (Boolean) value.get("metadataTrustCheck");
            Boolean bool2 = (Boolean) entry.getValue().get("showSamlLoginLink");
            String str3 = (String) value.get("socketFactoryClassName");
            String str4 = (String) entry.getValue().get("linkText");
            String str5 = (String) entry.getValue().get("iconUrl");
            String str6 = (String) entry.getValue().get("zoneId");
            IdentityProviderDefinition identityProviderDefinition = new IdentityProviderDefinition();
            if (key == null) {
                throw new IllegalArgumentException("Invalid IDP - alias must not be null [" + str + "]");
            }
            if (str == null) {
                throw new IllegalArgumentException("Invalid IDP - metaDataLocation must not be null [" + key + "]");
            }
            identityProviderDefinition.setIdpEntityAlias(key);
            identityProviderDefinition.setAssertionConsumerIndex(num == null ? 0 : num.intValue());
            identityProviderDefinition.setMetaDataLocation(str);
            identityProviderDefinition.setNameID(str2);
            identityProviderDefinition.setMetadataTrustCheck(bool == null ? true : bool.booleanValue());
            identityProviderDefinition.setShowSamlLink(bool2 == null ? true : bool2.booleanValue());
            identityProviderDefinition.setSocketFactoryClassName(str3);
            identityProviderDefinition.setLinkText(str4);
            identityProviderDefinition.setIconUrl(str5);
            identityProviderDefinition.setZoneId(StringUtils.hasText(str6) ? str6 : IdentityZone.getUaa().getId());
            this.identityProviders.add(identityProviderDefinition);
        }
    }

    public String getLegacyIdpIdentityAlias() {
        return this.legacyIdpIdentityAlias;
    }

    public void setLegacyIdpIdentityAlias(String str) {
        if ("null".equals(str)) {
            this.legacyIdpIdentityAlias = null;
        } else {
            this.legacyIdpIdentityAlias = str;
        }
    }

    public String getLegacyIdpMetaData() {
        return this.legacyIdpMetaData;
    }

    public void setLegacyIdpMetaData(String str) {
        if ("null".equals(str)) {
            this.legacyIdpMetaData = null;
        } else {
            this.legacyIdpMetaData = str;
        }
    }

    public String getLegacyNameId() {
        return this.legacyNameId;
    }

    public void setLegacyNameId(String str) {
        this.legacyNameId = str;
    }

    public int getLegacyAssertionConsumerIndex() {
        return this.legacyAssertionConsumerIndex;
    }

    public void setLegacyAssertionConsumerIndex(int i) {
        this.legacyAssertionConsumerIndex = i;
    }

    public boolean isLegacyMetadataTrustCheck() {
        return this.legacyMetadataTrustCheck;
    }

    public void setLegacyMetadataTrustCheck(boolean z) {
        this.legacyMetadataTrustCheck = z;
    }

    public Timer getMetadataFetchingHttpClientTimer() {
        return this.metadataFetchingHttpClientTimer;
    }

    public void setMetadataFetchingHttpClientTimer(Timer timer) {
        this.metadataFetchingHttpClientTimer = timer;
    }

    public HttpClient getHttpClient() {
        return this.httpClient;
    }

    public void setHttpClient(HttpClient httpClient) {
        this.httpClient = httpClient;
    }

    public BasicParserPool getParserPool() {
        return this.parserPool;
    }

    public void setParserPool(BasicParserPool basicParserPool) {
        this.parserPool = basicParserPool;
    }

    public boolean isLegacyShowSamlLink() {
        return this.legacyShowSamlLink;
    }

    public void setLegacyShowSamlLink(boolean z) {
        this.legacyShowSamlLink = z;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        parseIdentityProviderDefinitions();
    }
}
