package org.cloudfoundry.identity.uaa.login.saml;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.SimpleHttpConnectionManager;
import org.apache.commons.httpclient.params.HttpClientParams;
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.utils.URIBuilder;
import org.cloudfoundry.identity.uaa.AbstractIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationJsonBase;
import org.cloudfoundry.identity.uaa.login.util.FileLocator;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.parse.BasicParserPool;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/cloudfoundry/identity/uaa/login/saml/SamlIdentityProviderConfigurator.class */
public class SamlIdentityProviderConfigurator implements InitializingBean {
    private static Log logger = LogFactory.getLog(SamlIdentityProviderConfigurator.class);
    private String legacyIdpIdentityAlias;
    private volatile String legacyIdpMetaData;
    private String legacyNameId;
    private int legacyAssertionConsumerIndex;
    private HttpClientParams clientParams;
    private BasicParserPool parserPool;
    private boolean legacyMetadataTrustCheck = true;
    private boolean legacyShowSamlLink = true;
    private Map<SamlIdentityProviderDefinition, ExtendedMetadataDelegate> identityProviders = new HashMap();
    private List<SamlIdentityProviderDefinition> toBeFetchedProviders = new LinkedList();
    private Timer dummyTimer = new Timer() { // from class: org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderConfigurator.1
        @Override // java.util.Timer
        public void cancel() {
            super.cancel();
        }

        @Override // java.util.Timer
        public int purge() {
            return 0;
        }

        @Override // java.util.Timer
        public void schedule(TimerTask timerTask, long j) {
        }

        @Override // java.util.Timer
        public void schedule(TimerTask timerTask, long j, long j2) {
        }

        @Override // java.util.Timer
        public void schedule(TimerTask timerTask, Date date, long j) {
        }

        @Override // java.util.Timer
        public void schedule(TimerTask timerTask, Date date) {
        }

        @Override // java.util.Timer
        public void scheduleAtFixedRate(TimerTask timerTask, long j, long j2) {
        }

        @Override // java.util.Timer
        public void scheduleAtFixedRate(TimerTask timerTask, Date date, long j) {
        }
    };

    public SamlIdentityProviderConfigurator() {
        this.dummyTimer.cancel();
    }

    public List<SamlIdentityProviderDefinition> getIdentityProviderDefinitions() {
        return Collections.unmodifiableList(new ArrayList(this.identityProviders.keySet()));
    }

    public List<SamlIdentityProviderDefinition> getIdentityProviderDefinitionsForZone(IdentityZone identityZone) {
        LinkedList linkedList = new LinkedList();
        for (SamlIdentityProviderDefinition samlIdentityProviderDefinition : getIdentityProviderDefinitions()) {
            if (identityZone.getId().equals(samlIdentityProviderDefinition.getZoneId())) {
                linkedList.add(samlIdentityProviderDefinition);
            }
        }
        return linkedList;
    }

    public List<SamlIdentityProviderDefinition> getIdentityProviderDefinitions(List<String> list, IdentityZone identityZone) {
        List<SamlIdentityProviderDefinition> identityProviderDefinitionsForZone = getIdentityProviderDefinitionsForZone(identityZone);
        if (list == null) {
            return identityProviderDefinitionsForZone;
        }
        LinkedList linkedList = new LinkedList();
        for (SamlIdentityProviderDefinition samlIdentityProviderDefinition : identityProviderDefinitionsForZone) {
            if (list.contains(samlIdentityProviderDefinition.getIdpEntityAlias())) {
                linkedList.add(samlIdentityProviderDefinition);
            }
        }
        return linkedList;
    }

    protected void parseIdentityProviderDefinitions() {
        this.identityProviders.clear();
        LinkedList<SamlIdentityProviderDefinition> linkedList = new LinkedList(this.toBeFetchedProviders);
        if (getLegacyIdpMetaData() != null) {
            SamlIdentityProviderDefinition samlIdentityProviderDefinition = new SamlIdentityProviderDefinition();
            samlIdentityProviderDefinition.setMetaDataLocation(getLegacyIdpMetaData());
            samlIdentityProviderDefinition.setMetadataTrustCheck(isLegacyMetadataTrustCheck());
            samlIdentityProviderDefinition.setNameID(getLegacyNameId());
            samlIdentityProviderDefinition.setAssertionConsumerIndex(getLegacyAssertionConsumerIndex());
            String legacyIdpIdentityAlias = getLegacyIdpIdentityAlias();
            if (legacyIdpIdentityAlias == null) {
                throw new IllegalArgumentException("Invalid IDP - Alias must be not null for deprecated IDP.");
            }
            samlIdentityProviderDefinition.setIdpEntityAlias(legacyIdpIdentityAlias);
            samlIdentityProviderDefinition.setShowSamlLink(isLegacyShowSamlLink());
            samlIdentityProviderDefinition.setLinkText("Use your corporate credentials");
            samlIdentityProviderDefinition.setZoneId(IdentityZone.getUaa().getId());
            linkedList.add(samlIdentityProviderDefinition);
        }
        HashSet hashSet = new HashSet();
        Iterator it = linkedList.iterator();
        while (it.hasNext()) {
            String uniqueAlias = getUniqueAlias((SamlIdentityProviderDefinition) it.next());
            if (hashSet.contains(uniqueAlias)) {
                throw new IllegalStateException("Duplicate IDP alias found:" + uniqueAlias);
            }
            hashSet.add(uniqueAlias);
        }
        for (SamlIdentityProviderDefinition samlIdentityProviderDefinition2 : linkedList) {
            try {
                addSamlIdentityProviderDefinition(samlIdentityProviderDefinition2);
            } catch (MetadataProviderException e) {
                logger.error("Unable to configure SAML provider:" + samlIdentityProviderDefinition2, e);
            }
        }
    }

    protected String getUniqueAlias(SamlIdentityProviderDefinition samlIdentityProviderDefinition) {
        return getUniqueAlias(samlIdentityProviderDefinition.getIdpEntityAlias(), samlIdentityProviderDefinition.getZoneId());
    }

    protected String getUniqueAlias(String str, String str2) {
        return str + "###" + str2;
    }

    public synchronized ExtendedMetadataDelegate[] addSamlIdentityProviderDefinition(SamlIdentityProviderDefinition samlIdentityProviderDefinition) throws MetadataProviderException {
        ExtendedMetadataDelegate extendedMetadataDelegate = null;
        if (samlIdentityProviderDefinition == null) {
            throw new NullPointerException();
        }
        if (!StringUtils.hasText(samlIdentityProviderDefinition.getIdpEntityAlias())) {
            throw new NullPointerException("SAML IDP Alias must be set");
        }
        if (!StringUtils.hasText(samlIdentityProviderDefinition.getZoneId())) {
            throw new NullPointerException("IDP Zone Id must be set");
        }
        Iterator<SamlIdentityProviderDefinition> it = getIdentityProviderDefinitions().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SamlIdentityProviderDefinition next = it.next();
            if (getUniqueAlias(samlIdentityProviderDefinition).equals(getUniqueAlias(next))) {
                extendedMetadataDelegate = this.identityProviders.remove(next);
                break;
            }
        }
        SamlIdentityProviderDefinition m47clone = samlIdentityProviderDefinition.m47clone();
        ExtendedMetadataDelegate extendedMetadataDelegate2 = getExtendedMetadataDelegate(m47clone);
        String entityID = extendedMetadataDelegate2.getDelegate().getEntityID();
        boolean z = false;
        Iterator<Map.Entry<SamlIdentityProviderDefinition, ExtendedMetadataDelegate>> it2 = this.identityProviders.entrySet().iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            Map.Entry<SamlIdentityProviderDefinition, ExtendedMetadataDelegate> next2 = it2.next();
            if (m47clone.getZoneId().equals(next2.getKey().getZoneId()) && entityID.equals(next2.getValue().getDelegate().getEntityID())) {
                z = true;
                break;
            }
        }
        if (z) {
            throw new MetadataProviderException("Duplicate entity ID:" + entityID);
        }
        this.identityProviders.put(m47clone, extendedMetadataDelegate2);
        return new ExtendedMetadataDelegate[]{extendedMetadataDelegate2, extendedMetadataDelegate};
    }

    public synchronized ExtendedMetadataDelegate removeIdentityProviderDefinition(SamlIdentityProviderDefinition samlIdentityProviderDefinition) {
        for (SamlIdentityProviderDefinition samlIdentityProviderDefinition2 : getIdentityProviderDefinitions()) {
            if (getUniqueAlias(samlIdentityProviderDefinition).equals(getUniqueAlias(samlIdentityProviderDefinition2))) {
                return this.identityProviders.remove(samlIdentityProviderDefinition2);
            }
        }
        return null;
    }

    public List<ExtendedMetadataDelegate> getSamlIdentityProviders() {
        return getSamlIdentityProviders(null);
    }

    public List<ExtendedMetadataDelegate> getSamlIdentityProviders(IdentityZone identityZone) {
        LinkedList linkedList = new LinkedList();
        for (SamlIdentityProviderDefinition samlIdentityProviderDefinition : getIdentityProviderDefinitions()) {
            if (identityZone == null || identityZone.getId().equals(samlIdentityProviderDefinition.getZoneId())) {
                ExtendedMetadataDelegate extendedMetadataDelegate = this.identityProviders.get(samlIdentityProviderDefinition);
                if (extendedMetadataDelegate != null) {
                    linkedList.add(extendedMetadataDelegate);
                }
            }
        }
        return linkedList;
    }

    public ExtendedMetadataDelegate getExtendedMetadataDelegateFromCache(SamlIdentityProviderDefinition samlIdentityProviderDefinition) throws MetadataProviderException {
        return this.identityProviders.get(samlIdentityProviderDefinition);
    }

    public ExtendedMetadataDelegate getExtendedMetadataDelegate(SamlIdentityProviderDefinition samlIdentityProviderDefinition) throws MetadataProviderException {
        ExtendedMetadataDelegate configureURLMetadata;
        switch (samlIdentityProviderDefinition.getType()) {
            case DATA:
                configureURLMetadata = configureXMLMetadata(samlIdentityProviderDefinition);
                break;
            case FILE:
                configureURLMetadata = configureFileMetadata(samlIdentityProviderDefinition);
                break;
            case URL:
                configureURLMetadata = configureURLMetadata(samlIdentityProviderDefinition);
                break;
            default:
                throw new MetadataProviderException("Invalid metadata type for alias[" + samlIdentityProviderDefinition.getIdpEntityAlias() + "]:" + samlIdentityProviderDefinition.getMetaDataLocation());
        }
        return configureURLMetadata;
    }

    protected ExtendedMetadataDelegate configureXMLMetadata(SamlIdentityProviderDefinition samlIdentityProviderDefinition) {
        ConfigMetadataProvider configMetadataProvider = new ConfigMetadataProvider(samlIdentityProviderDefinition.getZoneId(), samlIdentityProviderDefinition.getIdpEntityAlias(), samlIdentityProviderDefinition.getMetaDataLocation());
        configMetadataProvider.setParserPool(getParserPool());
        ExtendedMetadata extendedMetadata = new ExtendedMetadata();
        extendedMetadata.setLocal(false);
        extendedMetadata.setAlias(samlIdentityProviderDefinition.getIdpEntityAlias());
        ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(configMetadataProvider, extendedMetadata);
        extendedMetadataDelegate.setMetadataTrustCheck(samlIdentityProviderDefinition.isMetadataTrustCheck());
        return extendedMetadataDelegate;
    }

    protected ExtendedMetadataDelegate configureFileMetadata(SamlIdentityProviderDefinition samlIdentityProviderDefinition) throws MetadataProviderException {
        try {
            samlIdentityProviderDefinition = samlIdentityProviderDefinition.m47clone();
            samlIdentityProviderDefinition.setMetaDataLocation(new String(new FilesystemMetadataProvider(this.dummyTimer, FileLocator.locate(samlIdentityProviderDefinition.getMetaDataLocation())).fetchMetadata(), StandardCharsets.UTF_8));
            return configureXMLMetadata(samlIdentityProviderDefinition);
        } catch (IOException e) {
            throw new IllegalArgumentException("Invalid metadata file for alias[" + samlIdentityProviderDefinition.getIdpEntityAlias() + "]:" + samlIdentityProviderDefinition.getMetaDataLocation());
        }
    }

    protected ExtendedMetadataDelegate configureURLMetadata(SamlIdentityProviderDefinition samlIdentityProviderDefinition) throws MetadataProviderException {
        try {
            samlIdentityProviderDefinition = samlIdentityProviderDefinition.m47clone();
            Class<?> cls = Class.forName(samlIdentityProviderDefinition.getSocketFactoryClassName());
            new ExtendedMetadata().setAlias(samlIdentityProviderDefinition.getIdpEntityAlias());
            SimpleHttpConnectionManager simpleHttpConnectionManager = new SimpleHttpConnectionManager(true);
            simpleHttpConnectionManager.getParams().setDefaults(getClientParams());
            FixedHttpMetaDataProvider fixedHttpMetaDataProvider = new FixedHttpMetaDataProvider(this.dummyTimer, new HttpClient(simpleHttpConnectionManager), adjustURIForPort(samlIdentityProviderDefinition.getMetaDataLocation()));
            fixedHttpMetaDataProvider.setSocketFactory((ProtocolSocketFactory) cls.newInstance());
            samlIdentityProviderDefinition.setMetaDataLocation(new String(fixedHttpMetaDataProvider.fetchMetadata(), StandardCharsets.UTF_8));
            return configureXMLMetadata(samlIdentityProviderDefinition);
        } catch (ClassNotFoundException e) {
            throw new IllegalArgumentException("Invalid socket factory:" + samlIdentityProviderDefinition.getSocketFactoryClassName(), e);
        } catch (IllegalAccessException e2) {
            throw new IllegalArgumentException("Invalid socket factory:" + samlIdentityProviderDefinition.getSocketFactoryClassName(), e2);
        } catch (InstantiationException e3) {
            throw new IllegalArgumentException("Invalid socket factory:" + samlIdentityProviderDefinition.getSocketFactoryClassName(), e3);
        } catch (URISyntaxException e4) {
            throw new IllegalArgumentException("Invalid socket factory(invalid URI):" + samlIdentityProviderDefinition.getMetaDataLocation(), e4);
        }
    }

    protected String adjustURIForPort(String str) throws URISyntaxException {
        URI uri = new URI(str);
        if (uri.getPort() >= 0) {
            return str;
        }
        String scheme = uri.getScheme();
        boolean z = -1;
        switch (scheme.hashCode()) {
            case 3213448:
                if (scheme.equals("http")) {
                    z = true;
                    break;
                }
                break;
            case 99617003:
                if (scheme.equals("https")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new URIBuilder(str).setPort(443).build().toString();
            case true:
                return new URIBuilder(str).setPort(80).build().toString();
            default:
                return str;
        }
    }

    public void setIdentityProviders(Map<String, Map<String, Object>> map) {
        this.identityProviders.clear();
        if (map == null) {
            return;
        }
        for (Map.Entry<String, Map<String, Object>> entry : map.entrySet()) {
            String key = entry.getKey();
            Map<String, Object> value = entry.getValue();
            String str = (String) value.get("idpMetadata");
            String str2 = (String) value.get("nameID");
            Integer num = (Integer) value.get("assertionConsumerIndex");
            Boolean bool = (Boolean) value.get("metadataTrustCheck");
            Boolean bool2 = (Boolean) entry.getValue().get("showSamlLoginLink");
            String str3 = (String) value.get("socketFactoryClassName");
            String str4 = (String) entry.getValue().get("linkText");
            String str5 = (String) entry.getValue().get("iconUrl");
            String str6 = (String) entry.getValue().get("zoneId");
            Boolean bool3 = (Boolean) entry.getValue().get("addShadowUserOnLogin");
            List<String> list = (List) value.get(AbstractIdentityProviderDefinition.EMAIL_DOMAIN_ATTR);
            List<String> list2 = (List) value.get(ExternalIdentityProviderDefinition.EXTERNAL_GROUPS_WHITELIST);
            Map<String, Object> map2 = (Map) value.get(ExternalIdentityProviderDefinition.ATTRIBUTE_MAPPINGS);
            SamlIdentityProviderDefinition samlIdentityProviderDefinition = new SamlIdentityProviderDefinition();
            if (key == null) {
                throw new IllegalArgumentException("Invalid IDP - alias must not be null [" + str + "]");
            }
            if (str == null) {
                throw new IllegalArgumentException("Invalid IDP - metaDataLocation must not be null [" + key + "]");
            }
            samlIdentityProviderDefinition.setIdpEntityAlias(key);
            samlIdentityProviderDefinition.setAssertionConsumerIndex(num == null ? 0 : num.intValue());
            samlIdentityProviderDefinition.setMetaDataLocation(str);
            samlIdentityProviderDefinition.setNameID(str2);
            samlIdentityProviderDefinition.setMetadataTrustCheck(bool == null ? true : bool.booleanValue());
            samlIdentityProviderDefinition.setShowSamlLink(bool2 == null ? true : bool2.booleanValue());
            samlIdentityProviderDefinition.setSocketFactoryClassName(str3);
            samlIdentityProviderDefinition.setLinkText(str4);
            samlIdentityProviderDefinition.setIconUrl(str5);
            samlIdentityProviderDefinition.setEmailDomain(list);
            samlIdentityProviderDefinition.setExternalGroupsWhitelist(list2);
            samlIdentityProviderDefinition.setAttributeMappings(map2);
            samlIdentityProviderDefinition.setZoneId(StringUtils.hasText(str6) ? str6 : IdentityZone.getUaa().getId());
            samlIdentityProviderDefinition.setAddShadowUserOnLogin(bool3 == null ? true : bool3.booleanValue());
            this.toBeFetchedProviders.add(samlIdentityProviderDefinition);
        }
    }

    public String getLegacyIdpIdentityAlias() {
        return this.legacyIdpIdentityAlias;
    }

    public void setLegacyIdpIdentityAlias(String str) {
        if (UaaAuthenticationJsonBase.NULL_STRING.equals(str)) {
            this.legacyIdpIdentityAlias = null;
        } else {
            this.legacyIdpIdentityAlias = str;
        }
    }

    public String getLegacyIdpMetaData() {
        return this.legacyIdpMetaData;
    }

    public void setLegacyIdpMetaData(String str) {
        if (UaaAuthenticationJsonBase.NULL_STRING.equals(str)) {
            this.legacyIdpMetaData = null;
        } else {
            this.legacyIdpMetaData = str;
        }
    }

    public String getLegacyNameId() {
        return this.legacyNameId;
    }

    public void setLegacyNameId(String str) {
        this.legacyNameId = str;
    }

    public int getLegacyAssertionConsumerIndex() {
        return this.legacyAssertionConsumerIndex;
    }

    public void setLegacyAssertionConsumerIndex(int i) {
        this.legacyAssertionConsumerIndex = i;
    }

    public boolean isLegacyMetadataTrustCheck() {
        return this.legacyMetadataTrustCheck;
    }

    public void setLegacyMetadataTrustCheck(boolean z) {
        this.legacyMetadataTrustCheck = z;
    }

    public HttpClientParams getClientParams() {
        return this.clientParams;
    }

    public void setClientParams(HttpClientParams httpClientParams) {
        this.clientParams = httpClientParams;
    }

    public BasicParserPool getParserPool() {
        return this.parserPool;
    }

    public void setParserPool(BasicParserPool basicParserPool) {
        this.parserPool = basicParserPool;
    }

    public boolean isLegacyShowSamlLink() {
        return this.legacyShowSamlLink;
    }

    public void setLegacyShowSamlLink(boolean z) {
        this.legacyShowSamlLink = z;
    }

    public void afterPropertiesSet() throws Exception {
        parseIdentityProviderDefinitions();
    }
}
