package org.cloudfoundry.identity.uaa.provider.saml;

import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.apache.http.client.utils.URIBuilder;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.parse.BasicParserPool;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.config.http.PortMappingsBeanDefinitionParser;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.18.0.jar:org/cloudfoundry/identity/uaa/provider/saml/SamlIdentityProviderConfigurator.class */
public class SamlIdentityProviderConfigurator implements InitializingBean {
    private BasicParserPool parserPool;
    private IdentityProviderProvisioning providerProvisioning;
    private FixedHttpMetaDataProvider fixedHttpMetaDataProvider;

    public List<SamlIdentityProviderDefinition> getIdentityProviderDefinitions() {
        return getIdentityProviderDefinitionsForZone(IdentityZoneHolder.get());
    }

    public List<SamlIdentityProviderDefinition> getIdentityProviderDefinitionsForZone(IdentityZone identityZone) {
        LinkedList linkedList = new LinkedList();
        for (IdentityProvider identityProvider : this.providerProvisioning.retrieveActive(identityZone.getId())) {
            if (OriginKeys.SAML.equals(identityProvider.getType())) {
                linkedList.add((SamlIdentityProviderDefinition) identityProvider.getConfig());
            }
        }
        return linkedList;
    }

    public List<SamlIdentityProviderDefinition> getIdentityProviderDefinitions(List<String> list, IdentityZone identityZone) {
        List<SamlIdentityProviderDefinition> identityProviderDefinitionsForZone = getIdentityProviderDefinitionsForZone(identityZone);
        if (list == null) {
            return identityProviderDefinitionsForZone;
        }
        LinkedList linkedList = new LinkedList();
        for (SamlIdentityProviderDefinition samlIdentityProviderDefinition : identityProviderDefinitionsForZone) {
            if (list.contains(samlIdentityProviderDefinition.getIdpEntityAlias())) {
                linkedList.add(samlIdentityProviderDefinition);
            }
        }
        return linkedList;
    }

    public synchronized void validateSamlIdentityProviderDefinition(SamlIdentityProviderDefinition samlIdentityProviderDefinition) throws MetadataProviderException {
        if (samlIdentityProviderDefinition == null) {
            throw new NullPointerException();
        }
        if (!StringUtils.hasText(samlIdentityProviderDefinition.getIdpEntityAlias())) {
            throw new NullPointerException("SAML IDP Alias must be set");
        }
        if (!StringUtils.hasText(samlIdentityProviderDefinition.getZoneId())) {
            throw new NullPointerException("IDP Zone Id must be set");
        }
        SamlIdentityProviderDefinition m3890clone = samlIdentityProviderDefinition.m3890clone();
        String entityID = ((ConfigMetadataProvider) getExtendedMetadataDelegate(m3890clone).getDelegate()).getEntityID();
        if (!StringUtils.hasText(entityID)) {
            throw new MetadataProviderException("Emtpy entityID for SAML provider with zoneId:" + samlIdentityProviderDefinition.getZoneId() + " and origin:" + samlIdentityProviderDefinition.getIdpEntityAlias());
        }
        boolean z = false;
        Iterator<SamlIdentityProviderDefinition> it = getIdentityProviderDefinitions().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SamlIdentityProviderDefinition next = it.next();
            if (entityID.equals(((ConfigMetadataProvider) getExtendedMetadataDelegate(next).getDelegate()).getEntityID()) && !next.getUniqueAlias().equals(m3890clone.getUniqueAlias())) {
                z = true;
                break;
            }
        }
        if (z) {
            throw new MetadataProviderException("Duplicate entity ID:" + entityID);
        }
    }

    public ExtendedMetadataDelegate getExtendedMetadataDelegateFromCache(SamlIdentityProviderDefinition samlIdentityProviderDefinition) throws MetadataProviderException {
        return getExtendedMetadataDelegate(samlIdentityProviderDefinition);
    }

    public ExtendedMetadataDelegate getExtendedMetadataDelegate(SamlIdentityProviderDefinition samlIdentityProviderDefinition) throws MetadataProviderException {
        ExtendedMetadataDelegate configureURLMetadata;
        switch (samlIdentityProviderDefinition.getType()) {
            case DATA:
                configureURLMetadata = configureXMLMetadata(samlIdentityProviderDefinition);
                break;
            case URL:
                configureURLMetadata = configureURLMetadata(samlIdentityProviderDefinition);
                break;
            default:
                throw new MetadataProviderException("Invalid metadata type for alias[" + samlIdentityProviderDefinition.getIdpEntityAlias() + "]:" + samlIdentityProviderDefinition.getMetaDataLocation());
        }
        return configureURLMetadata;
    }

    protected ExtendedMetadataDelegate configureXMLMetadata(SamlIdentityProviderDefinition samlIdentityProviderDefinition) {
        ConfigMetadataProvider configMetadataProvider = new ConfigMetadataProvider(samlIdentityProviderDefinition.getZoneId(), samlIdentityProviderDefinition.getIdpEntityAlias(), samlIdentityProviderDefinition.getMetaDataLocation());
        configMetadataProvider.setParserPool(getParserPool());
        ExtendedMetadata extendedMetadata = new ExtendedMetadata();
        extendedMetadata.setLocal(false);
        extendedMetadata.setAlias(samlIdentityProviderDefinition.getIdpEntityAlias());
        ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(configMetadataProvider, extendedMetadata);
        extendedMetadataDelegate.setMetadataTrustCheck(samlIdentityProviderDefinition.isMetadataTrustCheck());
        return extendedMetadataDelegate;
    }

    protected String adjustURIForPort(String str) throws URISyntaxException {
        URI uri = new URI(str);
        if (uri.getPort() >= 0) {
            return str;
        }
        String scheme = uri.getScheme();
        boolean z = -1;
        switch (scheme.hashCode()) {
            case 3213448:
                if (scheme.equals("http")) {
                    z = true;
                    break;
                }
                break;
            case 99617003:
                if (scheme.equals(PortMappingsBeanDefinitionParser.ATT_HTTPS_PORT)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new URIBuilder(str).setPort(443).build().toString();
            case true:
                return new URIBuilder(str).setPort(80).build().toString();
            default:
                return str;
        }
    }

    protected ExtendedMetadataDelegate configureURLMetadata(SamlIdentityProviderDefinition samlIdentityProviderDefinition) throws MetadataProviderException {
        try {
            samlIdentityProviderDefinition = samlIdentityProviderDefinition.m3890clone();
            samlIdentityProviderDefinition.setMetaDataLocation(new String(this.fixedHttpMetaDataProvider.fetchMetadata(adjustURIForPort(samlIdentityProviderDefinition.getMetaDataLocation()), samlIdentityProviderDefinition.isSkipSslValidation()), StandardCharsets.UTF_8));
            return configureXMLMetadata(samlIdentityProviderDefinition);
        } catch (URISyntaxException e) {
            throw new MetadataProviderException("Invalid socket factory(invalid URI):" + samlIdentityProviderDefinition.getMetaDataLocation(), e);
        }
    }

    public IdentityProviderProvisioning getIdentityProviderProvisioning() {
        return this.providerProvisioning;
    }

    public void setIdentityProviderProvisioning(IdentityProviderProvisioning identityProviderProvisioning) {
        this.providerProvisioning = identityProviderProvisioning;
    }

    public BasicParserPool getParserPool() {
        return this.parserPool;
    }

    public void setParserPool(BasicParserPool basicParserPool) {
        this.parserPool = basicParserPool;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
    }

    public void setFixedHttpMetaDataProvider(FixedHttpMetaDataProvider fixedHttpMetaDataProvider) {
        this.fixedHttpMetaDataProvider = fixedHttpMetaDataProvider;
    }
}
