package org.elasticsearch.xpack.security.authc.saml;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.collect.MapBuilder;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml.saml2.metadata.ContactPerson;
import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration;
import org.opensaml.saml.saml2.metadata.EmailAddress;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.GivenName;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.NameIDFormat;
import org.opensaml.saml.saml2.metadata.Organization;
import org.opensaml.saml.saml2.metadata.OrganizationDisplayName;
import org.opensaml.saml.saml2.metadata.OrganizationName;
import org.opensaml.saml.saml2.metadata.OrganizationURL;
import org.opensaml.saml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.saml2.metadata.ServiceName;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml.saml2.metadata.SurName;
import org.opensaml.saml.saml2.metadata.impl.AssertionConsumerServiceBuilder;
import org.opensaml.saml.saml2.metadata.impl.AttributeConsumingServiceBuilder;
import org.opensaml.saml.saml2.metadata.impl.ContactPersonBuilder;
import org.opensaml.saml.saml2.metadata.impl.EmailAddressBuilder;
import org.opensaml.saml.saml2.metadata.impl.EntityDescriptorBuilder;
import org.opensaml.saml.saml2.metadata.impl.GivenNameBuilder;
import org.opensaml.saml.saml2.metadata.impl.KeyDescriptorBuilder;
import org.opensaml.saml.saml2.metadata.impl.NameIDFormatBuilder;
import org.opensaml.saml.saml2.metadata.impl.OrganizationBuilder;
import org.opensaml.saml.saml2.metadata.impl.OrganizationDisplayNameBuilder;
import org.opensaml.saml.saml2.metadata.impl.OrganizationNameBuilder;
import org.opensaml.saml.saml2.metadata.impl.OrganizationURLBuilder;
import org.opensaml.saml.saml2.metadata.impl.RequestedAttributeBuilder;
import org.opensaml.saml.saml2.metadata.impl.SPSSODescriptorBuilder;
import org.opensaml.saml.saml2.metadata.impl.ServiceNameBuilder;
import org.opensaml.saml.saml2.metadata.impl.SingleLogoutServiceBuilder;
import org.opensaml.saml.saml2.metadata.impl.SurNameBuilder;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.xmlsec.keyinfo.KeyInfoSupport;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.impl.KeyInfoBuilder;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/saml/SamlSpMetadataBuilder.class */
public class SamlSpMetadataBuilder {
    private final Locale locale;
    private final String entityId;
    private String assertionConsumerServiceUrl;
    private String singleLogoutServiceUrl;
    private X509Certificate signingCertificate;
    private OrganizationInfo organization;
    private List<X509Certificate> encryptionCertificates = new ArrayList();
    private final Map<String, String> attributeNames = new LinkedHashMap();
    private final List<ContactInfo> contacts = new ArrayList();
    private String serviceName = "Elasticsearch";
    private String nameIdFormat = null;
    private Boolean authnRequestsSigned = Boolean.FALSE;

    /* loaded from: input_file:org/elasticsearch/xpack/security/authc/saml/SamlSpMetadataBuilder$ContactInfo.class */
    public static class ContactInfo {
        static final Map<String, ContactPersonTypeEnumeration> TYPES = MapBuilder.newMapBuilder(new LinkedHashMap()).put(ContactPersonTypeEnumeration.ADMINISTRATIVE.toString(), ContactPersonTypeEnumeration.ADMINISTRATIVE).put(ContactPersonTypeEnumeration.BILLING.toString(), ContactPersonTypeEnumeration.BILLING).put(ContactPersonTypeEnumeration.SUPPORT.toString(), ContactPersonTypeEnumeration.SUPPORT).put(ContactPersonTypeEnumeration.TECHNICAL.toString(), ContactPersonTypeEnumeration.TECHNICAL).put(ContactPersonTypeEnumeration.OTHER.toString(), ContactPersonTypeEnumeration.OTHER).map();
        public final ContactPersonTypeEnumeration type;
        public final String givenName;
        public final String surName;
        public final String email;

        public ContactInfo(ContactPersonTypeEnumeration contactPersonTypeEnumeration, String str, String str2, String str3) {
            this.type = (ContactPersonTypeEnumeration) Objects.requireNonNull(contactPersonTypeEnumeration, "Contact Person Type is required");
            this.givenName = str;
            this.surName = str2;
            this.email = str3;
        }

        private static ContactPersonTypeEnumeration getType(String str) {
            ContactPersonTypeEnumeration contactPersonTypeEnumeration = TYPES.get(str.toLowerCase(Locale.ROOT));
            if (contactPersonTypeEnumeration == null) {
                throw new IllegalArgumentException("Invalid contact type " + str + " allowed values are " + Strings.collectionToCommaDelimitedString(TYPES.keySet()));
            }
            return contactPersonTypeEnumeration;
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/security/authc/saml/SamlSpMetadataBuilder$OrganizationInfo.class */
    public static class OrganizationInfo {
        public final String organizationName;
        public final String displayName;
        public final String url;

        public OrganizationInfo(String str, String str2, String str3) {
            if (Strings.isNullOrEmpty(str)) {
                throw new IllegalArgumentException("Organization Name is required");
            }
            if (Strings.isNullOrEmpty(str2)) {
                throw new IllegalArgumentException("Organization Display Name is required");
            }
            if (Strings.isNullOrEmpty(str3)) {
                throw new IllegalArgumentException("Organization URL is required");
            }
            this.organizationName = str;
            this.displayName = str2;
            this.url = str3;
        }
    }

    public SamlSpMetadataBuilder(Locale locale, String str) {
        this.locale = locale;
        this.entityId = str;
    }

    public SamlSpMetadataBuilder nameIdFormat(String str) {
        this.nameIdFormat = str;
        return this;
    }

    public SamlSpMetadataBuilder serviceName(String str) {
        this.serviceName = str;
        return this;
    }

    public SamlSpMetadataBuilder withAttribute(String str, String str2) {
        if (Strings.isNullOrEmpty(str2)) {
            throw new IllegalArgumentException("Attribute name cannot be empty (friendly name was [" + str + "])");
        }
        this.attributeNames.put(str2, str);
        return this;
    }

    public SamlSpMetadataBuilder assertionConsumerServiceUrl(String str) {
        this.assertionConsumerServiceUrl = str;
        return this;
    }

    public SamlSpMetadataBuilder singleLogoutServiceUrl(String str) {
        this.singleLogoutServiceUrl = str;
        return this;
    }

    public SamlSpMetadataBuilder authnRequestsSigned(Boolean bool) {
        this.authnRequestsSigned = bool;
        return this;
    }

    public SamlSpMetadataBuilder signingCertificate(X509Certificate x509Certificate) {
        this.signingCertificate = x509Certificate;
        return this;
    }

    public SamlSpMetadataBuilder signingCredential(X509Credential x509Credential) {
        return signingCertificate(x509Credential == null ? null : x509Credential.getEntityCertificate());
    }

    public SamlSpMetadataBuilder encryptionCertificates(Collection<X509Certificate> collection) {
        if (collection != null) {
            this.encryptionCertificates.addAll(collection);
        }
        return this;
    }

    public SamlSpMetadataBuilder encryptionCredentials(Collection<X509Credential> collection) {
        return encryptionCertificates(collection == null ? Collections.emptyList() : (Collection) collection.stream().map(x509Credential -> {
            return x509Credential.getEntityCertificate();
        }).collect(Collectors.toList()));
    }

    public SamlSpMetadataBuilder organization(OrganizationInfo organizationInfo) {
        this.organization = organizationInfo;
        return this;
    }

    public SamlSpMetadataBuilder organization(String str, String str2, String str3) {
        return organization(new OrganizationInfo(str, str2, str3));
    }

    public SamlSpMetadataBuilder withContact(ContactInfo contactInfo) {
        this.contacts.add(contactInfo);
        return this;
    }

    public SamlSpMetadataBuilder withContact(String str, String str2, String str3, String str4) {
        return withContact(new ContactInfo(ContactInfo.getType(str), str2, str3, str4));
    }

    public EntityDescriptor build() throws Exception {
        SPSSODescriptor buildObject = new SPSSODescriptorBuilder().buildObject();
        buildObject.removeAllSupportedProtocols();
        buildObject.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
        buildObject.setWantAssertionsSigned(true);
        buildObject.setAuthnRequestsSigned(this.authnRequestsSigned);
        if (!Strings.isNullOrEmpty(this.nameIdFormat)) {
            buildObject.getNameIDFormats().add(buildNameIdFormat());
        }
        buildObject.getAssertionConsumerServices().add(buildAssertionConsumerService());
        if (this.attributeNames.size() > 0) {
            buildObject.getAttributeConsumingServices().add(buildAttributeConsumerService());
        }
        if (Strings.hasText(this.singleLogoutServiceUrl)) {
            buildObject.getSingleLogoutServices().add(buildSingleLogoutService());
        }
        buildObject.getKeyDescriptors().addAll(buildKeyDescriptors());
        EntityDescriptor buildObject2 = new EntityDescriptorBuilder().buildObject();
        buildObject2.setEntityID(this.entityId);
        buildObject2.getRoleDescriptors().add(buildObject);
        if (this.organization != null) {
            buildObject2.setOrganization(buildOrganization());
        }
        if (this.contacts.size() > 0) {
            this.contacts.forEach(contactInfo -> {
                buildObject2.getContactPersons().add(buildContact(contactInfo));
            });
        }
        return buildObject2;
    }

    private NameIDFormat buildNameIdFormat() {
        if (Strings.isNullOrEmpty(this.nameIdFormat)) {
            throw new IllegalStateException("NameID format has not been specified");
        }
        NameIDFormat buildObject = new NameIDFormatBuilder().buildObject();
        buildObject.setURI(this.nameIdFormat);
        return buildObject;
    }

    private AssertionConsumerService buildAssertionConsumerService() {
        if (Strings.isNullOrEmpty(this.assertionConsumerServiceUrl)) {
            throw new IllegalStateException("AssertionConsumerService URL has not been specified");
        }
        AssertionConsumerService buildObject = new AssertionConsumerServiceBuilder().buildObject();
        buildObject.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        buildObject.setIndex(1);
        buildObject.setIsDefault(Boolean.TRUE);
        buildObject.setLocation(this.assertionConsumerServiceUrl);
        return buildObject;
    }

    private AttributeConsumingService buildAttributeConsumerService() {
        AttributeConsumingService buildObject = new AttributeConsumingServiceBuilder().buildObject();
        buildObject.setIndex(1);
        buildObject.setIsDefault(true);
        buildObject.getNames().add(buildServiceName());
        this.attributeNames.forEach((str, str2) -> {
            buildObject.getRequestedAttributes().add(buildRequestedAttribute(str2, str));
        });
        return buildObject;
    }

    private ServiceName buildServiceName() {
        ServiceName buildObject = new ServiceNameBuilder().buildObject();
        buildObject.setValue(this.serviceName);
        buildObject.setXMLLang(this.locale.toLanguageTag());
        return buildObject;
    }

    private RequestedAttribute buildRequestedAttribute(String str, String str2) {
        RequestedAttribute buildObject = new RequestedAttributeBuilder().buildObject();
        if (Strings.hasText(str)) {
            buildObject.setFriendlyName(str);
        }
        buildObject.setName(str2);
        buildObject.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
        return buildObject;
    }

    private SingleLogoutService buildSingleLogoutService() {
        SingleLogoutService buildObject = new SingleLogoutServiceBuilder().buildObject();
        buildObject.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        buildObject.setLocation(this.singleLogoutServiceUrl);
        return buildObject;
    }

    private List<? extends KeyDescriptor> buildKeyDescriptors() throws CertificateEncodingException {
        if (this.encryptionCertificates.isEmpty() && this.signingCertificate == null) {
            return Collections.emptyList();
        }
        if (this.encryptionCertificates.size() == 1 && Objects.equals(this.encryptionCertificates.get(0), this.signingCertificate)) {
            return Collections.singletonList(buildKeyDescriptor(this.encryptionCertificates.get(0), UsageType.UNSPECIFIED));
        }
        ArrayList arrayList = new ArrayList();
        if (this.signingCertificate != null) {
            arrayList.add(buildKeyDescriptor(this.signingCertificate, UsageType.SIGNING));
        }
        Iterator<X509Certificate> it = this.encryptionCertificates.iterator();
        while (it.hasNext()) {
            arrayList.add(buildKeyDescriptor(it.next(), UsageType.ENCRYPTION));
        }
        return arrayList;
    }

    private KeyDescriptor buildKeyDescriptor(X509Certificate x509Certificate, UsageType usageType) throws CertificateEncodingException {
        KeyDescriptor buildObject = new KeyDescriptorBuilder().buildObject();
        buildObject.setUse(usageType);
        KeyInfo buildObject2 = new KeyInfoBuilder().buildObject();
        KeyInfoSupport.addCertificate(buildObject2, x509Certificate);
        buildObject.setKeyInfo(buildObject2);
        return buildObject;
    }

    private Organization buildOrganization() {
        String languageTag = this.locale.toLanguageTag();
        OrganizationName buildObject = new OrganizationNameBuilder().buildObject();
        buildObject.setValue(this.organization.organizationName);
        buildObject.setXMLLang(languageTag);
        OrganizationDisplayName buildObject2 = new OrganizationDisplayNameBuilder().buildObject();
        buildObject2.setValue(this.organization.displayName);
        buildObject2.setXMLLang(languageTag);
        OrganizationURL buildObject3 = new OrganizationURLBuilder().buildObject();
        buildObject3.setURI(this.organization.url);
        buildObject3.setXMLLang(languageTag);
        Organization buildObject4 = new OrganizationBuilder().buildObject();
        buildObject4.getOrganizationNames().add(buildObject);
        buildObject4.getDisplayNames().add(buildObject2);
        buildObject4.getURLs().add(buildObject3);
        return buildObject4;
    }

    private ContactPerson buildContact(ContactInfo contactInfo) {
        GivenName buildObject = new GivenNameBuilder().buildObject();
        buildObject.setValue(contactInfo.givenName);
        SurName buildObject2 = new SurNameBuilder().buildObject();
        buildObject2.setValue(contactInfo.surName);
        EmailAddress buildObject3 = new EmailAddressBuilder().buildObject();
        buildObject3.setURI(contactInfo.email);
        ContactPerson buildObject4 = new ContactPersonBuilder().buildObject();
        buildObject4.setType(contactInfo.type);
        buildObject4.setGivenName(buildObject);
        buildObject4.setSurName(buildObject2);
        buildObject4.getEmailAddresses().add(buildObject3);
        return buildObject4;
    }
}
