package org.keycloak.protocol.saml;

import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Type;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.UriInfo;
import org.jboss.resteasy.plugins.providers.multipart.InputPart;
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.resources.admin.RealmAuth;
import org.picketlink.common.constants.JBossSAMLURIConstants;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.common.exceptions.ParsingException;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
import org.picketlink.identity.federation.core.saml.v2.util.SAMLMetadataUtil;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.saml.v2.metadata.EndpointType;
import org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.KeyTypes;
import org.picketlink.identity.federation.saml.v2.metadata.SPSSODescriptorType;

/* loaded from: input_file:org/keycloak/protocol/saml/EntityDescriptorImporterService.class */
public class EntityDescriptorImporterService {
    protected RealmModel realm;
    protected RealmAuth auth;

    public EntityDescriptorImporterService(RealmModel realmModel, RealmAuth realmAuth) {
        this.realm = realmModel;
        this.auth = realmAuth;
    }

    @POST
    @Path("upload")
    @Consumes({"multipart/form-data"})
    public void updateEntityDescriptor(@Context UriInfo uriInfo, MultipartFormDataInput multipartFormDataInput) throws IOException {
        this.auth.requireManage();
        loadEntityDescriptors((InputStream) ((InputPart) ((List) multipartFormDataInput.getFormDataMap().get("file")).get(0)).getBody(InputStream.class, (Type) null), this.realm);
    }

    public static void loadEntityDescriptors(InputStream inputStream, RealmModel realmModel) {
        EntitiesDescriptorType entitiesDescriptorType;
        try {
            Object parse = new SAMLParser().parse(inputStream);
            if (EntitiesDescriptorType.class.isInstance(parse)) {
                entitiesDescriptorType = (EntitiesDescriptorType) parse;
            } else {
                entitiesDescriptorType = new EntitiesDescriptorType();
                entitiesDescriptorType.addEntityDescriptor(parse);
            }
            for (EntityDescriptorType entityDescriptorType : entitiesDescriptorType.getEntityDescriptor()) {
                ApplicationModel addApplication = realmModel.addApplication(entityDescriptorType.getEntityID());
                addApplication.setFullScopeAllowed(true);
                addApplication.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
                addApplication.setAttribute(SamlProtocol.SAML_SERVER_SIGNATURE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
                addApplication.setAttribute(SamlProtocol.SAML_SIGNATURE_ALGORITHM, SignatureAlgorithm.RSA_SHA256.toString());
                addApplication.setAttribute(SamlProtocol.SAML_AUTHNSTATEMENT, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
                SPSSODescriptorType sPDescriptor = CoreConfigUtil.getSPDescriptor(entityDescriptorType);
                if (sPDescriptor.isWantAssertionsSigned().booleanValue()) {
                    addApplication.setAttribute(SamlProtocol.SAML_ASSERTION_SIGNATURE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
                }
                String logoutLocation = getLogoutLocation(sPDescriptor, JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
                if (logoutLocation != null) {
                    addApplication.setManagementUrl(logoutLocation);
                }
                String serviceURL = CoreConfigUtil.getServiceURL(sPDescriptor, JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
                if (serviceURL == null) {
                    serviceURL = CoreConfigUtil.getServiceURL(sPDescriptor, JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get());
                }
                if (serviceURL != null) {
                    addApplication.addRedirectUri(serviceURL);
                }
                for (KeyDescriptorType keyDescriptorType : sPDescriptor.getKeyDescriptor()) {
                    try {
                        String pemFromCertificate = KeycloakModelUtils.getPemFromCertificate(SAMLMetadataUtil.getCertificate(keyDescriptorType));
                        if (keyDescriptorType.getUse() == KeyTypes.SIGNING) {
                            addApplication.setAttribute(SamlProtocol.SAML_CLIENT_SIGNATURE_ATTRIBUTE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
                            addApplication.setAttribute(SamlProtocol.SAML_SIGNING_CERTIFICATE_ATTRIBUTE, pemFromCertificate);
                        } else if (keyDescriptorType.getUse() == KeyTypes.ENCRYPTION) {
                            addApplication.setAttribute(SamlProtocol.SAML_ENCRYPT, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
                            addApplication.setAttribute(SamlProtocol.SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE, pemFromCertificate);
                        }
                    } catch (ConfigurationException e) {
                        throw new RuntimeException((Throwable) e);
                    } catch (ProcessingException e2) {
                        throw new RuntimeException((Throwable) e2);
                    }
                }
            }
        } catch (ParsingException e3) {
            throw new RuntimeException((Throwable) e3);
        }
    }

    public static String getLogoutLocation(SPSSODescriptorType sPSSODescriptorType, String str) {
        String str2 = null;
        Iterator it = sPSSODescriptorType.getSingleLogoutService().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            EndpointType endpointType = (EndpointType) it.next();
            if (endpointType.getBinding().toString().equals(str)) {
                str2 = endpointType.getLocation() != null ? endpointType.getLocation().toString() : null;
            }
        }
        return str2;
    }
}
