package org.keycloak.protocol.saml;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Objects;
import org.keycloak.Config;
import org.keycloak.dom.saml.v2.metadata.EndpointType;
import org.keycloak.dom.saml.v2.metadata.EntitiesDescriptorType;
import org.keycloak.dom.saml.v2.metadata.EntityDescriptorType;
import org.keycloak.dom.saml.v2.metadata.IndexedEndpointType;
import org.keycloak.dom.saml.v2.metadata.KeyDescriptorType;
import org.keycloak.dom.saml.v2.metadata.KeyTypes;
import org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType;
import org.keycloak.exportimport.ClientDescriptionConverter;
import org.keycloak.exportimport.ClientDescriptionConverterFactory;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.saml.SignatureAlgorithm;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.processing.core.parsers.saml.SAMLParser;
import org.keycloak.saml.processing.core.saml.v2.util.SAMLMetadataUtil;

/* loaded from: input_file:org/keycloak/protocol/saml/EntityDescriptorDescriptionConverter.class */
public class EntityDescriptorDescriptionConverter implements ClientDescriptionConverter, ClientDescriptionConverterFactory {
    public static final String ID = "saml2-entity-descriptor";

    @Override // org.keycloak.exportimport.ClientDescriptionConverterFactory
    public boolean isSupported(String str) {
        String trim = str.trim();
        return trim.startsWith("<") && trim.endsWith(">") && trim.contains("EntityDescriptor");
    }

    @Override // org.keycloak.exportimport.ClientDescriptionConverter
    public ClientRepresentation convertToInternal(String str) {
        return loadEntityDescriptors(new ByteArrayInputStream(str.getBytes()));
    }

    public static SPSSODescriptorType getSPDescriptor(EntityDescriptorType entityDescriptorType) {
        return (SPSSODescriptorType) entityDescriptorType.getChoiceType().stream().flatMap(eDTChoiceType -> {
            return eDTChoiceType.getDescriptors().stream();
        }).map((v0) -> {
            return v0.getSpDescriptor();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).findFirst().orElse(null);
    }

    public static String getServiceURL(SPSSODescriptorType sPSSODescriptorType, String str) {
        for (IndexedEndpointType indexedEndpointType : sPSSODescriptorType.getAssertionConsumerService()) {
            if (Objects.equals(indexedEndpointType.getBinding().toString(), str)) {
                return indexedEndpointType.getLocation().toString();
            }
        }
        return null;
    }

    private static ClientRepresentation loadEntityDescriptors(InputStream inputStream) {
        EntitiesDescriptorType entitiesDescriptorType;
        try {
            Object parse = SAMLParser.getInstance().parse(inputStream);
            if (EntitiesDescriptorType.class.isInstance(parse)) {
                entitiesDescriptorType = (EntitiesDescriptorType) parse;
            } else {
                entitiesDescriptorType = new EntitiesDescriptorType();
                entitiesDescriptorType.addEntityDescriptor(parse);
            }
            if (entitiesDescriptorType.getEntityDescriptor().size() != 1) {
                throw new RuntimeException("Expected one entity descriptor");
            }
            EntityDescriptorType entityDescriptorType = (EntityDescriptorType) entitiesDescriptorType.getEntityDescriptor().get(0);
            String entityID = entityDescriptorType.getEntityID();
            ClientRepresentation clientRepresentation = new ClientRepresentation();
            clientRepresentation.setClientId(entityID);
            HashMap hashMap = new HashMap();
            clientRepresentation.setAttributes(hashMap);
            LinkedList linkedList = new LinkedList();
            clientRepresentation.setRedirectUris(linkedList);
            clientRepresentation.setFullScopeAllowed(true);
            clientRepresentation.setProtocol("saml");
            hashMap.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
            hashMap.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE_KEYINFO_EXT, SamlProtocol.ATTRIBUTE_FALSE_VALUE);
            hashMap.put(SamlConfigAttributes.SAML_SIGNATURE_ALGORITHM, SignatureAlgorithm.RSA_SHA256.toString());
            hashMap.put(SamlConfigAttributes.SAML_AUTHNSTATEMENT, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
            SPSSODescriptorType sPDescriptor = getSPDescriptor(entityDescriptorType);
            if (sPDescriptor.isWantAssertionsSigned().booleanValue()) {
                hashMap.put(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
            }
            String logoutLocation = getLogoutLocation(sPDescriptor, JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
            if (logoutLocation != null) {
                hashMap.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, logoutLocation);
            }
            String logoutLocation2 = getLogoutLocation(sPDescriptor, JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get());
            if (logoutLocation2 != null) {
                hashMap.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE, logoutLocation2);
            }
            String serviceURL = getServiceURL(sPDescriptor, JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
            if (serviceURL != null) {
                hashMap.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, serviceURL);
                linkedList.add(serviceURL);
            }
            String serviceURL2 = getServiceURL(sPDescriptor, JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get());
            if (serviceURL2 != null) {
                hashMap.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE, serviceURL2);
                linkedList.add(serviceURL2);
            }
            String serviceURL3 = getServiceURL(sPDescriptor, JBossSAMLURIConstants.SAML_SOAP_BINDING.get());
            if (serviceURL3 != null) {
                linkedList.add(serviceURL3);
            }
            String serviceURL4 = getServiceURL(sPDescriptor, JBossSAMLURIConstants.SAML_PAOS_BINDING.get());
            if (serviceURL4 != null) {
                linkedList.add(serviceURL4);
            }
            if (sPDescriptor.getNameIDFormat() != null) {
                Iterator it = sPDescriptor.getNameIDFormat().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String samlNameIDFormatToClientAttribute = SamlClient.samlNameIDFormatToClientAttribute((String) it.next());
                    if (samlNameIDFormatToClientAttribute != null) {
                        hashMap.put(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, samlNameIDFormatToClientAttribute);
                        break;
                    }
                }
            }
            for (KeyDescriptorType keyDescriptorType : sPDescriptor.getKeyDescriptor()) {
                try {
                    String pemFromCertificate = KeycloakModelUtils.getPemFromCertificate(SAMLMetadataUtil.getCertificate(keyDescriptorType));
                    if (keyDescriptorType.getUse() == KeyTypes.SIGNING) {
                        hashMap.put(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
                        hashMap.put(SamlConfigAttributes.SAML_SIGNING_CERTIFICATE_ATTRIBUTE, pemFromCertificate);
                    } else if (keyDescriptorType.getUse() == KeyTypes.ENCRYPTION) {
                        hashMap.put(SamlConfigAttributes.SAML_ENCRYPT, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
                        hashMap.put(SamlConfigAttributes.SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE, pemFromCertificate);
                    }
                } catch (ProcessingException e) {
                    throw new RuntimeException((Throwable) e);
                } catch (ConfigurationException e2) {
                    throw new RuntimeException((Throwable) e2);
                }
            }
            return clientRepresentation;
        } catch (ParsingException e3) {
            throw new RuntimeException((Throwable) e3);
        }
    }

    private static String getLogoutLocation(SPSSODescriptorType sPSSODescriptorType, String str) {
        String str2 = null;
        Iterator it = sPSSODescriptorType.getSingleLogoutService().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            EndpointType endpointType = (EndpointType) it.next();
            if (endpointType.getBinding().toString().equals(str)) {
                str2 = endpointType.getLocation() != null ? endpointType.getLocation().toString() : null;
            }
        }
        return str2;
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public ClientDescriptionConverter m260create(KeycloakSession keycloakSession) {
        return this;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public void close() {
    }

    public String getId() {
        return "saml2-entity-descriptor";
    }
}
