package net.shibboleth.idp.installer.impl;

import java.io.File;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.function.BiFunction;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.shared.annotation.constraint.Live;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NotLive;
import net.shibboleth.shared.annotation.constraint.Unmodifiable;
import net.shibboleth.shared.codec.Base64Support;
import net.shibboleth.shared.codec.EncodingException;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.collection.Pair;
import net.shibboleth.shared.component.AbstractInitializableComponent;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.NonnullSupplier;
import net.shibboleth.shared.resource.Resource;
import org.opensaml.core.xml.Namespace;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.saml.ext.saml2mdui.Logo;
import org.opensaml.saml.ext.saml2mdui.impl.LogoBuilder;
import org.opensaml.saml.metadata.generator.impl.ArtifactResolutionServiceConverter;
import org.opensaml.saml.metadata.generator.impl.SingleLogoutServiceConverter;
import org.opensaml.saml.metadata.generator.impl.SingleSignOnServiceConverter;
import org.opensaml.saml.metadata.generator.impl.TemplateMetadataGeneratorParameters;
import org.opensaml.saml.saml2.metadata.Endpoint;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.IndexedEndpoint;
import org.opensaml.security.x509.X509Support;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/installer/impl/InstalledMetadataParameters.class */
public class InstalledMetadataParameters extends AbstractInitializableComponent implements TemplateMetadataGeneratorParameters {

    @Nullable
    private File encryptionCert;

    @Nullable
    private File backChannelCert;

    @Nullable
    private File signingCert;

    @NonnullAfterInit
    private String entityID;

    @NonnullAfterInit
    private String dnsName;

    @Nullable
    private String scope;
    static final /* synthetic */ boolean $assertionsDisabled;
    private final Logger log = LoggerFactory.getLogger(InstalledMetadataParameters.class);

    @Nonnull
    private final List<Pair<String, String>> logoutServices = CollectionSupport.singletonList(new Pair("SOAP/", "/idp/profile/SAML2/SOAP/ArtifactResolution"));

    @Nonnull
    private final List<Pair<String, String>> ssoServices = CollectionSupport.listOf(new Pair[]{new Pair("SimpleSign/", "/idp/profile/SAML2/POST-SimpleSign/SSO"), new Pair("Redirect/", "/idp/profile/SAML2/Redirect/SSO"), new Pair("POST/", "idp/profile/SAML2/POST/SSO")});

    @Nonnull
    private final List<Pair<String, String>> artifactServices = CollectionSupport.emptyList();

    protected void doInitialize() throws ComponentInitializationException {
        if (this.entityID == null || this.entityID.isEmpty()) {
            throw new ComponentInitializationException("Entity ID not specified");
        }
        if (this.dnsName == null || this.dnsName.isEmpty()) {
            throw new ComponentInitializationException("DNS name not specified");
        }
    }

    public void setEncryptionCertResource(@Nonnull Resource resource) {
        try {
            this.encryptionCert = resource.getFile();
        } catch (IOException e) {
            this.log.error("Could not open encryption  cert", e);
            this.encryptionCert = null;
        }
    }

    public void setSigningCertResource(@Nonnull Resource resource) {
        try {
            this.signingCert = resource.getFile();
        } catch (IOException e) {
            this.log.error("Could not open signing cert", e);
            this.signingCert = null;
        }
    }

    public void setBackchannelCertResource(@Nonnull Resource resource) {
        try {
            this.backChannelCert = resource.getFile();
        } catch (IOException e) {
            this.log.error("Could not open back channel cert", e);
            this.backChannelCert = null;
        }
    }

    @Nullable
    private String getEncodedCertificate(@Nullable File file) {
        if (file == null) {
            return null;
        }
        try {
            byte[] encoded = X509Support.decodeCertificate(file).getEncoded();
            if ($assertionsDisabled || encoded != null) {
                return Base64Support.encode(encoded, true);
            }
            throw new AssertionError();
        } catch (CertificateException | EncodingException e) {
            this.log.warn("Unable to decode and re-encode certificate at path {}", file, e);
            return null;
        }
    }

    public void setEntityID(@Nonnull String str) {
        this.entityID = str;
    }

    public void setDnsName(@Nonnull String str) {
        this.dnsName = str;
    }

    public void setScope(@Nullable String str) {
        this.scope = str;
    }

    @Nullable
    public String getEntityID() {
        return this.entityID;
    }

    @Nullable
    public Set<Namespace> getAdditionalNamespaces() {
        HashSet hashSet = new HashSet();
        hashSet.add(new Namespace("urn:oasis:names:tc:SAML:metadata:ui", "mdui"));
        if (this.scope != null) {
            hashSet.add(new Namespace("urn:mace:shibboleth:metadata:1.0", "shibmd"));
        }
        return hashSet;
    }

    @Nonnull
    private <T extends Endpoint> Collection<T> convertEndpoints(@Nonnull BiFunction<String, List<String>, T> biFunction, @Nonnull @Live List<String> list, @Nonnull Collection<Pair<String, String>> collection) {
        return (Collection) ((NonnullSupplier) collection.stream().map(pair -> {
            return (Endpoint) biFunction.apply(new StringBuffer((String) pair.getFirst()).append(this.dnsName).append((String) pair.getSecond()).toString(), list);
        }).collect(CollectionSupport.nonnullCollector(Collectors.toUnmodifiableList()))).get();
    }

    @Nullable
    public IDPSSODescriptor getIDPSSODescriptor() {
        IDPSSODescriptor buildObject = XMLObjectProviderRegistrySupport.getBuilderFactory().ensureBuilder(IDPSSODescriptor.DEFAULT_ELEMENT_NAME).buildObject();
        ArrayList arrayList = new ArrayList();
        buildObject.getSingleLogoutServices().addAll(convertEndpoints(new SingleLogoutServiceConverter(), arrayList, this.logoutServices));
        buildObject.getSingleSignOnServices().addAll(convertEndpoints(new SingleSignOnServiceConverter(), arrayList, this.ssoServices));
        buildObject.getArtifactResolutionServices().addAll(convertEndpoints(new ArtifactResolutionServiceConverter(), arrayList, this.artifactServices));
        int i = 1;
        Iterator it = buildObject.getArtifactResolutionServices().iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            ((IndexedEndpoint) it.next()).setIndex(Integer.valueOf(i2));
        }
        Objects.requireNonNull(buildObject);
        arrayList.forEach(buildObject::addSupportedProtocol);
        return buildObject;
    }

    @Unmodifiable
    @Nonnull
    @NotLive
    public List<String> getSigningCertificates() {
        ArrayList arrayList = new ArrayList(2);
        String encodedCertificate = getEncodedCertificate(this.backChannelCert);
        if (encodedCertificate != null) {
            arrayList.add(encodedCertificate);
        }
        String encodedCertificate2 = getEncodedCertificate(this.signingCert);
        if (encodedCertificate2 != null) {
            arrayList.add(encodedCertificate2);
        }
        return arrayList;
    }

    @Unmodifiable
    @Nonnull
    @NotLive
    public List<String> getEncryptionCertificates() {
        String encodedCertificate = getEncodedCertificate(this.encryptionCert);
        return encodedCertificate == null ? CollectionSupport.emptyList() : CollectionSupport.singletonList(encodedCertificate);
    }

    @Nullable
    public String getLang() {
        return "en";
    }

    @Nullable
    public String getDisplayName() {
        return new StringBuffer("A name for the IdP at ").append(this.dnsName).toString();
    }

    @Nullable
    public String getDescription() {
        return new StringBuffer("Enter a description for the IdP at ").append(this.dnsName).toString();
    }

    @Nullable
    public Logo getLogo() {
        Logo buildObject = new LogoBuilder().buildObject();
        buildObject.setHeight(80);
        buildObject.setWidth(80);
        buildObject.setURI(new StringBuffer("https://").append(this.dnsName).append("/path/to/logo.png").toString());
        return buildObject;
    }

    @Unmodifiable
    @Nonnull
    @NotLive
    public List<String> getScopes() {
        String str = this.scope;
        return str == null ? CollectionSupport.emptyList() : CollectionSupport.singletonList(str);
    }

    static {
        $assertionsDisabled = !InstalledMetadataParameters.class.desiredAssertionStatus();
    }
}
