package org.keycloak.protocol.saml.installation;

import java.net.URI;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.keycloak.Config;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.ClientInstallationProvider;
import org.keycloak.protocol.saml.SamlClient;
import org.keycloak.services.resources.RealmsResource;

/* loaded from: input_file:org/keycloak/protocol/saml/installation/SamlIDPDescriptorClientInstallation.class */
public class SamlIDPDescriptorClientInstallation implements ClientInstallationProvider {
    public static String getIDPDescriptorForClient(RealmModel realmModel, ClientModel clientModel, URI uri) {
        SamlClient samlClient = new SamlClient(clientModel);
        String str = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<EntityDescriptor entityID=\"" + RealmsResource.realmBaseUrl(UriBuilder.fromUri(uri)).build(new Object[]{realmModel.getName()}).toString() + "\"\n                   xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n                   xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">\n   <IDPSSODescriptor WantAuthnRequestsSigned=\"" + Boolean.toString(samlClient.requiresClientSignature()) + "\"\n      protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n";
        String str2 = (!samlClient.forceNameIDFormat() || samlClient.getNameIDFormat() == null) ? str + "   <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>\n   <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>\n   <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>\n   <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>\n" : str + "   <NameIDFormat>" + samlClient.getNameIDFormat() + "</NameIDFormat>\n";
        String uri2 = RealmsResource.protocolUrl(UriBuilder.fromUri(uri)).build(new Object[]{realmModel.getName(), "saml"}).toString();
        String str3 = str2 + "\n      <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n         Location=\"" + uri2 + "\" />\n";
        if (!samlClient.forcePostBinding()) {
            str3 = str3 + "      <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n         Location=\"" + uri2 + "\" />\n";
        }
        String str4 = str3 + "      <SingleLogoutService\n         Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n         Location=\"" + uri2 + "\" />\n";
        if (!samlClient.forcePostBinding()) {
            str4 = str4 + "      <SingleLogoutService\n         Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n         Location=\"" + uri2 + "\" />\n";
        }
        return str4 + "      <KeyDescriptor use=\"signing\">\n          <dsig:KeyInfo xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">\n              <dsig:X509Data>\n                  <dsig:X509Certificate>\n                      " + realmModel.getCertificatePem() + "\n                  </dsig:X509Certificate>\n              </dsig:X509Data>\n          </dsig:KeyInfo>\n      </KeyDescriptor>\n   </IDPSSODescriptor>\n</EntityDescriptor>\n";
    }

    public Response generateInstallation(KeycloakSession keycloakSession, RealmModel realmModel, ClientModel clientModel, URI uri) {
        return Response.ok(getIDPDescriptorForClient(realmModel, clientModel, uri), MediaType.TEXT_PLAIN_TYPE).build();
    }

    public String getProtocol() {
        return "saml";
    }

    public String getDisplayType() {
        return "SAML Metadata IDPSSODescriptor";
    }

    public String getHelpText() {
        return "SAML Metadata IDSSODescriptor tailored for the client.  This is special because not every client may require things like digital signatures";
    }

    public String getFilename() {
        return "client-tailored-saml-idp-metadata.xml";
    }

    public String getMediaType() {
        return "application/xml";
    }

    public boolean isDownloadOnly() {
        return false;
    }

    public void close() {
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public ClientInstallationProvider m190create(KeycloakSession keycloakSession) {
        return this;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public String getId() {
        return "saml-idp-descriptor";
    }
}
