package net.shibboleth.idp.profile.spring.relyingparty.saml;

import com.google.common.base.Predicate;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.ext.spring.util.SpringSupport;
import net.shibboleth.idp.profile.config.SecurityConfiguration;
import net.shibboleth.idp.saml.profile.config.BasicSAMLArtifactConfiguration;
import net.shibboleth.idp.saml.profile.config.logic.LegacyEncryptionRequirementPredicate;
import net.shibboleth.idp.saml.profile.config.logic.LegacySigningRequirementPredicate;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.xml.ElementSupport;
import org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:net/shibboleth/idp/profile/spring/relyingparty/saml/BaseSAMLProfileConfigurationParser.class */
public abstract class BaseSAMLProfileConfigurationParser extends AbstractSingleBeanDefinitionParser {

    @Nonnull
    private Logger log = LoggerFactory.getLogger(BaseSAMLProfileConfigurationParser.class);
    private boolean artifactAware;
    private BeanFactory embeddedBeans;

    /* JADX INFO: Access modifiers changed from: protected */
    public void setArtifactAware(boolean z) {
        this.artifactAware = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public BeanFactory getEmbeddedBeans() {
        return this.embeddedBeans;
    }

    @Nullable
    protected BeanDefinition getArtifactConfiguration(Element element) {
        BeanDefinitionBuilder genericBeanDefinition = BeanDefinitionBuilder.genericBeanDefinition(BasicSAMLArtifactConfiguration.class);
        if (element.hasAttributeNS(null, "artifactType")) {
            genericBeanDefinition.addPropertyValue("artifactType", element.getAttributeNS(null, "artifactType"));
        }
        if (element.hasAttributeNS(null, "artifactResolutionServiceURL")) {
            genericBeanDefinition.addPropertyValue("artifactResolutionServiceURL", element.getAttributeNS(null, "artifactResolutionServiceURL"));
        }
        if (element.hasAttributeNS(null, "artifactResolutionServiceIndex")) {
            genericBeanDefinition.addPropertyValue("artifactResolutionServiceIndex", element.getAttributeNS(null, "artifactResolutionServiceIndex"));
        } else {
            genericBeanDefinition.addPropertyReference("artifactResolutionServiceIndex", getProfileBeanNamePrefix() + "ArtifactServiceIndex");
        }
        return genericBeanDefinition.getBeanDefinition();
    }

    @Nonnull
    private BeanDefinition predicateFor(@Nullable String str, Class<? extends Predicate> cls) {
        BeanDefinitionBuilder genericBeanDefinition = BeanDefinitionBuilder.genericBeanDefinition(cls);
        genericBeanDefinition.addConstructorArgValue(StringSupport.trimOrNull(str));
        return genericBeanDefinition.getBeanDefinition();
    }

    @Nonnull
    protected BeanDefinition predicateForSigning(@Nullable String str) {
        return predicateFor(str, LegacySigningRequirementPredicate.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public BeanDefinition predicateForEncryption(@Nullable String str) {
        return predicateFor(str, LegacyEncryptionRequirementPredicate.class);
    }

    protected List<String> getAudiences(Element element) {
        return SpringSupport.getElementTextContentAsManagedList(ElementSupport.getChildElementsByTagNameNS(element, RelyingPartySAMLNamespaceHandler.NAMESPACE, "Audience"));
    }

    private void setSecurityConfiguration(Element element, BeanDefinitionBuilder beanDefinitionBuilder, ParserContext parserContext) {
        String attributeNS;
        if (null != getEmbeddedBeans()) {
            SecurityConfiguration securityConfiguration = (SecurityConfiguration) SpringSupport.getBean(getEmbeddedBeans(), SecurityConfiguration.class);
            if (null != securityConfiguration) {
                beanDefinitionBuilder.addPropertyValue("securityConfiguration", securityConfiguration);
                if (element.hasAttributeNS(null, "signingCredentialRef")) {
                    this.log.warn("local beans defined, explicit signingCredentialRef is ignored");
                    return;
                }
                return;
            }
            this.log.debug("embedded beans but no SecurityConfiguration");
        }
        if (element.hasAttributeNS(null, "signingCredentialRef")) {
            attributeNS = element.getAttributeNS(null, "signingCredentialRef");
            this.log.debug("using explicit signing credential reference {}", attributeNS);
        } else {
            this.log.debug("Looking for default signing credential reference");
            Node parentNode = element.getParentNode();
            if (parentNode == null) {
                this.log.debug("no parent to ProfileConfiguration, no defaultSigningCredential set");
                return;
            }
            if (!(parentNode instanceof Element)) {
                this.log.debug("parent of ProfileConfiguration was unrecognizable, no defaultSigningCredential set");
                return;
            }
            Element element2 = (Element) parentNode;
            if (!element2.hasAttributeNS(null, "defaultSigningCredentialRef")) {
                return;
            }
            attributeNS = element2.getAttributeNS(null, "defaultSigningCredentialRef");
            this.log.debug("Using default signing credential reference {}", attributeNS);
        }
        BeanDefinitionBuilder genericBeanDefinition = BeanDefinitionBuilder.genericBeanDefinition(BasicSignatureSigningConfiguration.class);
        genericBeanDefinition.addPropertyReference("signingCredentials", attributeNS);
        BeanDefinitionBuilder genericBeanDefinition2 = BeanDefinitionBuilder.genericBeanDefinition(SecurityConfiguration.class);
        genericBeanDefinition2.addPropertyValue("signatureSigningConfiguration", genericBeanDefinition.getBeanDefinition());
        beanDefinitionBuilder.addPropertyValue("securityConfiguration", genericBeanDefinition2.getBeanDefinition());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder beanDefinitionBuilder) {
        super.doParse(element, parserContext, beanDefinitionBuilder);
        List childElements = ElementSupport.getChildElements(element, SpringSupport.SPRING_BEANS_ELEMENT_NAME);
        if (null != childElements && !childElements.isEmpty()) {
            this.embeddedBeans = SpringSupport.createBeanFactory((Element) childElements.get(0));
        }
        setSecurityConfiguration(element, beanDefinitionBuilder, parserContext);
        if (element.hasAttributeNS(null, "assertionLifetime")) {
            beanDefinitionBuilder.addPropertyValue("assertionLifetime", element.getAttributeNS(null, "assertionLifetime"));
        }
        if (element.hasAttributeNS(null, "includeConditionsNotBefore")) {
            beanDefinitionBuilder.addPropertyValue("includeConditionsNotBefore", element.getAttributeNS(null, "includeConditionsNotBefore"));
        }
        if (this.artifactAware) {
            beanDefinitionBuilder.addPropertyValue("artifactConfiguration", getArtifactConfiguration(element));
        }
        if (element.hasAttributeNS(null, "attributeAuthority")) {
            this.log.warn("Deprecated attribute 'attributeAuthority=\"{}\"' has been ignored", element.getAttributeNS(null, "attributeAuthority"));
        }
        if (element.hasAttributeNS(null, "securityPolicyRef")) {
            this.log.warn("Deprecated attribute 'securityPolicyRef=\"{}\"' has been ignored", element.getAttributeNS(null, "securityPolicyRef"));
        }
        if (element.hasAttributeNS(null, "outboundArtifactType")) {
            this.log.warn("Deprecated attribute 'outboundArtifactType=\"{}\"' has been ignored", element.getAttributeNS(null, "outboundArtifactType"));
        }
        if (element.hasAttributeNS(null, "inboundFlowId")) {
            beanDefinitionBuilder.addPropertyValue("inboundSubflowId", element.getAttributeNS(null, "inboundFlowId"));
        } else {
            beanDefinitionBuilder.addPropertyReference("inboundSubflowId", getProfileBeanNamePrefix() + "InboundFlowId");
        }
        beanDefinitionBuilder.addPropertyValue("outboundSubflowId", element.getAttributeNS(null, "outboundFlowId"));
        if (element.hasAttributeNS(null, "signAssertions")) {
            beanDefinitionBuilder.addPropertyValue("signAssertions", predicateForSigning(element.getAttributeNS(null, "signAssertions")));
        }
        if (element.hasAttributeNS(null, "signRequests")) {
            beanDefinitionBuilder.addPropertyValue("signRequests", predicateForSigning(element.getAttributeNS(null, "signRequests")));
        }
        if (element.hasAttributeNS(null, "signResponses")) {
            beanDefinitionBuilder.addPropertyValue("signResponses", predicateForSigning(element.getAttributeNS(null, "signResponses")));
        }
        beanDefinitionBuilder.addPropertyValue("additionalAudienceForAssertion", getAudiences(element));
    }

    protected boolean shouldGenerateId() {
        return true;
    }

    protected abstract String getProfileBeanNamePrefix();
}
