package org.springframework.security.config.saml2;

import java.io.InputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.parsing.CompositeComponentDefinition;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.core.io.DefaultResourceLoader;
import org.springframework.core.io.ResourceLoader;
import org.springframework.security.converter.RsaKeyConverters;
import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/lib/spring-security-config-5.8.8.jar:org/springframework/security/config/saml2/RelyingPartyRegistrationsBeanDefinitionParser.class */
public final class RelyingPartyRegistrationsBeanDefinitionParser implements BeanDefinitionParser {
    private static final String ELT_RELYING_PARTY_REGISTRATION = "relying-party-registration";
    private static final String ELT_SIGNING_CREDENTIAL = "signing-credential";
    private static final String ELT_DECRYPTION_CREDENTIAL = "decryption-credential";
    private static final String ELT_ASSERTING_PARTY = "asserting-party";
    private static final String ELT_VERIFICATION_CREDENTIAL = "verification-credential";
    private static final String ELT_ENCRYPTION_CREDENTIAL = "encryption-credential";
    private static final String ATT_REGISTRATION_ID = "registration-id";
    private static final String ATT_ASSERTING_PARTY_ID = "asserting-party-id";
    private static final String ATT_ENTITY_ID = "entity-id";
    private static final String ATT_METADATA_LOCATION = "metadata-location";
    private static final String ATT_ASSERTION_CONSUMER_SERVICE_LOCATION = "assertion-consumer-service-location";
    private static final String ATT_ASSERTION_CONSUMER_SERVICE_BINDING = "assertion-consumer-service-binding";
    private static final String ATT_PRIVATE_KEY_LOCATION = "private-key-location";
    private static final String ATT_CERTIFICATE_LOCATION = "certificate-location";
    private static final String ATT_WANT_AUTHN_REQUESTS_SIGNED = "want-authn-requests-signed";
    private static final String ATT_SINGLE_SIGN_ON_SERVICE_LOCATION = "single-sign-on-service-location";
    private static final String ATT_SINGLE_SIGN_ON_SERVICE_BINDING = "single-sign-on-service-binding";
    private static final String ATT_SIGNING_ALGORITHMS = "signing-algorithms";
    private static final String ATT_SINGLE_LOGOUT_SERVICE_LOCATION = "single-logout-service-location";
    private static final String ATT_SINGLE_LOGOUT_SERVICE_RESPONSE_LOCATION = "single-logout-service-response-location";
    private static final String ATT_SINGLE_LOGOUT_SERVICE_BINDING = "single-logout-service-binding";
    private static final ResourceLoader resourceLoader = new DefaultResourceLoader();

    @Override // org.springframework.beans.factory.xml.BeanDefinitionParser
    public BeanDefinition parse(Element element, ParserContext parserContext) {
        parserContext.pushContainingComponent(new CompositeComponentDefinition(element.getTagName(), parserContext.extractSource(element)));
        AbstractBeanDefinition beanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) InMemoryRelyingPartyRegistrationRepository.class).addConstructorArgValue(getRelyingPartyRegistrations(element, getAssertingParties(element), parserContext)).getBeanDefinition();
        parserContext.registerBeanComponent(new BeanComponentDefinition(beanDefinition, parserContext.getReaderContext().generateBeanName(beanDefinition)));
        parserContext.popAndRegisterContainingComponent();
        return null;
    }

    private static Map<String, Map<String, Object>> getAssertingParties(Element element) {
        List<Element> childElementsByTagName = DomUtils.getChildElementsByTagName(element, ELT_ASSERTING_PARTY);
        HashMap hashMap = new HashMap();
        for (Element element2 : childElementsByTagName) {
            HashMap hashMap2 = new HashMap();
            String attribute = element2.getAttribute(ATT_ASSERTING_PARTY_ID);
            String attribute2 = element2.getAttribute(ATT_ENTITY_ID);
            String attribute3 = element2.getAttribute(ATT_WANT_AUTHN_REQUESTS_SIGNED);
            String attribute4 = element2.getAttribute(ATT_SINGLE_SIGN_ON_SERVICE_LOCATION);
            String attribute5 = element2.getAttribute(ATT_SINGLE_SIGN_ON_SERVICE_BINDING);
            String attribute6 = element2.getAttribute(ATT_SIGNING_ALGORITHMS);
            String attribute7 = element2.getAttribute(ATT_SINGLE_LOGOUT_SERVICE_LOCATION);
            String attribute8 = element2.getAttribute(ATT_SINGLE_LOGOUT_SERVICE_RESPONSE_LOCATION);
            String attribute9 = element2.getAttribute(ATT_SINGLE_LOGOUT_SERVICE_BINDING);
            hashMap2.put(ATT_ASSERTING_PARTY_ID, attribute);
            hashMap2.put(ATT_ENTITY_ID, attribute2);
            hashMap2.put(ATT_WANT_AUTHN_REQUESTS_SIGNED, attribute3);
            hashMap2.put(ATT_SINGLE_SIGN_ON_SERVICE_LOCATION, attribute4);
            hashMap2.put(ATT_SINGLE_SIGN_ON_SERVICE_BINDING, attribute5);
            hashMap2.put(ATT_SIGNING_ALGORITHMS, attribute6);
            hashMap2.put(ATT_SINGLE_LOGOUT_SERVICE_LOCATION, attribute7);
            hashMap2.put(ATT_SINGLE_LOGOUT_SERVICE_RESPONSE_LOCATION, attribute8);
            hashMap2.put(ATT_SINGLE_LOGOUT_SERVICE_BINDING, attribute9);
            addVerificationCredentials(element2, hashMap2);
            addEncryptionCredentials(element2, hashMap2);
            hashMap.put(attribute, hashMap2);
        }
        return hashMap;
    }

    private static void addVerificationCredentials(Map<String, Object> map, RelyingPartyRegistration.AssertingPartyDetails.Builder builder) {
        List list = (List) map.get(ELT_VERIFICATION_CREDENTIAL);
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(getSaml2VerificationCredential((String) it.next()));
        }
        builder.verificationX509Credentials(collection -> {
            collection.addAll(arrayList);
        });
    }

    private static void addEncryptionCredentials(Map<String, Object> map, RelyingPartyRegistration.AssertingPartyDetails.Builder builder) {
        List list = (List) map.get(ELT_ENCRYPTION_CREDENTIAL);
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(getSaml2EncryptionCredential((String) it.next()));
        }
        builder.encryptionX509Credentials(collection -> {
            collection.addAll(arrayList);
        });
    }

    private static void addVerificationCredentials(Element element, Map<String, Object> map) {
        ArrayList arrayList = new ArrayList();
        Iterator<Element> it = DomUtils.getChildElementsByTagName(element, ELT_VERIFICATION_CREDENTIAL).iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getAttribute(ATT_CERTIFICATE_LOCATION));
        }
        map.put(ELT_VERIFICATION_CREDENTIAL, arrayList);
    }

    private static void addEncryptionCredentials(Element element, Map<String, Object> map) {
        ArrayList arrayList = new ArrayList();
        Iterator<Element> it = DomUtils.getChildElementsByTagName(element, ELT_VERIFICATION_CREDENTIAL).iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getAttribute(ATT_CERTIFICATE_LOCATION));
        }
        map.put(ELT_ENCRYPTION_CREDENTIAL, arrayList);
    }

    private List<RelyingPartyRegistration> getRelyingPartyRegistrations(Element element, Map<String, Map<String, Object>> map, ParserContext parserContext) {
        List<Element> childElementsByTagName = DomUtils.getChildElementsByTagName(element, ELT_RELYING_PARTY_REGISTRATION);
        ArrayList arrayList = new ArrayList();
        for (Element element2 : childElementsByTagName) {
            RelyingPartyRegistration.Builder builderFromMetadataLocationIfPossible = getBuilderFromMetadataLocationIfPossible(element2, map, parserContext);
            addSigningCredentials(element2, builderFromMetadataLocationIfPossible);
            addDecryptionCredentials(element2, builderFromMetadataLocationIfPossible);
            arrayList.add(builderFromMetadataLocationIfPossible.build());
        }
        return arrayList;
    }

    private static RelyingPartyRegistration.Builder getBuilderFromMetadataLocationIfPossible(Element element, Map<String, Map<String, Object>> map, ParserContext parserContext) {
        String attribute = element.getAttribute(ATT_REGISTRATION_ID);
        String attribute2 = element.getAttribute(ATT_METADATA_LOCATION);
        RelyingPartyRegistration.Builder registrationId = StringUtils.hasText(attribute2) ? RelyingPartyRegistrations.fromMetadataLocation(attribute2).registrationId(attribute) : RelyingPartyRegistration.withRegistrationId(attribute).assertingPartyDetails(builder -> {
            buildAssertingParty(element, map, builder, parserContext);
        });
        addRemainingProperties(element, registrationId);
        return registrationId;
    }

    private static void addRemainingProperties(Element element, RelyingPartyRegistration.Builder builder) {
        String attribute = element.getAttribute(ATT_ENTITY_ID);
        String attribute2 = element.getAttribute(ATT_SINGLE_LOGOUT_SERVICE_LOCATION);
        String attribute3 = element.getAttribute(ATT_SINGLE_LOGOUT_SERVICE_RESPONSE_LOCATION);
        Saml2MessageBinding singleLogoutServiceBinding = getSingleLogoutServiceBinding(element);
        String attribute4 = element.getAttribute(ATT_ASSERTION_CONSUMER_SERVICE_LOCATION);
        Saml2MessageBinding assertionConsumerServiceBinding = getAssertionConsumerServiceBinding(element);
        if (StringUtils.hasText(attribute)) {
            builder.entityId(attribute);
        }
        if (StringUtils.hasText(attribute2)) {
            builder.singleLogoutServiceLocation(attribute2);
        }
        if (StringUtils.hasText(attribute3)) {
            builder.singleLogoutServiceResponseLocation(attribute3);
        }
        if (singleLogoutServiceBinding != null) {
            builder.singleLogoutServiceBinding(singleLogoutServiceBinding);
        }
        if (StringUtils.hasText(attribute4)) {
            builder.assertionConsumerServiceLocation(attribute4);
        }
        if (assertionConsumerServiceBinding != null) {
            builder.assertionConsumerServiceBinding(assertionConsumerServiceBinding);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void buildAssertingParty(Element element, Map<String, Map<String, Object>> map, RelyingPartyRegistration.AssertingPartyDetails.Builder builder, ParserContext parserContext) {
        String attribute = element.getAttribute(ATT_ASSERTING_PARTY_ID);
        if (!map.containsKey(attribute)) {
            parserContext.getReaderContext().error(String.format("Could not find asserting party with id %s", attribute), parserContext.extractSource(element));
        }
        Map<String, Object> map2 = map.get(attribute);
        String asString = getAsString(map2, ATT_ENTITY_ID);
        String asString2 = getAsString(map2, ATT_WANT_AUTHN_REQUESTS_SIGNED);
        String asString3 = getAsString(map2, ATT_SINGLE_SIGN_ON_SERVICE_LOCATION);
        String asString4 = getAsString(map2, ATT_SINGLE_SIGN_ON_SERVICE_BINDING);
        Saml2MessageBinding valueOf = StringUtils.hasText(asString4) ? Saml2MessageBinding.valueOf(asString4) : Saml2MessageBinding.REDIRECT;
        String asString5 = getAsString(map2, ATT_SINGLE_LOGOUT_SERVICE_LOCATION);
        String asString6 = getAsString(map2, ATT_SINGLE_LOGOUT_SERVICE_RESPONSE_LOCATION);
        String asString7 = getAsString(map2, ATT_SINGLE_LOGOUT_SERVICE_BINDING);
        builder.entityId(asString).wantAuthnRequestsSigned(Boolean.parseBoolean(asString2)).singleSignOnServiceLocation(asString3).singleSignOnServiceBinding(valueOf).singleLogoutServiceLocation(asString5).singleLogoutServiceResponseLocation(asString6).singleLogoutServiceBinding(StringUtils.hasText(asString7) ? Saml2MessageBinding.valueOf(asString7) : Saml2MessageBinding.REDIRECT);
        addSigningAlgorithms(map2, builder);
        addVerificationCredentials(map2, builder);
        addEncryptionCredentials(map2, builder);
    }

    private static void addSigningAlgorithms(Map<String, Object> map, RelyingPartyRegistration.AssertingPartyDetails.Builder builder) {
        String asString = getAsString(map, ATT_SIGNING_ALGORITHMS);
        if (StringUtils.hasText(asString)) {
            List asList = Arrays.asList(asString.split(","));
            builder.signingAlgorithms(list -> {
                list.addAll(asList);
            });
        }
    }

    private static void addSigningCredentials(Element element, RelyingPartyRegistration.Builder builder) {
        for (Element element2 : DomUtils.getChildElementsByTagName(element, ELT_SIGNING_CREDENTIAL)) {
            String attribute = element2.getAttribute(ATT_PRIVATE_KEY_LOCATION);
            String attribute2 = element2.getAttribute(ATT_CERTIFICATE_LOCATION);
            builder.signingX509Credentials(collection -> {
                collection.add(getSaml2SigningCredential(attribute, attribute2));
            });
        }
    }

    private static void addDecryptionCredentials(Element element, RelyingPartyRegistration.Builder builder) {
        for (Element element2 : DomUtils.getChildElementsByTagName(element, ELT_DECRYPTION_CREDENTIAL)) {
            Saml2X509Credential saml2DecryptionCredential = getSaml2DecryptionCredential(element2.getAttribute(ATT_PRIVATE_KEY_LOCATION), element2.getAttribute(ATT_CERTIFICATE_LOCATION));
            builder.decryptionX509Credentials(collection -> {
                collection.add(saml2DecryptionCredential);
            });
        }
    }

    private static String getAsString(Map<String, Object> map, String str) {
        return (String) map.get(str);
    }

    private static Saml2MessageBinding getAssertionConsumerServiceBinding(Element element) {
        String attribute = element.getAttribute(ATT_ASSERTION_CONSUMER_SERVICE_BINDING);
        if (StringUtils.hasText(attribute)) {
            return Saml2MessageBinding.valueOf(attribute);
        }
        return null;
    }

    private static Saml2MessageBinding getSingleLogoutServiceBinding(Element element) {
        String attribute = element.getAttribute(ATT_SINGLE_LOGOUT_SERVICE_BINDING);
        if (StringUtils.hasText(attribute)) {
            return Saml2MessageBinding.valueOf(attribute);
        }
        return null;
    }

    private static Saml2X509Credential getSaml2VerificationCredential(String str) {
        return getSaml2Credential(str, Saml2X509Credential.Saml2X509CredentialType.VERIFICATION);
    }

    private static Saml2X509Credential getSaml2EncryptionCredential(String str) {
        return getSaml2Credential(str, Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION);
    }

    private static Saml2X509Credential getSaml2SigningCredential(String str, String str2) {
        return getSaml2Credential(str, str2, Saml2X509Credential.Saml2X509CredentialType.SIGNING);
    }

    private static Saml2X509Credential getSaml2DecryptionCredential(String str, String str2) {
        return getSaml2Credential(str, str2, Saml2X509Credential.Saml2X509CredentialType.DECRYPTION);
    }

    private static Saml2X509Credential getSaml2Credential(String str, String str2, Saml2X509Credential.Saml2X509CredentialType saml2X509CredentialType) {
        return new Saml2X509Credential(readPrivateKey(str), readCertificate(str2), new Saml2X509Credential.Saml2X509CredentialType[]{saml2X509CredentialType});
    }

    private static Saml2X509Credential getSaml2Credential(String str, Saml2X509Credential.Saml2X509CredentialType saml2X509CredentialType) {
        return new Saml2X509Credential(readCertificate(str), new Saml2X509Credential.Saml2X509CredentialType[]{saml2X509CredentialType});
    }

    private static RSAPrivateKey readPrivateKey(String str) {
        try {
            InputStream inputStream = resourceLoader.getResource(str).getInputStream();
            Throwable th = null;
            try {
                try {
                    RSAPrivateKey convert = RsaKeyConverters.pkcs8().convert(inputStream);
                    if (inputStream != null) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    return convert;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    private static X509Certificate readCertificate(String str) {
        try {
            InputStream inputStream = resourceLoader.getResource(str).getInputStream();
            Throwable th = null;
            try {
                try {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
                    if (inputStream != null) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    return x509Certificate;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }
}
