package org.elasticsearch.xpack.idp.saml.idp;

import java.net.URL;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import org.elasticsearch.common.Strings;
import org.elasticsearch.xpack.idp.saml.idp.SamlIdentityProvider;
import org.opensaml.saml.saml2.metadata.ContactPerson;
import org.opensaml.saml.saml2.metadata.EmailAddress;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.GivenName;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.NameIDFormat;
import org.opensaml.saml.saml2.metadata.Organization;
import org.opensaml.saml.saml2.metadata.OrganizationDisplayName;
import org.opensaml.saml.saml2.metadata.OrganizationName;
import org.opensaml.saml.saml2.metadata.OrganizationURL;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml.saml2.metadata.SurName;
import org.opensaml.saml.saml2.metadata.impl.ContactPersonBuilder;
import org.opensaml.saml.saml2.metadata.impl.EmailAddressBuilder;
import org.opensaml.saml.saml2.metadata.impl.EntityDescriptorBuilder;
import org.opensaml.saml.saml2.metadata.impl.GivenNameBuilder;
import org.opensaml.saml.saml2.metadata.impl.IDPSSODescriptorBuilder;
import org.opensaml.saml.saml2.metadata.impl.KeyDescriptorBuilder;
import org.opensaml.saml.saml2.metadata.impl.NameIDFormatBuilder;
import org.opensaml.saml.saml2.metadata.impl.OrganizationBuilder;
import org.opensaml.saml.saml2.metadata.impl.OrganizationDisplayNameBuilder;
import org.opensaml.saml.saml2.metadata.impl.OrganizationNameBuilder;
import org.opensaml.saml.saml2.metadata.impl.OrganizationURLBuilder;
import org.opensaml.saml.saml2.metadata.impl.SingleLogoutServiceBuilder;
import org.opensaml.saml.saml2.metadata.impl.SingleSignOnServiceBuilder;
import org.opensaml.saml.saml2.metadata.impl.SurNameBuilder;
import org.opensaml.security.credential.UsageType;
import org.opensaml.xmlsec.keyinfo.KeyInfoSupport;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.impl.KeyInfoBuilder;

/* loaded from: input_file:org/elasticsearch/xpack/idp/saml/idp/SamlIdPMetadataBuilder.class */
public class SamlIdPMetadataBuilder {
    private final String entityId;
    private SamlIdentityProvider.OrganizationInfo organization;
    private Map<String, URL> singleSignOnServiceUrls = new HashMap();
    private Map<String, URL> singleLogoutServiceUrls = new HashMap();
    private Locale locale = Locale.getDefault();
    private final List<SamlIdentityProvider.ContactInfo> contacts = new ArrayList();
    private Set<String> nameIdFormats = new HashSet();
    private List<X509Certificate> signingCertificates = new ArrayList();
    private boolean wantAuthnRequestsSigned = false;

    public SamlIdPMetadataBuilder(String str) {
        this.entityId = str;
    }

    public SamlIdPMetadataBuilder withLocale(Locale locale) {
        this.locale = locale;
        return this;
    }

    public SamlIdPMetadataBuilder withNameIdFormat(String str) {
        if (!Strings.isNullOrEmpty(str)) {
            this.nameIdFormats.add(str);
        }
        return this;
    }

    public SamlIdPMetadataBuilder wantAuthnRequestsSigned(boolean z) {
        this.wantAuthnRequestsSigned = z;
        return this;
    }

    public SamlIdPMetadataBuilder withSingleSignOnServiceUrl(String str, URL url) {
        if (null != url) {
            this.singleSignOnServiceUrls.put(str, url);
        }
        return this;
    }

    public SamlIdPMetadataBuilder withSingleLogoutServiceUrl(String str, URL url) {
        if (null != url) {
            this.singleLogoutServiceUrls.put(str, url);
        }
        return this;
    }

    public SamlIdPMetadataBuilder withSigningCertificates(List<X509Certificate> list) {
        if (null != list) {
            this.signingCertificates.addAll(list);
        }
        return this;
    }

    public SamlIdPMetadataBuilder withSigningCertificate(X509Certificate x509Certificate) {
        return null != x509Certificate ? withSigningCertificates(Collections.singletonList(x509Certificate)) : this;
    }

    public SamlIdPMetadataBuilder organization(SamlIdentityProvider.OrganizationInfo organizationInfo) {
        if (null != organizationInfo) {
            this.organization = organizationInfo;
        }
        return this;
    }

    public SamlIdPMetadataBuilder organization(String str, String str2, String str3) {
        return organization(new SamlIdentityProvider.OrganizationInfo(str, str2, str3));
    }

    public SamlIdPMetadataBuilder withContact(SamlIdentityProvider.ContactInfo contactInfo) {
        if (null != contactInfo) {
            this.contacts.add(contactInfo);
        }
        return this;
    }

    public SamlIdPMetadataBuilder withContact(String str, String str2, String str3, String str4) {
        return withContact(new SamlIdentityProvider.ContactInfo(SamlIdentityProvider.ContactInfo.getType(str), str2, str3, str4));
    }

    public EntityDescriptor build() throws CertificateEncodingException {
        IDPSSODescriptor buildObject = new IDPSSODescriptorBuilder().buildObject();
        buildObject.removeAllSupportedProtocols();
        buildObject.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
        buildObject.setWantAuthnRequestsSigned(Boolean.valueOf(this.wantAuthnRequestsSigned));
        if (!this.nameIdFormats.isEmpty()) {
            buildObject.getNameIDFormats().addAll(buildNameIDFormats());
        }
        if (!this.singleSignOnServiceUrls.isEmpty()) {
            buildObject.getSingleSignOnServices().addAll(buildSingleSignOnServices());
        }
        if (!this.singleLogoutServiceUrls.isEmpty()) {
            buildObject.getSingleLogoutServices().addAll(buildSingleLogoutServices());
        }
        buildObject.getKeyDescriptors().addAll(buildKeyDescriptors());
        EntityDescriptor buildObject2 = new EntityDescriptorBuilder().buildObject();
        buildObject2.setEntityID(this.entityId);
        buildObject2.getRoleDescriptors().add(buildObject);
        if (this.organization != null) {
            buildObject2.setOrganization(buildOrganization());
        }
        Iterator<SamlIdentityProvider.ContactInfo> it = this.contacts.iterator();
        while (it.hasNext()) {
            buildObject2.getContactPersons().add(buildContact(it.next()));
        }
        return buildObject2;
    }

    private List<SingleSignOnService> buildSingleSignOnServices() {
        ArrayList arrayList = new ArrayList();
        if (this.singleSignOnServiceUrls.isEmpty()) {
            throw new IllegalStateException("At least one SingleSignOnService URL should be specified");
        }
        for (Map.Entry<String, URL> entry : this.singleSignOnServiceUrls.entrySet()) {
            SingleSignOnService buildObject = new SingleSignOnServiceBuilder().buildObject();
            buildObject.setBinding(entry.getKey());
            buildObject.setLocation(entry.getValue().toString());
            arrayList.add(buildObject);
        }
        return arrayList;
    }

    private List<SingleLogoutService> buildSingleLogoutServices() {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, URL> entry : this.singleLogoutServiceUrls.entrySet()) {
            SingleLogoutService buildObject = new SingleLogoutServiceBuilder().buildObject();
            buildObject.setBinding(entry.getKey());
            buildObject.setLocation(entry.getValue().toString());
            arrayList.add(buildObject);
        }
        return arrayList;
    }

    private List<NameIDFormat> buildNameIDFormats() {
        ArrayList arrayList = new ArrayList();
        if (this.nameIdFormats.isEmpty()) {
            throw new IllegalStateException("NameID format has not been specified");
        }
        for (String str : this.nameIdFormats) {
            NameIDFormat buildObject = new NameIDFormatBuilder().buildObject();
            buildObject.setURI(str);
            arrayList.add(buildObject);
        }
        return arrayList;
    }

    private List<? extends KeyDescriptor> buildKeyDescriptors() throws CertificateEncodingException {
        if (this.signingCertificates.isEmpty()) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : this.signingCertificates) {
            if (x509Certificate != null) {
                KeyDescriptor buildObject = new KeyDescriptorBuilder().buildObject();
                buildObject.setUse(UsageType.SIGNING);
                KeyInfo buildObject2 = new KeyInfoBuilder().buildObject();
                KeyInfoSupport.addCertificate(buildObject2, x509Certificate);
                buildObject.setKeyInfo(buildObject2);
                arrayList.add(buildObject);
            }
        }
        return arrayList;
    }

    private Organization buildOrganization() {
        String languageTag = this.locale.toLanguageTag();
        OrganizationName buildObject = new OrganizationNameBuilder().buildObject();
        buildObject.setValue(this.organization.organizationName);
        buildObject.setXMLLang(languageTag);
        OrganizationDisplayName buildObject2 = new OrganizationDisplayNameBuilder().buildObject();
        buildObject2.setValue(this.organization.displayName);
        buildObject2.setXMLLang(languageTag);
        OrganizationURL buildObject3 = new OrganizationURLBuilder().buildObject();
        buildObject3.setURI(this.organization.url);
        buildObject3.setXMLLang(languageTag);
        Organization buildObject4 = new OrganizationBuilder().buildObject();
        buildObject4.getOrganizationNames().add(buildObject);
        buildObject4.getDisplayNames().add(buildObject2);
        buildObject4.getURLs().add(buildObject3);
        return buildObject4;
    }

    private static ContactPerson buildContact(SamlIdentityProvider.ContactInfo contactInfo) {
        GivenName buildObject = new GivenNameBuilder().buildObject();
        buildObject.setValue(contactInfo.givenName);
        SurName buildObject2 = new SurNameBuilder().buildObject();
        buildObject2.setValue(contactInfo.surName);
        EmailAddress buildObject3 = new EmailAddressBuilder().buildObject();
        buildObject3.setURI(contactInfo.email);
        ContactPerson buildObject4 = new ContactPersonBuilder().buildObject();
        buildObject4.setType(contactInfo.type);
        buildObject4.setGivenName(buildObject);
        buildObject4.setSurName(buildObject2);
        buildObject4.getEmailAddresses().add(buildObject3);
        return buildObject4;
    }
}
