package org.springframework.security.saml.web;

import java.security.KeyStoreException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.credential.Credential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.security.saml.metadata.MetadataGenerator;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.security.saml.metadata.MetadataMemoryProvider;
import org.springframework.security.saml.util.SAMLUtil;
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.view.InternalResourceView;

@RequestMapping({"/metadata"})
@Controller
/* loaded from: input_file:WEB-INF/classes/org/springframework/security/saml/web/MetadataController.class */
public class MetadataController {
    private final Logger log = LoggerFactory.getLogger(MetadataController.class);

    @Autowired
    MetadataManager metadataManager;

    @Autowired
    KeyManager keyManager;

    /* loaded from: input_file:WEB-INF/classes/org/springframework/security/saml/web/MetadataController$AllowedSSOBindings.class */
    public enum AllowedSSOBindings {
        SSO_POST,
        SSO_PAOS,
        SSO_ARTIFACT,
        HOKSSO_POST,
        HOKSSO_ARTIFACT
    }

    @RequestMapping
    public ModelAndView metadataList() throws MetadataProviderException {
        ModelAndView modelAndView = new ModelAndView(new InternalResourceView("/WEB-INF/security/metadataList.jsp", true));
        modelAndView.addObject("hostedSP", this.metadataManager.getHostedSPName());
        modelAndView.addObject("spList", this.metadataManager.getSPEntityNames());
        modelAndView.addObject("idpList", this.metadataManager.getIDPEntityNames());
        modelAndView.addObject("metadata", this.metadataManager.getAvailableProviders());
        return modelAndView;
    }

    @RequestMapping({"/login"})
    public ModelAndView adminLogin() {
        return new ModelAndView(new InternalResourceView("/WEB-INF/security/adminLogin.jsp", true));
    }

    @RequestMapping({"/refresh"})
    public ModelAndView refreshMetadata() throws MetadataProviderException {
        this.metadataManager.refreshMetadata();
        return metadataList();
    }

    @RequestMapping({"/provider"})
    public ModelAndView displayProvider(@RequestParam("providerIndex") int i) {
        ModelAndView modelAndView = new ModelAndView(new InternalResourceView("/WEB-INF/security/providerView.jsp", true));
        modelAndView.addObject("provider", this.metadataManager.getAvailableProviders().get(i));
        modelAndView.addObject("providerIndex", Integer.valueOf(i));
        return modelAndView;
    }

    @RequestMapping({"/removeProvider"})
    public ModelAndView removeProvider(@RequestParam int i) throws MetadataProviderException {
        this.metadataManager.removeMetadataProvider(this.metadataManager.getAvailableProviders().get(i));
        return metadataList();
    }

    @RequestMapping({"/generate"})
    public ModelAndView generateMetadata(HttpServletRequest httpServletRequest) throws KeyStoreException {
        ModelAndView modelAndView = new ModelAndView(new InternalResourceView("/WEB-INF/security/metadataGenerator.jsp", true));
        MetadataForm metadataForm = new MetadataForm();
        modelAndView.addObject("availableKeys", getAvailablePrivateKeys());
        metadataForm.setBaseURL(getBaseURL(httpServletRequest));
        metadataForm.setEntityId(getEntityId(httpServletRequest));
        metadataForm.setNameID((String[]) MetadataGenerator.defaultNameID.toArray(new String[MetadataGenerator.defaultNameID.size()]));
        modelAndView.addObject("metadata", metadataForm);
        return modelAndView;
    }

    @RequestMapping({"/create"})
    public ModelAndView createMetadata(@ModelAttribute("metadata") MetadataForm metadataForm, BindingResult bindingResult) throws MetadataProviderException, MarshallingException, KeyStoreException {
        new MetadataValidator(this.metadataManager).validate(metadataForm, bindingResult);
        if (bindingResult.hasErrors()) {
            ModelAndView modelAndView = new ModelAndView(new InternalResourceView("/WEB-INF/security/metadataGenerator.jsp", true));
            modelAndView.addObject("availableKeys", getAvailablePrivateKeys());
            return modelAndView;
        }
        ExtendedMetadata extendedMetadata = new ExtendedMetadata();
        MetadataGenerator metadataGenerator = new MetadataGenerator();
        metadataGenerator.setKeyManager(this.keyManager);
        metadataGenerator.setExtendedMetadata(extendedMetadata);
        metadataGenerator.setEntityId(metadataForm.getEntityId());
        metadataGenerator.setEntityBaseURL(metadataForm.getBaseURL());
        metadataGenerator.setRequestSigned(metadataForm.isRequestSigned());
        metadataGenerator.setWantAssertionSigned(metadataForm.isWantAssertionSigned());
        LinkedList linkedList = new LinkedList();
        LinkedList linkedList2 = new LinkedList();
        String ssoDefaultBinding = metadataForm.getSsoDefaultBinding();
        int i = 0;
        for (String str : metadataForm.getSsoBindings()) {
            if (str.equalsIgnoreCase(ssoDefaultBinding)) {
                i = linkedList.size() + linkedList2.size();
            }
            if (AllowedSSOBindings.SSO_POST.toString().equalsIgnoreCase(str)) {
                linkedList.add(SAMLConstants.SAML2_POST_BINDING_URI);
            } else if (AllowedSSOBindings.SSO_ARTIFACT.toString().equalsIgnoreCase(str)) {
                linkedList.add(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
            } else if (AllowedSSOBindings.SSO_PAOS.toString().equalsIgnoreCase(str)) {
                linkedList.add(SAMLConstants.SAML2_PAOS_BINDING_URI);
            } else if (AllowedSSOBindings.HOKSSO_POST.toString().equalsIgnoreCase(str)) {
                linkedList2.add(SAMLConstants.SAML2_POST_BINDING_URI);
            } else if (AllowedSSOBindings.HOKSSO_ARTIFACT.toString().equalsIgnoreCase(str)) {
                linkedList2.add(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
            }
        }
        metadataGenerator.setBindingsSSO(linkedList);
        metadataGenerator.setBindingsHoKSSO(linkedList2);
        metadataGenerator.setAssertionConsumerIndex(i);
        metadataGenerator.setNameID(Arrays.asList(metadataForm.getNameID()));
        extendedMetadata.setSigningKey(metadataForm.getSigningKey());
        extendedMetadata.setEncryptionKey(metadataForm.getEncryptionKey());
        if (StringUtils.hasLength(metadataForm.getTlsKey())) {
            extendedMetadata.setTlsKey(metadataForm.getTlsKey());
        }
        if (metadataForm.isIncludeDiscovery()) {
            extendedMetadata.setIdpDiscoveryEnabled(true);
            metadataGenerator.setIncludeDiscoveryExtension(metadataForm.isIncludeDiscoveryExtension());
            if (metadataForm.getCustomDiscoveryURL() != null && metadataForm.getCustomDiscoveryURL().length() > 0) {
                extendedMetadata.setIdpDiscoveryURL(metadataForm.getCustomDiscoveryURL());
            }
            if (metadataForm.getCustomDiscoveryResponseURL() != null && metadataForm.getCustomDiscoveryResponseURL().length() > 0) {
                extendedMetadata.setIdpDiscoveryResponseURL(metadataForm.getCustomDiscoveryResponseURL());
            }
        } else {
            extendedMetadata.setIdpDiscoveryEnabled(false);
            metadataGenerator.setIncludeDiscoveryExtension(false);
        }
        if (StringUtils.hasLength(metadataForm.getAlias())) {
            extendedMetadata.setAlias(metadataForm.getAlias());
        }
        extendedMetadata.setSecurityProfile(metadataForm.getSecurityProfile());
        extendedMetadata.setSslSecurityProfile(metadataForm.getSslSecurityProfile());
        extendedMetadata.setRequireLogoutRequestSigned(metadataForm.isRequireLogoutRequestSigned());
        extendedMetadata.setRequireLogoutResponseSigned(metadataForm.isRequireLogoutResponseSigned());
        extendedMetadata.setRequireArtifactResolveSigned(metadataForm.isRequireArtifactResolveSigned());
        extendedMetadata.setSslHostnameVerification(metadataForm.getSslHostnameVerification());
        extendedMetadata.setSignMetadata(metadataForm.isSignMetadata());
        if (StringUtils.hasLength(metadataForm.getSigningAlgorithm())) {
            extendedMetadata.setSigningAlgorithm(metadataForm.getSigningAlgorithm());
        }
        EntityDescriptor generateMetadata = metadataGenerator.generateMetadata();
        ExtendedMetadata generateExtendedMetadata = metadataGenerator.generateExtendedMetadata();
        if (metadataForm.isStore()) {
            MetadataMemoryProvider metadataMemoryProvider = new MetadataMemoryProvider(generateMetadata);
            metadataMemoryProvider.initialize();
            this.metadataManager.addMetadataProvider(new ExtendedMetadataDelegate(metadataMemoryProvider, generateExtendedMetadata));
            this.metadataManager.setHostedSPName(generateMetadata.getEntityID());
            this.metadataManager.setRefreshRequired(true);
            this.metadataManager.refreshMetadata();
        }
        return displayMetadata(generateMetadata, generateExtendedMetadata);
    }

    @RequestMapping({"/display"})
    public ModelAndView displayMetadata(@RequestParam("entityId") String str) throws MetadataProviderException, MarshallingException {
        EntityDescriptor entityDescriptor = this.metadataManager.getEntityDescriptor(str);
        ExtendedMetadata extendedMetadata = this.metadataManager.getExtendedMetadata(str);
        if (entityDescriptor == null) {
            throw new MetadataProviderException("Metadata with ID " + str + " not found");
        }
        return displayMetadata(entityDescriptor, extendedMetadata);
    }

    protected ModelAndView displayMetadata(EntityDescriptor entityDescriptor, ExtendedMetadata extendedMetadata) throws MarshallingException {
        MetadataForm metadataForm = new MetadataForm();
        String fileName = getFileName(entityDescriptor);
        metadataForm.setLocal(extendedMetadata.isLocal());
        metadataForm.setSecurityProfile(extendedMetadata.getSecurityProfile());
        metadataForm.setSslSecurityProfile(extendedMetadata.getSslSecurityProfile());
        metadataForm.setSerializedMetadata(getMetadataAsString(entityDescriptor, extendedMetadata));
        metadataForm.setConfiguration(getConfiguration(fileName, extendedMetadata));
        metadataForm.setEntityId(entityDescriptor.getEntityID());
        metadataForm.setAlias(extendedMetadata.getAlias());
        metadataForm.setRequireArtifactResolveSigned(extendedMetadata.isRequireArtifactResolveSigned());
        metadataForm.setRequireLogoutRequestSigned(extendedMetadata.isRequireLogoutRequestSigned());
        metadataForm.setRequireLogoutResponseSigned(extendedMetadata.isRequireLogoutResponseSigned());
        metadataForm.setEncryptionKey(extendedMetadata.getEncryptionKey());
        metadataForm.setSigningKey(extendedMetadata.getSigningKey());
        metadataForm.setTlsKey(extendedMetadata.getTlsKey());
        metadataForm.setSslHostnameVerification(extendedMetadata.getSslHostnameVerification());
        metadataForm.setSignMetadata(extendedMetadata.isSignMetadata());
        metadataForm.setSigningAlgorithm(extendedMetadata.getSigningAlgorithm());
        metadataForm.setIncludeDiscovery(extendedMetadata.isIdpDiscoveryEnabled());
        metadataForm.setCustomDiscoveryURL(extendedMetadata.getIdpDiscoveryResponseURL());
        metadataForm.setCustomDiscoveryResponseURL(extendedMetadata.getIdpDiscoveryURL());
        ModelAndView modelAndView = new ModelAndView(new InternalResourceView("/WEB-INF/security/metadataView.jsp", true));
        modelAndView.addObject("metadata", metadataForm);
        modelAndView.addObject("storagePath", fileName);
        return modelAndView;
    }

    protected String getMetadataAsString(EntityDescriptor entityDescriptor, ExtendedMetadata extendedMetadata) throws MarshallingException {
        return SAMLUtil.getMetadataAsString(this.metadataManager, this.keyManager, entityDescriptor, extendedMetadata);
    }

    protected String getBaseURL(HttpServletRequest httpServletRequest) {
        String str = httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort() + httpServletRequest.getContextPath();
        this.log.debug("Base URL {}", str);
        return str;
    }

    protected String getEntityId(HttpServletRequest httpServletRequest) {
        this.log.debug("Server name used as entity id {}", httpServletRequest.getServerName());
        return httpServletRequest.getServerName();
    }

    protected Map<String, String> getAvailablePrivateKeys() throws KeyStoreException {
        HashMap hashMap = new HashMap();
        for (String str : this.keyManager.getAvailableCredentials()) {
            try {
                this.log.debug("Found key {}", str);
                Credential credential = this.keyManager.getCredential(str);
                if (credential.getPrivateKey() != null) {
                    this.log.debug("Adding private key with alias {} and entityID {}", str, credential.getEntityId());
                    hashMap.put(str, str + " (" + credential.getEntityId() + ")");
                }
            } catch (Exception e) {
                this.log.debug("Error loading key", (Throwable) e);
            }
        }
        return hashMap;
    }

    protected String getFileName(EntityDescriptor entityDescriptor) {
        StringBuilder sb = new StringBuilder();
        for (char c : entityDescriptor.getEntityID().toCharArray()) {
            Character valueOf = Character.valueOf(c);
            if (Character.isJavaIdentifierPart(valueOf.charValue())) {
                sb.append(valueOf);
            }
        }
        if (sb.length() <= 0) {
            return "default_sp.xml";
        }
        sb.append("_sp.xml");
        return sb.toString();
    }

    protected String getConfiguration(String str, ExtendedMetadata extendedMetadata) {
        StringBuilder sb = new StringBuilder();
        sb.append("<bean class=\"org.springframework.security.saml.metadata.ExtendedMetadataDelegate\">\n    <constructor-arg>\n        <bean class=\"org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider\">\n            <constructor-arg>\n                <bean class=\"java.util.Timer\"/>\n            </constructor-arg>\n            <constructor-arg>\n                <bean class=\"org.opensaml.util.resource.ClasspathResource\">\n                    <constructor-arg value=\"/metadata/").append(str).append("\"/>\n                </bean>\n            </constructor-arg>\n            <property name=\"parserPool\" ref=\"parserPool\"/>\n        </bean>\n    </constructor-arg>\n    <constructor-arg>\n        <bean class=\"org.springframework.security.saml.metadata.ExtendedMetadata\">\n           <property name=\"local\" value=\"true\"/>\n");
        if (extendedMetadata.getAlias() != null) {
            sb.append("           <property name=\"alias\" value=\"").append(extendedMetadata.getAlias()).append("\"/>\n");
        }
        sb.append("           <property name=\"securityProfile\" value=\"").append(extendedMetadata.getSecurityProfile()).append("\"/>\n           <property name=\"sslSecurityProfile\" value=\"").append(extendedMetadata.getSslSecurityProfile()).append("\"/>\n           <property name=\"sslHostnameVerification\" value=\"").append(extendedMetadata.getSslHostnameVerification()).append("\"/>\n           <property name=\"signMetadata\" value=\"").append(extendedMetadata.isSignMetadata()).append("\"/>\n           <property name=\"signingKey\" value=\"").append(extendedMetadata.getSigningKey()).append("\"/>\n           <property name=\"encryptionKey\" value=\"").append(extendedMetadata.getEncryptionKey()).append("\"/>\n");
        if (extendedMetadata.getTlsKey() != null) {
            sb.append("           <property name=\"tlsKey\" value=\"").append(extendedMetadata.getTlsKey()).append("\"/>\n");
        }
        if (extendedMetadata.getSigningAlgorithm() != null) {
            sb.append("           <property name=\"signingAlgorithm\" value=\"").append(extendedMetadata.getSigningAlgorithm()).append("\"/>\n");
        }
        sb.append("           <property name=\"requireArtifactResolveSigned\" value=\"").append(extendedMetadata.isRequireArtifactResolveSigned()).append("\"/>\n           <property name=\"requireLogoutRequestSigned\" value=\"").append(extendedMetadata.isRequireLogoutRequestSigned()).append("\"/>\n           <property name=\"requireLogoutResponseSigned\" value=\"").append(extendedMetadata.isRequireLogoutResponseSigned()).append("\"/>\n");
        sb.append("           <property name=\"idpDiscoveryEnabled\" value=\"").append(extendedMetadata.isIdpDiscoveryEnabled()).append("\"/>\n");
        if (extendedMetadata.isIdpDiscoveryEnabled()) {
            sb.append("           <property name=\"idpDiscoveryURL\" value=\"").append(extendedMetadata.getIdpDiscoveryURL()).append("\"/>\n           <property name=\"idpDiscoveryResponseURL\" value=\"").append(extendedMetadata.getIdpDiscoveryResponseURL()).append("\"/>\n");
        }
        sb.append("        </bean>\n    </constructor-arg>\n</bean>");
        return sb.toString();
    }

    @ModelAttribute("tab")
    public String getTabName() {
        return "metadata";
    }
}
