package org.springframework.security.saml.web;

import java.net.MalformedURLException;
import java.net.URL;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.validation.Errors;
import org.springframework.validation.ValidationUtils;
import org.springframework.validation.Validator;

/* loaded from: input_file:WEB-INF/classes/org/springframework/security/saml/web/MetadataValidator.class */
public class MetadataValidator implements Validator {
    MetadataManager manager;

    public MetadataValidator(MetadataManager metadataManager) {
        this.manager = metadataManager;
    }

    @Override // org.springframework.validation.Validator
    public boolean supports(Class<?> cls) {
        return cls.equals(MetadataForm.class);
    }

    @Override // org.springframework.validation.Validator
    public void validate(Object obj, Errors errors) {
        MetadataForm metadataForm = (MetadataForm) obj;
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "entityId", "required", "Entity id must be set.");
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "baseURL", "required", "Base URL is required.");
        if (metadataForm.getSecurityProfile() == null) {
            errors.rejectValue("securityProfile", null, "Security profile must be specified.");
        } else if (!"pkix".equalsIgnoreCase(metadataForm.getSecurityProfile()) && !"metaiop".equals(metadataForm.getSecurityProfile())) {
            errors.rejectValue("securityProfile", null, "Selected value is not supported.");
        }
        if (metadataForm.getSslSecurityProfile() == null) {
            errors.rejectValue("sslSecurityProfile", null, "SSL/TLS Security profile must be specified.");
        } else if (!"pkix".equalsIgnoreCase(metadataForm.getSslSecurityProfile()) && !"metaiop".equals(metadataForm.getSslSecurityProfile())) {
            errors.rejectValue("sslSecurityProfile", null, "Selected value is not supported.");
        }
        if (metadataForm.isIncludeDiscovery() && metadataForm.getCustomDiscoveryURL() != null && metadataForm.getCustomDiscoveryURL().length() > 0) {
            try {
                new URL(metadataForm.getCustomDiscoveryURL());
            } catch (MalformedURLException e) {
                errors.rejectValue("customDiscoveryURL", null, "Value is not a valid URL.");
            }
        }
        if (metadataForm.isIncludeDiscovery() && metadataForm.getCustomDiscoveryResponseURL() != null && metadataForm.getCustomDiscoveryResponseURL().length() > 0) {
            try {
                new URL(metadataForm.getCustomDiscoveryResponseURL());
            } catch (MalformedURLException e2) {
                errors.rejectValue("customDiscoveryResponseURL", null, "Value is not a valid URL.");
            }
        }
        if (metadataForm.getSsoBindings() == null || metadataForm.getSsoBindings().length == 0) {
            errors.rejectValue("ssoBindings", null, "At least one binding must be specified.");
        }
        if (metadataForm.getSsoDefaultBinding() != null && metadataForm.getSsoBindings() != null) {
            boolean z = false;
            String[] ssoBindings = metadataForm.getSsoBindings();
            int length = ssoBindings.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (ssoBindings[i].equals(metadataForm.getSsoDefaultBinding())) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                errors.rejectValue("ssoDefaultBinding", null, "Default binding must be selected as included.");
            }
        }
        if (metadataForm.getNameID() == null || metadataForm.getNameID().length == 0) {
            errors.rejectValue("nameID", null, "At least one NameID must be selected.");
        }
        try {
            if (!errors.hasErrors() && metadataForm.isStore()) {
                if (this.manager.getEntityDescriptor(metadataForm.getEntityId()) != null) {
                    errors.rejectValue("entityId", null, "Selected entity ID is already used.");
                }
                if (this.manager.getEntityIdForAlias(metadataForm.getAlias()) != null) {
                    errors.rejectValue("alias", null, "Selected alias is already used.");
                }
            }
        } catch (MetadataProviderException e3) {
            throw new RuntimeException("Error loading alias data", e3);
        }
    }
}
