package pl.edu.icm.unity.saml.sp.config;

import eu.unicore.util.configuration.ConfigurationException;
import java.io.IOException;
import java.io.StringReader;
import java.time.Duration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.engine.api.translation.TranslationProfileGenerator;
import pl.edu.icm.unity.exceptions.InternalException;
import pl.edu.icm.unity.saml.SamlProperties;
import pl.edu.icm.unity.saml.idp.IdentityTypeMapper;
import pl.edu.icm.unity.saml.sp.SAMLSPProperties;
import pl.edu.icm.unity.saml.sp.config.BaseSamlConfiguration;
import pl.edu.icm.unity.types.I18nString;
import pl.edu.icm.unity.types.translation.TranslationProfile;

@Component
/* loaded from: input_file:pl/edu/icm/unity/saml/sp/config/SAMLSPConfigurationParser.class */
public class SAMLSPConfigurationParser {
    private final PKIManagement pkiMan;
    private final MessageSource msg;

    public SAMLSPConfigurationParser(@Qualifier("insecure") PKIManagement pKIManagement, MessageSource messageSource) {
        this.pkiMan = pKIManagement;
        this.msg = messageSource;
    }

    public SAMLSPConfiguration parse(Properties properties) {
        return fromProperties(loadAsSamlSPProperties(properties));
    }

    public SAMLSPConfiguration parse(String str) {
        return parse(loadAsProperties(str));
    }

    private Properties loadAsProperties(String str) {
        try {
            Properties properties = new Properties();
            properties.load(new StringReader(str));
            return properties;
        } catch (IOException e) {
            throw new InternalException("Invalid configuration of the SAML verificator(?)", e);
        }
    }

    private SAMLSPProperties loadAsSamlSPProperties(Properties properties) {
        try {
            return new SAMLSPProperties(properties, this.pkiMan);
        } catch (ConfigurationException e) {
            throw new InternalException("Invalid configuration of the SAML verificator", e);
        }
    }

    private SAMLSPConfiguration fromProperties(SAMLSPProperties sAMLSPProperties) {
        return SAMLSPConfiguration.builder().withAcceptedNameFormats(sAMLSPProperties.getListOfValues(SAMLSPProperties.ACCEPTED_NAME_FORMATS)).withDefaultRequestedNameFormat(sAMLSPProperties.getValue(SAMLSPProperties.DEF_REQUESTED_NAME_FORMAT)).withEffectiveMappings(getEffectiveMappings(sAMLSPProperties)).withIndividualTrustedIdPs(getIndividualTrustedIdps(sAMLSPProperties)).withMetadataURLPath(sAMLSPProperties.getValue(SAMLSPProperties.METADATA_PATH)).withOurMetadataFilePath(sAMLSPProperties.getValue(SamlProperties.METADATA_SOURCE)).withPublishMetadata(sAMLSPProperties.getBooleanValue(SamlProperties.PUBLISH_METADATA).booleanValue()).withRequesterCredential(sAMLSPProperties.getRequesterCredential()).withRequesterCredentialName(sAMLSPProperties.getValue(SAMLSPProperties.CREDENTIAL)).withRequesterSamlId(sAMLSPProperties.getValue(SAMLSPProperties.REQUESTER_ID)).withSignPublishedMetadata(sAMLSPProperties.getBooleanValue(SamlProperties.SIGN_METADATA).booleanValue()).withSignRequestByDefault(sAMLSPProperties.getBooleanValue(SAMLSPProperties.DEF_SIGN_REQUEST).booleanValue()).withSloPath(sAMLSPProperties.getValue(SAMLSPProperties.SLO_PATH)).withSloRealm(sAMLSPProperties.getValue(SAMLSPProperties.SLO_REALM)).withRequireSignedAssertion(sAMLSPProperties.getBooleanValue(SAMLSPProperties.REQUIRE_SIGNED_ASSERTION).booleanValue()).withTrustedMetadataSources(getMetadataSources(sAMLSPProperties)).build();
    }

    private TrustedIdPs getIndividualTrustedIdps(SAMLSPProperties sAMLSPProperties) {
        Stream stream = sAMLSPProperties.getStructuredListKeys(SAMLSPProperties.IDP_PREFIX).stream();
        Objects.requireNonNull(sAMLSPProperties);
        return new TrustedIdPs((List) stream.filter(sAMLSPProperties::isIdPDefinitionComplete).map(str -> {
            return getIndividualTrustedIdP(sAMLSPProperties, str);
        }).collect(Collectors.toList()));
    }

    private TrustedIdPConfiguration getIndividualTrustedIdP(SAMLSPProperties sAMLSPProperties, String str) {
        return TrustedIdPConfiguration.builder().withKey(TrustedIdPKey.individuallyConfigured(str)).withEnableAccountsAssocation((sAMLSPProperties.isSet(str + "enableAccountAssociation") ? sAMLSPProperties.getBooleanValue(str + "enableAccountAssociation") : sAMLSPProperties.getBooleanValue("defaultEnableAccountAssociation")).booleanValue()).withSignRequest(sAMLSPProperties.isSignRequest(str)).withBinding((SamlProperties.Binding) sAMLSPProperties.getEnumValue(str + "binding", SamlProperties.Binding.class)).withFederationId(sAMLSPProperties.getValue(str + "samlFederationId")).withFederationName(sAMLSPProperties.getValue(str + "samlFederationName")).withCertificateNames(sAMLSPProperties.getCertificateNames(str)).withGroupMembershipAttribute(sAMLSPProperties.getValue(str + "groupMembershipAttribute")).withIdpEndpointURL(sAMLSPProperties.getValue(str + "address")).withLogoURI(sAMLSPProperties.getLocalizedString(this.msg, str + "logoURI")).withLogoutEndpoints(sAMLSPProperties.getLogoutEndpointsFromStructuredList(str)).withName(getIdpName(sAMLSPProperties, str)).withPublicKeys(sAMLSPProperties.getPublicKeysOfIdp(str)).withRegistrationForm(sAMLSPProperties.getValue(str + "registrationFormForUnknown")).withRequestedNameFormat(sAMLSPProperties.getRequestedNameFormat(str)).withSamlId(sAMLSPProperties.getValue(str + "samlId")).withTags(Set.copyOf(sAMLSPProperties.getListOfValues(str + "name."))).withTranslationProfile(generateIndividualIdPTranslationProfile(sAMLSPProperties, str)).build();
    }

    private I18nString getIdpName(SAMLSPProperties sAMLSPProperties, String str) {
        return sAMLSPProperties.isSet(str + "name") ? sAMLSPProperties.getLocalizedString(this.msg, str + "name") : new I18nString(sAMLSPProperties.getValue(str + "samlId"));
    }

    private List<BaseSamlConfiguration.RemoteMetadataSource> getMetadataSources(SAMLSPProperties sAMLSPProperties) {
        return (List) sAMLSPProperties.getStructuredListKeys(SAMLSPProperties.IDPMETA_PREFIX).stream().map(str -> {
            return BaseSamlConfiguration.RemoteMetadataSource.builder().withHttpsTruststore(sAMLSPProperties.getValue(str + "httpsTruststore")).withIssuerCertificate(sAMLSPProperties.getValue(str + "signatureVerificationCertificate")).withRefreshInterval(Duration.ofSeconds(sAMLSPProperties.getIntValue(str + "refreshInterval").intValue())).withRegistrationForm(sAMLSPProperties.getValue(str + "perMetadataRegistrationForm")).withSignatureValidation((SAMLSPProperties.MetadataSignatureValidation) sAMLSPProperties.getEnumValue(str + "signaturVerification", SAMLSPProperties.MetadataSignatureValidation.class)).withTranslationProfile(generateMetadataTranslationProfile(sAMLSPProperties, str)).withUrl(sAMLSPProperties.getValue(str + "url")).build();
        }).collect(Collectors.toList());
    }

    private TranslationProfile generateMetadataTranslationProfile(SAMLSPProperties sAMLSPProperties, String str) {
        return generateTranslationProfile(sAMLSPProperties, str, SAMLSPProperties.IDPMETA_EMBEDDED_TRANSLATION_PROFILE, SAMLSPProperties.IDPMETA_TRANSLATION_PROFILE);
    }

    private TranslationProfile generateIndividualIdPTranslationProfile(SAMLSPProperties sAMLSPProperties, String str) {
        return generateTranslationProfile(sAMLSPProperties, str, "embeddedTranslationProfile", "translationProfile");
    }

    private TranslationProfile generateTranslationProfile(SAMLSPProperties sAMLSPProperties, String str, String str2, String str3) {
        return sAMLSPProperties.isSet(str + str2) ? TranslationProfileGenerator.getProfileFromString(sAMLSPProperties.getValue(str + str2)) : sAMLSPProperties.isSet(str + str3) ? TranslationProfileGenerator.generateIncludeInputProfile(sAMLSPProperties.getValue(str + str3)) : TranslationProfileGenerator.generateIncludeInputProfile("sys:saml");
    }

    private Map<String, String> getEffectiveMappings(SAMLSPProperties sAMLSPProperties) {
        Set<String> structuredListKeys = sAMLSPProperties.getStructuredListKeys(SamlProperties.IDENTITY_MAPPING_PFX);
        HashMap hashMap = new HashMap(structuredListKeys.size());
        hashMap.putAll(IdentityTypeMapper.DEFAULTS);
        for (String str : structuredListKeys) {
            String value = sAMLSPProperties.getValue(str + "localIdentity");
            String value2 = sAMLSPProperties.getValue(str + "samlIdentity");
            if (value.trim().equals("")) {
                hashMap.remove(value2);
            } else {
                hashMap.put(value2, value);
            }
        }
        return hashMap;
    }
}
