package org.springframework.boot.autoconfigure.security.saml2;

import java.io.InputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.security.converter.RsaKeyConverters;
import org.springframework.security.saml2.credentials.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.util.Assert;

@ConditionalOnMissingBean({RelyingPartyRegistrationRepository.class})
@Configuration(proxyBeanMethods = false)
@Conditional({RegistrationConfiguredCondition.class})
/* loaded from: input_file:WEB-INF/lib/spring-boot-autoconfigure-2.2.1.RELEASE.jar:org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyRegistrationConfiguration.class */
class Saml2RelyingPartyRegistrationConfiguration {
    Saml2RelyingPartyRegistrationConfiguration() {
    }

    @Bean
    RelyingPartyRegistrationRepository relyingPartyRegistrationRepository(Saml2RelyingPartyProperties saml2RelyingPartyProperties) {
        return new InMemoryRelyingPartyRegistrationRepository((List) saml2RelyingPartyProperties.getRegistration().entrySet().stream().map(this::asRegistration).collect(Collectors.toList()));
    }

    private RelyingPartyRegistration asRegistration(Map.Entry<String, Saml2RelyingPartyProperties.Registration> entry) {
        return asRegistration(entry.getKey(), entry.getValue());
    }

    private RelyingPartyRegistration asRegistration(String str, Saml2RelyingPartyProperties.Registration registration) {
        RelyingPartyRegistration.Builder withRegistrationId = RelyingPartyRegistration.withRegistrationId(str);
        withRegistrationId.assertionConsumerServiceUrlTemplate("{baseUrl}/login/saml2/sso/{registrationId}");
        withRegistrationId.idpWebSsoUrl(registration.getIdentityprovider().getSsoUrl());
        withRegistrationId.remoteIdpEntityId(registration.getIdentityprovider().getEntityId());
        withRegistrationId.credentials(collection -> {
            collection.addAll(asCredentials(registration));
        });
        return withRegistrationId.build();
    }

    private List<Saml2X509Credential> asCredentials(Saml2RelyingPartyProperties.Registration registration) {
        ArrayList arrayList = new ArrayList();
        Stream<R> map = registration.getSigning().getCredentials().stream().map(this::asSigningCredential);
        arrayList.getClass();
        map.forEach((v1) -> {
            r1.add(v1);
        });
        Stream<R> map2 = registration.getIdentityprovider().getVerification().getCredentials().stream().map(this::asVerificationCredential);
        arrayList.getClass();
        map2.forEach((v1) -> {
            r1.add(v1);
        });
        return arrayList;
    }

    private Saml2X509Credential asSigningCredential(Saml2RelyingPartyProperties.Registration.Signing.Credential credential) {
        return new Saml2X509Credential(readPrivateKey(credential.getPrivateKeyLocation()), readCertificate(credential.getCertificateLocation()), new Saml2X509Credential.Saml2X509CredentialType[]{Saml2X509Credential.Saml2X509CredentialType.SIGNING, Saml2X509Credential.Saml2X509CredentialType.DECRYPTION});
    }

    private Saml2X509Credential asVerificationCredential(Saml2RelyingPartyProperties.Identityprovider.Verification.Credential credential) {
        return new Saml2X509Credential(readCertificate(credential.getCertificateLocation()), new Saml2X509Credential.Saml2X509CredentialType[]{Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION, Saml2X509Credential.Saml2X509CredentialType.VERIFICATION});
    }

    private RSAPrivateKey readPrivateKey(Resource resource) {
        Assert.state(resource != null, "No private key location specified");
        Assert.state(resource.exists(), "Private key location '" + resource + "' does not exist");
        try {
            InputStream inputStream = resource.getInputStream();
            Throwable th = null;
            try {
                try {
                    RSAPrivateKey convert = RsaKeyConverters.pkcs8().convert(inputStream);
                    if (inputStream != null) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    return convert;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    private X509Certificate readCertificate(Resource resource) {
        Assert.state(resource != null, "No certificate location specified");
        Assert.state(resource.exists(), "Certificate  location '" + resource + "' does not exist");
        try {
            InputStream inputStream = resource.getInputStream();
            Throwable th = null;
            try {
                try {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
                    if (inputStream != null) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    return x509Certificate;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }
}
