package com.onelogin.saml2.settings;

import com.onelogin.saml2.model.Contact;
import com.onelogin.saml2.model.Organization;
import com.onelogin.saml2.util.Constants;
import com.onelogin.saml2.util.SchemaFactory;
import com.onelogin.saml2.util.Util;
import java.net.URL;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:com/onelogin/saml2/settings/Saml2Settings.class */
public class Saml2Settings {
    private static final Logger LOGGER = LoggerFactory.getLogger(Saml2Settings.class);
    private boolean strict = false;
    private boolean debug = false;
    private String spEntityId = "";
    private URL spAssertionConsumerServiceUrl = null;
    private String spAssertionConsumerServiceBinding = Constants.BINDING_HTTP_POST;
    private URL spSingleLogoutServiceUrl = null;
    private String spSingleLogoutServiceBinding = Constants.BINDING_HTTP_REDIRECT;
    private String spNameIDFormat = Constants.NAMEID_UNSPECIFIED;
    private X509Certificate spX509cert = null;
    private PrivateKey spPrivateKey = null;
    private String idpEntityId = "";
    private URL idpSingleSignOnServiceUrl = null;
    private String idpSingleSignOnServiceBinding = Constants.BINDING_HTTP_REDIRECT;
    private URL idpSingleLogoutServiceUrl = null;
    private URL idpSingleLogoutServiceResponseUrl = null;
    private String idpSingleLogoutServiceBinding = Constants.BINDING_HTTP_REDIRECT;
    private X509Certificate idpx509cert = null;
    private List<X509Certificate> idpx509certMulti = null;
    private String idpCertFingerprint = null;
    private String idpCertFingerprintAlgorithm = "sha1";
    private boolean nameIdEncrypted = false;
    private boolean authnRequestsSigned = false;
    private boolean logoutRequestSigned = false;
    private boolean logoutResponseSigned = false;
    private boolean wantMessagesSigned = false;
    private boolean wantAssertionsSigned = false;
    private boolean wantAssertionsEncrypted = false;
    private boolean wantNameId = true;
    private boolean wantNameIdEncrypted = false;
    private boolean signMetadata = false;
    private List<String> requestedAuthnContext = new ArrayList();
    private String requestedAuthnContextComparison = "exact";
    private boolean wantXMLValidation = true;
    private String signatureAlgorithm = Constants.RSA_SHA1;
    private boolean rejectUnsolicitedResponsesWithInResponseTo = false;
    private boolean compressRequest = true;
    private boolean compressResponse = true;
    private List<Contact> contacts = new LinkedList();
    private Organization organization = null;
    private boolean spValidationOnly = false;

    public final boolean isStrict() {
        return this.strict;
    }

    public final String getSpEntityId() {
        return this.spEntityId;
    }

    public final URL getSpAssertionConsumerServiceUrl() {
        return this.spAssertionConsumerServiceUrl;
    }

    public final String getSpAssertionConsumerServiceBinding() {
        return this.spAssertionConsumerServiceBinding;
    }

    public final URL getSpSingleLogoutServiceUrl() {
        return this.spSingleLogoutServiceUrl;
    }

    public final String getSpSingleLogoutServiceBinding() {
        return this.spSingleLogoutServiceBinding;
    }

    public final String getSpNameIDFormat() {
        return this.spNameIDFormat;
    }

    public final X509Certificate getSPcert() {
        return this.spX509cert;
    }

    public final PrivateKey getSPkey() {
        return this.spPrivateKey;
    }

    public final String getIdpEntityId() {
        return this.idpEntityId;
    }

    public final URL getIdpSingleSignOnServiceUrl() {
        return this.idpSingleSignOnServiceUrl;
    }

    public final String getIdpSingleSignOnServiceBinding() {
        return this.idpSingleSignOnServiceBinding;
    }

    public final URL getIdpSingleLogoutServiceUrl() {
        return this.idpSingleLogoutServiceUrl;
    }

    public final URL getIdpSingleLogoutServiceResponseUrl() {
        return this.idpSingleLogoutServiceResponseUrl == null ? getIdpSingleLogoutServiceUrl() : this.idpSingleLogoutServiceResponseUrl;
    }

    public final String getIdpSingleLogoutServiceBinding() {
        return this.idpSingleLogoutServiceBinding;
    }

    public final X509Certificate getIdpx509cert() {
        return this.idpx509cert;
    }

    public final String getIdpCertFingerprint() {
        return this.idpCertFingerprint;
    }

    public final String getIdpCertFingerprintAlgorithm() {
        return this.idpCertFingerprintAlgorithm;
    }

    public List<X509Certificate> getIdpx509certMulti() {
        return this.idpx509certMulti;
    }

    public boolean getNameIdEncrypted() {
        return this.nameIdEncrypted;
    }

    public boolean getAuthnRequestsSigned() {
        return this.authnRequestsSigned;
    }

    public boolean getLogoutRequestSigned() {
        return this.logoutRequestSigned;
    }

    public boolean getLogoutResponseSigned() {
        return this.logoutResponseSigned;
    }

    public boolean getWantMessagesSigned() {
        return this.wantMessagesSigned;
    }

    public boolean getWantAssertionsSigned() {
        return this.wantAssertionsSigned;
    }

    public boolean getWantAssertionsEncrypted() {
        return this.wantAssertionsEncrypted;
    }

    public boolean getWantNameId() {
        return this.wantNameId;
    }

    public boolean getWantNameIdEncrypted() {
        return this.wantNameIdEncrypted;
    }

    public boolean getSignMetadata() {
        return this.signMetadata;
    }

    public List<String> getRequestedAuthnContext() {
        return this.requestedAuthnContext;
    }

    public String getRequestedAuthnContextComparison() {
        return this.requestedAuthnContextComparison;
    }

    public boolean getWantXMLValidation() {
        return this.wantXMLValidation;
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public List<Contact> getContacts() {
        return this.contacts;
    }

    public Organization getOrganization() {
        return this.organization;
    }

    public boolean isDebugActive() {
        return this.debug;
    }

    public void setStrict(boolean z) {
        this.strict = z;
    }

    public void setDebug(boolean z) {
        this.debug = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setSpEntityId(String str) {
        this.spEntityId = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setSpAssertionConsumerServiceUrl(URL url) {
        this.spAssertionConsumerServiceUrl = url;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setSpAssertionConsumerServiceBinding(String str) {
        this.spAssertionConsumerServiceBinding = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setSpSingleLogoutServiceUrl(URL url) {
        this.spSingleLogoutServiceUrl = url;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setSpSingleLogoutServiceBinding(String str) {
        this.spSingleLogoutServiceBinding = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setSpNameIDFormat(String str) {
        this.spNameIDFormat = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setSpX509cert(X509Certificate x509Certificate) {
        this.spX509cert = x509Certificate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setSpPrivateKey(PrivateKey privateKey) {
        this.spPrivateKey = privateKey;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setIdpEntityId(String str) {
        this.idpEntityId = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setIdpSingleSignOnServiceUrl(URL url) {
        this.idpSingleSignOnServiceUrl = url;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setIdpSingleSignOnServiceBinding(String str) {
        this.idpSingleSignOnServiceBinding = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setIdpSingleLogoutServiceUrl(URL url) {
        this.idpSingleLogoutServiceUrl = url;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setIdpSingleLogoutServiceResponseUrl(URL url) {
        this.idpSingleLogoutServiceResponseUrl = url;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setIdpSingleLogoutServiceBinding(String str) {
        this.idpSingleLogoutServiceBinding = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setIdpx509cert(X509Certificate x509Certificate) {
        this.idpx509cert = x509Certificate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setIdpCertFingerprint(String str) {
        this.idpCertFingerprint = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setIdpCertFingerprintAlgorithm(String str) {
        this.idpCertFingerprintAlgorithm = str;
    }

    public void setIdpx509certMulti(List<X509Certificate> list) {
        this.idpx509certMulti = list;
    }

    public void setNameIdEncrypted(boolean z) {
        this.nameIdEncrypted = z;
    }

    public void setAuthnRequestsSigned(boolean z) {
        this.authnRequestsSigned = z;
    }

    public void setLogoutRequestSigned(boolean z) {
        this.logoutRequestSigned = z;
    }

    public void setLogoutResponseSigned(boolean z) {
        this.logoutResponseSigned = z;
    }

    public void setWantMessagesSigned(boolean z) {
        this.wantMessagesSigned = z;
    }

    public void setWantAssertionsSigned(boolean z) {
        this.wantAssertionsSigned = z;
    }

    public void setWantAssertionsEncrypted(boolean z) {
        this.wantAssertionsEncrypted = z;
    }

    public void setWantNameId(boolean z) {
        this.wantNameId = z;
    }

    public void setWantNameIdEncrypted(boolean z) {
        this.wantNameIdEncrypted = z;
    }

    public void setSignMetadata(boolean z) {
        this.signMetadata = z;
    }

    public void setRequestedAuthnContext(List<String> list) {
        if (list != null) {
            this.requestedAuthnContext = list;
        }
    }

    public void setRequestedAuthnContextComparison(String str) {
        this.requestedAuthnContextComparison = str;
    }

    public void setWantXMLValidation(boolean z) {
        this.wantXMLValidation = z;
    }

    public void setSignatureAlgorithm(String str) {
        this.signatureAlgorithm = str;
    }

    public void setRejectUnsolicitedResponsesWithInResponseTo(boolean z) {
        this.rejectUnsolicitedResponsesWithInResponseTo = z;
    }

    public boolean isRejectUnsolicitedResponsesWithInResponseTo() {
        return this.rejectUnsolicitedResponsesWithInResponseTo;
    }

    public void setCompressRequest(boolean z) {
        this.compressRequest = z;
    }

    public boolean isCompressRequestEnabled() {
        return this.compressRequest;
    }

    public void setCompressResponse(boolean z) {
        this.compressResponse = z;
    }

    public boolean isCompressResponseEnabled() {
        return this.compressResponse;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setContacts(List<Contact> list) {
        this.contacts = list;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setOrganization(Organization organization) {
        this.organization = organization;
    }

    public List<String> checkSettings() {
        ArrayList arrayList = new ArrayList(checkSPSettings());
        if (!this.spValidationOnly) {
            arrayList.addAll(checkIdPSettings());
        }
        return arrayList;
    }

    public List<String> checkIdPSettings() {
        ArrayList arrayList = new ArrayList();
        if (!checkRequired(getIdpEntityId())) {
            arrayList.add("idp_entityId_not_found");
            LOGGER.error("idp_entityId_not_found");
        }
        if (!checkRequired(getIdpSingleSignOnServiceUrl())) {
            arrayList.add("idp_sso_url_invalid");
            LOGGER.error("idp_sso_url_invalid");
        }
        if (getIdpx509cert() == null && !checkRequired(getIdpCertFingerprint())) {
            arrayList.add("idp_cert_or_fingerprint_not_found_and_required");
            LOGGER.error("idp_cert_or_fingerprint_not_found_and_required");
        }
        if (getNameIdEncrypted() && getIdpx509cert() == null) {
            arrayList.add("idp_cert_not_found_and_required");
            LOGGER.error("idp_cert_not_found_and_required");
        }
        return arrayList;
    }

    public List<String> checkSPSettings() {
        ArrayList arrayList = new ArrayList();
        if (!checkRequired(getSpEntityId())) {
            arrayList.add("sp_entityId_not_found");
            LOGGER.error("sp_entityId_not_found");
        }
        if (!checkRequired(getSpAssertionConsumerServiceUrl())) {
            arrayList.add("sp_acs_not_found");
            LOGGER.error("sp_acs_not_found");
        }
        if ((getAuthnRequestsSigned() || getLogoutRequestSigned() || getLogoutResponseSigned() || getWantAssertionsEncrypted() || getWantNameIdEncrypted()) && !checkSPCerts()) {
            arrayList.add("sp_cert_not_found_and_required");
            LOGGER.error("sp_cert_not_found_and_required");
        }
        List<Contact> contacts = getContacts();
        if (!contacts.isEmpty()) {
            for (Contact contact : contacts) {
                if (contact.getEmailAddress().isEmpty() || contact.getGivenName().isEmpty()) {
                    arrayList.add("contact_not_enought_data");
                    LOGGER.error("contact_not_enought_data");
                }
            }
        }
        Organization organization = getOrganization();
        if (organization != null && (organization.getOrgDisplayName().isEmpty() || organization.getOrgName().isEmpty() || organization.getOrgUrl().isEmpty())) {
            arrayList.add("organization_not_enought_data");
            LOGGER.error("organization_not_enought_data");
        }
        return arrayList;
    }

    public boolean checkSPCerts() {
        return (getSPcert() == null || getSPkey() == null) ? false : true;
    }

    private boolean checkRequired(Object obj) {
        if (obj == null) {
            return false;
        }
        if ((obj instanceof String) && ((String) obj).isEmpty()) {
            return false;
        }
        return ((obj instanceof List) && ((List) obj).isEmpty()) ? false : true;
    }

    public void setSPValidationOnly(boolean z) {
        this.spValidationOnly = z;
    }

    public boolean getSPValidationOnly() {
        return this.spValidationOnly;
    }

    public String getSPMetadata() throws CertificateEncodingException {
        String metadataString = new Metadata(this).getMetadataString();
        if (getSignMetadata()) {
            try {
                metadataString = Metadata.signMetadata(metadataString, getSPkey(), getSPcert(), getSignatureAlgorithm());
            } catch (Exception e) {
                LOGGER.debug("Error executing signMetadata: " + e.getMessage(), e);
            }
        }
        return metadataString;
    }

    public static List<String> validateMetadata(String str) throws Exception {
        Document loadXML = Util.loadXML(str.replace("<?xml version=\"1.0\"?>", ""));
        ArrayList arrayList = new ArrayList();
        if (Util.validateXML(loadXML, SchemaFactory.SAML_SCHEMA_METADATA_2_0)) {
            Element documentElement = loadXML.getDocumentElement();
            if (!documentElement.getLocalName().equals("EntityDescriptor")) {
                arrayList.add("noEntityDescriptor_xml");
            } else if (documentElement.getElementsByTagNameNS(Constants.NS_MD, "SPSSODescriptor").getLength() != 1) {
                arrayList.add("onlySPSSODescriptor_allowed_xml");
            } else {
                String str2 = null;
                String str3 = null;
                if (documentElement.hasAttribute("cacheDuration")) {
                    str3 = documentElement.getAttribute("cacheDuration");
                }
                if (documentElement.hasAttribute("validUntil")) {
                    str2 = documentElement.getAttribute("validUntil");
                }
                long expireTime = Util.getExpireTime(str3, str2);
                if (expireTime != 0 && Util.getCurrentTimeStamp().longValue() > expireTime) {
                    arrayList.add("expired_xml");
                }
            }
        } else {
            arrayList.add("Invalid SAML Metadata. Not match the saml-schema-metadata-2.0.xsd");
        }
        return arrayList;
    }
}
