package com.coveo.saml;

import com.coveo.saml.SamlClient;
import com.google.common.collect.Lists;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.io.RandomAccessFile;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/coveo/saml/MetadataSettings.class */
public class MetadataSettings {
    private static final Logger LOGGER = LoggerFactory.getLogger(MetadataSettings.class);
    public static String BINDING_HTTP_POST = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
    public static String BINDING_HTTP_REDIRECT = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
    public static String BINDING_HTTP_ARTIFACT = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact";
    public static String BINDING_SOAP = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
    public static String BINDING_DEFLATE = "urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE";
    public static String NAMEID_UNSPECIFIED = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
    public static String SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
    public static String SHA256 = "http://www.w3.org/2001/04/xmlenc#sha256";
    public static String SHA384 = "http://www.w3.org/2001/04/xmldsig-more#sha384";
    public static String SHA512 = "http://www.w3.org/2001/04/xmlenc#sha512";
    public static String DSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
    public static String RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    public static String RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
    public static String RSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
    public static String RSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
    public static String TRIPLEDES_CBC = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
    public static String AES128_CBC = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
    public static String AES192_CBC = "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
    public static String AES256_CBC = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
    public static String RSA_1_5 = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
    public static String RSA_OAEP_MGF1P = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
    private String spEntityId;
    private String spAssertionConsumerServiceUrl;
    private SamlClient.SamlBinding spAssertionConsumerServiceBinding;
    private String spSingleLogoutServiceUrl;
    private SamlClient.SamlBinding spSingleLogoutServiceBinding;
    private String spNameIDFormat;
    private X509Certificate spX509cert;
    private List<X509Certificate> additionalSpX509certs;
    private boolean nameIdEncrypted;
    private boolean authnRequestsSigned;
    private boolean logoutRequestSigned;
    private boolean logoutResponseSigned;
    private boolean wantMessagesSigned;
    private boolean wantAssertionsSigned;
    private boolean wantAssertionsEncrypted;
    private boolean wantNameId;
    private boolean wantNameIdEncrypted;
    private boolean signMetadata;
    private List<String> requestedAuthnContext;
    private String requestedAuthnContextComparison;
    private boolean wantXMLValidation;
    private String signatureAlgorithm;
    private String digestAlgorithm;
    private boolean rejectUnsolicitedResponsesWithInResponseTo;
    private String uniqueIDPrefix;
    private boolean compressRequest;
    private boolean compressResponse;
    private boolean spValidationOnly;

    /* loaded from: input_file:com/coveo/saml/MetadataSettings$Builder.class */
    public static final class Builder {
        private String spEntityId;
        private String spAssertionConsumerServiceUrl;
        private SamlClient.SamlBinding spAssertionConsumerServiceBinding;
        private String spSingleLogoutServiceUrl;
        private SamlClient.SamlBinding spSingleLogoutServiceBinding;
        private String spNameIDFormat;
        private X509Certificate spX509cert;
        private List<X509Certificate> additionalSpX509certs;
        private boolean nameIdEncrypted;
        private boolean authnRequestsSigned;
        private boolean logoutRequestSigned;
        private boolean logoutResponseSigned;
        private boolean wantMessagesSigned;
        private boolean wantAssertionsSigned;
        private boolean wantAssertionsEncrypted;
        private boolean wantNameId;
        private boolean wantNameIdEncrypted;
        private boolean signMetadata;
        private List<String> requestedAuthnContext;
        private String requestedAuthnContextComparison;
        private boolean wantXMLValidation;
        private String signatureAlgorithm;
        private String digestAlgorithm;
        private boolean rejectUnsolicitedResponsesWithInResponseTo;
        private String uniqueIDPrefix;
        private boolean compressRequest;
        private boolean compressResponse;
        private boolean spValidationOnly;

        private Builder() {
            this.spEntityId = "";
            this.spAssertionConsumerServiceUrl = null;
            this.spAssertionConsumerServiceBinding = SamlClient.SamlBinding.POST;
            this.spSingleLogoutServiceUrl = null;
            this.spSingleLogoutServiceBinding = SamlClient.SamlBinding.Redirect;
            this.spNameIDFormat = MetadataSettings.NAMEID_UNSPECIFIED;
            this.spX509cert = null;
            this.additionalSpX509certs = Lists.newArrayList();
            this.nameIdEncrypted = false;
            this.authnRequestsSigned = false;
            this.logoutRequestSigned = false;
            this.logoutResponseSigned = false;
            this.wantMessagesSigned = false;
            this.wantAssertionsSigned = false;
            this.wantAssertionsEncrypted = false;
            this.wantNameId = true;
            this.wantNameIdEncrypted = false;
            this.signMetadata = false;
            this.requestedAuthnContext = new ArrayList();
            this.requestedAuthnContextComparison = "exact";
            this.wantXMLValidation = true;
            this.signatureAlgorithm = MetadataSettings.RSA_SHA1;
            this.digestAlgorithm = MetadataSettings.SHA1;
            this.rejectUnsolicitedResponsesWithInResponseTo = false;
            this.uniqueIDPrefix = null;
            this.compressRequest = true;
            this.compressResponse = true;
            this.spValidationOnly = false;
        }

        public Builder spEntityId(@Nonnull String str) {
            this.spEntityId = str;
            return this;
        }

        public Builder spAssertionConsumerServiceUrl(@Nonnull String str) {
            this.spAssertionConsumerServiceUrl = str;
            return this;
        }

        public Builder spAssertionConsumerServiceBinding(@Nonnull SamlClient.SamlBinding samlBinding) {
            this.spAssertionConsumerServiceBinding = samlBinding;
            return this;
        }

        public Builder spSingleLogoutServiceUrl(@Nonnull String str) {
            this.spSingleLogoutServiceUrl = str;
            return this;
        }

        public Builder spSingleLogoutServiceBinding(@Nonnull SamlClient.SamlBinding samlBinding) {
            this.spSingleLogoutServiceBinding = samlBinding;
            return this;
        }

        public Builder spNameIDFormat(@Nonnull String str) {
            this.spNameIDFormat = str;
            return this;
        }

        public Builder nameIdEncrypted(@Nonnull boolean z) {
            this.nameIdEncrypted = z;
            return this;
        }

        public Builder authnRequestsSigned(@Nonnull boolean z) {
            this.authnRequestsSigned = z;
            return this;
        }

        public Builder logoutRequestSigned(@Nonnull boolean z) {
            this.logoutRequestSigned = z;
            return this;
        }

        public Builder logoutResponseSigned(@Nonnull boolean z) {
            this.logoutResponseSigned = z;
            return this;
        }

        public Builder wantMessagesSigned(@Nonnull boolean z) {
            this.wantMessagesSigned = z;
            return this;
        }

        public Builder wantAssertionsSigned(@Nonnull boolean z) {
            this.wantAssertionsSigned = z;
            return this;
        }

        public Builder wantAssertionsEncrypted(@Nonnull boolean z) {
            this.wantAssertionsEncrypted = z;
            return this;
        }

        public Builder wantNameId(@Nonnull boolean z) {
            this.wantNameId = z;
            return this;
        }

        public Builder wantNameIdEncrypted(@Nonnull boolean z) {
            this.wantNameIdEncrypted = z;
            return this;
        }

        public Builder signMetadata(@Nonnull boolean z) {
            this.signMetadata = z;
            return this;
        }

        public Builder requestedAuthnContext(@Nonnull List<String> list) {
            this.requestedAuthnContext = list;
            return this;
        }

        public Builder requestedAuthnContextComparison(@Nonnull String str) {
            this.requestedAuthnContextComparison = str;
            return this;
        }

        public Builder wantXMLValidation(@Nonnull boolean z) {
            this.wantXMLValidation = z;
            return this;
        }

        public Builder signatureAlgorithm(@Nonnull String str) {
            this.signatureAlgorithm = str;
            return this;
        }

        public Builder digestAlgorithm(@Nonnull String str) {
            this.digestAlgorithm = str;
            return this;
        }

        public Builder rejectUnsolicitedResponsesWithInResponseTo(@Nonnull boolean z) {
            this.rejectUnsolicitedResponsesWithInResponseTo = z;
            return this;
        }

        public Builder uniqueIDPrefix(@Nonnull String str) {
            this.uniqueIDPrefix = str;
            return this;
        }

        public Builder compressRequest(@Nonnull boolean z) {
            this.compressRequest = z;
            return this;
        }

        public Builder compressResponse(@Nonnull boolean z) {
            this.compressResponse = z;
            return this;
        }

        public Builder spValidationOnly(@Nonnull boolean z) {
            this.spValidationOnly = z;
            return this;
        }

        public Builder spX509cert(String str) throws SamlException {
            this.spX509cert = MetadataSettings.loadCertificate(str);
            return this;
        }

        public Builder spX509cert(InputStream inputStream) throws SamlException {
            this.spX509cert = MetadataSettings.loadCertificate(inputStream);
            return this;
        }

        public Builder additionalSpX509certs(String str) throws SamlException {
            this.additionalSpX509certs.add(MetadataSettings.loadCertificate(str));
            return this;
        }

        public Builder additionalSpX509certs(InputStream inputStream) throws SamlException {
            this.additionalSpX509certs.add(MetadataSettings.loadCertificate(inputStream));
            return this;
        }

        public Builder clearAdditionalSPKeys() {
            this.additionalSpX509certs = new ArrayList();
            return this;
        }

        public MetadataSettings build() {
            return new MetadataSettings(this);
        }
    }

    private MetadataSettings(Builder builder) {
        this.spEntityId = "";
        this.spAssertionConsumerServiceUrl = null;
        this.spAssertionConsumerServiceBinding = SamlClient.SamlBinding.POST;
        this.spSingleLogoutServiceUrl = null;
        this.spSingleLogoutServiceBinding = SamlClient.SamlBinding.Redirect;
        this.spNameIDFormat = NAMEID_UNSPECIFIED;
        this.spX509cert = null;
        this.additionalSpX509certs = Lists.newArrayList();
        this.nameIdEncrypted = false;
        this.authnRequestsSigned = false;
        this.logoutRequestSigned = false;
        this.logoutResponseSigned = false;
        this.wantMessagesSigned = false;
        this.wantAssertionsSigned = false;
        this.wantAssertionsEncrypted = false;
        this.wantNameId = true;
        this.wantNameIdEncrypted = false;
        this.signMetadata = false;
        this.requestedAuthnContext = new ArrayList();
        this.requestedAuthnContextComparison = "exact";
        this.wantXMLValidation = true;
        this.signatureAlgorithm = RSA_SHA1;
        this.digestAlgorithm = SHA1;
        this.rejectUnsolicitedResponsesWithInResponseTo = false;
        this.uniqueIDPrefix = null;
        this.compressRequest = true;
        this.compressResponse = true;
        this.spValidationOnly = false;
        if (builder.spEntityId == null || builder.spEntityId.trim().isEmpty()) {
            throw new IllegalArgumentException("spEntityId cannot be empty");
        }
        this.spEntityId = builder.spEntityId;
        this.spAssertionConsumerServiceUrl = builder.spAssertionConsumerServiceUrl;
        this.spAssertionConsumerServiceBinding = builder.spAssertionConsumerServiceBinding;
        this.spSingleLogoutServiceUrl = builder.spSingleLogoutServiceUrl;
        this.spSingleLogoutServiceBinding = builder.spSingleLogoutServiceBinding;
        this.spNameIDFormat = builder.spNameIDFormat;
        this.spX509cert = builder.spX509cert;
        this.additionalSpX509certs = builder.additionalSpX509certs;
        this.nameIdEncrypted = builder.nameIdEncrypted;
        this.authnRequestsSigned = builder.authnRequestsSigned;
        this.logoutRequestSigned = builder.logoutRequestSigned;
        this.logoutResponseSigned = builder.logoutResponseSigned;
        this.wantMessagesSigned = builder.wantMessagesSigned;
        this.wantAssertionsSigned = builder.wantAssertionsSigned;
        this.wantAssertionsEncrypted = builder.wantAssertionsEncrypted;
        this.wantNameId = builder.wantNameId;
        this.wantNameIdEncrypted = builder.wantNameIdEncrypted;
        this.signMetadata = builder.signMetadata;
        this.requestedAuthnContext = builder.requestedAuthnContext;
        this.requestedAuthnContextComparison = builder.requestedAuthnContextComparison;
        this.wantXMLValidation = builder.wantXMLValidation;
        this.signatureAlgorithm = builder.signatureAlgorithm;
        this.digestAlgorithm = builder.digestAlgorithm;
        this.rejectUnsolicitedResponsesWithInResponseTo = builder.rejectUnsolicitedResponsesWithInResponseTo;
        this.uniqueIDPrefix = builder.uniqueIDPrefix;
        this.compressRequest = builder.compressRequest;
        this.compressResponse = builder.compressResponse;
        this.spValidationOnly = builder.spValidationOnly;
    }

    public static Builder builder() {
        return new Builder();
    }

    public final String getSpEntityId() {
        return this.spEntityId;
    }

    public final String getSpAssertionConsumerServiceUrl() {
        return this.spAssertionConsumerServiceUrl;
    }

    public final SamlClient.SamlBinding getSpAssertionConsumerServiceBinding() {
        return this.spAssertionConsumerServiceBinding;
    }

    public final String getSpSingleLogoutServiceUrl() {
        return this.spSingleLogoutServiceUrl;
    }

    public final SamlClient.SamlBinding getSpSingleLogoutServiceBinding() {
        return this.spSingleLogoutServiceBinding;
    }

    public final String getSpNameIDFormat() {
        return this.spNameIDFormat;
    }

    public boolean getNameIdEncrypted() {
        return this.nameIdEncrypted;
    }

    public boolean getAuthnRequestsSigned() {
        return this.authnRequestsSigned;
    }

    public boolean getLogoutRequestSigned() {
        return this.logoutRequestSigned;
    }

    public boolean getLogoutResponseSigned() {
        return this.logoutResponseSigned;
    }

    public boolean getWantMessagesSigned() {
        return this.wantMessagesSigned;
    }

    public boolean getWantAssertionsSigned() {
        return this.wantAssertionsSigned;
    }

    public boolean getWantAssertionsEncrypted() {
        return this.wantAssertionsEncrypted;
    }

    public boolean getWantNameId() {
        return this.wantNameId;
    }

    public boolean getWantNameIdEncrypted() {
        return this.wantNameIdEncrypted;
    }

    public boolean getSignMetadata() {
        return this.signMetadata;
    }

    public List<String> getRequestedAuthnContext() {
        return this.requestedAuthnContext;
    }

    public String getRequestedAuthnContextComparison() {
        return this.requestedAuthnContextComparison;
    }

    public boolean getWantXMLValidation() {
        return this.wantXMLValidation;
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public String getDigestAlgorithm() {
        return this.digestAlgorithm;
    }

    public String getUniqueIDPrefix() {
        return this.uniqueIDPrefix;
    }

    public boolean isRejectUnsolicitedResponsesWithInResponseTo() {
        return this.rejectUnsolicitedResponsesWithInResponseTo;
    }

    public boolean getSPValidationOnly() {
        return this.spValidationOnly;
    }

    public boolean isCompressRequestEnabled() {
        return this.compressRequest;
    }

    public boolean isCompressResponseEnabled() {
        return this.compressResponse;
    }

    public X509Certificate getSpX509cert() {
        return this.spX509cert;
    }

    public List<X509Certificate> getAdditionalSpX509certs() {
        return this.additionalSpX509certs;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509Certificate loadCertificate(String str) throws SamlException {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                BufferedInputStream bufferedInputStream = new BufferedInputStream(fileInputStream);
                Throwable th2 = null;
                try {
                    try {
                        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(bufferedInputStream);
                        if (bufferedInputStream != null) {
                            if (0 != 0) {
                                try {
                                    bufferedInputStream.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                bufferedInputStream.close();
                            }
                        }
                        return x509Certificate;
                    } finally {
                    }
                } catch (Throwable th4) {
                    if (bufferedInputStream != null) {
                        if (th2 != null) {
                            try {
                                bufferedInputStream.close();
                            } catch (Throwable th5) {
                                th2.addSuppressed(th5);
                            }
                        } else {
                            bufferedInputStream.close();
                        }
                    }
                    throw th4;
                }
            } finally {
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th6) {
                            th.addSuppressed(th6);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
            }
        } catch (FileNotFoundException e) {
            throw new SamlException("Public key file doesn't exist", e);
        } catch (Exception e2) {
            throw new SamlException("Couldn't load public key", e2);
        }
    }

    public static X509Certificate loadCertificate(InputStream inputStream) throws SamlException {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        } catch (Exception e) {
            throw new SamlException("Couldn't load public key", e);
        }
    }

    public static PrivateKey loadPrivateKey(String str) throws SamlException {
        try {
            RandomAccessFile randomAccessFile = new RandomAccessFile(str, "r");
            Throwable th = null;
            try {
                byte[] bArr = new byte[(int) randomAccessFile.length()];
                randomAccessFile.readFully(bArr);
                PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
                if (randomAccessFile != null) {
                    if (0 != 0) {
                        try {
                            randomAccessFile.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        randomAccessFile.close();
                    }
                }
                return generatePrivate;
            } catch (Throwable th3) {
                if (randomAccessFile != null) {
                    if (0 != 0) {
                        try {
                            randomAccessFile.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        randomAccessFile.close();
                    }
                }
                throw th3;
            }
        } catch (FileNotFoundException e) {
            throw new SamlException("Private key file doesn't exist", e);
        } catch (Exception e2) {
            throw new SamlException("Couldn't load private key", e2);
        }
    }

    public static PrivateKey loadPrivateKey(InputStream inputStream) throws SamlException {
        try {
            byte[] bArr = new byte[inputStream.available()];
            inputStream.read(bArr);
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (FileNotFoundException e) {
            throw new SamlException("Private key file doesn't exist", e);
        } catch (Exception e2) {
            throw new SamlException("Couldn't load private key", e2);
        }
    }
}
