package org.forgerock.openam.sts.soap.config.user;

import com.google.common.base.Objects;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.forgerock.openam.sdk.org.forgerock.json.JsonValue;
import org.forgerock.openam.sts.DeploymentPathNormalizationImpl;
import org.forgerock.openam.sts.MapMarshallUtils;
import org.forgerock.openam.sts.TokenType;
import org.forgerock.openam.sts.config.user.OpenIdConnectTokenConfig;
import org.forgerock.openam.sts.config.user.SAML2Config;
import org.forgerock.openam.sts.config.user.STSInstanceConfig;
import org.forgerock.openam.sts.token.UrlConstituentCatenatorImpl;
import org.forgerock.openam.utils.CollectionUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/sts/soap/config/user/SoapSTSInstanceConfig.class */
public class SoapSTSInstanceConfig extends STSInstanceConfig {
    private static final String X509_SYMMETRIC_WSDL = "sts_x509_symmetric.wsdl";
    private static final String X509_ASYMMETRIC_WSDL = "sts_x509_asymmetric.wsdl";
    private static final String SOAP_KEYSTORE_CONFIG = "soap-keystore-config";
    private static final String SOAP_DELEGATION_CONFIG = "soap-delegation-config";
    static final String ISSUE_TOKEN_TYPES = "issued-token-types";
    static final String SECURITY_POLICY_VALIDATED_TOKEN_CONFIG = "security-policy-validated-token-config";
    static final String DELEGATION_RELATIONSHIP_SUPPORTED = "delegation-relationship-supported";
    private final Set<TokenType> issueTokenTypes;
    private final Set<TokenValidationConfig> securityPolicyValidatedTokenConfiguration;
    private final SoapDeploymentConfig deploymentConfig;
    private final SoapSTSKeystoreConfig keystoreConfig;
    private final boolean delegationRelationshipsSupported;
    private final SoapDelegationConfig soapDelegationConfig;

    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/sts/soap/config/user/SoapSTSInstanceConfig$SoapSTSInstanceConfigBuilder.class */
    public static class SoapSTSInstanceConfigBuilder extends SoapSTSInstanceConfigBuilderBase<SoapSTSInstanceConfigBuilder> {
        public SoapSTSInstanceConfigBuilder() {
            super();
        }

        @Override // org.forgerock.openam.sts.config.user.STSInstanceConfig.STSInstanceConfigBuilderBase
        public SoapSTSInstanceConfigBuilder self() {
            return this;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/sts/soap/config/user/SoapSTSInstanceConfig$SoapSTSInstanceConfigBuilderBase.class */
    public static abstract class SoapSTSInstanceConfigBuilderBase<T extends SoapSTSInstanceConfigBuilderBase<T>> extends STSInstanceConfig.STSInstanceConfigBuilderBase<T> {
        private EnumSet<TokenType> issueTokenTypes;
        private Set<TokenValidationConfig> securityPolicyValidatedTokenConfiguration;
        private SoapDeploymentConfig deploymentConfig;
        private SoapSTSKeystoreConfig keystoreConfig;
        private SoapDelegationConfig soapDelegationConfig;
        private boolean delegationRelationshipsSupported;

        private SoapSTSInstanceConfigBuilderBase() {
            this.issueTokenTypes = EnumSet.noneOf(TokenType.class);
            this.securityPolicyValidatedTokenConfiguration = new HashSet();
        }

        public T deploymentConfig(SoapDeploymentConfig soapDeploymentConfig) {
            this.deploymentConfig = soapDeploymentConfig;
            return (T) self();
        }

        public T addSecurityPolicyTokenValidationConfiguration(TokenType tokenType, boolean z) {
            this.securityPolicyValidatedTokenConfiguration.add(new TokenValidationConfig(tokenType, z));
            return (T) self();
        }

        public T setSecurityPolicyValidatedTokenConfiguration(Set<TokenValidationConfig> set) {
            this.securityPolicyValidatedTokenConfiguration.addAll(set);
            return (T) self();
        }

        public T addIssueTokenType(TokenType tokenType) {
            if (!TokenType.SAML2.equals(tokenType) && !TokenType.OPENIDCONNECT.equals(tokenType)) {
                throw new IllegalArgumentException("Only SAML2 and OPENIDCONNECT tokens can be issued, not tokens of type " + tokenType);
            }
            this.issueTokenTypes.add(tokenType);
            return (T) self();
        }

        public T soapSTSKeystoreConfig(SoapSTSKeystoreConfig soapSTSKeystoreConfig) {
            this.keystoreConfig = soapSTSKeystoreConfig;
            return (T) self();
        }

        public T delegationRelationshipsSupported(boolean z) {
            this.delegationRelationshipsSupported = z;
            return (T) self();
        }

        public T soapDelegationConfig(SoapDelegationConfig soapDelegationConfig) {
            this.soapDelegationConfig = soapDelegationConfig;
            return (T) self();
        }

        @Override // org.forgerock.openam.sts.config.user.STSInstanceConfig.STSInstanceConfigBuilderBase
        public SoapSTSInstanceConfig build() {
            return new SoapSTSInstanceConfig(this);
        }
    }

    private SoapSTSInstanceConfig(SoapSTSInstanceConfigBuilderBase<?> soapSTSInstanceConfigBuilderBase) {
        super(soapSTSInstanceConfigBuilderBase);
        this.issueTokenTypes = Collections.unmodifiableSet(((SoapSTSInstanceConfigBuilderBase) soapSTSInstanceConfigBuilderBase).issueTokenTypes);
        this.deploymentConfig = ((SoapSTSInstanceConfigBuilderBase) soapSTSInstanceConfigBuilderBase).deploymentConfig;
        this.keystoreConfig = ((SoapSTSInstanceConfigBuilderBase) soapSTSInstanceConfigBuilderBase).keystoreConfig;
        this.delegationRelationshipsSupported = ((SoapSTSInstanceConfigBuilderBase) soapSTSInstanceConfigBuilderBase).delegationRelationshipsSupported;
        this.securityPolicyValidatedTokenConfiguration = ((SoapSTSInstanceConfigBuilderBase) soapSTSInstanceConfigBuilderBase).securityPolicyValidatedTokenConfiguration != null ? Collections.unmodifiableSet(((SoapSTSInstanceConfigBuilderBase) soapSTSInstanceConfigBuilderBase).securityPolicyValidatedTokenConfiguration) : Collections.emptySet();
        this.soapDelegationConfig = ((SoapSTSInstanceConfigBuilderBase) soapSTSInstanceConfigBuilderBase).soapDelegationConfig;
        if (this.deploymentConfig == null) {
            throw new IllegalStateException("SoapDeploymentConfig cannot be null");
        }
        if (CollectionUtils.isEmpty(this.issueTokenTypes)) {
            throw new IllegalStateException("Issued token types must be specified.");
        }
        if (CollectionUtils.isEmpty(this.securityPolicyValidatedTokenConfiguration) && !this.delegationRelationshipsSupported) {
            throw new IllegalStateException("Either the securityPolicyValidatedTokenConfiguration must be specified to configure TokenValidators enforcing SecurityPolicy bindings, or token delegation relationships must be supported.");
        }
        if (this.saml2Config == null && this.issueTokenTypes.contains(TokenType.SAML2)) {
            throw new IllegalStateException("A SAML2 token is specified as an issued token type, but no SAML2Config state has been specified to guide the production of SAML2 tokens.");
        }
        if (this.openIdConnectTokenConfig == null && this.issueTokenTypes.contains(TokenType.OPENIDCONNECT)) {
            throw new IllegalStateException("A OPENIDCONNECT token is specified as an issued token type, but no OpenIdConnectTokenConfig state has been specified to guide the production of OPENIDCONNECT tokens.");
        }
        if (this.delegationRelationshipsSupported && this.soapDelegationConfig == null) {
            throw new IllegalStateException("If the soap STS instance is configured to support delegation relationship, the SoapDelegationConfig instance must be non-null.");
        }
        if (areSTSClientsAssertedViaX509() && !isX509TokenValidatorPresent()) {
            throw new IllegalStateException("Configured STS instance does not specify a X509 TokenType in the securityPolicyValidatedTokenConfiguration, yet is to be deployed with a .wsdl which mandates the assertion of caller identity via x509 certificates.");
        }
    }

    private boolean areSTSClientsAssertedViaX509() {
        String wsdlLocation = this.deploymentConfig.getWsdlLocation();
        return X509_ASYMMETRIC_WSDL.equals(wsdlLocation) || X509_SYMMETRIC_WSDL.equals(wsdlLocation);
    }

    private boolean isX509TokenValidatorPresent() {
        Iterator<TokenValidationConfig> it = this.securityPolicyValidatedTokenConfiguration.iterator();
        while (it.hasNext()) {
            if (TokenType.X509.equals(it.next().getValidatedTokenType())) {
                return true;
            }
        }
        return false;
    }

    public static SoapSTSInstanceConfigBuilder builder() {
        return new SoapSTSInstanceConfigBuilder();
    }

    public SoapDeploymentConfig getDeploymentConfig() {
        return this.deploymentConfig;
    }

    public Set<TokenType> getIssueTokenTypes() {
        return this.issueTokenTypes;
    }

    public Set<TokenValidationConfig> getSecurityPolicyValidatedTokenConfiguration() {
        return this.securityPolicyValidatedTokenConfiguration;
    }

    public SoapSTSKeystoreConfig getKeystoreConfig() {
        return this.keystoreConfig;
    }

    public boolean delegationRelationshipsSupported() {
        return this.delegationRelationshipsSupported;
    }

    public SoapDelegationConfig getSoapDelegationConfig() {
        return this.soapDelegationConfig;
    }

    public String getDeploymentSubPath() {
        return new DeploymentPathNormalizationImpl().normalizeDeploymentPath(new UrlConstituentCatenatorImpl().catenateUrlConstituents(getDeploymentConfig().getRealm(), getDeploymentConfig().getUriElement()));
    }

    @Override // org.forgerock.openam.sts.config.user.STSInstanceConfig
    public String toString() {
        StringBuilder sb = new StringBuilder("SoapSTSInstanceConfig instance:\n");
        sb.append('\t').append("STSInstanceConfig base: ").append(super.toString()).append('\n');
        sb.append('\t').append("KeyStoreConfig: ").append(this.keystoreConfig != null ? this.keystoreConfig : null).append('\n');
        sb.append('\t').append("issueTokenTypes: ").append(this.issueTokenTypes).append('\n');
        sb.append('\t').append("securityPolicyValidatedTokenConfiguration: ").append(this.securityPolicyValidatedTokenConfiguration).append('\n');
        sb.append('\t').append("deploymentConfig: ").append(this.deploymentConfig).append('\n');
        sb.append('\t').append("delegationRelationshipsSupported: ").append(this.delegationRelationshipsSupported).append('\n');
        sb.append('\t').append("soapDelegationConfig: ").append(this.soapDelegationConfig).append('\n');
        return sb.toString();
    }

    @Override // org.forgerock.openam.sts.config.user.STSInstanceConfig
    public boolean equals(Object obj) {
        if (!(obj instanceof SoapSTSInstanceConfig)) {
            return false;
        }
        SoapSTSInstanceConfig soapSTSInstanceConfig = (SoapSTSInstanceConfig) obj;
        return super.equals(soapSTSInstanceConfig) && this.delegationRelationshipsSupported == soapSTSInstanceConfig.delegationRelationshipsSupported && Objects.equal(this.soapDelegationConfig, soapSTSInstanceConfig.getSoapDelegationConfig()) && Objects.equal(this.keystoreConfig, soapSTSInstanceConfig.getKeystoreConfig()) && this.deploymentConfig.equals(soapSTSInstanceConfig.getDeploymentConfig()) && Objects.equal(this.issueTokenTypes, soapSTSInstanceConfig.getIssueTokenTypes()) && Objects.equal(this.securityPolicyValidatedTokenConfiguration, soapSTSInstanceConfig.getSecurityPolicyValidatedTokenConfiguration());
    }

    public int hashCode() {
        return toString().hashCode();
    }

    @Override // org.forgerock.openam.sts.config.user.STSInstanceConfig
    public JsonValue toJson() {
        JsonValue json = super.toJson();
        json.add("deployment-config", this.deploymentConfig.toJson());
        JsonValue jsonValue = new JsonValue(new ArrayList());
        List<Object> asList = jsonValue.asList();
        Iterator<TokenValidationConfig> it = this.securityPolicyValidatedTokenConfiguration.iterator();
        while (it.hasNext()) {
            asList.add(it.next().toJson());
        }
        json.add("security-policy-validated-token-config", jsonValue);
        json.add(SOAP_KEYSTORE_CONFIG, this.keystoreConfig != null ? this.keystoreConfig.toJson() : null);
        if (this.issueTokenTypes != null) {
            JsonValue jsonValue2 = new JsonValue(new ArrayList());
            Collection asCollection = jsonValue2.asCollection(String.class);
            Iterator<TokenType> it2 = this.issueTokenTypes.iterator();
            while (it2.hasNext()) {
                asCollection.add(it2.next().name());
            }
            json.add(ISSUE_TOKEN_TYPES, jsonValue2);
        }
        json.add("delegation-relationship-supported", String.valueOf(this.delegationRelationshipsSupported));
        json.add(SOAP_DELEGATION_CONFIG, this.soapDelegationConfig != null ? this.soapDelegationConfig.toJson() : null);
        return json;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static SoapSTSInstanceConfig fromJson(JsonValue jsonValue) {
        if (jsonValue == null) {
            throw new NullPointerException("JsonValue cannot be null!");
        }
        STSInstanceConfig fromJson = STSInstanceConfig.fromJson(jsonValue);
        SoapSTSInstanceConfigBuilder deploymentConfig = ((SoapSTSInstanceConfigBuilder) ((SoapSTSInstanceConfigBuilder) ((SoapSTSInstanceConfigBuilder) builder().saml2Config(fromJson.getSaml2Config())).oidcIdTokenConfig(fromJson.getOpenIdConnectTokenConfig())).persistIssuedTokensInCTS(fromJson.persistIssuedTokensInCTS())).deploymentConfig(SoapDeploymentConfig.fromJson(jsonValue.get("deployment-config")));
        JsonValue jsonValue2 = jsonValue.get("security-policy-validated-token-config");
        if (!jsonValue2.isNull()) {
            if (!jsonValue2.isList()) {
                throw new IllegalStateException("Unexpected value for the security-policy-validated-token-config field: " + jsonValue2.asString());
            }
            HashSet hashSet = new HashSet();
            Iterator<Object> it = jsonValue2.asList().iterator();
            while (it.hasNext()) {
                hashSet.add(TokenValidationConfig.fromJson(new JsonValue(it.next())));
            }
            deploymentConfig.setSecurityPolicyValidatedTokenConfiguration(hashSet);
        }
        deploymentConfig.soapSTSKeystoreConfig(SoapSTSKeystoreConfig.fromJson(jsonValue.get(SOAP_KEYSTORE_CONFIG)));
        if (!jsonValue.get(ISSUE_TOKEN_TYPES).isNull()) {
            Iterator<Object> it2 = jsonValue.get(ISSUE_TOKEN_TYPES).asCollection().iterator();
            while (it2.hasNext()) {
                deploymentConfig.addIssueTokenType(TokenType.valueOf(it2.next().toString()));
            }
        }
        deploymentConfig.delegationRelationshipsSupported(Boolean.valueOf(jsonValue.get("delegation-relationship-supported").asString()).booleanValue());
        if (!jsonValue.get(SOAP_DELEGATION_CONFIG).isNull()) {
            deploymentConfig.soapDelegationConfig(SoapDelegationConfig.fromJson(jsonValue.get(SOAP_DELEGATION_CONFIG)));
        }
        return deploymentConfig.build();
    }

    @Override // org.forgerock.openam.sts.config.user.STSInstanceConfig
    public Map<String, Set<String>> marshalToAttributeMap() {
        Map<String, Set<String>> smsMap = MapMarshallUtils.toSmsMap(toJson().asMap());
        smsMap.remove("deployment-config");
        smsMap.putAll(this.deploymentConfig.marshalToAttributeMap());
        smsMap.remove("security-policy-validated-token-config");
        HashSet hashSet = new HashSet();
        smsMap.put("security-policy-validated-token-config", hashSet);
        Iterator<TokenValidationConfig> it = this.securityPolicyValidatedTokenConfiguration.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().toSMSString());
        }
        smsMap.remove(ISSUE_TOKEN_TYPES);
        HashSet hashSet2 = new HashSet();
        smsMap.put(ISSUE_TOKEN_TYPES, hashSet2);
        Iterator<TokenType> it2 = this.issueTokenTypes.iterator();
        while (it2.hasNext()) {
            hashSet2.add(it2.next().toString());
        }
        smsMap.remove("saml2-config");
        if (this.saml2Config != null) {
            smsMap.putAll(this.saml2Config.marshalToAttributeMap());
        } else {
            smsMap.putAll(SAML2Config.getEmptySMSAttributeState());
        }
        smsMap.remove("oidc-id-token-config");
        if (this.openIdConnectTokenConfig != null) {
            smsMap.putAll(this.openIdConnectTokenConfig.marshalToAttributeMap());
        } else {
            smsMap.putAll(OpenIdConnectTokenConfig.getEmptySMSAttributeState());
        }
        smsMap.remove(SOAP_KEYSTORE_CONFIG);
        if (this.keystoreConfig != null) {
            smsMap.putAll(this.keystoreConfig.marshalToAttributeMap());
        } else {
            smsMap.putAll(SoapSTSKeystoreConfig.getEmptySMSAttributeState());
        }
        smsMap.remove(SOAP_DELEGATION_CONFIG);
        if (this.soapDelegationConfig != null) {
            smsMap.putAll(this.soapDelegationConfig.marshalToAttributeMap());
        } else {
            smsMap.putAll(SoapDelegationConfig.getEmptySMSAttributeState());
        }
        return smsMap;
    }

    public static SoapSTSInstanceConfig marshalFromAttributeMap(Map<String, Set<String>> map) {
        Map<String, Object> jsonValueMap = MapMarshallUtils.toJsonValueMap(map);
        SoapDeploymentConfig marshalFromAttributeMap = SoapDeploymentConfig.marshalFromAttributeMap(map);
        jsonValueMap.remove("deployment-config");
        jsonValueMap.put("deployment-config", marshalFromAttributeMap.toJson());
        SAML2Config marshalFromAttributeMap2 = SAML2Config.marshalFromAttributeMap(map);
        if (marshalFromAttributeMap2 != null) {
            jsonValueMap.remove("saml2-config");
            jsonValueMap.put("saml2-config", marshalFromAttributeMap2.toJson());
        }
        OpenIdConnectTokenConfig marshalFromAttributeMap3 = OpenIdConnectTokenConfig.marshalFromAttributeMap(map);
        if (marshalFromAttributeMap3 != null) {
            jsonValueMap.remove("oidc-id-token-config");
            jsonValueMap.put("oidc-id-token-config", marshalFromAttributeMap3.toJson());
        }
        SoapSTSKeystoreConfig marshalFromAttributeMap4 = SoapSTSKeystoreConfig.marshalFromAttributeMap(map);
        if (marshalFromAttributeMap4 != null) {
            jsonValueMap.remove(SOAP_KEYSTORE_CONFIG);
            jsonValueMap.put(SOAP_KEYSTORE_CONFIG, marshalFromAttributeMap4.toJson());
        }
        ArrayList arrayList = new ArrayList();
        JsonValue jsonValue = new JsonValue(arrayList);
        jsonValueMap.remove("security-policy-validated-token-config");
        jsonValueMap.put("security-policy-validated-token-config", jsonValue);
        Iterator<String> it = map.get("security-policy-validated-token-config").iterator();
        while (it.hasNext()) {
            arrayList.add(TokenValidationConfig.fromSMSString(it.next()).toJson());
        }
        ArrayList arrayList2 = new ArrayList();
        JsonValue jsonValue2 = new JsonValue(arrayList2);
        jsonValueMap.remove(ISSUE_TOKEN_TYPES);
        jsonValueMap.put(ISSUE_TOKEN_TYPES, jsonValue2);
        Iterator<String> it2 = map.get(ISSUE_TOKEN_TYPES).iterator();
        while (it2.hasNext()) {
            arrayList2.add(it2.next());
        }
        SoapDelegationConfig marshalFromAttributeMap5 = SoapDelegationConfig.marshalFromAttributeMap(map);
        if (marshalFromAttributeMap5 != null) {
            jsonValueMap.remove(SOAP_DELEGATION_CONFIG);
            jsonValueMap.put(SOAP_DELEGATION_CONFIG, marshalFromAttributeMap5.toJson());
        }
        return fromJson(new JsonValue(jsonValueMap));
    }

    public static SoapSTSInstanceConfig marshalFromJsonAttributeMap(JsonValue jsonValue) throws IllegalStateException {
        if (jsonValue == null) {
            throw new IllegalStateException("JsonValue cannot be null!");
        }
        if (!jsonValue.isMap()) {
            throw new IllegalStateException("In SoapSTSInstanceConfig#marshalFromJsonAttributeMap, Passed-in JsonValue is not a map. The JsonValue instance: " + jsonValue.toString());
        }
        HashMap hashMap = new HashMap();
        for (String str : jsonValue.keys()) {
            JsonValue jsonValue2 = jsonValue.get(str);
            if (jsonValue2.isNull()) {
                hashMap.put(str, Collections.emptySet());
            } else {
                if (!jsonValue2.isCollection()) {
                    throw new IllegalStateException("In SoapSTSInstanceConfig#marshalFromJsonAttributeMap, value corresponding to key " + str + " is not a collection. The value: " + jsonValue2);
                }
                hashMap.put(str, new HashSet(jsonValue2.asCollection(String.class)));
            }
        }
        return marshalFromAttributeMap((Map<String, Set<String>>) hashMap);
    }
}
