package org.forgerock.openam.sts.config.user;

import com.google.common.base.Objects;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.xmlenc.EncryptionConstants;
import java.io.UnsupportedEncodingException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import org.forgerock.openam.sdk.org.forgerock.json.JsonValue;
import org.forgerock.openam.sts.MapMarshallUtils;
import org.forgerock.openam.utils.CollectionUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/sts/config/user/SAML2Config.class */
public class SAML2Config {
    private static final String EQUALS = "=";
    static final String NAME_ID_FORMAT = "saml2-name-id-format";
    static final String ATTRIBUTE_MAP = "saml2-attribute-map";
    static final String TOKEN_LIFETIME = "saml2-token-lifetime-seconds";
    static final String CUSTOM_CONDITIONS_PROVIDER_CLASS = "saml2-custom-conditions-provider-class-name";
    static final String CUSTOM_SUBJECT_PROVIDER_CLASS = "saml2-custom-subject-provider-class-name";
    static final String CUSTOM_ATTRIBUTE_STATEMENTS_PROVIDER_CLASS = "saml2-custom-attribute-statements-provider-class-name";
    static final String CUSTOM_AUTHENTICATION_STATEMENTS_PROVIDER_CLASS = "saml2-custom-authentication-statements-provider-class-name";
    static final String CUSTOM_AUTHZ_DECISION_STATEMENTS_PROVIDER_CLASS = "saml2-custom-authz-decision-statements-provider-class-name";
    static final String CUSTOM_ATTRIBUTE_MAPPER_CLASS = "saml2-custom-attribute-mapper-class-name";
    static final String CUSTOM_AUTHN_CONTEXT_MAPPER_CLASS = "saml2-custom-authn-context-mapper-class-name";
    static final String SIGN_ASSERTION = "saml2-sign-assertion";
    static final String ENCRYPT_ATTRIBUTES = "saml2-encrypt-attributes";
    static final String ENCRYPT_NAME_ID = "saml2-encrypt-nameid";
    static final String ENCRYPT_ASSERTION = "saml2-encrypt-assertion";
    static final String ENCRYPTION_ALGORITHM = "saml2-encryption-algorithm";
    static final String ENCRYPTION_ALGORITHM_STRENGTH = "saml2-encryption-algorithm-strength";
    static final String KEYSTORE_FILE_NAME = "saml2-keystore-filename";
    static final String KEYSTORE_PASSWORD = "saml2-keystore-password";
    static final String SP_ENTITY_ID = "saml2-sp-entity-id";
    static final String SP_ACS_URL = "saml2-sp-acs-url";
    static final String ENCRYPTION_KEY_ALIAS = "saml2-encryption-key-alias";
    static final String SIGNATURE_KEY_ALIAS = "saml2-signature-key-alias";
    static final String SIGNATURE_KEY_PASSWORD = "saml2-signature-key-password";
    static final String ISSUER_NAME = "issuer-name";
    private final String nameIdFormat;
    private final Map<String, String> attributeMap;
    private final long tokenLifetimeInSeconds;
    private final String customConditionsProviderClassName;
    private final String customSubjectProviderClassName;
    private final String customAuthenticationStatementsProviderClassName;
    private final String customAttributeStatementsProviderClassName;
    private final String customAuthzDecisionStatementsProviderClassName;
    private final String customAttributeMapperClassName;
    private final String customAuthNContextMapperClassName;
    private final String spEntityId;
    private final String spAcsUrl;
    private final boolean signAssertion;
    private final boolean encryptNameID;
    private final boolean encryptAttributes;
    private final boolean encryptAssertion;
    private final String encryptionAlgorithm;
    private final int encryptionAlgorithmStrength;
    private final String keystoreFileName;
    private final byte[] keystorePassword;
    private final String signatureKeyAlias;
    private final byte[] signatureKeyPassword;
    private final String encryptionKeyAlias;
    private final String idpId;

    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/sts/config/user/SAML2Config$SAML2ConfigBuilder.class */
    public static class SAML2ConfigBuilder {
        private String idpId;
        private String nameIdFormat;
        private Map<String, String> attributeMap;
        private long tokenLifetimeInSeconds;
        private String customConditionsProviderClassName;
        private String customSubjectProviderClassName;
        private String customAuthenticationStatementsProviderClassName;
        private String customAttributeStatementsProviderClassName;
        private String customAuthzDecisionStatementsProviderClassName;
        private String customAttributeMapperClassName;
        private String customAuthNContextMapperClassName;
        private String spEntityId;
        private String spAcsUrl;
        private boolean signAssertion;
        private boolean encryptNameID;
        private boolean encryptAttributes;
        private boolean encryptAssertion;
        private String encryptionAlgorithm;
        private int encryptionAlgorithmStrength;
        private String keystoreFileName;
        private byte[] keystorePassword;
        private String signatureKeyAlias;
        private byte[] signatureKeyPassword;
        private String encryptionKeyAlias;

        private SAML2ConfigBuilder() {
            this.nameIdFormat = SAML2Constants.UNSPECIFIED;
            this.tokenLifetimeInSeconds = 600L;
        }

        public SAML2ConfigBuilder nameIdFormat(String str) {
            this.nameIdFormat = str;
            return this;
        }

        public SAML2ConfigBuilder idpId(String str) {
            this.idpId = str;
            return this;
        }

        public SAML2ConfigBuilder attributeMap(Map<String, String> map) {
            this.attributeMap = Collections.unmodifiableMap(map);
            return this;
        }

        public SAML2ConfigBuilder tokenLifetimeInSeconds(long j) {
            this.tokenLifetimeInSeconds = j;
            return this;
        }

        public SAML2ConfigBuilder customConditionsProviderClassName(String str) {
            this.customConditionsProviderClassName = str;
            return this;
        }

        public SAML2ConfigBuilder customSubjectProviderClassName(String str) {
            this.customSubjectProviderClassName = str;
            return this;
        }

        public SAML2ConfigBuilder customAuthenticationStatementsProviderClassName(String str) {
            this.customAuthenticationStatementsProviderClassName = str;
            return this;
        }

        public SAML2ConfigBuilder customAttributeStatementsProviderClassName(String str) {
            this.customAttributeStatementsProviderClassName = str;
            return this;
        }

        public SAML2ConfigBuilder customAuthzDecisionStatementsProviderClassName(String str) {
            this.customAuthzDecisionStatementsProviderClassName = str;
            return this;
        }

        public SAML2ConfigBuilder customAttributeMapperClassName(String str) {
            this.customAttributeMapperClassName = str;
            return this;
        }

        public SAML2ConfigBuilder customAuthNContextMapperClassName(String str) {
            this.customAuthNContextMapperClassName = str;
            return this;
        }

        public SAML2ConfigBuilder spEntityId(String str) {
            this.spEntityId = str;
            return this;
        }

        public SAML2ConfigBuilder spAcsUrl(String str) {
            this.spAcsUrl = str;
            return this;
        }

        public SAML2ConfigBuilder signatureKeyAlias(String str) {
            this.signatureKeyAlias = str;
            return this;
        }

        public SAML2ConfigBuilder signatureKeyPassword(byte[] bArr) {
            this.signatureKeyPassword = bArr;
            return this;
        }

        public SAML2ConfigBuilder encryptionKeyAlias(String str) {
            this.encryptionKeyAlias = str;
            return this;
        }

        public SAML2ConfigBuilder signAssertion(boolean z) {
            this.signAssertion = z;
            return this;
        }

        public SAML2ConfigBuilder encryptNameID(boolean z) {
            this.encryptNameID = z;
            return this;
        }

        public SAML2ConfigBuilder encryptAttributes(boolean z) {
            this.encryptAttributes = z;
            return this;
        }

        public SAML2ConfigBuilder encryptAssertion(boolean z) {
            this.encryptAssertion = z;
            return this;
        }

        public SAML2ConfigBuilder encryptionAlgorithm(String str) {
            this.encryptionAlgorithm = str;
            return this;
        }

        public SAML2ConfigBuilder encryptionAlgorithmStrength(int i) {
            this.encryptionAlgorithmStrength = i;
            return this;
        }

        public SAML2ConfigBuilder keystoreFile(String str) {
            this.keystoreFileName = str;
            return this;
        }

        public SAML2ConfigBuilder keystorePassword(byte[] bArr) {
            this.keystorePassword = bArr;
            return this;
        }

        public SAML2Config build() {
            return new SAML2Config(this);
        }
    }

    private SAML2Config(SAML2ConfigBuilder sAML2ConfigBuilder) {
        this.nameIdFormat = sAML2ConfigBuilder.nameIdFormat;
        if (sAML2ConfigBuilder.attributeMap != null) {
            this.attributeMap = Collections.unmodifiableMap(sAML2ConfigBuilder.attributeMap);
        } else {
            this.attributeMap = Collections.emptyMap();
        }
        this.tokenLifetimeInSeconds = sAML2ConfigBuilder.tokenLifetimeInSeconds;
        this.customConditionsProviderClassName = sAML2ConfigBuilder.customConditionsProviderClassName;
        this.customSubjectProviderClassName = sAML2ConfigBuilder.customSubjectProviderClassName;
        this.customAuthenticationStatementsProviderClassName = sAML2ConfigBuilder.customAuthenticationStatementsProviderClassName;
        this.customAuthzDecisionStatementsProviderClassName = sAML2ConfigBuilder.customAuthzDecisionStatementsProviderClassName;
        this.customAttributeStatementsProviderClassName = sAML2ConfigBuilder.customAttributeStatementsProviderClassName;
        this.customAttributeMapperClassName = sAML2ConfigBuilder.customAttributeMapperClassName;
        this.customAuthNContextMapperClassName = sAML2ConfigBuilder.customAuthNContextMapperClassName;
        this.signAssertion = sAML2ConfigBuilder.signAssertion;
        this.encryptNameID = sAML2ConfigBuilder.encryptNameID;
        this.encryptAttributes = sAML2ConfigBuilder.encryptAttributes;
        this.encryptAssertion = sAML2ConfigBuilder.encryptAssertion;
        this.encryptionAlgorithm = sAML2ConfigBuilder.encryptionAlgorithm;
        this.encryptionAlgorithmStrength = sAML2ConfigBuilder.encryptionAlgorithmStrength;
        this.keystoreFileName = sAML2ConfigBuilder.keystoreFileName;
        this.keystorePassword = sAML2ConfigBuilder.keystorePassword;
        this.spEntityId = sAML2ConfigBuilder.spEntityId;
        this.spAcsUrl = sAML2ConfigBuilder.spAcsUrl;
        this.signatureKeyAlias = sAML2ConfigBuilder.signatureKeyAlias;
        this.signatureKeyPassword = sAML2ConfigBuilder.signatureKeyPassword;
        this.encryptionKeyAlias = sAML2ConfigBuilder.encryptionKeyAlias;
        this.idpId = sAML2ConfigBuilder.idpId;
        if (this.spEntityId == null) {
            throw new IllegalArgumentException("The entity id of the consumer (SP) for issued assertions must be specified.");
        }
        if (this.encryptAssertion || this.encryptNameID || this.encryptAttributes) {
            if (this.encryptionAlgorithm == null) {
                throw new IllegalArgumentException("If elements of the assertion are to be encrypted, an encryption algorithm must be specified.");
            }
            if (this.encryptionAlgorithmStrength == 0 && !EncryptionConstants.ENC_DATA_ENC_METHOD_3DES.equals(this.encryptionAlgorithm)) {
                throw new IllegalArgumentException("If elements of the assertion are to be encrypted, an encryption algorithm strength must be specified.");
            }
            if (this.encryptionKeyAlias == null) {
                throw new IllegalArgumentException("If elements of the assertion are to be encrypted, an encryption keyalias  must be specified.");
            }
        }
        if ((this.encryptAssertion || this.encryptNameID || this.encryptAttributes || this.signAssertion) && (this.keystorePassword == null || this.keystoreFileName == null)) {
            throw new IllegalArgumentException("If the assertions are to be signed or encrypted, then the keystore file and password must be specified.");
        }
        if (this.signAssertion && (this.signatureKeyPassword == null || this.signatureKeyAlias == null)) {
            throw new IllegalArgumentException("If the assertion is to be signed, then the signature key alias and signature key password must be specified.");
        }
        if (this.encryptAssertion && (this.encryptNameID || this.encryptAttributes)) {
            throw new IllegalArgumentException("Either the entire assertion can be encrypted, or the Attributes and/or NameID.");
        }
        if (this.idpId == null) {
            throw new IllegalArgumentException("The Identity Provider id must be set.");
        }
    }

    public static SAML2ConfigBuilder builder() {
        return new SAML2ConfigBuilder();
    }

    public String getNameIdFormat() {
        return this.nameIdFormat;
    }

    public long getTokenLifetimeInSeconds() {
        return this.tokenLifetimeInSeconds;
    }

    public Map<String, String> getAttributeMap() {
        return this.attributeMap;
    }

    public String getCustomConditionsProviderClassName() {
        return this.customConditionsProviderClassName;
    }

    public String getCustomSubjectProviderClassName() {
        return this.customSubjectProviderClassName;
    }

    public String getCustomAuthenticationStatementsProviderClassName() {
        return this.customAuthenticationStatementsProviderClassName;
    }

    public String getCustomAttributeMapperClassName() {
        return this.customAttributeMapperClassName;
    }

    public String getCustomAuthNContextMapperClassName() {
        return this.customAuthNContextMapperClassName;
    }

    public String getCustomAttributeStatementsProviderClassName() {
        return this.customAttributeStatementsProviderClassName;
    }

    public String getCustomAuthzDecisionStatementsProviderClassName() {
        return this.customAuthzDecisionStatementsProviderClassName;
    }

    public boolean signAssertion() {
        return this.signAssertion;
    }

    public boolean encryptNameID() {
        return this.encryptNameID;
    }

    public boolean encryptAttributes() {
        return this.encryptAttributes;
    }

    public boolean encryptAssertion() {
        return this.encryptAssertion;
    }

    public String getEncryptionAlgorithm() {
        return this.encryptionAlgorithm;
    }

    public int getEncryptionAlgorithmStrength() {
        return this.encryptionAlgorithmStrength;
    }

    public String getKeystoreFileName() {
        return this.keystoreFileName;
    }

    public byte[] getKeystorePassword() {
        return this.keystorePassword;
    }

    public String getSpEntityId() {
        return this.spEntityId;
    }

    public String getSpAcsUrl() {
        return this.spAcsUrl;
    }

    public String getEncryptionKeyAlias() {
        return this.encryptionKeyAlias;
    }

    public String getSignatureKeyAlias() {
        return this.signatureKeyAlias;
    }

    public byte[] getSignatureKeyPassword() {
        return this.signatureKeyPassword;
    }

    public String getIdpId() {
        return this.idpId;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("SAML2Config instance:").append('\n');
        sb.append('\t').append("IDP id: ").append(this.idpId).append('\n');
        sb.append('\t').append("nameIDFormat: ").append(this.nameIdFormat).append('\n');
        sb.append('\t').append("attributeMap: ").append(this.attributeMap).append('\n');
        sb.append('\t').append("tokenLifetimeInSeconds: ").append(this.tokenLifetimeInSeconds).append('\n');
        sb.append('\t').append("customConditionsProviderClassName: ").append(this.customConditionsProviderClassName).append('\n');
        sb.append('\t').append("customSubjectProviderClassName: ").append(this.customSubjectProviderClassName).append('\n');
        sb.append('\t').append("customAttributeStatementsProviderClassName: ").append(this.customAttributeStatementsProviderClassName).append('\n');
        sb.append('\t').append("customAttributeMapperClassName: ").append(this.customAttributeMapperClassName).append('\n');
        sb.append('\t').append("customAuthNContextMapperClassName: ").append(this.customAuthNContextMapperClassName).append('\n');
        sb.append('\t').append("customAuthenticationStatementsProviderClassName: ").append(this.customAuthenticationStatementsProviderClassName).append('\n');
        sb.append('\t').append("customAuthzDecisionStatementsProviderClassName: ").append(this.customAuthzDecisionStatementsProviderClassName).append('\n');
        sb.append('\t').append("Sign assertion ").append(this.signAssertion).append('\n');
        sb.append('\t').append("Encrypt NameID ").append(this.encryptNameID).append('\n');
        sb.append('\t').append("Encrypt Attributes ").append(this.encryptAttributes).append('\n');
        sb.append('\t').append("Encrypt Assertion ").append(this.encryptAssertion).append('\n');
        sb.append('\t').append("Encryption Algorithm ").append(this.encryptionAlgorithm).append('\n');
        sb.append('\t').append("Encryption Algorithm Strength ").append(this.encryptionAlgorithmStrength).append('\n');
        sb.append('\t').append("Keystore File ").append(this.keystoreFileName).append('\n');
        sb.append('\t').append("Keystore Password ").append("xxx").append('\n');
        sb.append('\t').append("SP Entity Id ").append(this.spEntityId).append('\n');
        sb.append('\t').append("SP ACS URL ").append(this.spAcsUrl).append('\n');
        sb.append('\t').append("Encryption key alias ").append(this.encryptionKeyAlias).append('\n');
        sb.append('\t').append("Signature key alias").append(this.signatureKeyAlias).append('\n');
        return sb.toString();
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof SAML2Config)) {
            return false;
        }
        SAML2Config sAML2Config = (SAML2Config) obj;
        return this.nameIdFormat.equals(sAML2Config.nameIdFormat) && this.idpId.equals(sAML2Config.idpId) && this.tokenLifetimeInSeconds == sAML2Config.tokenLifetimeInSeconds && this.attributeMap.equals(sAML2Config.attributeMap) && this.signAssertion == sAML2Config.signAssertion && this.encryptAssertion == sAML2Config.encryptAssertion && this.encryptAttributes == sAML2Config.encryptAttributes && this.encryptNameID == sAML2Config.encryptNameID && this.encryptionAlgorithmStrength == sAML2Config.encryptionAlgorithmStrength && this.spEntityId.equals(sAML2Config.spEntityId) && Objects.equal(this.encryptionAlgorithm, sAML2Config.encryptionAlgorithm) && Objects.equal(this.customConditionsProviderClassName, sAML2Config.customConditionsProviderClassName) && Objects.equal(this.customSubjectProviderClassName, sAML2Config.customSubjectProviderClassName) && Objects.equal(this.customAttributeStatementsProviderClassName, sAML2Config.customAttributeStatementsProviderClassName) && Objects.equal(this.customAuthzDecisionStatementsProviderClassName, sAML2Config.customAuthzDecisionStatementsProviderClassName) && Objects.equal(this.customAttributeMapperClassName, sAML2Config.customAttributeMapperClassName) && Objects.equal(this.customAuthNContextMapperClassName, sAML2Config.customAuthNContextMapperClassName) && Objects.equal(this.customAuthenticationStatementsProviderClassName, sAML2Config.customAuthenticationStatementsProviderClassName) && Objects.equal(this.keystoreFileName, sAML2Config.keystoreFileName) && Arrays.equals(this.keystorePassword, sAML2Config.keystorePassword) && Objects.equal(this.spAcsUrl, sAML2Config.spAcsUrl) && Objects.equal(this.signatureKeyAlias, sAML2Config.signatureKeyAlias) && Objects.equal(this.encryptionKeyAlias, sAML2Config.encryptionKeyAlias) && Arrays.equals(this.signatureKeyPassword, sAML2Config.signatureKeyPassword);
    }

    public int hashCode() {
        return (this.nameIdFormat + this.attributeMap + this.spEntityId + Long.toString(this.tokenLifetimeInSeconds)).hashCode();
    }

    public JsonValue toJson() {
        try {
            Map.Entry[] entryArr = new Map.Entry[24];
            entryArr[0] = JsonValue.field("issuer-name", this.idpId);
            entryArr[1] = JsonValue.field(NAME_ID_FORMAT, this.nameIdFormat);
            entryArr[2] = JsonValue.field("saml2-token-lifetime-seconds", String.valueOf(this.tokenLifetimeInSeconds));
            entryArr[3] = JsonValue.field(CUSTOM_CONDITIONS_PROVIDER_CLASS, this.customConditionsProviderClassName);
            entryArr[4] = JsonValue.field(CUSTOM_SUBJECT_PROVIDER_CLASS, this.customSubjectProviderClassName);
            entryArr[5] = JsonValue.field(CUSTOM_ATTRIBUTE_STATEMENTS_PROVIDER_CLASS, this.customAttributeStatementsProviderClassName);
            entryArr[6] = JsonValue.field(CUSTOM_ATTRIBUTE_MAPPER_CLASS, this.customAttributeMapperClassName);
            entryArr[7] = JsonValue.field(CUSTOM_AUTHN_CONTEXT_MAPPER_CLASS, this.customAuthNContextMapperClassName);
            entryArr[8] = JsonValue.field(CUSTOM_AUTHENTICATION_STATEMENTS_PROVIDER_CLASS, this.customAuthenticationStatementsProviderClassName);
            entryArr[9] = JsonValue.field(CUSTOM_AUTHZ_DECISION_STATEMENTS_PROVIDER_CLASS, this.customAuthzDecisionStatementsProviderClassName);
            entryArr[10] = JsonValue.field("saml2-sign-assertion", String.valueOf(this.signAssertion));
            entryArr[11] = JsonValue.field("saml2-encrypt-assertion", String.valueOf(this.encryptAssertion));
            entryArr[12] = JsonValue.field("saml2-encrypt-attributes", String.valueOf(this.encryptAttributes));
            entryArr[13] = JsonValue.field("saml2-encrypt-nameid", String.valueOf(this.encryptNameID));
            entryArr[14] = JsonValue.field("saml2-encryption-algorithm", this.encryptionAlgorithm);
            entryArr[15] = JsonValue.field("saml2-encryption-algorithm-strength", String.valueOf(this.encryptionAlgorithmStrength));
            entryArr[16] = JsonValue.field("saml2-attribute-map", this.attributeMap);
            entryArr[17] = JsonValue.field("saml2-keystore-filename", this.keystoreFileName);
            entryArr[18] = JsonValue.field("saml2-keystore-password", this.keystorePassword != null ? new String(this.keystorePassword, "UTF-8") : null);
            entryArr[19] = JsonValue.field("saml2-sp-acs-url", this.spAcsUrl);
            entryArr[20] = JsonValue.field("saml2-sp-entity-id", this.spEntityId);
            entryArr[21] = JsonValue.field("saml2-signature-key-alias", this.signatureKeyAlias);
            entryArr[22] = JsonValue.field("saml2-signature-key-password", this.signatureKeyPassword != null ? new String(this.signatureKeyPassword, "UTF-8") : null);
            entryArr[23] = JsonValue.field("saml2-encryption-key-alias", this.encryptionKeyAlias);
            return JsonValue.json(JsonValue.object((Map.Entry<String, Object>[]) entryArr));
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("Unsupported encoding when marshalling from String to to byte[]: " + e, e);
        }
    }

    public static SAML2Config fromJson(JsonValue jsonValue) throws IllegalStateException {
        try {
            return builder().idpId(jsonValue.get("issuer-name").asString()).nameIdFormat(jsonValue.get(NAME_ID_FORMAT).asString()).tokenLifetimeInSeconds(Long.valueOf(jsonValue.get("saml2-token-lifetime-seconds").asString()).longValue()).customConditionsProviderClassName(jsonValue.get(CUSTOM_CONDITIONS_PROVIDER_CLASS).asString()).customSubjectProviderClassName(jsonValue.get(CUSTOM_SUBJECT_PROVIDER_CLASS).asString()).customAttributeStatementsProviderClassName(jsonValue.get(CUSTOM_ATTRIBUTE_STATEMENTS_PROVIDER_CLASS).asString()).customAttributeMapperClassName(jsonValue.get(CUSTOM_ATTRIBUTE_MAPPER_CLASS).asString()).customAuthNContextMapperClassName(jsonValue.get(CUSTOM_AUTHN_CONTEXT_MAPPER_CLASS).asString()).customAuthenticationStatementsProviderClassName(jsonValue.get(CUSTOM_AUTHENTICATION_STATEMENTS_PROVIDER_CLASS).asString()).customAuthzDecisionStatementsProviderClassName(jsonValue.get(CUSTOM_AUTHZ_DECISION_STATEMENTS_PROVIDER_CLASS).asString()).signAssertion(Boolean.valueOf(jsonValue.get("saml2-sign-assertion").asString()).booleanValue()).encryptAssertion(Boolean.valueOf(jsonValue.get("saml2-encrypt-assertion").asString()).booleanValue()).encryptNameID(Boolean.valueOf(jsonValue.get("saml2-encrypt-nameid").asString()).booleanValue()).encryptAttributes(Boolean.valueOf(jsonValue.get("saml2-encrypt-attributes").asString()).booleanValue()).encryptionAlgorithm(jsonValue.get("saml2-encryption-algorithm").asString()).encryptionAlgorithmStrength(Integer.valueOf(jsonValue.get("saml2-encryption-algorithm-strength").asString()).intValue()).attributeMap(jsonValue.get("saml2-attribute-map").asMap(String.class)).keystoreFile(jsonValue.get("saml2-keystore-filename").asString()).keystorePassword(jsonValue.get("saml2-keystore-password").isString() ? jsonValue.get("saml2-keystore-password").asString().getBytes("UTF-8") : null).signatureKeyPassword(jsonValue.get("saml2-signature-key-password").isString() ? jsonValue.get("saml2-signature-key-password").asString().getBytes("UTF-8") : null).signatureKeyAlias(jsonValue.get("saml2-signature-key-alias").asString()).spAcsUrl(jsonValue.get("saml2-sp-acs-url").asString()).spEntityId(jsonValue.get("saml2-sp-entity-id").asString()).encryptionKeyAlias(jsonValue.get("saml2-encryption-key-alias").asString()).build();
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("Unsupported encoding when marshalling from String to to byte[]: " + e, e);
        }
    }

    public Map<String, Set<String>> marshalToAttributeMap() {
        Map<String, Object> asMap = toJson().asMap();
        Map<String, Set<String>> smsMap = MapMarshallUtils.toSmsMap(asMap);
        Object obj = asMap.get("saml2-attribute-map");
        if (!(obj instanceof Map)) {
            throw new IllegalStateException("Type corresponding to saml2-attribute-map key unexpected. Type: " + (obj != null ? obj.getClass().getName() : " null"));
        }
        smsMap.remove("saml2-attribute-map");
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        smsMap.put("saml2-attribute-map", linkedHashSet);
        for (Map.Entry entry : ((Map) obj).entrySet()) {
            linkedHashSet.add(((String) entry.getKey()) + "=" + ((String) entry.getValue()));
        }
        return smsMap;
    }

    public static SAML2Config marshalFromAttributeMap(Map<String, Set<String>> map) {
        if (CollectionUtils.isEmpty(map.get("issuer-name"))) {
            return null;
        }
        Map<String, Object> jsonValueMap = MapMarshallUtils.toJsonValueMap(map);
        jsonValueMap.remove("saml2-attribute-map");
        Set<String> set = map.get("saml2-attribute-map");
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            String[] split = it.next().split("=");
            linkedHashMap.put(split[0], split[1]);
        }
        jsonValueMap.put("saml2-attribute-map", new JsonValue(linkedHashMap));
        return fromJson(new JsonValue(jsonValueMap));
    }

    public static Map<String, Set<String>> getEmptySMSAttributeState() {
        HashMap hashMap = new HashMap();
        hashMap.put(NAME_ID_FORMAT, Collections.emptySet());
        hashMap.put("saml2-attribute-map", Collections.emptySet());
        hashMap.put("saml2-token-lifetime-seconds", Collections.emptySet());
        hashMap.put(CUSTOM_CONDITIONS_PROVIDER_CLASS, Collections.emptySet());
        hashMap.put(CUSTOM_SUBJECT_PROVIDER_CLASS, Collections.emptySet());
        hashMap.put(CUSTOM_ATTRIBUTE_STATEMENTS_PROVIDER_CLASS, Collections.emptySet());
        hashMap.put(CUSTOM_AUTHENTICATION_STATEMENTS_PROVIDER_CLASS, Collections.emptySet());
        hashMap.put(CUSTOM_AUTHZ_DECISION_STATEMENTS_PROVIDER_CLASS, Collections.emptySet());
        hashMap.put(CUSTOM_ATTRIBUTE_MAPPER_CLASS, Collections.emptySet());
        hashMap.put(CUSTOM_AUTHN_CONTEXT_MAPPER_CLASS, Collections.emptySet());
        hashMap.put("saml2-sign-assertion", Collections.emptySet());
        hashMap.put("saml2-encrypt-attributes", Collections.emptySet());
        hashMap.put("saml2-encrypt-nameid", Collections.emptySet());
        hashMap.put("saml2-encrypt-assertion", Collections.emptySet());
        hashMap.put("saml2-encryption-algorithm", Collections.emptySet());
        hashMap.put("saml2-encryption-algorithm-strength", Collections.emptySet());
        hashMap.put("saml2-keystore-filename", Collections.emptySet());
        hashMap.put("saml2-keystore-password", Collections.emptySet());
        hashMap.put("saml2-sp-entity-id", Collections.emptySet());
        hashMap.put("saml2-sp-acs-url", Collections.emptySet());
        hashMap.put("saml2-encryption-key-alias", Collections.emptySet());
        hashMap.put("saml2-signature-key-alias", Collections.emptySet());
        hashMap.put("saml2-signature-key-password", Collections.emptySet());
        hashMap.put("issuer-name", Collections.emptySet());
        return hashMap;
    }
}
