package org.openl.security.saml;

import java.io.ByteArrayInputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.Iterator;
import org.openl.util.StringUtils;
import org.opensaml.security.x509.X509Support;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.env.PropertyResolver;
import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;

/* loaded from: input_file:org/openl/security/saml/LazyInMemoryRelyingPartyRegistrationRepository.class */
public class LazyInMemoryRelyingPartyRegistrationRepository implements RelyingPartyRegistrationRepository, Iterable<RelyingPartyRegistration> {
    private static final Logger log = LoggerFactory.getLogger(LazyInMemoryRelyingPartyRegistrationRepository.class);
    private InMemoryRelyingPartyRegistrationRepository relyingPartyRegistrationRepository;
    private PropertyResolver propertyResolver;

    public LazyInMemoryRelyingPartyRegistrationRepository(PropertyResolver propertyResolver) {
        this.propertyResolver = propertyResolver;
        init();
    }

    private void init() {
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getMimeDecoder().decode(this.propertyResolver.getProperty("security.saml.local-key"))));
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.getMimeDecoder().decode(this.propertyResolver.getProperty("security.saml.local-certificate"))));
            Saml2X509Credential signing = Saml2X509Credential.signing(generatePrivate, x509Certificate);
            Saml2X509Credential decryption = Saml2X509Credential.decryption(generatePrivate, x509Certificate);
            RelyingPartyRegistration.Builder decryptionX509Credentials = RelyingPartyRegistrations.fromMetadataLocation(this.propertyResolver.getProperty("security.saml.saml-server-metadata-url")).registrationId("webstudio").singleLogoutServiceLocation("{baseUrl}/logout/saml2/slo").entityId(this.propertyResolver.getProperty("security.saml.entity-id")).signingX509Credentials(collection -> {
                collection.add(signing);
            }).decryptionX509Credentials(collection2 -> {
                collection2.add(decryption);
            });
            String property = this.propertyResolver.getProperty("security.saml.server-certificate");
            if (StringUtils.isNotBlank(property)) {
                Saml2X509Credential verification = Saml2X509Credential.verification(X509Support.decodeCertificate(property));
                decryptionX509Credentials.assertingPartyDetails(builder -> {
                    builder.verificationX509Credentials(collection3 -> {
                        collection3.clear();
                        collection3.add(verification);
                    });
                });
            }
            this.relyingPartyRegistrationRepository = new InMemoryRelyingPartyRegistrationRepository(new RelyingPartyRegistration[]{decryptionX509Credentials.build()});
        } catch (Exception e) {
            log.error("", e);
        }
    }

    public RelyingPartyRegistration findByRegistrationId(String str) {
        if (this.relyingPartyRegistrationRepository == null) {
            init();
        }
        if (this.relyingPartyRegistrationRepository != null) {
            return this.relyingPartyRegistrationRepository.findByRegistrationId(str);
        }
        return null;
    }

    @Override // java.lang.Iterable
    public Iterator<RelyingPartyRegistration> iterator() {
        if (this.relyingPartyRegistrationRepository == null) {
            init();
        }
        if (this.relyingPartyRegistrationRepository != null) {
            return this.relyingPartyRegistrationRepository.iterator();
        }
        return null;
    }
}
