package pl.edu.icm.unity.saml.sp.config;

import com.google.common.base.Preconditions;
import eu.emi.security.authn.x509.X509Credential;
import eu.unicore.samly2.trust.CheckingMode;
import eu.unicore.samly2.trust.SamlTrustChecker;
import eu.unicore.samly2.trust.StrictSamlTrustChecker;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.Function;
import pl.edu.icm.unity.saml.sp.config.BaseSamlConfiguration;

/* loaded from: input_file:pl/edu/icm/unity/saml/sp/config/SAMLSPConfiguration.class */
public class SAMLSPConfiguration extends BaseSamlConfiguration {
    public final String requesterSamlId;
    public final String sloPath;
    public final String sloRealm;
    public final X509Credential requesterCredential;
    public final String requesterCredentialName;
    public final boolean signRequestByDefault;
    public final List<String> acceptedNameFormats;
    public final boolean signPublishedMetadata;
    public final Map<String, String> effectiveMappings;
    public final TrustedIdPs individualTrustedIdPs;
    public final String defaultRequestedNameFormat;
    public final boolean requireSignedAssertion;
    private final Function<TrustedIdPConfiguration, SamlTrustChecker> trustCheckerFactory;
    public final boolean includeAdditionalCredentialInMetadata;
    public final Optional<AdditionalCredential> additionalCredential;

    /* loaded from: input_file:pl/edu/icm/unity/saml/sp/config/SAMLSPConfiguration$Builder.class */
    public static final class Builder {
        private boolean publishMetadata;
        private String metadataURLPath;
        private String ourMetadataFilePath;
        private String requesterSamlId;
        private String sloPath;
        private String sloRealm;
        private X509Credential requesterCredential;
        private Optional<AdditionalCredential> additionalCredential;
        private String requesterCredentialName;
        private boolean signRequestByDefault;
        private boolean signPublishedMetadata;
        private TrustedIdPs individualTrustedIdPs;
        private String defaultRequestedNameFormat;
        private boolean requireSignedAssertion;
        private Function<TrustedIdPConfiguration, SamlTrustChecker> trustCheckerFactory;
        private boolean includeAdditionalCredentialInMetadata;
        private List<BaseSamlConfiguration.RemoteMetadataSource> trustedMetadataSources = Collections.emptyList();
        private List<String> acceptedNameFormats = Collections.emptyList();
        private Map<String, String> effectiveMappings = Collections.emptyMap();

        private Builder() {
        }

        public Builder withTrustedMetadataSources(List<BaseSamlConfiguration.RemoteMetadataSource> list) {
            this.trustedMetadataSources = list;
            return this;
        }

        public Builder withPublishMetadata(boolean z) {
            this.publishMetadata = z;
            return this;
        }

        public Builder withMetadataURLPath(String str) {
            this.metadataURLPath = str;
            return this;
        }

        public Builder withOurMetadataFilePath(String str) {
            this.ourMetadataFilePath = str;
            return this;
        }

        public Builder withRequesterSamlId(String str) {
            this.requesterSamlId = str;
            return this;
        }

        public Builder withSloPath(String str) {
            this.sloPath = str;
            return this;
        }

        public Builder withSloRealm(String str) {
            this.sloRealm = str;
            return this;
        }

        public Builder withRequesterCredential(X509Credential x509Credential) {
            this.requesterCredential = x509Credential;
            return this;
        }

        public Builder withAdditionalCredential(Optional<AdditionalCredential> optional) {
            this.additionalCredential = optional;
            return this;
        }

        public Builder withIncludeAdditionalCredentialInMetadata(boolean z) {
            this.includeAdditionalCredentialInMetadata = z;
            return this;
        }

        public Builder withRequesterCredentialName(String str) {
            this.requesterCredentialName = str;
            return this;
        }

        public Builder withSignRequestByDefault(boolean z) {
            this.signRequestByDefault = z;
            return this;
        }

        public Builder withAcceptedNameFormats(List<String> list) {
            this.acceptedNameFormats = list;
            return this;
        }

        public Builder withSignPublishedMetadata(boolean z) {
            this.signPublishedMetadata = z;
            return this;
        }

        public Builder withEffectiveMappings(Map<String, String> map) {
            this.effectiveMappings = map;
            return this;
        }

        public Builder withIndividualTrustedIdPs(TrustedIdPs trustedIdPs) {
            this.individualTrustedIdPs = trustedIdPs;
            return this;
        }

        public Builder withDefaultRequestedNameFormat(String str) {
            this.defaultRequestedNameFormat = str;
            return this;
        }

        public Builder withRequireSignedAssertion(boolean z) {
            this.requireSignedAssertion = z;
            return this;
        }

        public Builder withTrustCheckerFactory(Function<TrustedIdPConfiguration, SamlTrustChecker> function) {
            this.trustCheckerFactory = function;
            return this;
        }

        public SAMLSPConfiguration build() {
            return new SAMLSPConfiguration(this);
        }
    }

    private SAMLSPConfiguration(Builder builder) {
        super(builder.trustedMetadataSources, builder.publishMetadata, builder.metadataURLPath, builder.ourMetadataFilePath);
        Preconditions.checkNotNull(builder.requesterSamlId);
        Preconditions.checkNotNull(builder.acceptedNameFormats);
        Preconditions.checkNotNull(builder.effectiveMappings);
        Preconditions.checkNotNull(builder.individualTrustedIdPs);
        this.requesterSamlId = builder.requesterSamlId;
        this.sloPath = builder.sloPath;
        this.sloRealm = builder.sloRealm;
        this.requesterCredential = builder.requesterCredential;
        this.requesterCredentialName = builder.requesterCredentialName;
        this.additionalCredential = builder.additionalCredential;
        this.includeAdditionalCredentialInMetadata = builder.includeAdditionalCredentialInMetadata;
        this.signRequestByDefault = builder.signRequestByDefault;
        this.acceptedNameFormats = List.copyOf(builder.acceptedNameFormats);
        this.signPublishedMetadata = builder.signPublishedMetadata;
        this.effectiveMappings = Map.copyOf(builder.effectiveMappings);
        this.individualTrustedIdPs = builder.individualTrustedIdPs;
        this.defaultRequestedNameFormat = builder.defaultRequestedNameFormat;
        this.requireSignedAssertion = builder.requireSignedAssertion;
        this.trustCheckerFactory = builder.trustCheckerFactory == null ? this::defaultTrustCheckerFactory : builder.trustCheckerFactory;
    }

    public SamlTrustChecker getTrustCheckerForIdP(TrustedIdPConfiguration trustedIdPConfiguration) {
        return this.trustCheckerFactory.apply(trustedIdPConfiguration);
    }

    private SamlTrustChecker defaultTrustCheckerFactory(TrustedIdPConfiguration trustedIdPConfiguration) {
        StrictSamlTrustChecker strictSamlTrustChecker = new StrictSamlTrustChecker(this.requireSignedAssertion ? CheckingMode.REQUIRE_SIGNED_ASSERTION : CheckingMode.REQUIRE_SIGNED_RESPONSE_OR_ASSERTION);
        strictSamlTrustChecker.addTrustedIssuer(trustedIdPConfiguration.samlId, "urn:oasis:names:tc:SAML:2.0:nameid-format:entity", trustedIdPConfiguration.publicKeys);
        return strictSamlTrustChecker;
    }

    public static Builder builder() {
        return new Builder();
    }
}
