package org.springframework.boot.autoconfigure.security.saml2;

import cn.hutool.crypto.KeyUtil;
import java.io.InputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyProperties;
import org.springframework.boot.context.properties.PropertyMapper;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.security.converter.RsaKeyConverters;
import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

@ConditionalOnMissingBean({RelyingPartyRegistrationRepository.class})
@Conditional({RegistrationConfiguredCondition.class})
@Configuration(proxyBeanMethods = false)
/* loaded from: classes5.dex */
class Saml2RelyingPartyRegistrationConfiguration {
    Saml2RelyingPartyRegistrationConfiguration() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Saml2X509Credential asDecryptionCredential(Saml2RelyingPartyProperties.Decryption.Credential credential) {
        return new Saml2X509Credential(readPrivateKey(credential.getPrivateKeyLocation()), readCertificate(credential.getCertificateLocation()), new Saml2X509Credential.Saml2X509CredentialType[]{Saml2X509Credential.Saml2X509CredentialType.DECRYPTION});
    }

    private RelyingPartyRegistration asRegistration(String str, final Saml2RelyingPartyProperties.Registration registration) {
        boolean hasText = StringUtils.hasText(registration.getIdentityprovider().getMetadataUri());
        RelyingPartyRegistration.Builder registrationId = hasText ? RelyingPartyRegistrations.fromMetadataLocation(registration.getIdentityprovider().getMetadataUri()).registrationId(str) : RelyingPartyRegistration.withRegistrationId(str);
        registrationId.assertionConsumerServiceLocation(registration.getAcs().getLocation());
        registrationId.assertionConsumerServiceBinding(registration.getAcs().getBinding());
        registrationId.assertingPartyDetails(mapIdentityProvider(registration, hasText));
        registrationId.signingX509Credentials(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$SqJCviOTcrtwxsbx4oJkkGdemlc
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                Saml2RelyingPartyRegistrationConfiguration.this.lambda$asRegistration$0$Saml2RelyingPartyRegistrationConfiguration(registration, (Collection) obj);
            }
        });
        registrationId.decryptionX509Credentials(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$zysejiUotNxXPgWiCX0J81IGfCY
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                Saml2RelyingPartyRegistrationConfiguration.this.lambda$asRegistration$1$Saml2RelyingPartyRegistrationConfiguration(registration, (Collection) obj);
            }
        });
        registrationId.assertingPartyDetails(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$zFA3ya9gC5dCrjEpMjeeOgbwczU
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                Saml2RelyingPartyRegistrationConfiguration.this.lambda$asRegistration$3$Saml2RelyingPartyRegistrationConfiguration(registration, (RelyingPartyRegistration.AssertingPartyDetails.Builder) obj);
            }
        });
        registrationId.entityId(registration.getEntityId());
        RelyingPartyRegistration build = registrationId.build();
        validateSigningCredentials(registration, build.getAssertingPartyDetails().getWantAuthnRequestsSigned());
        return build;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public RelyingPartyRegistration asRegistration(Map.Entry<String, Saml2RelyingPartyProperties.Registration> entry) {
        return asRegistration(entry.getKey(), entry.getValue());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Saml2X509Credential asSigningCredential(Saml2RelyingPartyProperties.Registration.Signing.Credential credential) {
        return new Saml2X509Credential(readPrivateKey(credential.getPrivateKeyLocation()), readCertificate(credential.getCertificateLocation()), new Saml2X509Credential.Saml2X509CredentialType[]{Saml2X509Credential.Saml2X509CredentialType.SIGNING});
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Saml2X509Credential asVerificationCredential(Saml2RelyingPartyProperties.Identityprovider.Verification.Credential credential) {
        return new Saml2X509Credential(readCertificate(credential.getCertificateLocation()), new Saml2X509Credential.Saml2X509CredentialType[]{Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION, Saml2X509Credential.Saml2X509CredentialType.VERIFICATION});
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void lambda$mapIdentityProvider$5(PropertyMapper propertyMapper, final Saml2RelyingPartyProperties.Identityprovider identityprovider, final boolean z, final RelyingPartyRegistration.AssertingPartyDetails.Builder builder) {
        identityprovider.getClass();
        PropertyMapper.Source from = propertyMapper.from(new Supplier() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$anyfcFeGueFhFKiyj4BWeAXshVk
            @Override // java.util.function.Supplier
            public final Object get() {
                return Saml2RelyingPartyProperties.Identityprovider.this.getEntityId();
            }
        });
        builder.getClass();
        from.to(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$X1H1D-qRthuzjgVS9y-OiBMlPnk
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                builder.entityId((String) obj);
            }
        });
        final Saml2RelyingPartyProperties.Identityprovider.Singlesignon singlesignon = identityprovider.getSinglesignon();
        singlesignon.getClass();
        PropertyMapper.Source from2 = propertyMapper.from(new Supplier() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$U3B8SuxsUewIiG-WeJ9m_E8gil0
            @Override // java.util.function.Supplier
            public final Object get() {
                return Saml2RelyingPartyProperties.Identityprovider.Singlesignon.this.getBinding();
            }
        });
        builder.getClass();
        from2.to(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$mJ6lSBOFiNVfdZF6gFo1b4NSfe4
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                builder.singleSignOnServiceBinding((Saml2MessageBinding) obj);
            }
        });
        final Saml2RelyingPartyProperties.Identityprovider.Singlesignon singlesignon2 = identityprovider.getSinglesignon();
        singlesignon2.getClass();
        PropertyMapper.Source from3 = propertyMapper.from(new Supplier() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$4AVXrUX22r17mothKPwvmApnwSk
            @Override // java.util.function.Supplier
            public final Object get() {
                return Saml2RelyingPartyProperties.Identityprovider.Singlesignon.this.getUrl();
            }
        });
        builder.getClass();
        from3.to(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$_KypJqNobvxogNja5-Fk8J3A6gE
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                builder.singleSignOnServiceLocation((String) obj);
            }
        });
        final Saml2RelyingPartyProperties.Identityprovider.Singlesignon singlesignon3 = identityprovider.getSinglesignon();
        singlesignon3.getClass();
        PropertyMapper.Source when = propertyMapper.from(new Supplier() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$9F0JIK8ckKqKLmnIcJvjHyynVLc
            @Override // java.util.function.Supplier
            public final Object get() {
                return Boolean.valueOf(Saml2RelyingPartyProperties.Identityprovider.Singlesignon.this.isSignRequest());
            }
        }).when(new Predicate() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$yYMnmHK_2Aeo7pEuOI8dRPCbiRE
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                return Saml2RelyingPartyRegistrationConfiguration.lambda$null$4(z, (Boolean) obj);
            }
        });
        builder.getClass();
        when.to(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$BmS81ZUtiKF_EjlVppMfX2OHK6Q
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                builder.wantAuthnRequestsSigned(((Boolean) obj).booleanValue());
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ boolean lambda$null$4(boolean z, Boolean bool) {
        return !z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ String lambda$readCertificate$7(Resource resource) {
        return "Certificate  location '" + resource + "' does not exist";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ String lambda$readPrivateKey$6(Resource resource) {
        return "Private key location '" + resource + "' does not exist";
    }

    private Consumer<RelyingPartyRegistration.AssertingPartyDetails.Builder> mapIdentityProvider(Saml2RelyingPartyProperties.Registration registration, final boolean z) {
        final PropertyMapper alwaysApplyingWhenNonNull = PropertyMapper.get().alwaysApplyingWhenNonNull();
        final Saml2RelyingPartyProperties.Identityprovider identityprovider = registration.getIdentityprovider();
        return new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$cR4gyuVDSS8WP7IpGYIUw3fM5RQ
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                Saml2RelyingPartyRegistrationConfiguration.lambda$mapIdentityProvider$5(PropertyMapper.this, identityprovider, z, (RelyingPartyRegistration.AssertingPartyDetails.Builder) obj);
            }
        };
    }

    private X509Certificate readCertificate(final Resource resource) {
        Assert.state(resource != null, "No certificate location specified");
        Assert.state(resource.exists(), (Supplier<String>) new Supplier() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$UBFovBXC_5ASpvlQgDXEtd0g_Kk
            @Override // java.util.function.Supplier
            public final Object get() {
                return Saml2RelyingPartyRegistrationConfiguration.lambda$readCertificate$7(Resource.this);
            }
        });
        try {
            InputStream inputStream = resource.getInputStream();
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(KeyUtil.CERT_TYPE_X509).generateCertificate(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
                return x509Certificate;
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    private RSAPrivateKey readPrivateKey(final Resource resource) {
        Assert.state(resource != null, "No private key location specified");
        Assert.state(resource.exists(), (Supplier<String>) new Supplier() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$CXUJa3I1Xe6qjD5EKYl8DjI4U-I
            @Override // java.util.function.Supplier
            public final Object get() {
                return Saml2RelyingPartyRegistrationConfiguration.lambda$readPrivateKey$6(Resource.this);
            }
        });
        try {
            InputStream inputStream = resource.getInputStream();
            try {
                RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) RsaKeyConverters.pkcs8().convert(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
                return rSAPrivateKey;
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    private void validateSigningCredentials(Saml2RelyingPartyProperties.Registration registration, boolean z) {
        if (z) {
            Assert.state(!registration.getSigning().getCredentials().isEmpty(), "Signing credentials must not be empty when authentication requests require signing.");
        }
    }

    public /* synthetic */ void lambda$asRegistration$0$Saml2RelyingPartyRegistrationConfiguration(Saml2RelyingPartyProperties.Registration registration, Collection collection) {
        Stream<R> map = registration.getSigning().getCredentials().stream().map(new Function() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$kdTF8S4Fd39Zg8HEwW9yE-GkJcQ
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                Saml2X509Credential asSigningCredential;
                asSigningCredential = Saml2RelyingPartyRegistrationConfiguration.this.asSigningCredential((Saml2RelyingPartyProperties.Registration.Signing.Credential) obj);
                return asSigningCredential;
            }
        });
        collection.getClass();
        map.forEach(new $$Lambda$WFJkCT4dFJHiQppJTtQzx2cusPI(collection));
    }

    public /* synthetic */ void lambda$asRegistration$1$Saml2RelyingPartyRegistrationConfiguration(Saml2RelyingPartyProperties.Registration registration, Collection collection) {
        Stream<R> map = registration.getDecryption().getCredentials().stream().map(new Function() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$zQex4KqGtkOGRJ-T-c-VFNLZ3NM
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                Saml2X509Credential asDecryptionCredential;
                asDecryptionCredential = Saml2RelyingPartyRegistrationConfiguration.this.asDecryptionCredential((Saml2RelyingPartyProperties.Decryption.Credential) obj);
                return asDecryptionCredential;
            }
        });
        collection.getClass();
        map.forEach(new $$Lambda$WFJkCT4dFJHiQppJTtQzx2cusPI(collection));
    }

    public /* synthetic */ void lambda$asRegistration$3$Saml2RelyingPartyRegistrationConfiguration(final Saml2RelyingPartyProperties.Registration registration, RelyingPartyRegistration.AssertingPartyDetails.Builder builder) {
        builder.verificationX509Credentials(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$RUgaWrvUOeN6rcuzev9XSOEtWYA
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                Saml2RelyingPartyRegistrationConfiguration.this.lambda$null$2$Saml2RelyingPartyRegistrationConfiguration(registration, (Collection) obj);
            }
        });
    }

    public /* synthetic */ void lambda$null$2$Saml2RelyingPartyRegistrationConfiguration(Saml2RelyingPartyProperties.Registration registration, Collection collection) {
        Stream<R> map = registration.getIdentityprovider().getVerification().getCredentials().stream().map(new Function() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$NcDHfa5GuZ3E1NMlmhAM_JTNMTg
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                Saml2X509Credential asVerificationCredential;
                asVerificationCredential = Saml2RelyingPartyRegistrationConfiguration.this.asVerificationCredential((Saml2RelyingPartyProperties.Identityprovider.Verification.Credential) obj);
                return asVerificationCredential;
            }
        });
        collection.getClass();
        map.forEach(new $$Lambda$WFJkCT4dFJHiQppJTtQzx2cusPI(collection));
    }

    @Bean
    RelyingPartyRegistrationRepository relyingPartyRegistrationRepository(Saml2RelyingPartyProperties saml2RelyingPartyProperties) {
        return new InMemoryRelyingPartyRegistrationRepository((List) saml2RelyingPartyProperties.getRegistration().entrySet().stream().map(new Function() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$g3ka8yg2KjpoljrbOwBprzWF0pU
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                RelyingPartyRegistration asRegistration;
                asRegistration = Saml2RelyingPartyRegistrationConfiguration.this.asRegistration((Map.Entry) obj);
                return asRegistration;
            }
        }).collect(Collectors.toList()));
    }
}
