package org.elasticsearch.xpack.idp.saml.idp;

import java.net.URL;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.core.CheckedConsumer;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.xpack.idp.saml.sp.SamlServiceProvider;
import org.elasticsearch.xpack.idp.saml.sp.SamlServiceProviderResolver;
import org.elasticsearch.xpack.idp.saml.sp.ServiceProviderDefaults;
import org.elasticsearch.xpack.idp.saml.sp.WildcardServiceProviderResolver;
import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration;
import org.opensaml.security.x509.X509Credential;

/* loaded from: input_file:org/elasticsearch/xpack/idp/saml/idp/SamlIdentityProvider.class */
public class SamlIdentityProvider {
    private final Logger logger = LogManager.getLogger();
    private final String entityId;
    private final Map<String, URL> ssoEndpoints;
    private final Map<String, URL> sloEndpoints;
    private final Set<String> allowedNameIdFormats;
    private final ServiceProviderDefaults serviceProviderDefaults;
    private final X509Credential signingCredential;
    private final SamlServiceProviderResolver serviceProviderResolver;
    private final WildcardServiceProviderResolver wildcardServiceResolver;
    private final X509Credential metadataSigningCredential;
    private ContactInfo technicalContact;
    private OrganizationInfo organization;

    /* loaded from: input_file:org/elasticsearch/xpack/idp/saml/idp/SamlIdentityProvider$ContactInfo.class */
    public static class ContactInfo {
        static final Map<String, ContactPersonTypeEnumeration> TYPES = Collections.unmodifiableMap(MapBuilder.newMapBuilder(new LinkedHashMap()).put(ContactPersonTypeEnumeration.ADMINISTRATIVE.toString(), ContactPersonTypeEnumeration.ADMINISTRATIVE).put(ContactPersonTypeEnumeration.BILLING.toString(), ContactPersonTypeEnumeration.BILLING).put(ContactPersonTypeEnumeration.SUPPORT.toString(), ContactPersonTypeEnumeration.SUPPORT).put(ContactPersonTypeEnumeration.TECHNICAL.toString(), ContactPersonTypeEnumeration.TECHNICAL).put(ContactPersonTypeEnumeration.OTHER.toString(), ContactPersonTypeEnumeration.OTHER).map());
        public final ContactPersonTypeEnumeration type;
        public final String givenName;
        public final String surName;
        public final String email;

        public ContactInfo(ContactPersonTypeEnumeration contactPersonTypeEnumeration, String str, String str2, String str3) {
            this.type = (ContactPersonTypeEnumeration) Objects.requireNonNull(contactPersonTypeEnumeration, "Contact Person Type is required");
            this.givenName = str;
            this.surName = str2;
            this.email = (String) Objects.requireNonNull(str3, "Contact Person email is required");
        }

        public static ContactPersonTypeEnumeration getType(String str) {
            ContactPersonTypeEnumeration contactPersonTypeEnumeration = TYPES.get(str.toLowerCase(Locale.ROOT));
            if (contactPersonTypeEnumeration == null) {
                throw new IllegalArgumentException("Invalid contact type " + str + " allowed values are " + Strings.collectionToCommaDelimitedString(TYPES.keySet()));
            }
            return contactPersonTypeEnumeration;
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/idp/saml/idp/SamlIdentityProvider$OrganizationInfo.class */
    public static class OrganizationInfo {
        public final String organizationName;
        public final String displayName;
        public final String url;

        public OrganizationInfo(String str, String str2, String str3) {
            this.organizationName = str;
            this.displayName = str2;
            this.url = str3;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            OrganizationInfo organizationInfo = (OrganizationInfo) obj;
            return Objects.equals(this.organizationName, organizationInfo.organizationName) && Objects.equals(this.displayName, organizationInfo.displayName) && Objects.equals(this.url, organizationInfo.url);
        }

        public int hashCode() {
            return Objects.hash(this.organizationName, this.displayName, this.url);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SamlIdentityProvider(String str, Map<String, URL> map, Map<String, URL> map2, Set<String> set, X509Credential x509Credential, X509Credential x509Credential2, ContactInfo contactInfo, OrganizationInfo organizationInfo, ServiceProviderDefaults serviceProviderDefaults, SamlServiceProviderResolver samlServiceProviderResolver, WildcardServiceProviderResolver wildcardServiceProviderResolver) {
        this.entityId = str;
        this.ssoEndpoints = map;
        this.sloEndpoints = map2;
        this.allowedNameIdFormats = set;
        this.signingCredential = x509Credential;
        this.serviceProviderDefaults = serviceProviderDefaults;
        this.metadataSigningCredential = x509Credential2;
        this.technicalContact = contactInfo;
        this.organization = organizationInfo;
        this.serviceProviderResolver = samlServiceProviderResolver;
        this.wildcardServiceResolver = wildcardServiceProviderResolver;
    }

    public static SamlIdentityProviderBuilder builder(SamlServiceProviderResolver samlServiceProviderResolver, WildcardServiceProviderResolver wildcardServiceProviderResolver) {
        return new SamlIdentityProviderBuilder(samlServiceProviderResolver, wildcardServiceProviderResolver);
    }

    public String getEntityId() {
        return this.entityId;
    }

    public URL getSingleSignOnEndpoint(String str) {
        return this.ssoEndpoints.get(str);
    }

    public URL getSingleLogoutEndpoint(String str) {
        return this.sloEndpoints.get(str);
    }

    public Set<String> getAllowedNameIdFormats() {
        return this.allowedNameIdFormats;
    }

    public X509Credential getSigningCredential() {
        return this.signingCredential;
    }

    public X509Credential getMetadataSigningCredential() {
        return this.metadataSigningCredential;
    }

    public OrganizationInfo getOrganization() {
        return this.organization;
    }

    public ContactInfo getTechnicalContact() {
        return this.technicalContact;
    }

    public ServiceProviderDefaults getServiceProviderDefaults() {
        return this.serviceProviderDefaults;
    }

    public void resolveServiceProvider(String str, @Nullable String str2, boolean z, ActionListener<SamlServiceProvider> actionListener) {
        SamlServiceProviderResolver samlServiceProviderResolver = this.serviceProviderResolver;
        CheckedConsumer checkedConsumer = samlServiceProvider -> {
            if (samlServiceProvider == null) {
                this.logger.debug("No explicitly registered service provider exists for entityId [{}]", str);
                resolveWildcardService(str, str2, actionListener);
            } else if (z || samlServiceProvider.isEnabled()) {
                this.logger.debug("Service provider for [{}] is [{}]", str, samlServiceProvider);
                actionListener.onResponse(samlServiceProvider);
            } else {
                this.logger.info("Service provider [{}][{}] is not enabled", str, samlServiceProvider.getName());
                actionListener.onResponse((Object) null);
            }
        };
        Objects.requireNonNull(actionListener);
        samlServiceProviderResolver.resolve(str, ActionListener.wrap(checkedConsumer, actionListener::onFailure));
    }

    private void resolveWildcardService(String str, String str2, ActionListener<SamlServiceProvider> actionListener) {
        if (str2 == null) {
            this.logger.debug("No ACS provided for [{}], skipping wildcard matching", str);
            actionListener.onResponse((Object) null);
            return;
        }
        try {
            SamlServiceProvider resolve = this.wildcardServiceResolver.resolve(str, str2);
            this.logger.debug("Wildcard service provider for [{}][{}] is [{}]", str, str2, resolve);
            actionListener.onResponse(resolve);
        } catch (Exception e) {
            actionListener.onFailure(e);
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        SamlIdentityProvider samlIdentityProvider = (SamlIdentityProvider) obj;
        return Objects.equals(this.entityId, samlIdentityProvider.entityId) && Objects.equals(this.ssoEndpoints, samlIdentityProvider.ssoEndpoints) && Objects.equals(this.sloEndpoints, samlIdentityProvider.sloEndpoints) && Objects.equals(this.allowedNameIdFormats, samlIdentityProvider.allowedNameIdFormats) && Objects.equals(this.signingCredential, samlIdentityProvider.signingCredential) && Objects.equals(this.metadataSigningCredential, samlIdentityProvider.metadataSigningCredential) && Objects.equals(this.technicalContact, samlIdentityProvider.technicalContact) && Objects.equals(this.organization, samlIdentityProvider.organization);
    }

    public int hashCode() {
        return Objects.hash(this.entityId);
    }
}
