package com.cloudera.nav.auth;

import com.cloudera.nav.server.NavOptions;
import com.cloudera.nav.server.SAMLOptions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import java.io.File;
import org.apache.commons.lang.StringUtils;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.parse.StaticBasicParserPool;
import org.springframework.core.io.FileSystemResource;
import org.springframework.security.saml.key.JKSKeyManager;
import org.springframework.security.saml.metadata.CachingMetadataManager;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.security.saml.metadata.MetadataGenerator;
import org.springframework.security.saml.metadata.MetadataMemoryProvider;

/* loaded from: input_file:com/cloudera/nav/auth/SamlUtils.class */
class SamlUtils {

    /* loaded from: input_file:com/cloudera/nav/auth/SamlUtils$SAMLBinding.class */
    public enum SAMLBinding {
        ARTIFACT,
        POST
    }

    /* loaded from: input_file:com/cloudera/nav/auth/SamlUtils$SAMLRoleMapper.class */
    public enum SAMLRoleMapper {
        ATTRIBUTE,
        SCRIPT
    }

    /* loaded from: input_file:com/cloudera/nav/auth/SamlUtils$SAMLUserSource.class */
    public enum SAMLUserSource {
        ATTRIBUTE,
        NAMEID
    }

    SamlUtils() {
    }

    public static void initializeSamlMetadata(NavOptions navOptions, KeyManagerProxy keyManagerProxy, CachingMetadataManager cachingMetadataManager, StaticBasicParserPool staticBasicParserPool) throws MetadataProviderException {
        SAMLOptions sAMLOptions = navOptions.getSAMLOptions();
        String samlIdpMetadataPath = sAMLOptions.getSamlIdpMetadataPath();
        String samlKeystorePath = sAMLOptions.getSamlKeystorePath();
        String samlKeystorePassword = sAMLOptions.getSamlKeystorePassword();
        String samlKeyAlias = sAMLOptions.getSamlKeyAlias();
        String samlKeyPassword = sAMLOptions.getSamlKeyPassword();
        String samlEntityId = sAMLOptions.getSamlEntityId();
        String samlEntityBaseUrl = sAMLOptions.getSamlEntityBaseUrl();
        SAMLBinding valueOf = SAMLBinding.valueOf(sAMLOptions.getSamlResponseBinding());
        KeystoreUtil.validateKeyStore(samlKeystorePath, samlKeystorePassword, samlKeyAlias, samlKeyPassword);
        JKSKeyManager jKSKeyManager = new JKSKeyManager(new FileSystemResource(samlKeystorePath), samlKeystorePassword, ImmutableMap.of(samlKeyAlias, samlKeyPassword), samlKeyAlias);
        keyManagerProxy.setKeyManager(jKSKeyManager);
        MetadataGenerator metadataGenerator = new MetadataGenerator();
        metadataGenerator.setKeyManager(jKSKeyManager);
        metadataGenerator.setEntityId(samlEntityId);
        metadataGenerator.setEntityBaseURL(StringUtils.isNotEmpty(samlEntityBaseUrl) ? samlEntityBaseUrl : navOptions.getNavUrl());
        switch (valueOf) {
            case ARTIFACT:
                metadataGenerator.setBindingsSSO(ImmutableList.of("artifact", "post", "paos"));
                metadataGenerator.setBindingsHoKSSO(ImmutableList.of("artifact", "post"));
                break;
            case POST:
                metadataGenerator.setBindingsSSO(ImmutableList.of("post", "artifact", "paos"));
                metadataGenerator.setBindingsHoKSSO(ImmutableList.of("post", "artifact"));
                break;
            default:
                throw new RuntimeException("Unrecognised SAML Response Binding: " + valueOf.name());
        }
        EntityDescriptor generateMetadata = metadataGenerator.generateMetadata();
        ExtendedMetadata generateExtendedMetadata = metadataGenerator.generateExtendedMetadata();
        generateExtendedMetadata.setAlias("clouderaNavigator");
        if (navOptions.getConfiguration().getBoolean("nav.saml.disableSslHostnameVerification", false)) {
            generateExtendedMetadata.setSslHostnameVerification("allowAll");
        }
        MetadataMemoryProvider metadataMemoryProvider = new MetadataMemoryProvider(generateMetadata);
        metadataMemoryProvider.initialize();
        cachingMetadataManager.addMetadataProvider(new ExtendedMetadataDelegate(metadataMemoryProvider, generateExtendedMetadata));
        cachingMetadataManager.setHostedSPName(generateMetadata.getEntityID());
        FilesystemMetadataProvider filesystemMetadataProvider = new FilesystemMetadataProvider(new File(samlIdpMetadataPath));
        filesystemMetadataProvider.setParserPool(staticBasicParserPool);
        filesystemMetadataProvider.initialize();
        cachingMetadataManager.addMetadataProvider(new ExtendedMetadataDelegate(filesystemMetadataProvider));
        cachingMetadataManager.refreshMetadata();
    }
}
