package org.springframework.boot.autoconfigure.security.saml2;

import java.io.InputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.security.converter.RsaKeyConverters;
import org.springframework.security.saml2.credentials.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.util.Assert;

@ConditionalOnMissingBean({RelyingPartyRegistrationRepository.class})
@Conditional({RegistrationConfiguredCondition.class})
@Configuration(proxyBeanMethods = false)
/* loaded from: classes5.dex */
class Saml2RelyingPartyRegistrationConfiguration {
    Saml2RelyingPartyRegistrationConfiguration() {
    }

    private List<Saml2X509Credential> asCredentials(Saml2RelyingPartyProperties.Registration registration) {
        final ArrayList arrayList = new ArrayList();
        registration.getSigning().getCredentials().stream().map(new Function() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$uZCw6IOznAm3AA2vI4oVEZiHCOE
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                Saml2X509Credential asSigningCredential;
                asSigningCredential = Saml2RelyingPartyRegistrationConfiguration.this.asSigningCredential((Saml2RelyingPartyProperties.Registration.Signing.Credential) obj);
                return asSigningCredential;
            }
        }).forEach(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$EHFkgMlteQGGq3a8zP5f4QsNnQI
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                arrayList.add((Saml2X509Credential) obj);
            }
        });
        registration.getIdentityprovider().getVerification().getCredentials().stream().map(new Function() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$EW8pu7BZkYTpUeAVVJE3mpFc018
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                Saml2X509Credential asVerificationCredential;
                asVerificationCredential = Saml2RelyingPartyRegistrationConfiguration.this.asVerificationCredential((Saml2RelyingPartyProperties.Identityprovider.Verification.Credential) obj);
                return asVerificationCredential;
            }
        }).forEach(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$EHFkgMlteQGGq3a8zP5f4QsNnQI
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                arrayList.add((Saml2X509Credential) obj);
            }
        });
        return arrayList;
    }

    private RelyingPartyRegistration asRegistration(String str, final Saml2RelyingPartyProperties.Registration registration) {
        final boolean isSignRequest = registration.getIdentityprovider().getSinglesignon().isSignRequest();
        validateSigningCredentials(registration, isSignRequest);
        RelyingPartyRegistration.Builder withRegistrationId = RelyingPartyRegistration.withRegistrationId(str);
        withRegistrationId.assertionConsumerServiceUrlTemplate("{baseUrl}/login/saml2/sso/{registrationId}");
        withRegistrationId.providerDetails(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$UopLTfeaGQo94KAXuYJyeWNAWVM
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                ((RelyingPartyRegistration.ProviderDetails.Builder) obj).webSsoUrl(Saml2RelyingPartyProperties.Registration.this.getIdentityprovider().getSinglesignon().getUrl());
            }
        });
        withRegistrationId.providerDetails(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$OtuWi_OdPUUAUKOse8-XY61LkC8
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                ((RelyingPartyRegistration.ProviderDetails.Builder) obj).entityId(Saml2RelyingPartyProperties.Registration.this.getIdentityprovider().getEntityId());
            }
        });
        withRegistrationId.providerDetails(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$MWhI0V7caBRVFgh03AtLM8nwkjE
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                ((RelyingPartyRegistration.ProviderDetails.Builder) obj).binding(Saml2RelyingPartyProperties.Registration.this.getIdentityprovider().getSinglesignon().getBinding());
            }
        });
        withRegistrationId.providerDetails(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$MzCmC-nCkYcxp4NbjKHUbsxfqiI
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                ((RelyingPartyRegistration.ProviderDetails.Builder) obj).signAuthNRequest(isSignRequest);
            }
        });
        withRegistrationId.credentials(new Consumer() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$nTZnu_DOmsODiVTAXYdmoO0_NUM
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                Saml2RelyingPartyRegistrationConfiguration.this.lambda$asRegistration$4$Saml2RelyingPartyRegistrationConfiguration(registration, (Collection) obj);
            }
        });
        return withRegistrationId.build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public RelyingPartyRegistration asRegistration(Map.Entry<String, Saml2RelyingPartyProperties.Registration> entry) {
        return asRegistration(entry.getKey(), entry.getValue());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Saml2X509Credential asSigningCredential(Saml2RelyingPartyProperties.Registration.Signing.Credential credential) {
        return new Saml2X509Credential(readPrivateKey(credential.getPrivateKeyLocation()), readCertificate(credential.getCertificateLocation()), new Saml2X509Credential.Saml2X509CredentialType[]{Saml2X509Credential.Saml2X509CredentialType.SIGNING, Saml2X509Credential.Saml2X509CredentialType.DECRYPTION});
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Saml2X509Credential asVerificationCredential(Saml2RelyingPartyProperties.Identityprovider.Verification.Credential credential) {
        return new Saml2X509Credential(readCertificate(credential.getCertificateLocation()), new Saml2X509Credential.Saml2X509CredentialType[]{Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION, Saml2X509Credential.Saml2X509CredentialType.VERIFICATION});
    }

    private X509Certificate readCertificate(Resource resource) {
        Assert.state(resource != null, "No certificate location specified");
        Assert.state(resource.exists(), "Certificate  location '" + resource + "' does not exist");
        try {
            InputStream inputStream = resource.getInputStream();
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
                return x509Certificate;
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    private RSAPrivateKey readPrivateKey(Resource resource) {
        Assert.state(resource != null, "No private key location specified");
        Assert.state(resource.exists(), "Private key location '" + resource + "' does not exist");
        try {
            InputStream inputStream = resource.getInputStream();
            try {
                RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) RsaKeyConverters.pkcs8().convert(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
                return rSAPrivateKey;
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    private void validateSigningCredentials(Saml2RelyingPartyProperties.Registration registration, boolean z) {
        if (z) {
            Assert.state(!registration.getSigning().getCredentials().isEmpty(), "Signing credentials must not be empty when authentication requests require signing.");
        }
    }

    public /* synthetic */ void lambda$asRegistration$4$Saml2RelyingPartyRegistrationConfiguration(Saml2RelyingPartyProperties.Registration registration, Collection collection) {
        collection.addAll(asCredentials(registration));
    }

    @Bean
    RelyingPartyRegistrationRepository relyingPartyRegistrationRepository(Saml2RelyingPartyProperties saml2RelyingPartyProperties) {
        return new InMemoryRelyingPartyRegistrationRepository((List) saml2RelyingPartyProperties.getRegistration().entrySet().stream().map(new Function() { // from class: org.springframework.boot.autoconfigure.security.saml2.-$$Lambda$Saml2RelyingPartyRegistrationConfiguration$g3ka8yg2KjpoljrbOwBprzWF0pU
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                RelyingPartyRegistration asRegistration;
                asRegistration = Saml2RelyingPartyRegistrationConfiguration.this.asRegistration((Map.Entry) obj);
                return asRegistration;
            }
        }).collect(Collectors.toList()));
    }
}
