package com.bssys.fk.ui.service.esia;

import com.bssys.fk.dbaccess.model.ConfigProperties;
import com.bssys.fk.ui.service.ConfigPropertiesService;
import com.bssys.fk.ui.service.esia.sign.SignatureService;
import com.bssys.fk.ui.service.esia.sign.SignatureServiceImpl;
import com.bssys.fk.ui.service.esia.sign.SignatureUtils;
import com.bssys.fk.ui.web.controller.login.LoginController;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.Collection;
import org.opensaml.DefaultBootstrap;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.encryption.Decrypter;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.IndexedEndpoint;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.security.SAMLSignatureProfileValidator;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.encryption.InlineEncryptedKeyResolver;
import org.opensaml.xml.io.MarshallerFactory;
import org.opensaml.xml.io.UnmarshallerFactory;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.parse.ParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver;
import org.opensaml.xml.signature.SignatureValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.FileSystemResourceLoader;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.util.Assert;

@Configuration
/* loaded from: input_file:fk-ui-war-3.0.27.war:WEB-INF/classes/com/bssys/fk/ui/service/esia/SamlConfig.class */
public class SamlConfig {
    private final Logger log = LoggerFactory.getLogger(getClass());
    private ResourceLoader loader;

    @Autowired
    private ConfigPropertiesService configPropertiesService;

    @Autowired
    @Qualifier("idp")
    private MetadataProvider idpMeta;

    @Autowired
    @Qualifier(LoginController.LOGIN_FROM_PHYSIC_SEARCH)
    private MetadataProvider spMeta;

    @Autowired
    private IDPSSODescriptor idp;

    @Autowired
    private SPSSODescriptor sp;

    @Autowired
    private Credential signCred;

    public SamlConfig() {
        this.log.trace("Configuring application");
        this.log.trace("Configuring OpenSAML library");
        try {
            DefaultBootstrap.bootstrap();
            this.loader = new FileSystemResourceLoader();
        } catch (ConfigurationException e) {
            this.log.trace("Failed to configure OpenSAML library", (Throwable) e);
            throw new IllegalStateException(e);
        }
    }

    private static Endpoint find(Collection<? extends Endpoint> collection, String str) {
        for (Endpoint endpoint : collection) {
            if (endpoint.getBinding().equals(str)) {
                return endpoint;
            }
        }
        return null;
    }

    private static Endpoint findDefault(Collection<? extends IndexedEndpoint> collection) {
        for (IndexedEndpoint indexedEndpoint : collection) {
            if (indexedEndpoint.isDefault().booleanValue()) {
                return indexedEndpoint;
            }
        }
        return null;
    }

    private static MetadataProvider load(ResourceLoader resourceLoader, String str) throws Exception {
        Assert.notNull(resourceLoader, "loader should not be null");
        Assert.notNull(str, "path should not be null");
        Resource resource = resourceLoader.getResource(str);
        if (resource.exists()) {
            return init(resource.getFile());
        }
        throw new IllegalStateException("Required resource at path \"" + str + "\" doesn't exist.");
    }

    private static MetadataProvider init(File file) throws MetadataProviderException {
        FilesystemMetadataProvider filesystemMetadataProvider = new FilesystemMetadataProvider(file);
        filesystemMetadataProvider.setRequireValidMetadata(true);
        filesystemMetadataProvider.setParserPool(new BasicParserPool());
        filesystemMetadataProvider.initialize();
        return filesystemMetadataProvider;
    }

    @Bean
    public MarshallerFactory getMarshallerFactory() {
        return org.opensaml.xml.Configuration.getMarshallerFactory();
    }

    @Bean
    public UnmarshallerFactory getUnmarshallerFactory() {
        return org.opensaml.xml.Configuration.getUnmarshallerFactory();
    }

    @Bean
    public XMLObjectBuilderFactory getBuilderFactory() {
        return org.opensaml.xml.Configuration.getBuilderFactory();
    }

    @Bean
    public IssuerFactory getIssuerFactory() {
        return new IssuerFactory();
    }

    @Bean
    public SessionIdFactory getSessionIdFactory() {
        return new SessionIdFactory();
    }

    @Bean
    public NameIdFactory getNameIdFactory() {
        return new NameIdFactory();
    }

    @Bean
    public IDPSSODescriptor getIdpSSODescriptor() throws Exception {
        return this.idpMeta.getEntityDescriptor(this.configPropertiesService.getValue(ConfigProperties.ESIA_METADATA_ENTITY_ID)).getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
    }

    @Bean
    @Qualifier("idp")
    public MetadataProvider idpMeta() throws Exception {
        return load(this.loader, this.configPropertiesService.getValue(ConfigProperties.ESIA_METADATA_PATH));
    }

    @Bean
    @Qualifier(LoginController.LOGIN_FROM_PHYSIC_SEARCH)
    public MetadataProvider sp() throws Exception {
        return load(this.loader, this.configPropertiesService.getValue(ConfigProperties.ESIA_GISGMP_METADATA_PATH));
    }

    @Bean
    public SingleSignOnService getSingleSignOnService() {
        SingleSignOnService singleSignOnService = (SingleSignOnService) find(this.idp.getSingleSignOnServices(), SAMLConstants.SAML2_REDIRECT_BINDING_URI);
        if (singleSignOnService != null) {
            return singleSignOnService;
        }
        this.log.error("Failed to find SSO service with HTTP redirect binding. Probably wrong IDP metadata.");
        throw new IllegalStateException("SSO service not found. See logs for more details.");
    }

    @Bean
    public SingleLogoutService getSingleLogoutService() {
        SingleLogoutService singleLogoutService = (SingleLogoutService) find(this.idp.getSingleLogoutServices(), SAMLConstants.SAML2_REDIRECT_BINDING_URI);
        if (singleLogoutService != null) {
            return singleLogoutService;
        }
        this.log.error("Failed to find SLO service with HTTP redirect binding. Probably wrong IDP metadata.");
        throw new IllegalStateException("SLO service not found. See logs for more details.");
    }

    @Bean
    public SPSSODescriptor getSpSSODescriptor() throws Exception {
        return this.spMeta.getEntityDescriptor(this.configPropertiesService.getValue(ConfigProperties.ESIA_GISGMP_METADATA_ENTITY_ID)).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
    }

    @Bean
    public AssertionConsumerService getAssertionConsumerService() {
        AssertionConsumerService assertionConsumerService = (AssertionConsumerService) findDefault(this.sp.getAssertionConsumerServices());
        if (assertionConsumerService != null) {
            return assertionConsumerService;
        }
        this.log.error("Failed to find assertion consumer service. Probably wrong metadata.");
        throw new IllegalStateException("Assertion consumer service not found. See logs for more details.");
    }

    @Bean
    public SignatureService getSignatureService() {
        return new SignatureServiceImpl();
    }

    @Bean
    public ParserPool getParserPool() {
        BasicParserPool basicParserPool = new BasicParserPool();
        basicParserPool.setNamespaceAware(true);
        return basicParserPool;
    }

    @Bean
    public Credential getCredentials() {
        try {
            Credential loadCredential = SignatureUtils.loadCredential(getKeyStore(), this.configPropertiesService.getValue(ConfigProperties.ESIA_SIGN_CERT_ALIAS), this.configPropertiesService.getValue(ConfigProperties.ESIA_SIGN_CERT_PWD));
            if (loadCredential != null) {
                return loadCredential;
            }
            this.log.trace("Credentials not loaded.");
            throw new IllegalStateException("Credentials were not loaded.");
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private KeyStore getKeyStore() throws Exception {
        this.log.trace("Loading keystore");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream = new FileInputStream(this.configPropertiesService.getValue(ConfigProperties.ESIA_SIGN_KEYSTORE_PATH));
        try {
            keyStore.load(fileInputStream, this.configPropertiesService.getValue(ConfigProperties.ESIA_SIGN_KEYSTORE_PWD).toCharArray());
            return keyStore;
        } finally {
            fileInputStream.close();
        }
    }

    @Bean
    public SAMLSignatureProfileValidator getSamlSignatureProfileValidator() {
        return new SAMLSignatureProfileValidator();
    }

    @Bean
    public KeyInfoCredentialResolver getKeyInfoCredentialResolver() {
        return new StaticKeyInfoCredentialResolver(this.signCred);
    }

    @Bean
    public Decrypter samlDecrypter(KeyInfoCredentialResolver keyInfoCredentialResolver) {
        return new Decrypter(null, keyInfoCredentialResolver, new InlineEncryptedKeyResolver());
    }

    @Bean
    public SignatureValidator getSignatureValidator() {
        try {
            return new SignatureValidator(SignatureUtils.extractCredential(this.idpMeta, this.configPropertiesService.getValue(ConfigProperties.ESIA_METADATA_ENTITY_ID)));
        } catch (SecurityException e) {
            this.log.trace("Failed to create signature validator.");
            throw new IllegalStateException(e);
        }
    }
}
