package com.linecorp.centraldogma.server.auth.saml;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.linecorp.armeria.server.saml.KeyStoreCredentialResolverBuilder;
import com.linecorp.armeria.server.saml.SamlServiceProvider;
import com.linecorp.armeria.server.saml.SamlServiceProviderBuilder;
import com.linecorp.centraldogma.internal.shaded.guava.base.Preconditions;
import com.linecorp.centraldogma.server.auth.AuthConfig;
import com.linecorp.centraldogma.server.auth.AuthProvider;
import com.linecorp.centraldogma.server.auth.AuthProviderFactory;
import com.linecorp.centraldogma.server.auth.AuthProviderParameters;
import com.linecorp.centraldogma.server.auth.saml.SamlAuthProperties;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.time.Duration;
import org.opensaml.security.credential.CredentialResolver;

/* loaded from: input_file:com/linecorp/centraldogma/server/auth/saml/SamlAuthProviderFactory.class */
public final class SamlAuthProviderFactory implements AuthProviderFactory {
    public AuthProvider create(AuthProviderParameters authProviderParameters) {
        SamlAuthProperties properties = getProperties(authProviderParameters.authConfig());
        try {
            SamlAuthProperties.KeyStore keyStore = properties.keyStore();
            SamlAuthProperties.Idp idp = properties.idp();
            SamlServiceProviderBuilder builder = SamlServiceProvider.builder();
            builder.entityId(properties.entityId()).hostname(properties.hostname()).signingKey(properties.signingKey()).encryptionKey(properties.encryptionKey()).authorizer(authProviderParameters.authorizer()).ssoHandler(new SamlAuthSsoHandler(authProviderParameters.sessionIdGenerator(), authProviderParameters.loginSessionPropagator(), Duration.ofMillis(authProviderParameters.authConfig().sessionTimeoutMillis()), authProviderParameters.authConfig().loginNameNormalizer(), properties.idp().subjectLoginNameIdFormat(), properties.idp().attributeLoginName())).credentialResolver(credentialResolver(keyStore)).signatureAlgorithm(keyStore.signatureAlgorithm()).idp().entityId(idp.entityId()).ssoEndpoint(idp.endpoint()).signingKey(idp.signingKey()).encryptionKey(idp.encryptionKey());
            return new SamlAuthProvider(builder.build());
        } catch (Exception e) {
            throw new IllegalStateException("Failed to create " + SamlAuthProvider.class.getSimpleName(), e);
        }
    }

    private static SamlAuthProperties getProperties(AuthConfig authConfig) {
        try {
            SamlAuthProperties samlAuthProperties = (SamlAuthProperties) authConfig.properties(SamlAuthProperties.class);
            Preconditions.checkState(samlAuthProperties != null, "authentication properties are not specified");
            return samlAuthProperties;
        } catch (JsonProcessingException e) {
            throw new IllegalArgumentException("Failed to get properties from " + AuthConfig.class.getSimpleName(), e);
        }
    }

    private static CredentialResolver credentialResolver(SamlAuthProperties.KeyStore keyStore) throws IOException, GeneralSecurityException {
        String path = keyStore.path();
        File file = new File(path);
        KeyStoreCredentialResolverBuilder keyStoreCredentialResolverBuilder = file.isFile() ? new KeyStoreCredentialResolverBuilder(file) : new KeyStoreCredentialResolverBuilder(SamlAuthProviderFactory.class.getClassLoader(), path);
        keyStoreCredentialResolverBuilder.type(keyStore.type()).password(keyStore.password()).keyPasswords(keyStore.keyPasswords());
        return keyStoreCredentialResolverBuilder.build();
    }
}
