package org.elasticsearch.xpack.idp.saml.sp;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collections;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.elasticsearch.xpack.idp.privileges.ServiceProviderPrivileges;
import org.elasticsearch.xpack.idp.saml.sp.SamlServiceProvider;
import org.elasticsearch.xpack.idp.saml.sp.SamlServiceProviderDocument;
import org.joda.time.ReadableDuration;
import org.opensaml.security.x509.BasicX509Credential;

/* loaded from: input_file:org/elasticsearch/xpack/idp/saml/sp/SamlServiceProviderFactory.class */
public final class SamlServiceProviderFactory {
    private final ServiceProviderDefaults defaults;

    public SamlServiceProviderFactory(ServiceProviderDefaults serviceProviderDefaults) {
        this.defaults = serviceProviderDefaults;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SamlServiceProvider buildServiceProvider(SamlServiceProviderDocument samlServiceProviderDocument) {
        ServiceProviderPrivileges buildPrivileges = buildPrivileges(samlServiceProviderDocument.privileges);
        SamlServiceProvider.AttributeNames attributeNames = new SamlServiceProvider.AttributeNames(samlServiceProviderDocument.attributeNames.principal, samlServiceProviderDocument.attributeNames.name, samlServiceProviderDocument.attributeNames.email, samlServiceProviderDocument.attributeNames.roles);
        Set set = (Set) samlServiceProviderDocument.certificates.getServiceProviderX509SigningCertificates().stream().map(BasicX509Credential::new).collect(Collectors.collectingAndThen(Collectors.toSet(), Collections::unmodifiableSet));
        URL parseUrl = parseUrl(samlServiceProviderDocument);
        String str = samlServiceProviderDocument.nameIdFormat;
        if (str == null) {
            str = this.defaults.nameIdFormat;
        }
        return new CloudServiceProvider(samlServiceProviderDocument.entityId, samlServiceProviderDocument.name, samlServiceProviderDocument.enabled, parseUrl, str, (ReadableDuration) Optional.ofNullable(samlServiceProviderDocument.getAuthenticationExpiry()).orElse(this.defaults.authenticationExpiry), buildPrivileges, attributeNames, set, samlServiceProviderDocument.signMessages.contains(SamlServiceProviderDocument.SIGN_AUTHN), samlServiceProviderDocument.signMessages.contains(SamlServiceProviderDocument.SIGN_LOGOUT));
    }

    private ServiceProviderPrivileges buildPrivileges(SamlServiceProviderDocument.Privileges privileges) {
        Function function;
        String str = privileges.resource;
        if (privileges.rolePatterns == null || privileges.rolePatterns.isEmpty()) {
            function = str2 -> {
                return Collections.emptySet();
            };
        } else {
            Set set = (Set) privileges.rolePatterns.stream().map(Pattern::compile).collect(Collectors.collectingAndThen(Collectors.toSet(), Collections::unmodifiableSet));
            function = str3 -> {
                return (Set) set.stream().map(pattern -> {
                    return pattern.matcher(str3);
                }).filter((v0) -> {
                    return v0.matches();
                }).map(matcher -> {
                    return matcher.group(1);
                }).collect(Collectors.collectingAndThen(Collectors.toSet(), Collections::unmodifiableSet));
            };
        }
        return new ServiceProviderPrivileges(this.defaults.applicationName, str, function);
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.Throwable, org.elasticsearch.xpack.idp.saml.sp.ServiceProviderException] */
    private URL parseUrl(SamlServiceProviderDocument samlServiceProviderDocument) {
        try {
            return new URL(samlServiceProviderDocument.acs);
        } catch (MalformedURLException e) {
            ?? serviceProviderException = new ServiceProviderException("Service provider [{}] (doc {}) has an invalid ACS [{}]", e, samlServiceProviderDocument.entityId, samlServiceProviderDocument.docId, samlServiceProviderDocument.acs);
            serviceProviderException.setEntityId(samlServiceProviderDocument.entityId);
            throw serviceProviderException;
        }
    }
}
