package com.atlassian.plugins.authentication.impl.config.saml;

import com.atlassian.plugins.authentication.impl.rest.saml.model.SamlConfigEntity;
import com.atlassian.plugins.authentication.impl.util.HttpsValidator;
import com.google.common.base.Strings;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.ImmutableMultimap;
import com.google.common.collect.Multimap;
import java.net.URL;
import java.util.Collections;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang.StringUtils;

@Named
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-authentication-plugin-2.1.0.jar:com/atlassian/plugins/authentication/impl/config/saml/SamlConfigValidator.class */
public class SamlConfigValidator {
    private final HttpsValidator httpsValidator;

    @Inject
    public SamlConfigValidator(HttpsValidator httpsValidator) {
        this.httpsValidator = httpsValidator;
    }

    public Multimap<String, ErrorReason> validate(SamlConfig samlConfig) {
        HashMultimap create = HashMultimap.create();
        create.putAll("sso-url", validateRequiredField(samlConfig.getIdpSsoUrl()));
        create.putAll("sso-issuer", validateRequiredField(samlConfig.getSsoIssuer()));
        create.putAll(SamlConfigEntity.IDP_CERTIFICATE_FIELD, validateRequiredField(samlConfig.getCertificate()));
        create.putAll("sso-url", validateSsoUrl(samlConfig.getIdpSsoUrl()));
        create.putAll(SamlConfigEntity.IDP_CERTIFICATE_FIELD, validateCertificate(samlConfig.getCertificate()));
        return ImmutableMultimap.copyOf(create);
    }

    private Iterable<ErrorReason> validateRequiredField(String str) {
        return StringUtils.isEmpty(str) ? Collections.singleton(ErrorReason.REQUIRED) : Collections.emptyList();
    }

    private Iterable<ErrorReason> validateCertificate(String str) {
        if (!Strings.nullToEmpty(str).isEmpty()) {
            try {
                ValidationUtils.convertToCertificate(str);
            } catch (Exception e) {
                return Collections.singleton(ErrorReason.INCORRECT);
            }
        }
        return Collections.emptyList();
    }

    private Iterable<ErrorReason> validateSsoUrl(String str) {
        if (!Strings.isNullOrEmpty(str)) {
            if (!validateUrl(str)) {
                return Collections.singleton(ErrorReason.INCORRECT);
            }
            if (!validateUrlIsSecure(str)) {
                return Collections.singleton(ErrorReason.INSECURE);
            }
        }
        return Collections.emptyList();
    }

    private boolean validateUrlIsSecure(String str) {
        URL convertToUrl;
        return !this.httpsValidator.isHttpsRequired() || Strings.isNullOrEmpty(str) || (convertToUrl = ValidationUtils.convertToUrl(str)) == null || "https".equalsIgnoreCase(convertToUrl.getProtocol());
    }

    private boolean validateUrl(String str) {
        if (Strings.isNullOrEmpty(str)) {
            return true;
        }
        try {
            ValidationUtils.convertToUrl(str);
            return true;
        } catch (IllegalArgumentException e) {
            return false;
        }
    }
}
