package org.squashtest.tm.plugin.saml.properties;

import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.springframework.validation.Errors;
import sqsaml.org.apache.velocity.runtime.parser.LogContext;

/* loaded from: input_file:org/squashtest/tm/plugin/saml/properties/PropertiesValidator.class */
class PropertiesValidator {
    private static final String NOT_BLANK_CODE = "not blank";
    private static final String NOT_BLANK_MSG = "must not be empty";
    private static final String URL_PROTO_INVALID_CODE = "invalid protocol";
    private static final String URL_PROTO_INVALID_MSG = "that property doesn't allow protocol : %s";
    private static final String UNKNOWN_VALUE_CODE = "unknown value";
    private static final String UNKNOWN_VALUE_MSG = "values must be one of : ";
    private static final String MISSING_DATA_CODE = "additional data required";
    private Errors errors;
    private SAMLProperties props;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PropertiesValidator(Object obj, Errors errors) {
        this.errors = errors;
        this.props = (SAMLProperties) obj;
    }

    public void validate() {
        validateKeystore();
        validateIdp();
        validateSp();
    }

    private void validateKeystore() {
        KeystoreProperties keystore = this.props.getKeystore();
        rejectIfPathFormatInvalid("keystore.url", keystore.getUrl(), LogContext.MDC_FILE);
        rejectIfEmpty("keystore.password", keystore.getPassword());
        rejectIfEmpty("keystore.defaultKey", keystore.getDefaultKey());
        Map<String, String> credentials = keystore.getCredentials();
        if (credentials == null || credentials.isEmpty()) {
            rejectValue("keystore.credentials", NOT_BLANK_CODE, NOT_BLANK_MSG, new String[0]);
            return;
        }
        String defaultKey = keystore.getDefaultKey();
        if (keystore.getCredentials().keySet().contains(defaultKey)) {
            return;
        }
        rejectValue("keystore.defaultKey", MISSING_DATA_CODE, "configured default key is '%s', but was not configured in keystore.credentials (ie missing entry keystore.credentials.%s)", defaultKey, defaultKey);
    }

    private void validateIdp() {
        MetadataProperties metadata = this.props.getIdp().getMetadata();
        rejectIfPathFormatInvalid("idp.metadata.url", metadata != null ? metadata.getUrl() : "", LogContext.MDC_FILE, "http", "https");
    }

    private void validateSp() {
        SPProperties sp = this.props.getSp();
        MetadataProperties metadata = sp.getMetadata();
        rejectIfPathFormatInvalid("sp.metadata.url", metadata != null ? metadata.getUrl() : "", LogContext.MDC_FILE, "http", "https");
        rejectIfUnknown("sp.signatureSecurityProfile", sp.getSignatureSecurityProfile(), "metaiop", "pkix");
        rejectIfUnknown("sp.sslSecurityProfile", sp.getSslSecurityProfile(), "metaiop", "pkix");
        rejectIfUnknown("sp.hostnameVerification", sp.getSslHostnameVerification(), "default", "defaultAndLocalhost", "strict", "allowAll");
    }

    private void rejectIfPathFormatInvalid(String str, String str2, String... strArr) {
        if (StringUtils.isBlank(str2)) {
            this.errors.rejectValue(str, NOT_BLANK_CODE, NOT_BLANK_MSG);
            return;
        }
        Matcher matcher = Pattern.compile("^(\\w+)://.*").matcher(str2);
        if (matcher.matches()) {
            String group = matcher.group(1);
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= strArr.length) {
                    break;
                }
                if (group.equalsIgnoreCase(strArr[i])) {
                    z = true;
                    break;
                }
                i++;
            }
            if (z) {
                return;
            }
            rejectValue(str, URL_PROTO_INVALID_CODE, URL_PROTO_INVALID_MSG, group);
        }
    }

    private void rejectIfEmpty(String str, String str2) {
        if (StringUtils.isBlank(str2)) {
            this.errors.rejectValue(str, NOT_BLANK_CODE, NOT_BLANK_MSG);
        }
    }

    private void rejectIfUnknown(String str, String str2, String... strArr) {
        if (str2 != null) {
            for (String str3 : strArr) {
                if (str2.equals(str3)) {
                    return;
                }
            }
        }
        StringBuilder sb = new StringBuilder(UNKNOWN_VALUE_MSG);
        sb.append(" '" + strArr[0] + "'");
        for (int i = 1; i < strArr.length; i++) {
            sb.append(", '" + strArr[i] + "'");
        }
        this.errors.rejectValue(str, UNKNOWN_VALUE_CODE, sb.toString());
    }

    private void rejectValue(String str, String str2, String str3, String... strArr) {
        this.errors.rejectValue(str, str2, String.format(str3, strArr));
    }
}
