package com.bea.security.saml2.cssservice;

import com.bea.common.logger.spi.LoggerSpi;
import com.bea.common.security.saml2.ConfigValidationException;
import com.bea.common.security.saml2.SingleSignOnServicesConfigSpi;
import com.bea.common.security.service.SAML2PublishException;
import com.bea.common.security.service.SAML2Service;
import com.bea.security.saml2.config.SAML2ConfigSpi;
import com.bea.security.saml2.service.ServiceFactory;
import com.bea.security.saml2.util.SAML2Constants;
import com.bea.security.saml2.util.SAML2Utils;
import com.ctc.wstx.cfg.XmlConsts;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.StringWriter;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.eclipse.persistence.jpa.jpql.parser.Expression;
import org.opensaml.common.xml.ParserPoolManager;
import org.opensaml.saml2.metadata.ArtifactResolutionService;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.Company;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration;
import org.opensaml.saml2.metadata.EmailAddress;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.GivenName;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml2.metadata.LocalizedString;
import org.opensaml.saml2.metadata.Organization;
import org.opensaml.saml2.metadata.OrganizationDisplayName;
import org.opensaml.saml2.metadata.OrganizationName;
import org.opensaml.saml2.metadata.OrganizationURL;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.SurName;
import org.opensaml.saml2.metadata.TelephoneNumber;
import org.opensaml.saml2.metadata.impl.ArtifactResolutionServiceBuilder;
import org.opensaml.saml2.metadata.impl.AssertionConsumerServiceBuilder;
import org.opensaml.saml2.metadata.impl.KeyDescriptorBuilder;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
import org.opensaml.security.CredentialUsageTypeEnumeration;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.parse.XMLParserException;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.KeyInfoBuilder;
import org.w3c.dom.Element;
import weblogic.utils.StringUtils;

/* loaded from: input_file:com/bea/security/saml2/cssservice/SAML2ServiceImpl.class */
public class SAML2ServiceImpl implements SAML2Service, SAML2Constants {
    private SAML2ConfigSpi config;
    private LoggerSpi log;
    private Map<String, String> urlServiceMap = new HashMap();
    private String saml2AppContext;
    private static final String SUPPORTED_PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol";

    public SAML2ServiceImpl(SAML2ConfigSpi sAML2ConfigSpi) throws MalformedURLException {
        this.saml2AppContext = null;
        this.config = sAML2ConfigSpi;
        this.log = sAML2ConfigSpi.getLogger();
        try {
            this.saml2AppContext = new URL(sAML2ConfigSpi.getLocalConfiguration().getPublishedSiteURL()).getPath();
        } catch (MalformedURLException e) {
            this.saml2AppContext = null;
            if (this.log.isDebugEnabled()) {
                this.log.debug("SAML2ServiceImpl(): Invalid published site URL: '" + sAML2ConfigSpi.getLocalConfiguration().getPublishedSiteURL() + Expression.QUOTE);
            }
        }
        while (this.saml2AppContext != null && this.saml2AppContext.endsWith("/")) {
            this.saml2AppContext = this.saml2AppContext.substring(0, this.saml2AppContext.length() - 1);
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("SAML2ServiceImpl(): service application context is: '" + this.saml2AppContext + Expression.QUOTE);
        }
        this.urlServiceMap.put(SAML2Constants.IDP_SSO_ARTIFACT_PATH, ServiceFactory.SAML2_SSO_SERVICE);
        this.urlServiceMap.put(SAML2Constants.IDP_SSO_POST_PATH, ServiceFactory.SAML2_SSO_SERVICE);
        this.urlServiceMap.put(SAML2Constants.IDP_SSO_REDIRECT_PATH, ServiceFactory.SAML2_SSO_SERVICE);
        this.urlServiceMap.put(SAML2Constants.IDP_SSO_INITIATOR_PATH, ServiceFactory.SAML2_SSO_SERVICE);
        this.urlServiceMap.put("/idp/sso/login-return", ServiceFactory.SAML2_SSO_SERVICE);
        this.urlServiceMap.put(SAML2Constants.IDP_DEFAULT_LOGIN_PATH, ServiceFactory.SAML2_SSO_SERVICE);
        this.urlServiceMap.put(SAML2Constants.IDP_ARS_PATH, ServiceFactory.SAML2_ARS_SERVICE);
        this.urlServiceMap.put(SAML2Constants.SP_ACS_ARTIFACT_PATH, ServiceFactory.SAML2_ACS_SERVICE);
        this.urlServiceMap.put(SAML2Constants.SP_ACS_POST_PATH, ServiceFactory.SAML2_ACS_SERVICE);
        this.urlServiceMap.put(SAML2Constants.SP_SSO_INITIATOR_PATH, ServiceFactory.SAML2_SP_INITIATOR_SERVICE);
        this.urlServiceMap.put(SAML2Constants.SP_ARS_PATH, ServiceFactory.SAML2_ARS_SERVICE);
    }

    @Override // com.bea.common.security.service.SAML2Service
    public boolean process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ServiceFactory serviceFactory = this.config.getServiceFactory();
        String serviceTypeFromURI = getServiceTypeFromURI(httpServletRequest.getContextPath(), httpServletRequest.getRequestURI());
        if (serviceTypeFromURI == null) {
            return false;
        }
        return serviceFactory.getService(serviceTypeFromURI).process(httpServletRequest, httpServletResponse);
    }

    private String getServiceTypeFromURI(String str, String str2) {
        String str3;
        if (this.saml2AppContext == null) {
            if (!this.log.isDebugEnabled()) {
                return null;
            }
            this.log.debug("getServiceTypeFromURI(): saml2AppContext not set, returning null");
            return null;
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("getServiceTypeFromURI(): request URI is '" + str2 + Expression.QUOTE);
        }
        if (str.equals(this.saml2AppContext)) {
            String substring = str2.substring(this.saml2AppContext.length());
            if (this.log.isDebugEnabled()) {
                this.log.debug("getServiceTypeFromURI(): service URI is '" + substring + Expression.QUOTE);
            }
            str3 = this.urlServiceMap.get(substring);
        } else {
            if (this.log.isDebugEnabled()) {
                this.log.debug("getServiceTypeFromURI(): request URI is not a service URI");
            }
            str3 = ServiceFactory.SAML2_SP_INITIATOR_SERVICE;
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("getServiceTypeFromURI(): returning service type '" + str3 + Expression.QUOTE);
        }
        return str3;
    }

    @Override // com.bea.common.security.service.SAML2Service
    public void publish(String str) throws SAML2PublishException {
        publish(str, false);
    }

    @Override // com.bea.common.security.service.SAML2Service
    public void publish(String str, boolean z) throws SAML2PublishException {
        if (str == null || str.trim().equals("")) {
            throw new IllegalArgumentException("Invalid filename parameter");
        }
        File file = new File(str);
        if (z && file.exists()) {
            throw new SAML2PublishException.OverwriteProhibitedException("File overwrite prohibited");
        }
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            try {
                publish(fileOutputStream);
                try {
                    fileOutputStream.flush();
                    fileOutputStream.close();
                } catch (IOException e) {
                    throw new SAML2PublishException.FileCreateException("Error writing file", e);
                }
            } catch (Throwable th) {
                try {
                    fileOutputStream.flush();
                    fileOutputStream.close();
                    throw th;
                } catch (IOException e2) {
                    throw new SAML2PublishException.FileCreateException("Error writing file", e2);
                }
            }
        } catch (Exception e3) {
            throw new SAML2PublishException.FileCreateException("Error creating file", e3);
        }
    }

    private void publish(OutputStream outputStream) throws SAML2PublishException {
        SingleSignOnServicesConfigSpi localConfiguration = this.config.getLocalConfiguration();
        if (!localConfiguration.isIdentityProviderEnabled() && !localConfiguration.isServiceProviderEnabled()) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("publish(): Unable to publish: IdP and SP disabled");
            }
            throw new SAML2PublishException.NotEnabledException("SAML2 services not enabled");
        }
        try {
            SAML2Utils.validateLocalConfig(localConfiguration);
            Element buildMetadata = buildMetadata(localConfiguration);
            try {
                Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
                newTransformer.setOutputProperty("indent", XmlConsts.XML_SA_YES);
                newTransformer.transform(new DOMSource(buildMetadata.getOwnerDocument()), new StreamResult(outputStream));
            } catch (TransformerException e) {
                throw new SAML2PublishException.MetadataXMLException("Error generating metadata XML", e);
            }
        } catch (ConfigValidationException e2) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("publish(): Unable to publish: Illegal local config");
            }
            throw new SAML2PublishException.InvalidConfigException(e2.getMessage());
        }
    }

    @Override // com.bea.common.security.service.SAML2Service
    public String exportMetadata() throws SAML2PublishException {
        SingleSignOnServicesConfigSpi localConfiguration = this.config.getLocalConfiguration();
        if (!localConfiguration.isIdentityProviderEnabled() && !localConfiguration.isServiceProviderEnabled()) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("publish(): Unable to publish: IdP and SP disabled");
            }
            throw new SAML2PublishException.NotEnabledException("SAML2 services not enabled");
        }
        try {
            SAML2Utils.validateLocalConfig(localConfiguration);
            Element buildMetadata = buildMetadata(localConfiguration);
            try {
                Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
                newTransformer.setOutputProperty("indent", XmlConsts.XML_SA_YES);
                StringWriter stringWriter = new StringWriter();
                newTransformer.transform(new DOMSource(buildMetadata.getOwnerDocument()), new StreamResult(stringWriter));
                return stringWriter.toString();
            } catch (TransformerException e) {
                throw new SAML2PublishException.MetadataXMLException("Error generating metadata XML", e);
            }
        } catch (ConfigValidationException e2) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("publish(): Unable to publish: Illegal local config");
            }
            throw new SAML2PublishException.InvalidConfigException(e2.getMessage());
        }
    }

    private Element buildMetadata(SingleSignOnServicesConfigSpi singleSignOnServicesConfigSpi) throws SAML2PublishException {
        String str;
        String publishedSiteURL = singleSignOnServicesConfigSpi.getPublishedSiteURL();
        while (true) {
            str = publishedSiteURL;
            if (!str.endsWith("/")) {
                try {
                    break;
                } catch (XMLParserException e) {
                    throw new SAML2PublishException.MetadataXMLException("Error generating metadata XML", e);
                } catch (MarshallingException e2) {
                    throw new SAML2PublishException.MetadataXMLException("Error generating metadata XML", e2);
                }
            }
            publishedSiteURL = str.substring(0, str.length() - 1);
        }
        XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
        EntityDescriptor buildObject = builderFactory.getBuilder(EntityDescriptor.DEFAULT_ELEMENT_NAME).buildObject();
        if (isContactPersonSet(singleSignOnServicesConfigSpi)) {
            String contactPersonType = singleSignOnServicesConfigSpi.getContactPersonType();
            if (contactPersonType == null) {
                throw new SAML2PublishException.InvalidConfigException("Error generating metadata XML: ContactPersonType is not set");
            }
            ContactPerson buildObject2 = builderFactory.getBuilder(ContactPerson.DEFAULT_ELEMENT_NAME).buildObject();
            GivenName buildObject3 = builderFactory.getBuilder(GivenName.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject3.setName(singleSignOnServicesConfigSpi.getContactPersonGivenName());
            buildObject2.setGivenName(buildObject3);
            SurName buildObject4 = builderFactory.getBuilder(SurName.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject4.setName(singleSignOnServicesConfigSpi.getContactPersonSurName());
            buildObject2.setSurName(buildObject4);
            buildObject2.setType(ContactPersonTypeEnumeration.ADMINISTRATIVE.toString().equals(contactPersonType) ? ContactPersonTypeEnumeration.ADMINISTRATIVE : ContactPersonTypeEnumeration.TECHNICAL.toString().equals(contactPersonType) ? ContactPersonTypeEnumeration.TECHNICAL : ContactPersonTypeEnumeration.BILLING.toString().equals(contactPersonType) ? ContactPersonTypeEnumeration.BILLING : ContactPersonTypeEnumeration.SUPPORT.toString().equals(contactPersonType) ? ContactPersonTypeEnumeration.SUPPORT : ContactPersonTypeEnumeration.OTHER);
            Company buildObject5 = builderFactory.getBuilder(Company.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject5.setName(singleSignOnServicesConfigSpi.getContactPersonCompany());
            buildObject2.setCompany(buildObject5);
            EmailAddress buildObject6 = builderFactory.getBuilder(EmailAddress.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject6.setAddress(singleSignOnServicesConfigSpi.getContactPersonEmailAddress());
            buildObject2.getEmailAddresses().add(buildObject6);
            TelephoneNumber buildObject7 = builderFactory.getBuilder(TelephoneNumber.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject7.setNumber(singleSignOnServicesConfigSpi.getContactPersonTelephoneNumber());
            buildObject2.getTelephoneNumbers().add(buildObject7);
            buildObject.getContactPersons().add(buildObject2);
        }
        if (isOrganizationSet(singleSignOnServicesConfigSpi)) {
            Organization buildObject8 = builderFactory.getBuilder(Organization.DEFAULT_ELEMENT_NAME).buildObject();
            List organizationNames = buildObject8.getOrganizationNames();
            OrganizationName buildObject9 = builderFactory.getBuilder(OrganizationName.DEFAULT_ELEMENT_NAME).buildObject();
            LocalizedString localizedString = new LocalizedString();
            localizedString.setLocalizedString(singleSignOnServicesConfigSpi.getOrganizationName());
            localizedString.setLanguage(Locale.getDefault().getLanguage());
            buildObject9.setName(localizedString);
            organizationNames.add(buildObject9);
            OrganizationDisplayName buildObject10 = builderFactory.getBuilder(OrganizationDisplayName.DEFAULT_ELEMENT_NAME).buildObject();
            LocalizedString localizedString2 = new LocalizedString();
            localizedString2.setLocalizedString(singleSignOnServicesConfigSpi.getOrganizationName());
            localizedString2.setLanguage(Locale.getDefault().getLanguage());
            buildObject10.setName(localizedString2);
            buildObject8.getDisplayNames().add(buildObject10);
            List uRLs = buildObject8.getURLs();
            OrganizationURL buildObject11 = builderFactory.getBuilder(OrganizationURL.DEFAULT_ELEMENT_NAME).buildObject();
            LocalizedString localizedString3 = new LocalizedString();
            localizedString3.setLocalizedString(singleSignOnServicesConfigSpi.getOrganizationURL());
            localizedString3.setLanguage(Locale.getDefault().getLanguage());
            buildObject11.setURL(localizedString3);
            uRLs.add(buildObject11);
            buildObject.setOrganization(buildObject8);
        }
        buildObject.setEntityID(singleSignOnServicesConfigSpi.getEntityID());
        ArtifactResolutionServiceBuilder builder = builderFactory.getBuilder(ArtifactResolutionService.DEFAULT_ELEMENT_NAME);
        KeyDescriptorBuilder builder2 = builderFactory.getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME);
        KeyInfoBuilder builder3 = builderFactory.getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME);
        IDPSSODescriptor iDPSSODescriptor = null;
        if (singleSignOnServicesConfigSpi.isIdentityProviderEnabled()) {
            iDPSSODescriptor = builderFactory.getBuilder(IDPSSODescriptor.DEFAULT_ELEMENT_NAME).buildObject();
            iDPSSODescriptor.setErrorURL(singleSignOnServicesConfigSpi.getErrorPath());
            iDPSSODescriptor.setWantAuthnRequestSigned(singleSignOnServicesConfigSpi.isWantAuthnRequestsSigned() ? Boolean.TRUE : Boolean.FALSE);
            List singleSignOnServices = iDPSSODescriptor.getSingleSignOnServices();
            SingleSignOnServiceBuilder builder4 = builderFactory.getBuilder(SingleSignOnService.DEFAULT_ELEMENT_NAME);
            if (singleSignOnServicesConfigSpi.isIdentityProviderArtifactBindingEnabled()) {
                SingleSignOnService buildObject12 = builder4.buildObject();
                buildObject12.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact");
                buildObject12.setLocation(str + SAML2Constants.IDP_SSO_ARTIFACT_PATH);
                singleSignOnServices.add(buildObject12);
                List artifactResolutionServices = iDPSSODescriptor.getArtifactResolutionServices();
                ArtifactResolutionService buildObject13 = builder.buildObject();
                buildObject13.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
                buildObject13.setLocation(str + SAML2Constants.IDP_ARS_PATH);
                buildObject13.setIndex(new Integer(0));
                buildObject13.setIsDefault(Boolean.TRUE);
                artifactResolutionServices.add(buildObject13);
            }
            if (singleSignOnServicesConfigSpi.isIdentityProviderPOSTBindingEnabled()) {
                SingleSignOnService buildObject14 = builder4.buildObject();
                buildObject14.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
                buildObject14.setLocation(str + SAML2Constants.IDP_SSO_POST_PATH);
                if ("HTTP/POST".equals(singleSignOnServicesConfigSpi.getIdentityProviderPreferredBinding())) {
                    singleSignOnServices.add(0, buildObject14);
                } else {
                    singleSignOnServices.add(buildObject14);
                }
            }
            if (singleSignOnServicesConfigSpi.isIdentityProviderRedirectBindingEnabled()) {
                SingleSignOnService buildObject15 = builder4.buildObject();
                buildObject15.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
                buildObject15.setLocation(str + SAML2Constants.IDP_SSO_REDIRECT_PATH);
                if ("HTTP/Redirect".equals(singleSignOnServicesConfigSpi.getIdentityProviderPreferredBinding())) {
                    singleSignOnServices.add(0, buildObject15);
                } else {
                    singleSignOnServices.add(buildObject15);
                }
            }
            List keyDescriptors = iDPSSODescriptor.getKeyDescriptors();
            KeyDescriptor buildObject16 = builder2.buildObject();
            KeyInfo buildObject17 = builder3.buildObject();
            List certificates = buildObject17.getCertificates();
            if (this.config.getSAML2KeyManager() != null && this.config.getSAML2KeyManager().getSSOKeyInfo() != null) {
                certificates.add((X509Certificate) this.config.getSAML2KeyManager().getSSOKeyInfo().getCert());
                buildObject16.setKeyInfo(buildObject17);
                buildObject16.setUse(CredentialUsageTypeEnumeration.SIGNING);
                keyDescriptors.add(buildObject16);
            }
            iDPSSODescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
        }
        SPSSODescriptor sPSSODescriptor = null;
        if (singleSignOnServicesConfigSpi.isServiceProviderEnabled()) {
            sPSSODescriptor = builderFactory.getBuilder(SPSSODescriptor.DEFAULT_ELEMENT_NAME).buildObject();
            sPSSODescriptor.setAuthnRequestsSigned(singleSignOnServicesConfigSpi.isSignAuthnRequests() ? Boolean.TRUE : Boolean.FALSE);
            sPSSODescriptor.setErrorURL(singleSignOnServicesConfigSpi.getErrorPath());
            sPSSODescriptor.setWantAssertionsSigned(singleSignOnServicesConfigSpi.isWantAssertionsSigned() ? Boolean.TRUE : Boolean.FALSE);
            List assertionConsumerServices = sPSSODescriptor.getAssertionConsumerServices();
            AssertionConsumerServiceBuilder builder5 = builderFactory.getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
            if (singleSignOnServicesConfigSpi.isServiceProviderArtifactBindingEnabled()) {
                AssertionConsumerService buildObject18 = builder5.buildObject();
                buildObject18.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact");
                buildObject18.setLocation(str + SAML2Constants.SP_ACS_ARTIFACT_PATH);
                if ("HTTP/Artifact".equals(singleSignOnServicesConfigSpi.getServiceProviderPreferredBinding())) {
                    buildObject18.setIsDefault(Boolean.TRUE);
                }
                assertionConsumerServices.add(buildObject18);
                List artifactResolutionServices2 = sPSSODescriptor.getArtifactResolutionServices();
                ArtifactResolutionService buildObject19 = builder.buildObject();
                buildObject19.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
                buildObject19.setLocation(str + SAML2Constants.SP_ARS_PATH);
                buildObject19.setIndex(new Integer(0));
                buildObject19.setIsDefault(Boolean.TRUE);
                artifactResolutionServices2.add(buildObject19);
            }
            if (singleSignOnServicesConfigSpi.isServiceProviderPOSTBindingEnabled()) {
                AssertionConsumerService buildObject20 = builder5.buildObject();
                buildObject20.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
                buildObject20.setLocation(str + SAML2Constants.SP_ACS_POST_PATH);
                if ("HTTP/POST".equals(singleSignOnServicesConfigSpi.getServiceProviderPreferredBinding())) {
                    buildObject20.setIsDefault(Boolean.TRUE);
                }
                if ("HTTP/POST".equals(singleSignOnServicesConfigSpi.getServiceProviderPreferredBinding())) {
                    assertionConsumerServices.add(0, buildObject20);
                } else {
                    assertionConsumerServices.add(buildObject20);
                }
            }
            int size = assertionConsumerServices.size();
            for (int i = 0; i < size; i++) {
                ((AssertionConsumerService) assertionConsumerServices.get(i)).setIndex(new Integer(i));
            }
            List keyDescriptors2 = sPSSODescriptor.getKeyDescriptors();
            KeyDescriptor buildObject21 = builder2.buildObject();
            KeyInfo buildObject22 = builder3.buildObject();
            List certificates2 = buildObject22.getCertificates();
            if (this.config.getSAML2KeyManager() != null && this.config.getSAML2KeyManager().getSSOKeyInfo() != null) {
                certificates2.add((X509Certificate) this.config.getSAML2KeyManager().getSSOKeyInfo().getCert());
                buildObject21.setKeyInfo(buildObject22);
                buildObject21.setUse(CredentialUsageTypeEnumeration.SIGNING);
                keyDescriptors2.add(buildObject21);
            }
            sPSSODescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
        }
        List roleDescriptors = buildObject.getRoleDescriptors();
        if (iDPSSODescriptor != null) {
            roleDescriptors.add(iDPSSODescriptor);
        }
        if (sPSSODescriptor != null) {
            roleDescriptors.add(sPSSODescriptor);
        }
        Element marshall = Configuration.getMarshallerFactory().getMarshaller(buildObject).marshall(buildObject);
        ParserPoolManager.getInstance().validate(marshall.getOwnerDocument());
        return marshall;
    }

    private boolean isContactPersonSet(SingleSignOnServicesConfigSpi singleSignOnServicesConfigSpi) {
        return (StringUtils.isEmptyString(singleSignOnServicesConfigSpi.getContactPersonCompany()) && StringUtils.isEmptyString(singleSignOnServicesConfigSpi.getContactPersonEmailAddress()) && StringUtils.isEmptyString(singleSignOnServicesConfigSpi.getContactPersonGivenName()) && StringUtils.isEmptyString(singleSignOnServicesConfigSpi.getContactPersonSurName()) && StringUtils.isEmptyString(singleSignOnServicesConfigSpi.getContactPersonTelephoneNumber()) && StringUtils.isEmptyString(singleSignOnServicesConfigSpi.getContactPersonType())) ? false : true;
    }

    private boolean isOrganizationSet(SingleSignOnServicesConfigSpi singleSignOnServicesConfigSpi) {
        return (StringUtils.isEmptyString(singleSignOnServicesConfigSpi.getOrganizationName()) && StringUtils.isEmptyString(singleSignOnServicesConfigSpi.getOrganizationURL())) ? false : true;
    }
}
