package org.apereo.cas.support.saml.idp.metadata.generator;

import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator;
import org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter;
import org.apereo.cas.support.saml.services.idp.metadata.SamlIdPMetadataDocument;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;

/* loaded from: input_file:org/apereo/cas/support/saml/idp/metadata/generator/BaseSamlIdPMetadataGenerator.class */
public abstract class BaseSamlIdPMetadataGenerator implements SamlIdPMetadataGenerator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(BaseSamlIdPMetadataGenerator.class);
    private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----";
    private static final String END_CERTIFICATE = "-----END CERTIFICATE-----";
    protected final SamlIdPMetadataLocator samlIdPMetadataLocator;
    protected final SamlIdPCertificateAndKeyWriter samlIdPCertificateAndKeyWriter;
    protected final CipherExecutor<String, String> metadataCipherExecutor;
    private final String entityId;
    private final ResourceLoader resourceLoader;
    private final String casServerPrefix;
    private final String scope;

    @Override // org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator
    public SamlIdPMetadataDocument generate() {
        LOGGER.debug("Preparing to generate metadata for entityId [{}]", this.entityId);
        if (this.samlIdPMetadataLocator.exists()) {
            return this.samlIdPMetadataLocator.fetch();
        }
        LOGGER.trace("Metadata does not exist. Creating...");
        LOGGER.info("Creating self-signed certificate for signing...");
        Pair<String, String> buildSelfSignedSigningCert = buildSelfSignedSigningCert();
        LOGGER.info("Creating self-signed certificate for encryption...");
        Pair<String, String> buildSelfSignedEncryptionCert = buildSelfSignedEncryptionCert();
        LOGGER.info("Creating metadata...");
        String buildMetadataGeneratorParameters = buildMetadataGeneratorParameters(buildSelfSignedSigningCert, buildSelfSignedEncryptionCert);
        SamlIdPMetadataDocument samlIdPMetadataDocument = new SamlIdPMetadataDocument();
        samlIdPMetadataDocument.setEncryptionCertificate((String) buildSelfSignedEncryptionCert.getKey());
        samlIdPMetadataDocument.setEncryptionKey((String) buildSelfSignedEncryptionCert.getValue());
        samlIdPMetadataDocument.setSigningCertificate((String) buildSelfSignedSigningCert.getKey());
        samlIdPMetadataDocument.setSigningKey((String) buildSelfSignedSigningCert.getValue());
        samlIdPMetadataDocument.setMetadata(buildMetadataGeneratorParameters);
        return finalizeMetadataDocument(samlIdPMetadataDocument);
    }

    protected SamlIdPMetadataDocument finalizeMetadataDocument(SamlIdPMetadataDocument samlIdPMetadataDocument) {
        return samlIdPMetadataDocument;
    }

    private String getIdPEndpointUrl() {
        return this.casServerPrefix.concat("/idp");
    }

    public abstract Pair<String, String> buildSelfSignedEncryptionCert();

    public abstract Pair<String, String> buildSelfSignedSigningCert();

    private String buildMetadataGeneratorParameters(Pair<String, String> pair, Pair<String, String> pair2) {
        Resource resource = this.resourceLoader.getResource("classpath:/template-idp-metadata.xml");
        String trim = StringUtils.remove(StringUtils.remove((String) pair.getKey(), BEGIN_CERTIFICATE), END_CERTIFICATE).trim();
        String trim2 = StringUtils.remove(StringUtils.remove((String) pair2.getKey(), BEGIN_CERTIFICATE), END_CERTIFICATE).trim();
        StringWriter stringWriter = new StringWriter();
        try {
            IOUtils.copy(resource.getInputStream(), stringWriter, StandardCharsets.UTF_8);
            String replace = stringWriter.toString().replace("${entityId}", this.entityId).replace("${scope}", this.scope).replace("${idpEndpointUrl}", getIdPEndpointUrl()).replace("${encryptionKey}", trim2).replace("${signingKey}", trim);
            writeMetadata(replace);
            stringWriter.close();
            return replace;
        } finally {
        }
    }

    protected String writeMetadata(String str) {
        return str;
    }

    protected Pair<String, String> generateCertificateAndKey() {
        StringWriter stringWriter = new StringWriter();
        try {
            StringWriter stringWriter2 = new StringWriter();
            try {
                this.samlIdPCertificateAndKeyWriter.writeCertificateAndKey(stringWriter2, stringWriter);
                Pair<String, String> of = Pair.of(stringWriter.toString(), (String) this.metadataCipherExecutor.encode(stringWriter2.toString()));
                stringWriter2.close();
                stringWriter.close();
                return of;
            } catch (Throwable th) {
                try {
                    stringWriter2.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } finally {
        }
    }

    @Generated
    public BaseSamlIdPMetadataGenerator(SamlIdPMetadataLocator samlIdPMetadataLocator, SamlIdPCertificateAndKeyWriter samlIdPCertificateAndKeyWriter, CipherExecutor<String, String> cipherExecutor, String str, ResourceLoader resourceLoader, String str2, String str3) {
        this.samlIdPMetadataLocator = samlIdPMetadataLocator;
        this.samlIdPCertificateAndKeyWriter = samlIdPCertificateAndKeyWriter;
        this.metadataCipherExecutor = cipherExecutor;
        this.entityId = str;
        this.resourceLoader = resourceLoader;
        this.casServerPrefix = str2;
        this.scope = str3;
    }
}
