package org.apereo.cas.support.saml.idp.metadata.generator;

import java.io.Serializable;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.util.Collection;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties;
import org.apereo.cas.configuration.model.support.saml.idp.metadata.CoreSamlMetadataProperties;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlIdPConstants;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlIdPMetadataDocument;
import org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;

/* loaded from: input_file:org/apereo/cas/support/saml/idp/metadata/generator/BaseSamlIdPMetadataGenerator.class */
public abstract class BaseSamlIdPMetadataGenerator implements SamlIdPMetadataGenerator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(BaseSamlIdPMetadataGenerator.class);
    protected final SamlIdPMetadataGeneratorConfigurationContext configurationContext;

    /* loaded from: input_file:org/apereo/cas/support/saml/idp/metadata/generator/BaseSamlIdPMetadataGenerator$IdPMetadataTemplateContext.class */
    public static class IdPMetadataTemplateContext implements Serializable {
        private static final long serialVersionUID = -8084689071916142718L;
        private final String entityId;
        private final String scope;
        private final String endpointUrl;
        private final String errorUrl;
        private final String encryptionCertificate;
        private final String signingCertificate;
        private final boolean ssoServicePostBindingEnabled;
        private final boolean ssoServicePostSimpleSignBindingEnabled;
        private final boolean ssoServiceRedirectBindingEnabled;
        private final boolean ssoServiceSoapBindingEnabled;
        private final boolean sloServicePostBindingEnabled;
        private final boolean sloServiceRedirectBindingEnabled;

        @Generated
        /* loaded from: input_file:org/apereo/cas/support/saml/idp/metadata/generator/BaseSamlIdPMetadataGenerator$IdPMetadataTemplateContext$IdPMetadataTemplateContextBuilder.class */
        public static abstract class IdPMetadataTemplateContextBuilder<C extends IdPMetadataTemplateContext, B extends IdPMetadataTemplateContextBuilder<C, B>> {

            @Generated
            private String entityId;

            @Generated
            private String scope;

            @Generated
            private String endpointUrl;

            @Generated
            private String errorUrl;

            @Generated
            private String encryptionCertificate;

            @Generated
            private String signingCertificate;

            @Generated
            private boolean ssoServicePostBindingEnabled;

            @Generated
            private boolean ssoServicePostSimpleSignBindingEnabled;

            @Generated
            private boolean ssoServiceRedirectBindingEnabled;

            @Generated
            private boolean ssoServiceSoapBindingEnabled;

            @Generated
            private boolean sloServicePostBindingEnabled;

            @Generated
            private boolean sloServiceRedirectBindingEnabled;

            @Generated
            public B entityId(String str) {
                this.entityId = str;
                return self();
            }

            @Generated
            public B scope(String str) {
                this.scope = str;
                return self();
            }

            @Generated
            public B endpointUrl(String str) {
                this.endpointUrl = str;
                return self();
            }

            @Generated
            public B errorUrl(String str) {
                this.errorUrl = str;
                return self();
            }

            @Generated
            public B encryptionCertificate(String str) {
                this.encryptionCertificate = str;
                return self();
            }

            @Generated
            public B signingCertificate(String str) {
                this.signingCertificate = str;
                return self();
            }

            @Generated
            public B ssoServicePostBindingEnabled(boolean z) {
                this.ssoServicePostBindingEnabled = z;
                return self();
            }

            @Generated
            public B ssoServicePostSimpleSignBindingEnabled(boolean z) {
                this.ssoServicePostSimpleSignBindingEnabled = z;
                return self();
            }

            @Generated
            public B ssoServiceRedirectBindingEnabled(boolean z) {
                this.ssoServiceRedirectBindingEnabled = z;
                return self();
            }

            @Generated
            public B ssoServiceSoapBindingEnabled(boolean z) {
                this.ssoServiceSoapBindingEnabled = z;
                return self();
            }

            @Generated
            public B sloServicePostBindingEnabled(boolean z) {
                this.sloServicePostBindingEnabled = z;
                return self();
            }

            @Generated
            public B sloServiceRedirectBindingEnabled(boolean z) {
                this.sloServiceRedirectBindingEnabled = z;
                return self();
            }

            @Generated
            protected abstract B self();

            @Generated
            public abstract C build();

            @Generated
            public String toString() {
                return "BaseSamlIdPMetadataGenerator.IdPMetadataTemplateContext.IdPMetadataTemplateContextBuilder(entityId=" + this.entityId + ", scope=" + this.scope + ", endpointUrl=" + this.endpointUrl + ", errorUrl=" + this.errorUrl + ", encryptionCertificate=" + this.encryptionCertificate + ", signingCertificate=" + this.signingCertificate + ", ssoServicePostBindingEnabled=" + this.ssoServicePostBindingEnabled + ", ssoServicePostSimpleSignBindingEnabled=" + this.ssoServicePostSimpleSignBindingEnabled + ", ssoServiceRedirectBindingEnabled=" + this.ssoServiceRedirectBindingEnabled + ", ssoServiceSoapBindingEnabled=" + this.ssoServiceSoapBindingEnabled + ", sloServicePostBindingEnabled=" + this.sloServicePostBindingEnabled + ", sloServiceRedirectBindingEnabled=" + this.sloServiceRedirectBindingEnabled + ")";
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        @Generated
        /* loaded from: input_file:org/apereo/cas/support/saml/idp/metadata/generator/BaseSamlIdPMetadataGenerator$IdPMetadataTemplateContext$IdPMetadataTemplateContextBuilderImpl.class */
        public static final class IdPMetadataTemplateContextBuilderImpl extends IdPMetadataTemplateContextBuilder<IdPMetadataTemplateContext, IdPMetadataTemplateContextBuilderImpl> {
            @Generated
            private IdPMetadataTemplateContextBuilderImpl() {
            }

            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apereo.cas.support.saml.idp.metadata.generator.BaseSamlIdPMetadataGenerator.IdPMetadataTemplateContext.IdPMetadataTemplateContextBuilder
            @Generated
            public IdPMetadataTemplateContextBuilderImpl self() {
                return this;
            }

            @Override // org.apereo.cas.support.saml.idp.metadata.generator.BaseSamlIdPMetadataGenerator.IdPMetadataTemplateContext.IdPMetadataTemplateContextBuilder
            @Generated
            public IdPMetadataTemplateContext build() {
                return new IdPMetadataTemplateContext(this);
            }
        }

        @Generated
        protected IdPMetadataTemplateContext(IdPMetadataTemplateContextBuilder<?, ?> idPMetadataTemplateContextBuilder) {
            this.entityId = ((IdPMetadataTemplateContextBuilder) idPMetadataTemplateContextBuilder).entityId;
            this.scope = ((IdPMetadataTemplateContextBuilder) idPMetadataTemplateContextBuilder).scope;
            this.endpointUrl = ((IdPMetadataTemplateContextBuilder) idPMetadataTemplateContextBuilder).endpointUrl;
            this.errorUrl = ((IdPMetadataTemplateContextBuilder) idPMetadataTemplateContextBuilder).errorUrl;
            this.encryptionCertificate = ((IdPMetadataTemplateContextBuilder) idPMetadataTemplateContextBuilder).encryptionCertificate;
            this.signingCertificate = ((IdPMetadataTemplateContextBuilder) idPMetadataTemplateContextBuilder).signingCertificate;
            this.ssoServicePostBindingEnabled = ((IdPMetadataTemplateContextBuilder) idPMetadataTemplateContextBuilder).ssoServicePostBindingEnabled;
            this.ssoServicePostSimpleSignBindingEnabled = ((IdPMetadataTemplateContextBuilder) idPMetadataTemplateContextBuilder).ssoServicePostSimpleSignBindingEnabled;
            this.ssoServiceRedirectBindingEnabled = ((IdPMetadataTemplateContextBuilder) idPMetadataTemplateContextBuilder).ssoServiceRedirectBindingEnabled;
            this.ssoServiceSoapBindingEnabled = ((IdPMetadataTemplateContextBuilder) idPMetadataTemplateContextBuilder).ssoServiceSoapBindingEnabled;
            this.sloServicePostBindingEnabled = ((IdPMetadataTemplateContextBuilder) idPMetadataTemplateContextBuilder).sloServicePostBindingEnabled;
            this.sloServiceRedirectBindingEnabled = ((IdPMetadataTemplateContextBuilder) idPMetadataTemplateContextBuilder).sloServiceRedirectBindingEnabled;
        }

        @Generated
        public static IdPMetadataTemplateContextBuilder<?, ?> builder() {
            return new IdPMetadataTemplateContextBuilderImpl();
        }

        @Generated
        public String getEntityId() {
            return this.entityId;
        }

        @Generated
        public String getScope() {
            return this.scope;
        }

        @Generated
        public String getEndpointUrl() {
            return this.endpointUrl;
        }

        @Generated
        public String getErrorUrl() {
            return this.errorUrl;
        }

        @Generated
        public String getEncryptionCertificate() {
            return this.encryptionCertificate;
        }

        @Generated
        public String getSigningCertificate() {
            return this.signingCertificate;
        }

        @Generated
        public boolean isSsoServicePostBindingEnabled() {
            return this.ssoServicePostBindingEnabled;
        }

        @Generated
        public boolean isSsoServicePostSimpleSignBindingEnabled() {
            return this.ssoServicePostSimpleSignBindingEnabled;
        }

        @Generated
        public boolean isSsoServiceRedirectBindingEnabled() {
            return this.ssoServiceRedirectBindingEnabled;
        }

        @Generated
        public boolean isSsoServiceSoapBindingEnabled() {
            return this.ssoServiceSoapBindingEnabled;
        }

        @Generated
        public boolean isSloServicePostBindingEnabled() {
            return this.sloServicePostBindingEnabled;
        }

        @Generated
        public boolean isSloServiceRedirectBindingEnabled() {
            return this.sloServiceRedirectBindingEnabled;
        }
    }

    @Override // org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator
    public SamlIdPMetadataDocument generate(Optional<SamlRegisteredService> optional) throws Throwable {
        LOGGER.debug("Preparing to generate metadata for entity id [{}]", this.configurationContext.getCasProperties().getAuthn().getSamlIdp().getCore().getEntityId());
        SamlIdPMetadataLocator samlIdPMetadataLocator = this.configurationContext.getSamlIdPMetadataLocator();
        if (!samlIdPMetadataLocator.exists(optional)) {
            String appliesToFor = getAppliesToFor(optional);
            LOGGER.trace("Metadata does not exist for [{}]", appliesToFor);
            if (shouldGenerateMetadata(optional)) {
                LOGGER.trace("Creating metadata artifacts for [{}]...", appliesToFor);
                LOGGER.info("Creating self-signed certificate for signing...");
                Pair<String, String> buildSelfSignedSigningCert = buildSelfSignedSigningCert(optional);
                LOGGER.info("Creating self-signed certificate for encryption...");
                Pair<String, String> buildSelfSignedEncryptionCert = buildSelfSignedEncryptionCert(optional);
                LOGGER.info("Creating SAML2 metadata for identity provider...");
                String buildMetadataGeneratorParameters = buildMetadataGeneratorParameters(buildSelfSignedSigningCert, buildSelfSignedEncryptionCert, optional);
                SamlIdPMetadataDocument newSamlIdPMetadataDocument = newSamlIdPMetadataDocument();
                newSamlIdPMetadataDocument.setEncryptionCertificate((String) buildSelfSignedEncryptionCert.getKey());
                newSamlIdPMetadataDocument.setEncryptionKey((String) buildSelfSignedEncryptionCert.getValue());
                newSamlIdPMetadataDocument.setSigningCertificate((String) buildSelfSignedSigningCert.getKey());
                newSamlIdPMetadataDocument.setSigningKey((String) buildSelfSignedSigningCert.getValue());
                newSamlIdPMetadataDocument.setMetadata(buildMetadataGeneratorParameters);
                return finalizeMetadataDocument(newSamlIdPMetadataDocument, optional);
            }
            LOGGER.debug("Skipping metadata generation process for [{}]", appliesToFor);
        }
        return samlIdPMetadataLocator.fetch(optional);
    }

    protected boolean shouldGenerateMetadata(Optional<SamlRegisteredService> optional) {
        return this.configurationContext.getSamlIdPMetadataLocator().shouldGenerateMetadataFor(optional);
    }

    public abstract Pair<String, String> buildSelfSignedEncryptionCert(Optional<SamlRegisteredService> optional) throws Throwable;

    public abstract Pair<String, String> buildSelfSignedSigningCert(Optional<SamlRegisteredService> optional) throws Throwable;

    protected SamlIdPMetadataDocument newSamlIdPMetadataDocument() {
        return new SamlIdPMetadataDocument();
    }

    protected SamlIdPMetadataDocument finalizeMetadataDocument(SamlIdPMetadataDocument samlIdPMetadataDocument, Optional<SamlRegisteredService> optional) throws Throwable {
        return samlIdPMetadataDocument;
    }

    protected String writeMetadata(String str, Optional<SamlRegisteredService> optional) throws Throwable {
        return str;
    }

    protected Pair<String, String> generateCertificateAndKey() throws Exception {
        StringWriter stringWriter = new StringWriter();
        try {
            StringWriter stringWriter2 = new StringWriter();
            try {
                this.configurationContext.getSamlIdPCertificateAndKeyWriter().writeCertificateAndKey(stringWriter2, stringWriter);
                Pair<String, String> of = Pair.of(stringWriter.toString(), (String) this.configurationContext.getMetadataCipherExecutor().encode(stringWriter2.toString()));
                stringWriter2.close();
                stringWriter.close();
                return of;
            } finally {
            }
        } catch (Throwable th) {
            try {
                stringWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private String getIdPEndpointUrl() {
        return SpringExpressionLanguageValueResolver.getInstance().resolve(this.configurationContext.getCasProperties().getServer().getPrefix().concat(SamlIdPConstants.BASE_ENDPOINT_IDP));
    }

    /* JADX WARN: Type inference failed for: r0v26, types: [org.apereo.cas.support.saml.idp.metadata.generator.BaseSamlIdPMetadataGenerator$IdPMetadataTemplateContext$IdPMetadataTemplateContextBuilder] */
    private String buildMetadataGeneratorParameters(Pair<String, String> pair, Pair<String, String> pair2, Optional<SamlRegisteredService> optional) throws Throwable {
        String cleanCertificate = SamlIdPMetadataGenerator.cleanCertificate((String) pair.getKey());
        String cleanCertificate2 = SamlIdPMetadataGenerator.cleanCertificate((String) pair2.getKey());
        SamlIdPProperties samlIdp = this.configurationContext.getCasProperties().getAuthn().getSamlIdp();
        StringWriter stringWriter = new StringWriter();
        try {
            SpringExpressionLanguageValueResolver springExpressionLanguageValueResolver = SpringExpressionLanguageValueResolver.getInstance();
            String resolve = springExpressionLanguageValueResolver.resolve(samlIdp.getCore().getEntityId());
            String resolve2 = springExpressionLanguageValueResolver.resolve(this.configurationContext.getCasProperties().getServer().getScope());
            CoreSamlMetadataProperties core = samlIdp.getMetadata().getCore();
            IdPMetadataTemplateContext build = IdPMetadataTemplateContext.builder().encryptionCertificate(cleanCertificate2).signingCertificate(cleanCertificate).entityId(resolve).scope(resolve2).endpointUrl(getIdPEndpointUrl()).ssoServicePostBindingEnabled(core.isSsoServicePostBindingEnabled()).ssoServicePostSimpleSignBindingEnabled(core.isSsoServicePostSimpleSignBindingEnabled()).ssoServiceRedirectBindingEnabled(core.isSsoServiceRedirectBindingEnabled()).ssoServiceSoapBindingEnabled(core.isSsoServiceSoapBindingEnabled()).sloServicePostBindingEnabled(core.isSloServicePostBindingEnabled()).sloServiceRedirectBindingEnabled(core.isSloServiceRedirectBindingEnabled()).errorUrl(StringUtils.appendIfMissing(getIdPEndpointUrl(), "/error", new CharSequence[0])).build();
            Template template = this.configurationContext.getVelocityEngine().getTemplate("/template-idp-metadata.vm", StandardCharsets.UTF_8.name());
            VelocityContext velocityContext = new VelocityContext();
            velocityContext.put("context", build);
            template.merge(velocityContext, stringWriter);
            String stringWriter2 = stringWriter.toString();
            Collection values = this.configurationContext.getApplicationContext().getBeansOfType(SamlIdPMetadataCustomizer.class).values();
            if (!values.isEmpty()) {
                OpenSamlConfigBean openSamlConfigBean = this.configurationContext.getOpenSamlConfigBean();
                EntityDescriptor transformSamlObject = SamlUtils.transformSamlObject(openSamlConfigBean, stringWriter2, EntityDescriptor.class);
                values.stream().sorted(AnnotationAwareOrderComparator.INSTANCE).forEach(samlIdPMetadataCustomizer -> {
                    samlIdPMetadataCustomizer.customize(transformSamlObject, optional);
                });
                stringWriter2 = SamlUtils.transformSamlObject(openSamlConfigBean, transformSamlObject).toString();
            }
            writeMetadata(stringWriter2, optional);
            String str = stringWriter2;
            stringWriter.close();
            return str;
        } catch (Throwable th) {
            try {
                stringWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Generated
    public BaseSamlIdPMetadataGenerator(SamlIdPMetadataGeneratorConfigurationContext samlIdPMetadataGeneratorConfigurationContext) {
        this.configurationContext = samlIdPMetadataGeneratorConfigurationContext;
    }

    @Generated
    public SamlIdPMetadataGeneratorConfigurationContext getConfigurationContext() {
        return this.configurationContext;
    }
}
