package org.apereo.cas.support.saml.services.idp.metadata.cache.resolver;

import com.google.common.io.ByteStreams;
import java.io.File;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.util.EntityUtils;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties;
import org.apereo.cas.configuration.model.support.saml.idp.metadata.SamlIdPMetadataProperties;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.saml.InMemoryResourceMetadataResolver;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlException;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.StaticXmlObjectMetadataResolver;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.HttpRequestUtils;
import org.apereo.cas.util.HttpUtils;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.util.XMLObjectSource;
import org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:org/apereo/cas/support/saml/services/idp/metadata/cache/resolver/MetadataQueryProtocolMetadataResolver.class */
public class MetadataQueryProtocolMetadataResolver extends UrlResourceMetadataResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(MetadataQueryProtocolMetadataResolver.class);

    public MetadataQueryProtocolMetadataResolver(SamlIdPProperties samlIdPProperties, OpenSamlConfigBean openSamlConfigBean) {
        super(samlIdPProperties, openSamlConfigBean);
    }

    @Override // org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver
    protected String getMetadataLocationForService(SamlRegisteredService samlRegisteredService, CriteriaSet criteriaSet) {
        LOGGER.debug("Getting metadata location dynamically for [{}] based on criteria [{}]", samlRegisteredService.getName(), criteriaSet);
        Optional map = Optional.ofNullable((EntityIdCriterion) criteriaSet.get(EntityIdCriterion.class)).map((v0) -> {
            return v0.getEntityId();
        });
        Objects.requireNonNull(samlRegisteredService);
        String str = (String) map.orElseGet(samlRegisteredService::getServiceId);
        if (StringUtils.isBlank(str)) {
            throw new SamlException("Unable to determine entity id to fetch metadata dynamically via MDQ for service " + samlRegisteredService.getName());
        }
        return samlRegisteredService.getMetadataLocation().replace("{0}", EncodingUtils.urlEncode(str));
    }

    @Override // org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver
    protected HttpResponse fetchMetadata(String str, CriteriaSet criteriaSet) {
        SamlIdPMetadataProperties metadata = this.samlIdPProperties.getMetadata();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("Content-Type", metadata.getSupportedContentTypes());
        linkedHashMap.put("Accept", "*/*");
        LOGGER.debug("Fetching dynamic metadata via MDQ for [{}]", str);
        HttpResponse executeGet = HttpUtils.executeGet(str, metadata.getBasicAuthnUsername(), this.samlIdPProperties.getMetadata().getBasicAuthnPassword(), new HashMap(), linkedHashMap);
        if (executeGet != null) {
            return executeGet;
        }
        LOGGER.error("Unable to fetch metadata from [{}]", str);
        throw new UnauthorizedServiceException("screen.service.error.message");
    }

    protected boolean isDynamicMetadataQueryConfigured(SamlRegisteredService samlRegisteredService) {
        return samlRegisteredService.getMetadataLocation().trim().endsWith("/entities/{0}");
    }

    @Override // org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver, org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.SamlRegisteredServiceMetadataResolver
    public boolean supports(SamlRegisteredService samlRegisteredService) {
        return isDynamicMetadataQueryConfigured(samlRegisteredService);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver
    public boolean shouldHttpResponseStatusBeProcessed(HttpStatus httpStatus) {
        return super.shouldHttpResponseStatusBeProcessed(httpStatus) || httpStatus == HttpStatus.NOT_MODIFIED;
    }

    @Override // org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver
    protected AbstractMetadataResolver getMetadataResolverFromResponse(HttpResponse httpResponse, File file) throws Exception {
        if (httpResponse.getStatusLine().getStatusCode() == HttpStatus.NOT_MODIFIED.value()) {
            return new InMemoryResourceMetadataResolver(file, this.configBean);
        }
        HttpEntity entity = httpResponse.getEntity();
        byte[] byteArray = ByteStreams.toByteArray(entity.getContent());
        XMLObject transformSamlObject = SamlUtils.transformSamlObject(this.configBean, byteArray, XMLObject.class);
        transformSamlObject.getObjectMetadata().put(new XMLObjectSource(byteArray));
        EntityUtils.consume(entity);
        return new StaticXmlObjectMetadataResolver(transformSamlObject);
    }

    @Override // org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver, org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.SamlRegisteredServiceMetadataResolver
    public boolean isAvailable(SamlRegisteredService samlRegisteredService) {
        return supports(samlRegisteredService) && !HttpRequestUtils.pingUrl(samlRegisteredService.getMetadataLocation()).isError();
    }
}
