package org.apereo.cas.support.saml.services.idp.metadata.cache.resolver;

import java.io.BufferedWriter;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import lombok.Generated;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOCase;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.filefilter.AndFileFilter;
import org.apache.commons.io.filefilter.CanReadFileFilter;
import org.apache.commons.io.filefilter.CanWriteFileFilter;
import org.apache.commons.io.filefilter.IOFileFilter;
import org.apache.commons.io.filefilter.PrefixFileFilter;
import org.apache.commons.io.filefilter.SuffixFileFilter;
import org.apache.commons.io.filefilter.TrueFileFilter;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.util.EntityUtils;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties;
import org.apereo.cas.configuration.model.support.saml.idp.metadata.SamlIdPMetadataProperties;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.saml.InMemoryResourceMetadataResolver;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlException;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.DigestUtils;
import org.apereo.cas.util.HttpRequestUtils;
import org.apereo.cas.util.HttpUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver;
import org.jooq.lambda.Unchecked;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.AbstractResource;
import org.springframework.core.io.UrlResource;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:org/apereo/cas/support/saml/services/idp/metadata/cache/resolver/UrlResourceMetadataResolver.class */
public class UrlResourceMetadataResolver extends BaseSamlRegisteredServiceMetadataResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(UrlResourceMetadataResolver.class);
    private static final String FILENAME_EXTENSION_XML = ".xml";
    private static final String DIRNAME_METADATA_BACKUPS = "metadata-backups";
    private final File metadataBackupDirectory;

    public UrlResourceMetadataResolver(SamlIdPProperties samlIdPProperties, OpenSamlConfigBean openSamlConfigBean) {
        super(samlIdPProperties, openSamlConfigBean);
        SamlIdPMetadataProperties metadata = samlIdPProperties.getMetadata();
        this.metadataBackupDirectory = new File(ResourceUtils.getRawResourceFrom(SpringExpressionLanguageValueResolver.getInstance().resolve((String) StringUtils.defaultIfBlank(metadata.getHttp().getMetadataBackupLocation(), metadata.getFileSystem().getLocation()))).getFile(), DIRNAME_METADATA_BACKUPS);
        try {
            LOGGER.trace("Creating metadata backup directory at [{}]", this.metadataBackupDirectory);
            FileUtils.forceMkdir(this.metadataBackupDirectory);
        } catch (Exception e) {
            LOGGER.error("Unable to create metadata backup directory [{}] to store downloaded metadata. This is likely due to a permission issue", this.metadataBackupDirectory);
            LOGGER.debug(e.getMessage(), e);
        }
    }

    @Override // org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.SamlRegisteredServiceMetadataResolver
    public Collection<? extends MetadataResolver> resolve(SamlRegisteredService samlRegisteredService, CriteriaSet criteriaSet) {
        File metadataBackupFile;
        HttpResponse httpResponse = null;
        try {
            try {
                try {
                    RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(samlRegisteredService);
                    String metadataLocationForService = getMetadataLocationForService(samlRegisteredService, criteriaSet);
                    LOGGER.info("Loading SAML metadata from [{}]", metadataLocationForService);
                    UrlResource urlResource = new UrlResource(metadataLocationForService);
                    metadataBackupFile = getMetadataBackupFile(urlResource, samlRegisteredService);
                    if (metadataBackupFile.exists() && this.samlIdPProperties.getMetadata().getHttp().isForceMetadataRefresh()) {
                        cleanUpExpiredBackupMetadataFilesFor(urlResource, samlRegisteredService);
                    }
                    LOGGER.debug("Metadata backup file will be at [{}]", metadataBackupFile.getCanonicalPath());
                    FileUtils.forceMkdirParent(metadataBackupFile);
                    httpResponse = fetchMetadata(samlRegisteredService, metadataLocationForService, criteriaSet, metadataBackupFile);
                } catch (Exception e) {
                    LoggingUtils.error(LOGGER, e);
                    HttpUtils.close(httpResponse);
                }
                if (!shouldHttpResponseStatusBeProcessed(HttpStatus.valueOf(httpResponse.getStatusLine().getStatusCode()))) {
                    HttpUtils.close(httpResponse);
                    return new ArrayList(0);
                }
                AbstractMetadataResolver metadataResolverFromResponse = getMetadataResolverFromResponse(httpResponse, metadataBackupFile);
                configureAndInitializeSingleMetadataResolver(metadataResolverFromResponse, samlRegisteredService);
                List wrap = CollectionUtils.wrap(metadataResolverFromResponse);
                HttpUtils.close(httpResponse);
                return wrap;
            } catch (UnauthorizedServiceException e2) {
                LoggingUtils.error(LOGGER, e2);
                throw new SamlException(e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            HttpUtils.close(httpResponse);
            throw th;
        }
    }

    @Override // org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.SamlRegisteredServiceMetadataResolver
    public boolean supports(SamlRegisteredService samlRegisteredService) {
        try {
            String metadataLocationForService = getMetadataLocationForService(samlRegisteredService, new CriteriaSet());
            if (StringUtils.isNotBlank(metadataLocationForService) && StringUtils.startsWith(metadataLocationForService, "http")) {
                if (!SamlUtils.isDynamicMetadataQueryConfigured(metadataLocationForService)) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            LOGGER.trace(e.getMessage(), e);
            return false;
        }
    }

    @Override // org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.SamlRegisteredServiceMetadataResolver
    public boolean isAvailable(SamlRegisteredService samlRegisteredService) {
        return supports(samlRegisteredService) && !HttpRequestUtils.pingUrl(SpringExpressionLanguageValueResolver.getInstance().resolve(samlRegisteredService.getMetadataLocation())).isError();
    }

    private void cleanUpExpiredBackupMetadataFilesFor(AbstractResource abstractResource, SamlRegisteredService samlRegisteredService) {
        FileUtils.listFiles(this.metadataBackupDirectory, new AndFileFilter(CollectionUtils.wrapList(new IOFileFilter[]{new PrefixFileFilter(getBackupMetadataFilenamePrefix(abstractResource, samlRegisteredService), IOCase.INSENSITIVE), new SuffixFileFilter(FILENAME_EXTENSION_XML, IOCase.INSENSITIVE), CanWriteFileFilter.CAN_WRITE, CanReadFileFilter.CAN_READ})), TrueFileFilter.INSTANCE).forEach(Unchecked.consumer(FileUtils::forceDelete));
    }

    protected boolean shouldHttpResponseStatusBeProcessed(HttpStatus httpStatus) {
        return httpStatus.is2xxSuccessful();
    }

    protected AbstractMetadataResolver getMetadataResolverFromResponse(HttpResponse httpResponse, File file) throws Exception {
        HttpEntity entity = httpResponse.getEntity();
        String iOUtils = IOUtils.toString(entity.getContent(), StandardCharsets.UTF_8);
        Path path = file.toPath();
        LOGGER.trace("Writing metadata to file at [{}]", path);
        BufferedWriter newBufferedWriter = Files.newBufferedWriter(path, StandardCharsets.UTF_8, new OpenOption[0]);
        try {
            IOUtils.write(iOUtils, newBufferedWriter);
            newBufferedWriter.flush();
            if (newBufferedWriter != null) {
                newBufferedWriter.close();
            }
            EntityUtils.consume(entity);
            return new InMemoryResourceMetadataResolver(file, this.configBean);
        } catch (Throwable th) {
            if (newBufferedWriter != null) {
                try {
                    newBufferedWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected HttpResponse fetchMetadata(SamlRegisteredService samlRegisteredService, String str, CriteriaSet criteriaSet, File file) {
        LOGGER.debug("Fetching metadata from [{}]", str);
        return HttpUtils.execute(HttpUtils.HttpExecutionRequest.builder().method(HttpMethod.GET).url(str).proxyUrl(samlRegisteredService.getMetadataProxyLocation()).build());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getMetadataLocationForService(SamlRegisteredService samlRegisteredService, CriteriaSet criteriaSet) {
        return SpringExpressionLanguageValueResolver.getInstance().resolve(samlRegisteredService.getMetadataLocation());
    }

    protected File getMetadataBackupFile(AbstractResource abstractResource, SamlRegisteredService samlRegisteredService) throws IOException {
        LOGGER.debug("Metadata backup directory is at [{}]", this.metadataBackupDirectory.getCanonicalPath());
        File file = new File(this.metadataBackupDirectory, getBackupMetadataFilenamePrefix(abstractResource, samlRegisteredService).concat(FILENAME_EXTENSION_XML));
        if (file.exists()) {
            LOGGER.info("Metadata file designated for service [{}] already exists at path [{}].", samlRegisteredService.getName(), file.getCanonicalPath());
        } else {
            LOGGER.debug("Metadata to fetch for service [{}] will be placed at [{}]", samlRegisteredService.getName(), file.getCanonicalPath());
        }
        return file;
    }

    protected String getBackupMetadataFilenamePrefix(AbstractResource abstractResource, SamlRegisteredService samlRegisteredService) {
        String resolve = SpringExpressionLanguageValueResolver.getInstance().resolve(samlRegisteredService.getMetadataLocation());
        String serviceId = SamlUtils.isDynamicMetadataQueryConfigured(resolve) ? samlRegisteredService.getServiceId() : resolve;
        String sha = DigestUtils.sha(serviceId);
        LOGGER.trace("Metadata backup file for metadata location [{}] is linked to [{}]", serviceId, sha);
        return sha;
    }
}
