package org.apereo.cas.support.saml.idp.metadata.generator;

import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlIdPMetadataDocument;
import org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-saml-idp-core-6.3.7.4.jar:org/apereo/cas/support/saml/idp/metadata/generator/BaseSamlIdPMetadataGenerator.class */
public abstract class BaseSamlIdPMetadataGenerator implements SamlIdPMetadataGenerator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) BaseSamlIdPMetadataGenerator.class);
    private final SamlIdPMetadataGeneratorConfigurationContext configurationContext;

    @Override // org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator
    public SamlIdPMetadataDocument generate(Optional<SamlRegisteredService> optional) {
        LOGGER.debug("Preparing to generate metadata for entityId [{}]", this.configurationContext.getCasProperties().getAuthn().getSamlIdp().getEntityId());
        SamlIdPMetadataLocator samlIdPMetadataLocator = this.configurationContext.getSamlIdPMetadataLocator();
        if (!samlIdPMetadataLocator.exists(optional)) {
            String appliesToFor = SamlIdPMetadataGenerator.getAppliesToFor(optional);
            LOGGER.trace("Metadata does not exist for [{}]", appliesToFor);
            if (samlIdPMetadataLocator.shouldGenerateMetadataFor(optional)) {
                LOGGER.trace("Creating metadata artifacts for [{}]...", appliesToFor);
                LOGGER.info("Creating self-signed certificate for signing...");
                Pair<String, String> buildSelfSignedSigningCert = buildSelfSignedSigningCert(optional);
                LOGGER.info("Creating self-signed certificate for encryption...");
                Pair<String, String> buildSelfSignedEncryptionCert = buildSelfSignedEncryptionCert(optional);
                LOGGER.info("Creating metadata...");
                String buildMetadataGeneratorParameters = buildMetadataGeneratorParameters(buildSelfSignedSigningCert, buildSelfSignedEncryptionCert, optional);
                SamlIdPMetadataDocument newSamlIdPMetadataDocument = newSamlIdPMetadataDocument();
                newSamlIdPMetadataDocument.setEncryptionCertificate(buildSelfSignedEncryptionCert.getKey());
                newSamlIdPMetadataDocument.setEncryptionKey(buildSelfSignedEncryptionCert.getValue());
                newSamlIdPMetadataDocument.setSigningCertificate(buildSelfSignedSigningCert.getKey());
                newSamlIdPMetadataDocument.setSigningKey(buildSelfSignedSigningCert.getValue());
                newSamlIdPMetadataDocument.setMetadata(buildMetadataGeneratorParameters);
                return finalizeMetadataDocument(newSamlIdPMetadataDocument, optional);
            }
            LOGGER.debug("Skipping metadata generation process for [{}]", appliesToFor);
        }
        return samlIdPMetadataLocator.fetch(optional);
    }

    public abstract Pair<String, String> buildSelfSignedEncryptionCert(Optional<SamlRegisteredService> optional);

    public abstract Pair<String, String> buildSelfSignedSigningCert(Optional<SamlRegisteredService> optional);

    protected SamlIdPMetadataDocument newSamlIdPMetadataDocument() {
        return new SamlIdPMetadataDocument();
    }

    protected SamlIdPMetadataDocument finalizeMetadataDocument(SamlIdPMetadataDocument samlIdPMetadataDocument, Optional<SamlRegisteredService> optional) {
        return samlIdPMetadataDocument;
    }

    protected String writeMetadata(String str, Optional<SamlRegisteredService> optional) {
        return str;
    }

    protected Pair<String, String> generateCertificateAndKey() {
        StringWriter stringWriter = new StringWriter();
        try {
            StringWriter stringWriter2 = new StringWriter();
            try {
                this.configurationContext.getSamlIdPCertificateAndKeyWriter().writeCertificateAndKey(stringWriter2, stringWriter);
                Pair<String, String> of = Pair.of(stringWriter.toString(), this.configurationContext.getMetadataCipherExecutor().encode(stringWriter2.toString()));
                stringWriter2.close();
                stringWriter.close();
                return of;
            } catch (Throwable th) {
                try {
                    stringWriter2.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } finally {
        }
    }

    private String getIdPEndpointUrl() {
        return SpringExpressionLanguageValueResolver.getInstance().resolve(this.configurationContext.getCasProperties().getServer().getPrefix().concat("/idp"));
    }

    private String buildMetadataGeneratorParameters(Pair<String, String> pair, Pair<String, String> pair2, Optional<SamlRegisteredService> optional) {
        Resource resource = this.configurationContext.getApplicationContext().getResource("classpath:/template-idp-metadata.xml");
        String cleanCertificate = SamlIdPMetadataGenerator.cleanCertificate(pair.getKey());
        String cleanCertificate2 = SamlIdPMetadataGenerator.cleanCertificate(pair2.getKey());
        SamlIdPProperties samlIdp = this.configurationContext.getCasProperties().getAuthn().getSamlIdp();
        StringWriter stringWriter = new StringWriter();
        try {
            IOUtils.copy(resource.getInputStream(), stringWriter, StandardCharsets.UTF_8);
            SpringExpressionLanguageValueResolver springExpressionLanguageValueResolver = SpringExpressionLanguageValueResolver.getInstance();
            String resolve = springExpressionLanguageValueResolver.resolve(samlIdp.getEntityId());
            String replace = stringWriter.toString().replace("${entityId}", resolve).replace("${scope}", springExpressionLanguageValueResolver.resolve(this.configurationContext.getCasProperties().getServer().getScope())).replace("${idpEndpointUrl}", getIdPEndpointUrl()).replace("${encryptionKey}", cleanCertificate2).replace("${signingKey}", cleanCertificate);
            writeMetadata(replace, optional);
            stringWriter.close();
            return replace;
        } finally {
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Generated
    public BaseSamlIdPMetadataGenerator(SamlIdPMetadataGeneratorConfigurationContext samlIdPMetadataGeneratorConfigurationContext) {
        this.configurationContext = samlIdPMetadataGeneratorConfigurationContext;
    }

    @Generated
    public SamlIdPMetadataGeneratorConfigurationContext getConfigurationContext() {
        return this.configurationContext;
    }
}
