package org.apereo.cas.support.saml.services.idp.metadata.cache.resolver;

import java.io.BufferedWriter;
import java.io.File;
import java.io.Writer;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.UserDefinedFileAttributeView;
import java.util.LinkedHashMap;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.StreamSupport;
import lombok.Generated;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.util.EntityUtils;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties;
import org.apereo.cas.configuration.model.support.saml.idp.metadata.MDQSamlMetadataProperties;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.saml.InMemoryResourceMetadataResolver;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlException;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.HttpUtils;
import org.jooq.lambda.Unchecked;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver;
import org.quartz.impl.jdbcjobstore.StdJDBCConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-saml-idp-metadata-6.5.3.jar:org/apereo/cas/support/saml/services/idp/metadata/cache/resolver/MetadataQueryProtocolMetadataResolver.class */
public class MetadataQueryProtocolMetadataResolver extends UrlResourceMetadataResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) MetadataQueryProtocolMetadataResolver.class);

    public MetadataQueryProtocolMetadataResolver(SamlIdPProperties samlIdPProperties, OpenSamlConfigBean openSamlConfigBean) {
        super(samlIdPProperties, openSamlConfigBean);
    }

    @Override // org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver, org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.SamlRegisteredServiceMetadataResolver
    public boolean supports(SamlRegisteredService samlRegisteredService) {
        return SamlUtils.isDynamicMetadataQueryConfigured(samlRegisteredService.getMetadataLocation());
    }

    @Override // org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver
    protected boolean shouldHttpResponseStatusBeProcessed(HttpStatus httpStatus) {
        return true;
    }

    @Override // org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver
    protected AbstractMetadataResolver getMetadataResolverFromResponse(HttpResponse httpResponse, File file) throws Exception {
        if (!HttpStatus.valueOf(httpResponse.getStatusLine().getStatusCode()).is2xxSuccessful()) {
            if (Files.exists(file.toPath(), new LinkOption[0])) {
                return new InMemoryResourceMetadataResolver(file, this.configBean);
            }
            throw new SamlException("Unable to get entity from MDQ server and a backup file does not exist.");
        }
        HttpEntity entity = httpResponse.getEntity();
        String iOUtils = IOUtils.toString(entity.getContent(), StandardCharsets.UTF_8);
        Path path = file.toPath();
        LOGGER.trace("Writing metadata to file at [{}]", path);
        BufferedWriter newBufferedWriter = Files.newBufferedWriter(path, StandardCharsets.UTF_8, new OpenOption[0]);
        try {
            IOUtils.write(iOUtils, (Writer) newBufferedWriter);
            newBufferedWriter.flush();
            StreamSupport.stream(path.getFileSystem().getFileStores().spliterator(), false).filter(fileStore -> {
                return fileStore.supportsFileAttributeView(UserDefinedFileAttributeView.class);
            }).forEach(Unchecked.consumer(fileStore2 -> {
                Files.setAttribute(path, "user:ETag", ByteBuffer.wrap(httpResponse.getFirstHeader("ETag").getValue().getBytes(StandardCharsets.UTF_8)), new LinkOption[0]);
            }));
            if (newBufferedWriter != null) {
                newBufferedWriter.close();
            }
            EntityUtils.consume(entity);
            return new InMemoryResourceMetadataResolver(file, this.configBean);
        } catch (Throwable th) {
            if (newBufferedWriter != null) {
                try {
                    newBufferedWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r0v15, types: [org.apereo.cas.util.HttpUtils$HttpExecutionRequest$HttpExecutionRequestBuilder] */
    @Override // org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver
    protected HttpResponse fetchMetadata(SamlRegisteredService samlRegisteredService, String str, CriteriaSet criteriaSet, File file) {
        MDQSamlMetadataProperties mdq = this.samlIdPProperties.getMetadata().getMdq();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("Content-Type", mdq.getSupportedContentTypes());
        linkedHashMap.put("Accept", "*/*");
        Path path = file.toPath();
        if (Files.exists(path, new LinkOption[0])) {
            Unchecked.consumer(obj -> {
                linkedHashMap.put("If-None-Match", new String((byte[]) Files.getAttribute(path, "user:ETag", new LinkOption[0]), StandardCharsets.UTF_8).trim());
            }).accept(path);
        }
        LOGGER.trace("Fetching metadata via MDQ for [{}]", str);
        HttpResponse execute = HttpUtils.execute(HttpUtils.HttpExecutionRequest.builder().basicAuthPassword(mdq.getBasicAuthnPassword()).basicAuthUsername(mdq.getBasicAuthnUsername()).method(HttpMethod.GET).url(str).headers(linkedHashMap).proxyUrl(samlRegisteredService.getMetadataProxyLocation()).build());
        if (execute != null) {
            return execute;
        }
        LOGGER.error("Unable to fetch metadata from [{}]", str);
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.UrlResourceMetadataResolver
    public String getMetadataLocationForService(SamlRegisteredService samlRegisteredService, CriteriaSet criteriaSet) {
        LOGGER.trace("Getting metadata location dynamically for [{}] based on criteria [{}]", samlRegisteredService.getName(), criteriaSet);
        Optional map = Optional.ofNullable((EntityIdCriterion) criteriaSet.get(EntityIdCriterion.class)).map((v0) -> {
            return v0.getEntityId();
        });
        Objects.requireNonNull(samlRegisteredService);
        String str = (String) map.orElseGet(samlRegisteredService::getServiceId);
        if (StringUtils.isBlank(str)) {
            throw new SamlException("Unable to determine entity id to fetch metadata via MDQ for " + samlRegisteredService.getName());
        }
        return super.getMetadataLocationForService(samlRegisteredService, criteriaSet).replace(StdJDBCConstants.TABLE_PREFIX_SUBST, EncodingUtils.urlEncode(str));
    }
}
