package org.opensaml.soap.client.http;

import com.google.common.base.Function;
import java.io.IOException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.ThreadSafe;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.AbstractInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.DeprecationSupport;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.protocol.HttpContext;
import org.opensaml.messaging.context.InOutOperationContext;
import org.opensaml.messaging.context.httpclient.HttpClientRequestContext;
import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.messaging.decoder.httpclient.HttpClientResponseMessageDecoder;
import org.opensaml.messaging.encoder.MessageEncodingException;
import org.opensaml.messaging.encoder.httpclient.HttpClientRequestMessageEncoder;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.messaging.pipeline.httpclient.HttpClientMessagePipeline;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.criteria.UsageCriterion;
import org.opensaml.security.httpclient.HttpClientSecurityConstants;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.opensaml.security.httpclient.HttpClientSecuritySupport;
import org.opensaml.security.messaging.HttpClientSecurityContext;
import org.opensaml.soap.client.SOAPClient;
import org.opensaml.soap.client.SOAPClientContext;
import org.opensaml.soap.client.SOAPFaultException;
import org.opensaml.soap.common.SOAP11FaultDecodingException;
import org.opensaml.soap.common.SOAPException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/opensaml-soap-api-3.4.6.jar:org/opensaml/soap/client/http/AbstractPipelineHttpSOAPClient.class */
public abstract class AbstractPipelineHttpSOAPClient<OutboundMessageType, InboundMessageType> extends AbstractInitializableComponent implements SOAPClient {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) AbstractPipelineHttpSOAPClient.class);

    @NonnullAfterInit
    private HttpClient httpClient;

    @Nullable
    private HttpClientSecurityParameters httpClientSecurityParameters;

    @Nullable
    private Function<InOutOperationContext<?, ?>, CriteriaSet> tlsCriteriaSetStrategy;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.httpClient == null) {
            throw new ComponentInitializationException("HttpClient cannot be null");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doDestroy() {
        this.httpClient = null;
        this.httpClientSecurityParameters = null;
        this.tlsCriteriaSetStrategy = null;
        super.doDestroy();
    }

    @Nonnull
    public HttpClient getHttpClient() {
        return this.httpClient;
    }

    public void setHttpClient(@Nonnull HttpClient httpClient) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.httpClient = (HttpClient) Constraint.isNotNull(httpClient, "HttpClient cannot be null");
    }

    @Nullable
    public HttpClientSecurityParameters getHttpClientSecurityParameters() {
        return this.httpClientSecurityParameters;
    }

    public void setHttpClientSecurityParameters(@Nullable HttpClientSecurityParameters httpClientSecurityParameters) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.httpClientSecurityParameters = httpClientSecurityParameters;
    }

    @Nullable
    public Function<InOutOperationContext<?, ?>, CriteriaSet> getTLSCriteriaSetStrategy() {
        return this.tlsCriteriaSetStrategy;
    }

    public void setTLSCriteriaSetStrategy(@Nullable Function<InOutOperationContext<?, ?>, CriteriaSet> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.tlsCriteriaSetStrategy = function;
    }

    /* JADX WARN: Type inference failed for: r9v3, types: [org.opensaml.soap.common.SOAP11FaultDecodingException, java.lang.Exception] */
    @Override // org.opensaml.soap.client.SOAPClient
    public void send(@NotEmpty @Nonnull String str, @Nonnull InOutOperationContext inOutOperationContext) throws SOAPException, SecurityException {
        Constraint.isNotNull(str, "Endpoint cannot be null");
        Constraint.isNotNull(inOutOperationContext, "Operation context cannot be null");
        HttpClientMessagePipeline<InboundMessageType, OutboundMessageType> httpClientMessagePipeline = null;
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    ((SOAPClientContext) inOutOperationContext.getSubcontext(SOAPClientContext.class, true)).setDestinationURI(str);
                                    httpClientMessagePipeline = resolvePipeline(inOutOperationContext);
                                    if (httpClientMessagePipeline.getOutboundPayloadMessageHandler() != null) {
                                        httpClientMessagePipeline.getOutboundPayloadMessageHandler().invoke(inOutOperationContext.getOutboundMessageContext());
                                    }
                                    HttpUriRequest buildHttpRequest = buildHttpRequest(str, inOutOperationContext);
                                    HttpClientRequestMessageEncoder encoder = httpClientMessagePipeline.getEncoder();
                                    encoder.setHttpRequest(buildHttpRequest);
                                    encoder.setMessageContext(inOutOperationContext.getOutboundMessageContext());
                                    encoder.initialize();
                                    encoder.prepareContext();
                                    if (httpClientMessagePipeline.getOutboundTransportMessageHandler() != null) {
                                        httpClientMessagePipeline.getOutboundTransportMessageHandler().invoke(inOutOperationContext.getOutboundMessageContext());
                                    }
                                    encoder.encode();
                                    HttpContext buildHttpContext = buildHttpContext(buildHttpRequest, inOutOperationContext);
                                    HttpResponse execute = getHttpClient().execute(buildHttpRequest, buildHttpContext);
                                    HttpClientSecuritySupport.checkTLSCredentialEvaluated(buildHttpContext, buildHttpRequest.getURI().getScheme());
                                    HttpClientResponseMessageDecoder decoder = httpClientMessagePipeline.getDecoder();
                                    decoder.setHttpResponse(execute);
                                    decoder.initialize();
                                    decoder.decode();
                                    inOutOperationContext.setInboundMessageContext(decoder.getMessageContext());
                                    if (httpClientMessagePipeline.getInboundMessageHandler() != null) {
                                        httpClientMessagePipeline.getInboundMessageHandler().invoke(inOutOperationContext.getInboundMessageContext());
                                    }
                                    if (httpClientMessagePipeline != null) {
                                        httpClientMessagePipeline.getEncoder().destroy();
                                        httpClientMessagePipeline.getDecoder().destroy();
                                    }
                                } catch (ClientProtocolException e) {
                                    throw new SOAPException("Client protocol problem sending SOAP request message to: " + str, e);
                                }
                            } catch (MessageHandlerException e2) {
                                throw new SOAPException("Problem handling SOAP message exchange with: " + str, e2);
                            }
                        } catch (MessageDecodingException e3) {
                            throw new SOAPException("Problem decoding SOAP response message from: " + str, e3);
                        }
                    } catch (IOException e4) {
                        throw new SOAPException("I/O problem with SOAP message exchange with: " + str, e4);
                    }
                } catch (SOAP11FaultDecodingException e5) {
                    SOAPFaultException sOAPFaultException = new SOAPFaultException(e5.getMessage(), e5);
                    sOAPFaultException.setFault(e5.getFault());
                    throw sOAPFaultException;
                } catch (MessageEncodingException e6) {
                    throw new SOAPException("Problem encoding SOAP request message to: " + str, e6);
                }
            } catch (SSLException e7) {
                throw new SecurityException("Problem establising TLS connection to: " + str, e7);
            } catch (ComponentInitializationException e8) {
                throw new SOAPException("Problem initializing a SOAP client component", e8);
            }
        } catch (Throwable th) {
            if (httpClientMessagePipeline != null) {
                httpClientMessagePipeline.getEncoder().destroy();
                httpClientMessagePipeline.getDecoder().destroy();
            }
            throw th;
        }
    }

    @Nonnull
    protected HttpClientMessagePipeline<InboundMessageType, OutboundMessageType> resolvePipeline(@Nonnull InOutOperationContext inOutOperationContext) throws SOAPException {
        try {
            return newPipeline();
        } catch (SOAPException e) {
            this.log.warn("Problem resolving pipeline instance", (Throwable) e);
            throw e;
        } catch (Exception e2) {
            this.log.warn("Problem resolving pipeline instance", (Throwable) e2);
            throw new SOAPException("Could not resolve pipeline", e2);
        }
    }

    @Nonnull
    protected abstract HttpClientMessagePipeline<InboundMessageType, OutboundMessageType> newPipeline() throws SOAPException;

    @Deprecated
    protected void checkTLSCredentialTrusted(@Nonnull HttpClientContext httpClientContext, @Nonnull HttpUriRequest httpUriRequest) throws SSLPeerUnverifiedException {
        DeprecationSupport.warnOnce(DeprecationSupport.ObjectType.METHOD, getClass().getName() + ".checkTLSCredentialTrusted", null, "HttpClientSecuritySupport.checkTLSCredentialEvaluated");
        HttpClientSecuritySupport.checkTLSCredentialEvaluated(httpClientContext, httpUriRequest.getURI().getScheme());
    }

    @Nonnull
    protected HttpUriRequest buildHttpRequest(@NotEmpty @Nonnull String str, @Nonnull InOutOperationContext inOutOperationContext) {
        return new HttpPost(str);
    }

    @Nonnull
    protected HttpClientContext buildHttpContext(@Nonnull HttpUriRequest httpUriRequest, @Nonnull InOutOperationContext inOutOperationContext) {
        HttpClientContext resolveClientContext = resolveClientContext(inOutOperationContext);
        HttpClientSecuritySupport.marshalSecurityParameters(resolveClientContext, resolveContextSecurityParameters(inOutOperationContext), false);
        HttpClientSecuritySupport.marshalSecurityParameters(resolveClientContext, getHttpClientSecurityParameters(), false);
        if ("https".equalsIgnoreCase(httpUriRequest.getURI().getScheme()) && resolveClientContext.getAttribute(HttpClientSecurityConstants.CONTEXT_KEY_TRUST_ENGINE) != null) {
            if (resolveClientContext.getAttribute(HttpClientSecurityConstants.CONTEXT_KEY_CRITERIA_SET) == null) {
                resolveClientContext.setAttribute(HttpClientSecurityConstants.CONTEXT_KEY_CRITERIA_SET, buildTLSCriteriaSet(httpUriRequest, inOutOperationContext));
            }
            if (resolveClientContext.getAttribute(HttpClientSecurityConstants.CONTEXT_KEY_SERVER_TLS_FAILURE_IS_FATAL) == null) {
                resolveClientContext.setAttribute(HttpClientSecurityConstants.CONTEXT_KEY_SERVER_TLS_FAILURE_IS_FATAL, Boolean.FALSE);
            }
        }
        HttpClientSecuritySupport.addDefaultTLSTrustEngineCriteria(resolveClientContext, httpUriRequest);
        return resolveClientContext;
    }

    protected HttpClientSecurityParameters resolveContextSecurityParameters(@Nonnull InOutOperationContext inOutOperationContext) {
        HttpClientSecurityContext httpClientSecurityContext = (HttpClientSecurityContext) inOutOperationContext.getOutboundMessageContext().getSubcontext(HttpClientSecurityContext.class);
        if (httpClientSecurityContext != null) {
            return httpClientSecurityContext.getSecurityParameters();
        }
        return null;
    }

    @Nonnull
    protected HttpClientContext resolveClientContext(@Nonnull InOutOperationContext inOutOperationContext) {
        HttpClientRequestContext subcontext = inOutOperationContext.getOutboundMessageContext().getSubcontext(HttpClientRequestContext.class, true);
        if (subcontext.getHttpClientContext() == null) {
            subcontext.setHttpClientContext(HttpClientContext.create());
        }
        return subcontext.getHttpClientContext();
    }

    @Nonnull
    protected CriteriaSet buildTLSCriteriaSet(@Nonnull HttpUriRequest httpUriRequest, @Nonnull InOutOperationContext inOutOperationContext) {
        CriteriaSet apply;
        CriteriaSet criteriaSet = new CriteriaSet();
        if (getTLSCriteriaSetStrategy() != null && (apply = getTLSCriteriaSetStrategy().apply(inOutOperationContext)) != null) {
            criteriaSet.addAll(apply);
        }
        if (!criteriaSet.contains((Object) UsageType.class)) {
            criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        }
        return criteriaSet;
    }
}
