package org.pac4j.saml.metadata;

import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.io.StringReader;
import java.io.StringWriter;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
import net.bytebuddy.description.type.TypeDescription;
import net.shibboleth.tool.xmlsectool.XMLSecTool;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.client.SAML2ClientConfiguration;
import org.pac4j.saml.crypto.CredentialProvider;
import org.pac4j.saml.exceptions.SAMLException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.WritableResource;

/* loaded from: input_file:BOOT-INF/lib/pac4j-saml-3.3.0.jar:org/pac4j/saml/metadata/SAML2ServiceProviderMetadataResolver.class */
public class SAML2ServiceProviderMetadataResolver implements SAML2MetadataResolver {
    protected static final Logger logger = LoggerFactory.getLogger((Class<?>) SAML2ServiceProviderMetadataResolver.class);
    private final CredentialProvider credentialProvider;
    private final String callbackUrl;
    private final SAML2ClientConfiguration configuration;

    public SAML2ServiceProviderMetadataResolver(SAML2ClientConfiguration sAML2ClientConfiguration, String str, CredentialProvider credentialProvider) {
        this.credentialProvider = credentialProvider;
        this.callbackUrl = str;
        this.configuration = sAML2ClientConfiguration;
        determineServiceProviderEntityId(str);
    }

    private void determineServiceProviderEntityId(String str) {
        try {
            if (CommonHelper.isBlank(this.configuration.getServiceProviderEntityId())) {
                URL url = new URL(str);
                if (url.getQuery() != null) {
                    this.configuration.setServiceProviderEntityId(url.toString().replace(TypeDescription.Generic.OfWildcardType.SYMBOL + url.getQuery(), ""));
                } else {
                    this.configuration.setServiceProviderEntityId(url.toString());
                }
            }
            logger.info("Using SP entity ID {}", this.configuration.getServiceProviderEntityId());
        } catch (Exception e) {
            throw new SAMLException(e);
        }
    }

    private MetadataResolver prepareServiceProviderMetadata() {
        try {
            SAML2MetadataGenerator sAML2MetadataGenerator = new SAML2MetadataGenerator();
            sAML2MetadataGenerator.setWantAssertionSigned(this.configuration.isWantsAssertionsSigned());
            sAML2MetadataGenerator.setAuthnRequestSigned(this.configuration.isAuthnRequestSigned());
            sAML2MetadataGenerator.setNameIdPolicyFormat(this.configuration.getNameIdPolicyFormat());
            sAML2MetadataGenerator.setRequestedAttributes(this.configuration.getRequestedServiceProviderAttributes());
            sAML2MetadataGenerator.setCredentialProvider(this.credentialProvider);
            sAML2MetadataGenerator.setEntityId(this.configuration.getServiceProviderEntityId());
            sAML2MetadataGenerator.setRequestInitiatorLocation(this.callbackUrl);
            sAML2MetadataGenerator.setAssertionConsumerServiceUrl(this.callbackUrl);
            sAML2MetadataGenerator.setSingleLogoutServiceUrl(CommonHelper.addParameter(this.callbackUrl, SAML2Client.IDP_LOGOUT_REQUEST_EXTRA_PARAMETER, "true"));
            writeServiceProviderMetadataToResource(sAML2MetadataGenerator.getMetadata(sAML2MetadataGenerator.buildEntityDescriptor()));
            return sAML2MetadataGenerator.buildMetadataResolver(this.configuration.getServiceProviderMetadataResource());
        } catch (Exception e) {
            throw new TechnicalException("Unable to generate metadata for service provider", e);
        }
    }

    private void writeServiceProviderMetadataToResource(String str) throws Exception {
        WritableResource serviceProviderMetadataResource = this.configuration.getServiceProviderMetadataResource();
        if (serviceProviderMetadataResource == null || !StringUtils.isNotBlank(str)) {
            return;
        }
        if (serviceProviderMetadataResource.exists() && !this.configuration.isForceServiceProviderMetadataGeneration()) {
            logger.info("Metadata file already exists at {}.", serviceProviderMetadataResource.getFile());
            return;
        }
        logger.info("Writing sp metadata to {}", serviceProviderMetadataResource.getFilename());
        File parentFile = serviceProviderMetadataResource.getFile().getParentFile();
        if (parentFile != null) {
            logger.info("Attempting to create directory structure for: {}", parentFile.getCanonicalPath());
            if (!parentFile.exists() && !parentFile.mkdirs()) {
                logger.warn("Could not construct the directory structure for SP metadata: {}", parentFile.getCanonicalPath());
            }
        }
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("indent", "yes");
        newTransformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
        StreamResult streamResult = new StreamResult(new StringWriter());
        newTransformer.transform(new StreamSource(new StringReader(str)), streamResult);
        OutputStream outputStream = serviceProviderMetadataResource.getOutputStream();
        Throwable th = null;
        try {
            outputStream.write(streamResult.getWriter().toString().getBytes(StandardCharsets.UTF_8));
            if (outputStream != null) {
                if (0 != 0) {
                    try {
                        outputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    outputStream.close();
                }
            }
            if (this.configuration.isSignMetadata()) {
                ArrayList arrayList = new ArrayList();
                arrayList.add("--sign ");
                arrayList.add("--inFile ");
                arrayList.add(serviceProviderMetadataResource.getFile().getCanonicalPath());
                arrayList.add("--key ");
                arrayList.add(this.configuration.getSigningKeyFile().getCanonicalPath());
                arrayList.add("--certificate ");
                arrayList.add(this.configuration.getSigningBinaryCertificatePath().getCanonicalPath());
                arrayList.add("--outFile ");
                arrayList.add(serviceProviderMetadataResource.getFile().getCanonicalPath());
                logger.debug("Signing metadata using certificate [{}] and key [{}]", this.configuration.getSigningBinaryCertificatePath(), this.configuration.getSigningKeyFile());
                XMLSecTool.main((String[]) arrayList.toArray(new String[arrayList.size()]));
            }
        } catch (Throwable th3) {
            if (outputStream != null) {
                if (0 != 0) {
                    try {
                        outputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    outputStream.close();
                }
            }
            throw th3;
        }
    }

    @Override // org.pac4j.saml.metadata.SAML2MetadataResolver
    public final MetadataResolver resolve() {
        return prepareServiceProviderMetadata();
    }

    @Override // org.pac4j.saml.metadata.SAML2MetadataResolver
    public final String getEntityId() {
        return this.configuration.getServiceProviderEntityId();
    }

    @Override // org.pac4j.saml.metadata.SAML2MetadataResolver
    public String getMetadata() throws IOException {
        return FileUtils.readFileToString(this.configuration.getServiceProviderMetadataResource().getFile(), StandardCharsets.UTF_8);
    }

    @Override // org.pac4j.saml.metadata.SAML2MetadataResolver
    public XMLObject getEntityDescriptorElement() {
        try {
            return resolve().resolveSingle(new CriteriaSet(new EntityIdCriterion(getEntityId())));
        } catch (ResolverException e) {
            throw new SAMLException("Error initializing idpMetadataProvider", e);
        }
    }
}
