package net.shibboleth.idp.profile.spring.relyingparty.metadata.impl;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.xml.namespace.QName;
import net.shibboleth.idp.profile.spring.relyingparty.metadata.AbstractMetadataProviderParser;
import net.shibboleth.idp.profile.spring.resource.impl.SVNResourceParser;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.primitive.DeprecationSupport;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.xml.DOMTypeSupport;
import net.shibboleth.utilities.java.support.xml.ElementSupport;
import org.opensaml.saml.metadata.resolver.impl.HTTPMetadataResolver;
import org.opensaml.saml.saml2.common.CacheableSAMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
import org.springframework.beans.factory.parsing.Location;
import org.springframework.beans.factory.parsing.Problem;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.ParserContext;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/lib/idp-profile-spring-3.4.0.jar:net/shibboleth/idp/profile/spring/relyingparty/metadata/impl/HTTPMetadataProviderParser.class */
public class HTTPMetadataProviderParser extends AbstractReloadingMetadataProviderParser {

    @Nonnull
    public static final QName ELEMENT_NAME = new QName(AbstractMetadataProviderParser.METADATA_NAMESPACE, "HTTPMetadataProvider");

    @NotEmpty
    @Nonnull
    private static final String DEFAULT_CACHING = "none";

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) HTTPMetadataProviderParser.class);

    @Override // net.shibboleth.idp.profile.spring.relyingparty.metadata.AbstractMetadataProviderParser
    protected Class<? extends HTTPMetadataResolver> getNativeBeanClass(Element element) {
        return HTTPMetadataResolver.class;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.profile.spring.relyingparty.metadata.impl.AbstractReloadingMetadataProviderParser, net.shibboleth.idp.profile.spring.relyingparty.metadata.AbstractMetadataProviderParser
    public void doNativeParse(Element element, ParserContext parserContext, BeanDefinitionBuilder beanDefinitionBuilder) {
        if (ELEMENT_NAME.equals(DOMTypeSupport.getXSIType(element))) {
            DeprecationSupport.warn(DeprecationSupport.ObjectType.XSITYPE, ELEMENT_NAME.toString(), parserContext.getReaderContext().getResource().getDescription(), FileBackedHTTPMetadataProviderParser.ELEMENT_NAME.toString());
        }
        super.doNativeParse(element, parserContext, beanDefinitionBuilder);
        if (element.hasAttributeNS(null, CacheableSAMLObject.CACHE_DURATION_ATTRIB_NAME)) {
            this.log.error("{}: cacheDuration is not supported", parserContext.getReaderContext().getResource().getDescription());
            throw new BeanDefinitionParsingException(new Problem("cacheDuration is not supported", new Location(parserContext.getReaderContext().getResource())));
        }
        if (element.hasAttributeNS(null, "maintainExpiredMetadata")) {
            this.log.error("{}: maintainExpiredMetadata is not supported", parserContext.getReaderContext().getResource().getDescription());
            throw new BeanDefinitionParsingException(new Problem("maintainExpiredMetadata is not supported", new Location(parserContext.getReaderContext().getResource())));
        }
        String trimOrNull = StringSupport.trimOrNull(element.getAttributeNS(null, "tlsTrustEngineRef"));
        Element firstChildElement = ElementSupport.getFirstChildElement(element, HTTPMetadataProvidersParserSupport.TLS_TRUST_ENGINE_ELEMENT_NAME);
        String trimOrNull2 = StringSupport.trimOrNull(element.getAttributeNS(null, "httpClientSecurityParametersRef"));
        BeanDefinition beanDefinition = null;
        if (trimOrNull2 != null) {
            if (firstChildElement != null || trimOrNull != null) {
                this.log.warn("httpClientSecurityParametersRef overrides tlsTrustEngineRef or <TrustEngine> subelement");
            }
            beanDefinitionBuilder.addPropertyReference("httpClientSecurityParameters", trimOrNull2);
        } else if (firstChildElement != null || trimOrNull != null) {
            beanDefinition = HTTPMetadataProvidersParserSupport.parseTLSTrustEngine(trimOrNull, firstChildElement, parserContext);
            beanDefinitionBuilder.addPropertyValue("httpClientSecurityParameters", beanDefinition);
        }
        if (element.hasAttributeNS(null, "httpClientRef")) {
            beanDefinitionBuilder.addConstructorArgReference(StringSupport.trimOrNull(element.getAttributeNS(null, "httpClientRef")));
            if (element.hasAttributeNS(null, "requestTimeout") || element.hasAttributeNS(null, SVNResourceParser.CTX_TIMEOUT_ATTRIB_NAME) || element.hasAttributeNS(null, "connectionRequestTimeout") || element.hasAttributeNS(null, "socketTimeout") || element.hasAttributeNS(null, "disregardSslCertificate") || element.hasAttributeNS(null, "disregardTLSCertificate") || element.hasAttributeNS(null, "proxyHost") || element.hasAttributeNS(null, "proxyPort") || element.hasAttributeNS(null, "proxyUser") || element.hasAttributeNS(null, SVNResourceParser.PROXY_PASSWORD_ATTRIB_NAME)) {
                this.log.warn("httpClientRef overrides settings for requestTimeout, connectionTimeout, connectionRequestTimeout, socketTimeout, disregardSslCertificate, disregardTLSCertificate,  proxyHost, proxyPort, proxyUser and proxyPassword");
            }
        } else {
            beanDefinitionBuilder.addConstructorArgValue(buildHttpClient(element, parserContext, trimOrNull2, beanDefinition));
        }
        beanDefinitionBuilder.addConstructorArgValue(StringSupport.trimOrNull(element.getAttributeNS(null, HTTPMetadataProvidersParserSupport.METADATA_URL)));
        if (element.hasAttributeNS(null, HTTPMetadataProvidersParserSupport.BASIC_AUTH_USER) || element.hasAttributeNS(null, HTTPMetadataProvidersParserSupport.BASIC_AUTH_PASSWORD)) {
            beanDefinitionBuilder.addPropertyValue("basicCredentials", HTTPMetadataProvidersParserSupport.buildBasicCredentials(element, parserContext));
        }
    }

    private BeanDefinition buildHttpClient(Element element, ParserContext parserContext, @Nullable String str, @Nullable BeanDefinition beanDefinition) {
        return HTTPMetadataProvidersParserSupport.buildCommonClientBuilder(element, parserContext, "none", str, beanDefinition).getBeanDefinition();
    }
}
