package dk.digitalidentity.samlmodule.service.metadata;

import dk.digitalidentity.samlmodule.config.settings.DISAML_Configuration;
import dk.digitalidentity.samlmodule.util.exceptions.ExternalException;
import dk.digitalidentity.samlmodule.util.exceptions.InternalException;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import net.shibboleth.utilities.java.support.xml.BasicParserPool;
import org.apache.http.client.HttpClient;
import org.bouncycastle.util.encoders.Base64;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver;
import org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver;
import org.opensaml.saml.metadata.resolver.impl.HTTPMetadataResolver;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.security.credential.UsageType;
import org.opensaml.xmlsec.signature.X509Data;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:dk/digitalidentity/samlmodule/service/metadata/DISAML_IdPMetadataService.class */
public class DISAML_IdPMetadataService {
    private static final Logger log = LoggerFactory.getLogger(DISAML_IdPMetadataService.class);
    private Map<String, AbstractReloadingMetadataResolver> resolvers = new HashMap();

    @Autowired
    @Qualifier("DISAML_HTTPClient")
    private HttpClient httpClient;

    @Autowired
    private DISAML_Configuration configuration;

    public EntityDescriptor getMetadata() throws InternalException, ExternalException {
        AbstractReloadingMetadataResolver uRLMetadataResolver;
        if (this.configuration.getIdp().getMetadataLocation().startsWith("file:")) {
            uRLMetadataResolver = getFileMetadataResolver(this.configuration.getIdp().getEntityId(), this.configuration.getIdp().getMetadataLocation().substring("file:".length()));
        } else {
            if (!this.configuration.getIdp().getMetadataLocation().startsWith("url:")) {
                throw new InternalException("di.saml.idp.metadataLocation type unknown: " + this.configuration.getIdp().getMetadataLocation());
            }
            uRLMetadataResolver = getURLMetadataResolver(this.configuration.getIdp().getEntityId(), this.configuration.getIdp().getMetadataLocation().substring("url:".length()));
        }
        return getMetadata(uRLMetadataResolver);
    }

    private EntityDescriptor getMetadata(AbstractReloadingMetadataResolver abstractReloadingMetadataResolver) throws InternalException, ExternalException {
        if (Boolean.FALSE.equals(abstractReloadingMetadataResolver.wasLastRefreshSuccess())) {
            try {
                abstractReloadingMetadataResolver.refresh();
            } catch (ResolverException e) {
                throw new ExternalException("Could not get Metadata from url", e);
            }
        }
        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.add(new EntityIdCriterion(this.configuration.getIdp().getEntityId()));
        try {
            return abstractReloadingMetadataResolver.resolveSingle(criteriaSet);
        } catch (ResolverException e2) {
            throw new InternalException("Configured entityID not found in metadata", e2);
        }
    }

    public IDPSSODescriptor getSSODescriptor() throws InternalException, ExternalException {
        return getMetadata().getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
    }

    public PublicKey getPublicKey(UsageType usageType) throws InternalException, ExternalException {
        return getX509Certificate(usageType).getPublicKey();
    }

    public X509Certificate getX509Certificate(UsageType usageType) throws InternalException, ExternalException {
        Optional findFirst = getSSODescriptor().getKeyDescriptors().stream().filter(keyDescriptor -> {
            return keyDescriptor.getUse().equals(usageType);
        }).findFirst();
        if (findFirst.isEmpty()) {
            throw new ExternalException("Could not find X509Certificate with UsageType: " + usageType);
        }
        try {
            try {
                return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(((org.opensaml.xmlsec.signature.X509Certificate) ((X509Data) ((KeyDescriptor) findFirst.get()).getKeyInfo().getX509Datas().get(0)).getX509Certificates().get(0)).getValue())));
            } catch (CertificateException e) {
                throw new ExternalException("Could not parse X509 Certificate from Metadata", e);
            }
        } catch (CertificateException e2) {
            throw new InternalException("Could not create factory to parse X509 Certificate", e2);
        }
    }

    public SingleSignOnService getAuthnRequestEndpoint() throws InternalException, ExternalException {
        Optional findFirst = getSSODescriptor().getSingleSignOnServices().stream().filter(singleSignOnService -> {
            return singleSignOnService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        }).findFirst();
        if (findFirst.isEmpty()) {
            throw new ExternalException("Could not find SSO endpoint for Redirect binding in metadata");
        }
        return (SingleSignOnService) findFirst.get();
    }

    public SingleLogoutService getLogoutEndpoint() throws InternalException, ExternalException {
        Optional findFirst = getSSODescriptor().getSingleLogoutServices().stream().filter(singleLogoutService -> {
            return singleLogoutService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        }).findFirst();
        if (findFirst.isEmpty()) {
            throw new ExternalException("Could not find SLO endpoint for Redirect binding in metadata");
        }
        return (SingleLogoutService) findFirst.get();
    }

    public String getLogoutResponseEndpoint() throws ExternalException, InternalException {
        Optional findFirst = getSSODescriptor().getSingleLogoutServices().stream().filter(singleLogoutService -> {
            return "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect".equals(singleLogoutService.getBinding()) && StringUtils.hasLength(singleLogoutService.getResponseLocation());
        }).findFirst();
        if (findFirst.isPresent()) {
            return ((SingleLogoutService) findFirst.get()).getResponseLocation();
        }
        log.warn("Unable to find SingleLogoutService with binding HTTPRedirect");
        return getLogoutEndpoint().getLocation();
    }

    private AbstractReloadingMetadataResolver getFileMetadataResolver(String str, String str2) throws InternalException, ExternalException {
        AbstractReloadingMetadataResolver abstractReloadingMetadataResolver = this.resolvers.get(str);
        if (abstractReloadingMetadataResolver == null || !abstractReloadingMetadataResolver.isInitialized()) {
            try {
                abstractReloadingMetadataResolver = new FilesystemMetadataResolver(new File(str2));
                abstractReloadingMetadataResolver.setId(str);
                abstractReloadingMetadataResolver.setMinRefreshDelay(3600000 * this.configuration.getIdp().getResolverMinRefreshDelay());
                abstractReloadingMetadataResolver.setMaxRefreshDelay(3600000 * this.configuration.getIdp().getResolverMaxRefreshDelay());
                BasicParserPool basicParserPool = new BasicParserPool();
                abstractReloadingMetadataResolver.setParserPool(basicParserPool);
                try {
                    basicParserPool.initialize();
                    try {
                        abstractReloadingMetadataResolver.initialize();
                        this.resolvers.put(str, abstractReloadingMetadataResolver);
                    } catch (ComponentInitializationException e) {
                        throw new ExternalException("Could not initialize MetadataResolver", e);
                    }
                } catch (ComponentInitializationException e2) {
                    throw new InternalException("Could not initialize parser pool", e2);
                }
            } catch (ResolverException e3) {
                throw new InternalException("Could not create MetadataResolver", e3);
            }
        }
        return abstractReloadingMetadataResolver;
    }

    private AbstractReloadingMetadataResolver getURLMetadataResolver(String str, String str2) throws InternalException, ExternalException {
        AbstractReloadingMetadataResolver abstractReloadingMetadataResolver = this.resolvers.get(str);
        if (abstractReloadingMetadataResolver == null || !abstractReloadingMetadataResolver.isInitialized()) {
            try {
                abstractReloadingMetadataResolver = new HTTPMetadataResolver(this.httpClient, str2);
                abstractReloadingMetadataResolver.setId(str);
                abstractReloadingMetadataResolver.setMinRefreshDelay(3600000 * this.configuration.getIdp().getResolverMinRefreshDelay());
                abstractReloadingMetadataResolver.setMaxRefreshDelay(3600000 * this.configuration.getIdp().getResolverMaxRefreshDelay());
                BasicParserPool basicParserPool = new BasicParserPool();
                abstractReloadingMetadataResolver.setParserPool(basicParserPool);
                try {
                    basicParserPool.initialize();
                    try {
                        abstractReloadingMetadataResolver.initialize();
                        this.resolvers.put(str, abstractReloadingMetadataResolver);
                    } catch (ComponentInitializationException e) {
                        throw new ExternalException("Could not initialize MetadataResolver", e);
                    }
                } catch (ComponentInitializationException e2) {
                    throw new InternalException("Could not initialize parser pool", e2);
                }
            } catch (ResolverException e3) {
                throw new InternalException("Could not create MetadataResolver", e3);
            }
        }
        return abstractReloadingMetadataResolver;
    }
}
