package org.apereo.cas.support.saml.metadata.resolver;

import java.nio.charset.StandardCharsets;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import lombok.Generated;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlMetadataDocument;
import org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.BaseSamlRegisteredServiceMetadataResolver;
import org.apereo.cas.util.LoggingUtils;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.core.ResponseInputStream;
import software.amazon.awssdk.core.sync.RequestBody;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.model.GetObjectRequest;
import software.amazon.awssdk.services.s3.model.GetObjectResponse;
import software.amazon.awssdk.services.s3.model.ListObjectsV2Request;
import software.amazon.awssdk.services.s3.model.PutObjectRequest;

/* loaded from: input_file:org/apereo/cas/support/saml/metadata/resolver/AmazonS3SamlRegisteredServiceMetadataResolver.class */
public class AmazonS3SamlRegisteredServiceMetadataResolver extends BaseSamlRegisteredServiceMetadataResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AmazonS3SamlRegisteredServiceMetadataResolver.class);
    private final transient S3Client s3Client;
    private final String bucketName;

    public AmazonS3SamlRegisteredServiceMetadataResolver(SamlIdPProperties samlIdPProperties, OpenSamlConfigBean openSamlConfigBean, S3Client s3Client) {
        super(samlIdPProperties, openSamlConfigBean);
        this.bucketName = samlIdPProperties.getMetadata().getAmazonS3().getBucketName();
        this.s3Client = s3Client;
    }

    public Collection<? extends MetadataResolver> resolve(SamlRegisteredService samlRegisteredService, CriteriaSet criteriaSet) {
        try {
            List contents = this.s3Client.listObjectsV2((ListObjectsV2Request) ListObjectsV2Request.builder().bucket(this.bucketName).build()).contents();
            LOGGER.debug("Located [{}] S3 object(s) from bucket [{}]", Integer.valueOf(contents.size()), this.bucketName);
            return (Collection) contents.stream().map(s3Object -> {
                String key = s3Object.key();
                LOGGER.debug("Fetching object [{}] from bucket [{}]", key, this.bucketName);
                try {
                    ResponseInputStream object = this.s3Client.getObject((GetObjectRequest) GetObjectRequest.builder().key(key).bucket(this.bucketName).build());
                    try {
                        SamlMetadataDocument samlMetadataDocument = new SamlMetadataDocument();
                        samlMetadataDocument.setId(System.nanoTime());
                        samlMetadataDocument.setName(key);
                        Map metadata = ((GetObjectResponse) object.response()).metadata();
                        if (metadata != null) {
                            samlMetadataDocument.setSignature((String) metadata.get("signature"));
                            if (StringUtils.isNotBlank(samlMetadataDocument.getSignature())) {
                                LOGGER.debug("Found metadata signature as part of object metadata for [{}] from bucket [{}]", key, this.bucketName);
                            }
                        }
                        samlMetadataDocument.setValue(IOUtils.toString(object, StandardCharsets.UTF_8));
                        AbstractMetadataResolver buildMetadataResolverFrom = buildMetadataResolverFrom(samlRegisteredService, samlMetadataDocument);
                        if (object != null) {
                            object.close();
                        }
                        return buildMetadataResolverFrom;
                    } finally {
                    }
                } catch (Exception e) {
                    LoggingUtils.error(LOGGER, e);
                    return null;
                }
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toList());
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            return null;
        }
    }

    public boolean supports(SamlRegisteredService samlRegisteredService) {
        try {
            return samlRegisteredService.getMetadataLocation().trim().startsWith("awss3://");
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            return false;
        }
    }

    public void saveOrUpdate(SamlMetadataDocument samlMetadataDocument) {
        this.s3Client.putObject((PutObjectRequest) PutObjectRequest.builder().bucket(this.bucketName).key(samlMetadataDocument.getName()).metadata(Map.of("signature", samlMetadataDocument.getSignature())).build(), RequestBody.fromString(samlMetadataDocument.getValue()));
    }

    public boolean isAvailable(SamlRegisteredService samlRegisteredService) {
        return supports(samlRegisteredService) && this.s3Client.listBuckets().hasBuckets();
    }
}
