package org.apereo.cas.support.saml.idp.metadata;

import java.util.Map;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.support.saml.idp.metadata.generator.BaseSamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGeneratorConfigurationContext;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlIdPMetadataDocument;
import org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.core.sync.RequestBody;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.model.CreateBucketRequest;
import software.amazon.awssdk.services.s3.model.ListBucketsRequest;
import software.amazon.awssdk.services.s3.model.PutObjectRequest;

/* loaded from: input_file:org/apereo/cas/support/saml/idp/metadata/AmazonS3SamlIdPMetadataGenerator.class */
public class AmazonS3SamlIdPMetadataGenerator extends BaseSamlIdPMetadataGenerator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AmazonS3SamlIdPMetadataGenerator.class);
    private final S3Client s3Client;
    private final String bucketName;

    public AmazonS3SamlIdPMetadataGenerator(SamlIdPMetadataGeneratorConfigurationContext samlIdPMetadataGeneratorConfigurationContext, S3Client s3Client, String str) {
        super(samlIdPMetadataGeneratorConfigurationContext);
        this.s3Client = s3Client;
        this.bucketName = SpringExpressionLanguageValueResolver.getInstance().resolve(str);
    }

    public Pair<String, String> buildSelfSignedEncryptionCert(Optional<SamlRegisteredService> optional) throws Exception {
        return generateCertificateAndKey();
    }

    public Pair<String, String> buildSelfSignedSigningCert(Optional<SamlRegisteredService> optional) throws Exception {
        return generateCertificateAndKey();
    }

    protected SamlIdPMetadataDocument finalizeMetadataDocument(SamlIdPMetadataDocument samlIdPMetadataDocument, Optional<SamlRegisteredService> optional) {
        String determineBucketNameFor = AmazonS3SamlIdPMetadataUtils.determineBucketNameFor(optional, this.bucketName, this.s3Client);
        if (this.s3Client.listBuckets((ListBucketsRequest) ListBucketsRequest.builder().build()).buckets().stream().noneMatch(bucket -> {
            return bucket.name().equalsIgnoreCase(determineBucketNameFor);
        })) {
            LOGGER.trace("Bucket [{}] does not exist. Creating...", determineBucketNameFor);
            LOGGER.debug("Created bucket [{}]", this.s3Client.createBucket((CreateBucketRequest) CreateBucketRequest.builder().bucket(determineBucketNameFor).build()).location());
        }
        this.s3Client.putObject((PutObjectRequest) PutObjectRequest.builder().key(String.valueOf(samlIdPMetadataDocument.getId())).bucket(determineBucketNameFor).contentType("text/plain").metadata(Map.of("signingCertificate", samlIdPMetadataDocument.getSigningCertificate(), "signingKey", samlIdPMetadataDocument.getSigningKey(), "encryptionCertificate", samlIdPMetadataDocument.getEncryptionCertificate(), "encryptionKey", samlIdPMetadataDocument.getEncryptionKey())).build(), RequestBody.fromString(samlIdPMetadataDocument.getMetadata()));
        return samlIdPMetadataDocument;
    }
}
