package org.apereo.cas.support.saml.mdui.config;

import com.google.common.base.Splitter;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter;
import org.apereo.cas.support.saml.mdui.ChainingMetadataResolverAdapter;
import org.apereo.cas.support.saml.mdui.DynamicMetadataResolverAdapter;
import org.apereo.cas.support.saml.mdui.MetadataResolverAdapter;
import org.apereo.cas.support.saml.mdui.StaticMetadataResolverAdapter;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.jooq.lambda.Unchecked;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
import org.opensaml.saml.metadata.resolver.filter.impl.RequiredValidUntilFilter;
import org.opensaml.saml.metadata.resolver.filter.impl.SignatureValidationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.core.io.Resource;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = CasFeatureModule.FeatureCatalog.SAML)
/* loaded from: input_file:org/apereo/cas/support/saml/mdui/config/SamlMetadataUIConfiguration.class */
public class SamlMetadataUIConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlMetadataUIConfiguration.class);
    private static final String DEFAULT_SEPARATOR = "::";

    private static MetadataResolverAdapter configureAdapter(AbstractMetadataResolverAdapter abstractMetadataResolverAdapter, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, OpenSamlConfigBean openSamlConfigBean) {
        HashMap hashMap = new HashMap();
        MetadataFilterChain metadataFilterChain = new MetadataFilterChain();
        casConfigurationProperties.getSamlMetadataUi().getResources().forEach(Unchecked.consumer(str -> {
            configureResource(configurableApplicationContext, hashMap, metadataFilterChain, str, casConfigurationProperties);
        }));
        abstractMetadataResolverAdapter.setRequireValidMetadata(casConfigurationProperties.getSamlMetadataUi().isRequireValidMetadata());
        abstractMetadataResolverAdapter.setMetadataResources(hashMap);
        abstractMetadataResolverAdapter.setConfigBean(openSamlConfigBean);
        return abstractMetadataResolverAdapter;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void configureResource(ConfigurableApplicationContext configurableApplicationContext, Map<Resource, MetadataFilterChain> map, MetadataFilterChain metadataFilterChain, String str, CasConfigurationProperties casConfigurationProperties) {
        Arrays.stream(StringUtils.commaDelimitedListToStringArray(str)).forEach(Unchecked.consumer(str2 -> {
            List splitToList = Splitter.on(DEFAULT_SEPARATOR).splitToList(str2);
            String str2 = (String) splitToList.get(0);
            String str3 = splitToList.size() > 1 ? (String) splitToList.get(1) : null;
            ArrayList arrayList = new ArrayList();
            if (casConfigurationProperties.getSamlMetadataUi().getMaxValidity() > 0) {
                RequiredValidUntilFilter requiredValidUntilFilter = new RequiredValidUntilFilter();
                requiredValidUntilFilter.setMaxValidityInterval(Duration.ofSeconds(casConfigurationProperties.getSamlMetadataUi().getMaxValidity()));
                arrayList.add(requiredValidUntilFilter);
            }
            boolean z = true;
            if (org.apache.commons.lang3.StringUtils.isNotBlank(str3)) {
                SignatureValidationFilter buildSignatureValidationFilter = SamlUtils.buildSignatureValidationFilter(configurableApplicationContext, str3);
                if (buildSignatureValidationFilter != null) {
                    buildSignatureValidationFilter.setRequireSignedRoot(casConfigurationProperties.getSamlMetadataUi().isRequireSignedRoot());
                    arrayList.add(buildSignatureValidationFilter);
                } else {
                    LOGGER.warn("Failed to locate the signing key [{}] for [{}]", str3, str2);
                    z = false;
                }
            }
            metadataFilterChain.setFilters(arrayList);
            Resource resource = configurableApplicationContext.getResource(str2);
            if (z && ResourceUtils.doesResourceExist(resource)) {
                map.put(resource, metadataFilterChain);
            } else {
                LOGGER.warn("Skipping metadata [{}]; Either the resource cannot be retrieved or its signing key is missing", str2);
            }
        }));
    }

    @ConditionalOnMissingBean(name = {"chainingSamlMetadataUIMetadataResolverAdapter"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public MetadataResolverAdapter chainingSamlMetadataUIMetadataResolverAdapter(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, @Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) {
        MetadataResolverAdapter staticMetadataResolverAdapter = new StaticMetadataResolverAdapter();
        configureAdapter(staticMetadataResolverAdapter, configurableApplicationContext, casConfigurationProperties, openSamlConfigBean);
        staticMetadataResolverAdapter.buildMetadataResolverAggregate();
        MetadataResolverAdapter dynamicMetadataResolverAdapter = new DynamicMetadataResolverAdapter();
        configureAdapter(dynamicMetadataResolverAdapter, configurableApplicationContext, casConfigurationProperties, openSamlConfigBean);
        return new ChainingMetadataResolverAdapter(CollectionUtils.wrapSet(new MetadataResolverAdapter[]{staticMetadataResolverAdapter, dynamicMetadataResolverAdapter}));
    }
}
