package pl.edu.icm.unity.saml.metadata.cfg;

import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.saml.SamlProperties;
import pl.edu.icm.unity.saml.metadata.cfg.MetadataVerificator;
import pl.edu.icm.unity.saml.metadata.srv.RemoteMetadataService;
import pl.edu.icm.unity.saml.sp.SAMLSPProperties;
import xmlbeans.org.oasis.saml2.metadata.EntitiesDescriptorDocument;

/* loaded from: input_file:pl/edu/icm/unity/saml/metadata/cfg/RemoteMetaManager.class */
public class RemoteMetaManager {
    private static final Logger log = Log.getLogger("unity.server.saml", RemoteMetaManager.class);
    private PKIManagement pkiManagement;
    private SamlProperties configuration;
    private AbstractMetaToConfigConverter converter;
    private SamlProperties virtualConfiguration;
    private String metaPrefix;
    private RemoteMetadataService metadataService;
    private Set<String> registeredConsumers = new HashSet();
    private Map<String, Properties> configurationsFromMetadata = new HashMap();
    private MetadataVerificator verificator = new MetadataVerificator();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:pl/edu/icm/unity/saml/metadata/cfg/RemoteMetaManager$MetadataConsumer.class */
    public class MetadataConsumer {
        private String url;
        private String propertiesKey;

        public MetadataConsumer(String str, String str2) {
            this.url = str;
            this.propertiesKey = str2;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void updateMetadata(EntitiesDescriptorDocument entitiesDescriptorDocument, String str) {
            Properties sourceProperties = RemoteMetaManager.this.configuration.getSourceProperties();
            RemoteMetaManager.this.reloadSingle(entitiesDescriptorDocument, this.propertiesKey, this.url, sourceProperties, RemoteMetaManager.this.configuration);
            RemoteMetaManager.this.assembleProperties(this.propertiesKey, sourceProperties, str);
        }
    }

    public RemoteMetaManager(SamlProperties samlProperties, PKIManagement pKIManagement, AbstractMetaToConfigConverter abstractMetaToConfigConverter, RemoteMetadataService remoteMetadataService, String str) {
        this.configuration = samlProperties;
        this.converter = abstractMetaToConfigConverter;
        this.metadataService = remoteMetadataService;
        this.pkiManagement = pKIManagement;
        this.virtualConfiguration = samlProperties.mo5clone();
        this.metaPrefix = str;
        registerMetadataConsumers();
    }

    public synchronized SamlProperties getVirtualConfiguration() {
        return this.virtualConfiguration.mo5clone();
    }

    public synchronized void setBaseConfiguration(SamlProperties samlProperties) {
        boolean z = !this.configuration.getProperties().equals(samlProperties.getProperties());
        this.configuration = samlProperties;
        if (z) {
            unregisterAll();
            this.virtualConfiguration = samlProperties.mo5clone();
            registerMetadataConsumers();
        }
    }

    private void registerMetadataConsumers() {
        log.trace("Registering remote metadata consumers");
        for (String str : this.configuration.getStructuredListKeys(this.metaPrefix)) {
            String value = this.configuration.getValue(str + "url");
            long intValue = this.configuration.getIntValue(str + "refreshInterval").intValue() * 1000;
            String value2 = this.configuration.getValue(str + "httpsTruststore");
            MetadataConsumer metadataConsumer = new MetadataConsumer(value, str);
            String preregisterConsumer = this.metadataService.preregisterConsumer(value);
            this.registeredConsumers.add(preregisterConsumer);
            RemoteMetadataService remoteMetadataService = this.metadataService;
            Duration ofMillis = Duration.ofMillis(intValue);
            Objects.requireNonNull(metadataConsumer);
            remoteMetadataService.registerConsumer(preregisterConsumer, ofMillis, value2, (entitiesDescriptorDocument, str2) -> {
                metadataConsumer.updateMetadata(entitiesDescriptorDocument, str2);
            });
        }
    }

    public synchronized void unregisterAll() {
        log.trace("Unregistering all remote metadata consumers");
        this.registeredConsumers.forEach(str -> {
            this.metadataService.unregisterConsumer(str);
        });
        this.registeredConsumers.clear();
    }

    private synchronized void assembleProperties(String str, Properties properties, String str2) {
        if (this.registeredConsumers.contains(str2)) {
            Properties sourceProperties = this.configuration.getSourceProperties();
            this.configurationsFromMetadata.put(str, properties);
            Iterator<Properties> it = this.configurationsFromMetadata.values().iterator();
            while (it.hasNext()) {
                sourceProperties.putAll(it.next());
            }
            this.virtualConfiguration.setProperties(sourceProperties);
        }
    }

    private void reloadSingle(EntitiesDescriptorDocument entitiesDescriptorDocument, String str, String str2, Properties properties, SamlProperties samlProperties) {
        X509Certificate x509Certificate;
        SAMLSPProperties.MetadataSignatureValidation metadataSignatureValidation = (SAMLSPProperties.MetadataSignatureValidation) samlProperties.getEnumValue(str + "signaturVerification", SAMLSPProperties.MetadataSignatureValidation.class);
        String value = samlProperties.getValue(str + "signatureVerificationCertificate");
        if (value != null) {
            try {
                x509Certificate = this.pkiManagement.getCertificate(value).value;
            } catch (EngineException e) {
                log.error("Problem establishing certificate for metadata validation " + value, e);
                return;
            } catch (MetadataVerificator.MetadataValidationException e2) {
                log.error("Metadata from " + str2 + " is invalid, won't be used", e2);
                return;
            }
        } else {
            x509Certificate = null;
        }
        this.verificator.validate(entitiesDescriptorDocument, new Date(), metadataSignatureValidation, x509Certificate);
        this.converter.convertToProperties(entitiesDescriptorDocument, properties, samlProperties, str);
        log.trace("Converted metadata from " + str2 + " to virtual configuration");
    }
}
