package org.opensaml.saml.metadata.resolver.impl;

import com.google.common.base.Strings;
import com.google.common.io.ByteStreams;
import jakarta.ws.rs.core.MediaType;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Timer;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.annotation.constraint.NotLive;
import net.shibboleth.shared.annotation.constraint.Unmodifiable;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.collection.LazySet;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.net.MediaTypeSupport;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.StringSupport;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.ResolverException;
import org.apache.hc.client5.http.classic.HttpClient;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.hc.core5.http.ClassicHttpResponse;
import org.apache.hc.core5.http.HttpEntity;
import org.apache.hc.core5.http.io.HttpClientResponseHandler;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.util.XMLObjectSource;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.opensaml.security.httpclient.HttpClientSecuritySupport;
import org.slf4j.Logger;
import org.slf4j.MDC;

/* loaded from: input_file:org/opensaml/saml/metadata/resolver/impl/AbstractDynamicHTTPMetadataResolver.class */
public abstract class AbstractDynamicHTTPMetadataResolver extends AbstractDynamicMetadataResolver {

    @Nonnull
    @NotEmpty
    public static final String[] DEFAULT_CONTENT_TYPES = {"application/samlmetadata+xml", MediaType.APPLICATION_XML, "text/xml"};

    @Nonnull
    @NotEmpty
    public static final String MDC_ATTRIB_CURRENT_REQUEST_URI = AbstractDynamicHTTPMetadataResolver.class.getName() + ".currentRequestURI";

    @Nonnull
    private final Logger log;

    @NonnullAfterInit
    private HttpClient httpClient;

    @NonnullAfterInit
    private List<String> supportedContentTypes;

    @NonnullAfterInit
    private String supportedContentTypesValue;

    @NonnullAfterInit
    private Set<com.google.common.net.MediaType> supportedMediaTypes;

    @Nonnull
    private HttpClientResponseHandler<XMLObject> responseHandler;

    @Nullable
    private HttpClientSecurityParameters httpClientSecurityParameters;

    /* loaded from: input_file:org/opensaml/saml/metadata/resolver/impl/AbstractDynamicHTTPMetadataResolver$BasicMetadataResponseHandler.class */
    public class BasicMetadataResponseHandler implements HttpClientResponseHandler<XMLObject> {
        static final /* synthetic */ boolean $assertionsDisabled;

        public BasicMetadataResponseHandler() {
        }

        /* renamed from: handleResponse, reason: merged with bridge method [inline-methods] */
        public XMLObject m5558handleResponse(ClassicHttpResponse classicHttpResponse) throws IOException {
            int code = classicHttpResponse.getCode();
            String str = MDC.get(AbstractDynamicHTTPMetadataResolver.MDC_ATTRIB_CURRENT_REQUEST_URI);
            if (code == 304) {
                AbstractDynamicHTTPMetadataResolver.this.log.debug("{} Metadata document from '{}' has not changed since last retrieval", AbstractDynamicHTTPMetadataResolver.this.getLogPrefix(), str);
                return null;
            }
            if (code != 200) {
                AbstractDynamicHTTPMetadataResolver.this.log.warn("{} Non-ok status code '{}' returned from remote metadata source: {}", AbstractDynamicHTTPMetadataResolver.this.getLogPrefix(), Integer.valueOf(code), str);
                return null;
            }
            try {
                validateHttpResponse(classicHttpResponse);
                try {
                    HttpEntity entity = classicHttpResponse.getEntity();
                    try {
                        InputStream content = entity.getContent();
                        try {
                            byte[] byteArray = ByteStreams.toByteArray(content);
                            if (!$assertionsDisabled && byteArray == null) {
                                throw new AssertionError();
                            }
                            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArray);
                            try {
                                XMLObject unmarshallMetadata = AbstractDynamicHTTPMetadataResolver.this.unmarshallMetadata(byteArrayInputStream);
                                unmarshallMetadata.getObjectMetadata().put(new XMLObjectSource(byteArray));
                                byteArrayInputStream.close();
                                if (content != null) {
                                    content.close();
                                }
                                if (entity != null) {
                                    entity.close();
                                }
                                return unmarshallMetadata;
                            } catch (Throwable th) {
                                try {
                                    byteArrayInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                                throw th;
                            }
                        } catch (Throwable th3) {
                            if (content != null) {
                                try {
                                    content.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            }
                            throw th3;
                        }
                    } finally {
                    }
                } catch (IOException | UnmarshallingException e) {
                    AbstractDynamicHTTPMetadataResolver.this.log.error("{} Error unmarshalling HTTP response stream", AbstractDynamicHTTPMetadataResolver.this.getLogPrefix(), e);
                    return null;
                }
            } catch (ResolverException e2) {
                AbstractDynamicHTTPMetadataResolver.this.log.error("{} Problem validating dynamic metadata HTTP response", AbstractDynamicHTTPMetadataResolver.this.getLogPrefix(), e2);
                return null;
            }
        }

        protected void validateHttpResponse(@Nonnull ClassicHttpResponse classicHttpResponse) throws ResolverException {
            if (AbstractDynamicHTTPMetadataResolver.this.getSupportedMediaTypes().isEmpty()) {
                return;
            }
            String trimOrNull = StringSupport.trimOrNull(classicHttpResponse.getEntity().getContentType());
            AbstractDynamicHTTPMetadataResolver.this.log.debug("{} Saw raw Content-Type from response header '{}'", AbstractDynamicHTTPMetadataResolver.this.getLogPrefix(), trimOrNull);
            if (!MediaTypeSupport.validateContentType(trimOrNull, AbstractDynamicHTTPMetadataResolver.this.getSupportedMediaTypes(), true, false)) {
                throw new ResolverException("HTTP response specified an unsupported Content-Type MIME type: " + trimOrNull);
            }
        }

        static {
            $assertionsDisabled = !AbstractDynamicHTTPMetadataResolver.class.desiredAssertionStatus();
        }
    }

    public AbstractDynamicHTTPMetadataResolver(@Nonnull HttpClient httpClient) {
        this(null, httpClient);
    }

    public AbstractDynamicHTTPMetadataResolver(@Nullable Timer timer, @Nonnull HttpClient httpClient) {
        super(timer);
        this.log = LoggerFactory.getLogger((Class<?>) AbstractDynamicHTTPMetadataResolver.class);
        this.httpClient = (HttpClient) Constraint.isNotNull(httpClient, "HttpClient may not be null");
        this.responseHandler = new BasicMetadataResponseHandler();
    }

    @Nullable
    protected HttpClientSecurityParameters getHttpClientSecurityParameters() {
        return this.httpClientSecurityParameters;
    }

    public void setHttpClientSecurityParameters(@Nullable HttpClientSecurityParameters httpClientSecurityParameters) {
        checkSetterPreconditions();
        this.httpClientSecurityParameters = httpClientSecurityParameters;
    }

    @Unmodifiable
    @NotLive
    @NonnullAfterInit
    protected Set<com.google.common.net.MediaType> getSupportedMediaTypes() {
        return this.supportedMediaTypes;
    }

    @Unmodifiable
    @NotLive
    @NonnullAfterInit
    public List<String> getSupportedContentTypes() {
        return this.supportedContentTypes;
    }

    public void setSupportedContentTypes(@Nullable List<String> list) {
        checkSetterPreconditions();
        if (list == null) {
            this.supportedContentTypes = CollectionSupport.emptyList();
        } else {
            this.supportedContentTypes = (List) StringSupport.normalizeStringCollection(list).stream().filter(str -> {
                return str != null;
            }).map((v0) -> {
                return v0.toLowerCase();
            }).collect(Collectors.toUnmodifiableList());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver, org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver
    public void initMetadataResolver() throws ComponentInitializationException {
        super.initMetadataResolver();
        if (getSupportedContentTypes() == null) {
            setSupportedContentTypes(Arrays.asList(DEFAULT_CONTENT_TYPES));
        }
        if (getSupportedContentTypes().isEmpty()) {
            this.supportedMediaTypes = CollectionSupport.emptySet();
        } else {
            this.supportedContentTypesValue = StringSupport.listToStringValue(getSupportedContentTypes(), ", ");
            this.supportedMediaTypes = new LazySet();
            Iterator<String> it = getSupportedContentTypes().iterator();
            while (it.hasNext()) {
                this.supportedMediaTypes.add(com.google.common.net.MediaType.parse(it.next()));
            }
        }
        this.log.debug("{} Supported content types are: {}", getLogPrefix(), getSupportedContentTypes());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver, org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver, net.shibboleth.shared.component.AbstractInitializableComponent
    public void doDestroy() {
        this.httpClient = null;
        this.httpClientSecurityParameters = null;
        this.supportedContentTypes = null;
        this.supportedContentTypesValue = null;
        this.supportedMediaTypes = null;
        super.doDestroy();
    }

    @Override // org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver
    @Nullable
    protected XMLObject fetchFromOriginSource(@Nullable CriteriaSet criteriaSet) throws IOException {
        ClassicHttpRequest buildHttpRequest = buildHttpRequest(criteriaSet);
        if (buildHttpRequest == null) {
            this.log.debug("{} Could not build request based on input criteria, unable to query", getLogPrefix());
            return null;
        }
        HttpClientContext buildHttpClientContext = buildHttpClientContext(buildHttpRequest);
        try {
            MDC.put(MDC_ATTRIB_CURRENT_REQUEST_URI, buildHttpRequest.getRequestUri());
            XMLObject xMLObject = (XMLObject) this.httpClient.execute(buildHttpRequest, buildHttpClientContext, this.responseHandler);
            HttpClientSecuritySupport.checkTLSCredentialEvaluated(buildHttpClientContext, buildHttpRequest.getScheme());
            MDC.remove(MDC_ATTRIB_CURRENT_REQUEST_URI);
            return xMLObject;
        } catch (Throwable th) {
            MDC.remove(MDC_ATTRIB_CURRENT_REQUEST_URI);
            throw th;
        }
    }

    @Nullable
    protected ClassicHttpRequest buildHttpRequest(@Nullable CriteriaSet criteriaSet) {
        String buildRequestURL = buildRequestURL(criteriaSet);
        this.log.debug("{} Built request URL of: {}", getLogPrefix(), buildRequestURL);
        if (buildRequestURL == null) {
            this.log.debug("{} Could not construct request URL from input criteria, unable to query", getLogPrefix());
            return null;
        }
        HttpGet httpGet = new HttpGet(buildRequestURL);
        if (!Strings.isNullOrEmpty(this.supportedContentTypesValue)) {
            httpGet.addHeader("Accept", this.supportedContentTypesValue);
        }
        return httpGet;
    }

    @Nullable
    protected abstract String buildRequestURL(@Nullable CriteriaSet criteriaSet);

    @Nonnull
    protected HttpClientContext buildHttpClientContext(@Nonnull ClassicHttpRequest classicHttpRequest) {
        HttpClientContext buildHttpClientContext = HttpClientSecuritySupport.buildHttpClientContext(this.httpClientSecurityParameters);
        HttpClientSecuritySupport.addDefaultTLSTrustEngineCriteria(buildHttpClientContext, classicHttpRequest);
        return buildHttpClientContext;
    }
}
