package org.apache.syncope.core.logic.saml2;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.helpers.IOUtils;
import org.apache.syncope.common.lib.to.Item;
import org.apache.syncope.common.lib.to.SAML2SP4UIIdPTO;
import org.apache.syncope.common.lib.types.SAML2BindingType;
import org.apache.syncope.core.persistence.api.entity.SAML2SP4UIIdP;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.pac4j.core.http.callback.NoParameterCallbackUrlResolver;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.config.SAML2Configuration;
import org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.ByteArrayResource;

/* loaded from: input_file:org/apache/syncope/core/logic/saml2/SAML2ClientCache.class */
public class SAML2ClientCache {
    protected static final Logger LOG = LoggerFactory.getLogger(SAML2ClientCache.class);
    protected static Path METADATA_PATH;
    protected final List<SAML2Client> cache = Collections.synchronizedList(new ArrayList());

    public static Optional<String> getSPMetadataPath(String str) {
        String replaceChars = StringUtils.replaceChars(StringUtils.removeStart(StringUtils.removeStart(str, "https://"), "http://"), ":/", "__");
        return Optional.ofNullable(METADATA_PATH).map(path -> {
            return path.resolve(replaceChars).toAbsolutePath().toString();
        });
    }

    public static SAML2SP4UIIdPTO importMetadata(InputStream inputStream, SAML2Configuration sAML2Configuration) throws IOException {
        sAML2Configuration.setIdentityProviderMetadataResource(new ByteArrayResource(IOUtils.readBytesFromStream(inputStream)));
        SAML2IdentityProviderMetadataResolver sAML2IdentityProviderMetadataResolver = new SAML2IdentityProviderMetadataResolver(sAML2Configuration);
        sAML2IdentityProviderMetadataResolver.init();
        sAML2Configuration.setIdentityProviderMetadataResolver(sAML2IdentityProviderMetadataResolver);
        String entityId = sAML2IdentityProviderMetadataResolver.getEntityId();
        SAML2SP4UIIdPTO sAML2SP4UIIdPTO = new SAML2SP4UIIdPTO();
        sAML2SP4UIIdPTO.setEntityID(entityId);
        sAML2SP4UIIdPTO.setName(entityId);
        EntityDescriptor entityDescriptorElement = sAML2IdentityProviderMetadataResolver.getEntityDescriptorElement();
        if (sAML2SP4UIIdPTO.getBindingType() == null) {
            entityDescriptorElement.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol").getSingleSignOnServices().forEach(singleSignOnService -> {
                if (SAML2BindingType.POST.getUri().equals(singleSignOnService.getBinding())) {
                    sAML2SP4UIIdPTO.setBindingType(SAML2BindingType.POST);
                } else if (SAML2BindingType.REDIRECT.getUri().equals(singleSignOnService.getBinding())) {
                    sAML2SP4UIIdPTO.setBindingType(SAML2BindingType.REDIRECT);
                }
            });
        }
        if (sAML2SP4UIIdPTO.getBindingType() == null) {
            throw new IllegalArgumentException("Neither POST nor REDIRECT artifacts supported by " + entityId);
        }
        sAML2Configuration.setAuthnRequestBindingType(sAML2SP4UIIdPTO.getBindingType().getUri());
        sAML2Configuration.setResponseBindingType(SAML2BindingType.POST.getUri());
        sAML2Configuration.setSpLogoutRequestBindingType(sAML2SP4UIIdPTO.getBindingType().getUri());
        sAML2Configuration.setSpLogoutResponseBindingType(sAML2SP4UIIdPTO.getBindingType().getUri());
        entityDescriptorElement.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol").getSingleLogoutServices().stream().filter(singleLogoutService -> {
            return SAML2BindingType.POST.getUri().equals(singleLogoutService.getBinding()) || SAML2BindingType.REDIRECT.getUri().equals(singleLogoutService.getBinding());
        }).findFirst().ifPresent(singleLogoutService2 -> {
            sAML2SP4UIIdPTO.setLogoutSupported(true);
        });
        sAML2SP4UIIdPTO.setMetadata(Base64.getEncoder().encodeToString(sAML2IdentityProviderMetadataResolver.getMetadata().getBytes()));
        Item item = new Item();
        item.setIntAttrName("username");
        item.setExtAttrName("NameID");
        sAML2SP4UIIdPTO.setConnObjectKeyItem(item);
        return sAML2SP4UIIdPTO;
    }

    public Optional<SAML2Client> get(String str, String str2) {
        return this.cache.stream().filter(sAML2Client -> {
            return str.equals(sAML2Client.getIdentityProviderResolvedEntityId()) && str2.equals(sAML2Client.getConfiguration().getServiceProviderEntityId());
        }).findFirst();
    }

    public SAML2Client add(SAML2SP4UIIdP sAML2SP4UIIdP, SAML2Configuration sAML2Configuration, String str, String str2) {
        sAML2Configuration.setIdentityProviderEntityId(sAML2SP4UIIdP.getEntityID());
        sAML2Configuration.setIdentityProviderMetadataResource(new ByteArrayResource(sAML2SP4UIIdP.getMetadata()));
        SAML2IdentityProviderMetadataResolver sAML2IdentityProviderMetadataResolver = new SAML2IdentityProviderMetadataResolver(sAML2Configuration);
        sAML2IdentityProviderMetadataResolver.init();
        sAML2Configuration.setIdentityProviderMetadataResolver(sAML2IdentityProviderMetadataResolver);
        sAML2Configuration.setServiceProviderEntityId(str);
        Optional<String> sPMetadataPath = getSPMetadataPath(str);
        Objects.requireNonNull(sAML2Configuration);
        sPMetadataPath.ifPresent(sAML2Configuration::setServiceProviderMetadataResourceFilepath);
        SAML2Client sAML2Client = new SAML2Client(sAML2Configuration);
        sAML2Client.setCallbackUrlResolver(new NoParameterCallbackUrlResolver());
        sAML2Client.setCallbackUrl(str2);
        sAML2Client.init();
        this.cache.add(sAML2Client);
        return sAML2Client;
    }

    public boolean removeAll(String str) {
        return this.cache.removeIf(sAML2Client -> {
            return str.equals(sAML2Client.getIdentityProviderResolvedEntityId());
        });
    }

    static {
        try {
            METADATA_PATH = Files.createTempDirectory("saml2sp4ui-", new FileAttribute[0]).toAbsolutePath();
        } catch (IOException e) {
            LOG.error("Could not create a temp directory to store metadata files", e);
        }
    }
}
