package org.opensaml.saml.metadata.resolver.impl;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Timer;
import javax.annotation.Nullable;
import javax.net.ssl.SSLPeerUnverifiedException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.primitive.DeprecationSupport;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.util.EntityUtils;
import org.opensaml.security.httpclient.HttpClientSecurityConstants;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.opensaml.security.httpclient.HttpClientSecuritySupport;
import org.opensaml.security.trust.TrustEngine;
import org.opensaml.security.x509.X509Credential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:repository/org/opensaml/opensaml-saml-impl/3.4.3/opensaml-saml-impl-3.4.3.jar:org/opensaml/saml/metadata/resolver/impl/HTTPMetadataResolver.class */
public class HTTPMetadataResolver extends AbstractReloadingMetadataResolver {
    private final Logger log;
    private HttpClient httpClient;
    private URI metadataURI;
    private String cachedMetadataETag;
    private String cachedMetadataLastModified;

    @Nullable
    private BasicCredentialsProvider credentialsProvider;

    @Nullable
    private TrustEngine<? super X509Credential> tlsTrustEngine;

    @Nullable
    private HttpClientSecurityParameters httpClientSecurityParameters;

    public HTTPMetadataResolver(HttpClient httpClient, String str) throws ResolverException {
        this(null, httpClient, str);
    }

    public HTTPMetadataResolver(Timer timer, HttpClient httpClient, String str) throws ResolverException {
        super(timer);
        this.log = LoggerFactory.getLogger((Class<?>) HTTPMetadataResolver.class);
        if (httpClient == null) {
            throw new ResolverException("HTTP client may not be null");
        }
        this.httpClient = httpClient;
        try {
            this.metadataURI = new URI(str);
        } catch (URISyntaxException e) {
            throw new ResolverException("Illegal URL syntax", e);
        }
    }

    public String getMetadataURI() {
        return this.metadataURI.toASCIIString();
    }

    public void setTLSTrustEngine(@Nullable TrustEngine<? super X509Credential> trustEngine) {
        DeprecationSupport.warnOnce(DeprecationSupport.ObjectType.METHOD, getClass().getName() + ".setTLSTrustEngine", null, "setHttpClientSecurityParameters(HttpClientSecurityParameters)");
        this.tlsTrustEngine = trustEngine;
    }

    public void setBasicCredentials(@Nullable UsernamePasswordCredentials usernamePasswordCredentials) {
        DeprecationSupport.warnOnce(DeprecationSupport.ObjectType.METHOD, getClass().getName() + ".setBasicCredentials", null, "setHttpClientSecurityParameters(HttpClientSecurityParameters)");
        setBasicCredentialsWithScope(usernamePasswordCredentials, null);
    }

    public void setBasicCredentialsWithScope(@Nullable UsernamePasswordCredentials usernamePasswordCredentials, @Nullable AuthScope authScope) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        DeprecationSupport.warnOnce(DeprecationSupport.ObjectType.METHOD, getClass().getName() + ".setBasicCredentialsWithScope", null, "setHttpClientSecurityParameters(HttpClientSecurityParameters)");
        if (usernamePasswordCredentials == null) {
            this.log.debug("Either username or password were null, disabling basic auth");
            this.credentialsProvider = null;
            return;
        }
        AuthScope authScope2 = authScope;
        if (authScope2 == null) {
            authScope2 = new AuthScope(this.metadataURI.getHost(), this.metadataURI.getPort());
        }
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(authScope2, usernamePasswordCredentials);
        this.credentialsProvider = basicCredentialsProvider;
    }

    @Nullable
    protected HttpClientSecurityParameters getHttpClientSecurityParameters() {
        return this.httpClientSecurityParameters;
    }

    public void setHttpClientSecurityParameters(@Nullable HttpClientSecurityParameters httpClientSecurityParameters) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.httpClientSecurityParameters = httpClientSecurityParameters;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver, org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver, net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doDestroy() {
        this.httpClient = null;
        this.tlsTrustEngine = null;
        this.credentialsProvider = null;
        this.httpClientSecurityParameters = null;
        this.metadataURI = null;
        this.cachedMetadataETag = null;
        this.cachedMetadataLastModified = null;
        super.doDestroy();
    }

    @Override // org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver
    protected String getMetadataIdentifier() {
        return this.metadataURI.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver
    public byte[] fetchMetadata() throws ResolverException {
        HttpGet buildHttpGet = buildHttpGet();
        HttpClientContext buildHttpClientContext = buildHttpClientContext(buildHttpGet);
        Object obj = null;
        try {
            try {
                this.log.debug("{} Attempting to fetch metadata document from '{}'", getLogPrefix(), this.metadataURI);
                HttpResponse execute = this.httpClient.execute(buildHttpGet, buildHttpClientContext);
                HttpClientSecuritySupport.checkTLSCredentialEvaluated(buildHttpClientContext, this.metadataURI.getScheme());
                int statusCode = execute.getStatusLine().getStatusCode();
                if (statusCode == 304) {
                    this.log.debug("{} Metadata document from '{}' has not changed since last retrieval", getLogPrefix(), getMetadataURI());
                    if (execute != null) {
                        try {
                            if (execute instanceof CloseableHttpResponse) {
                                ((CloseableHttpResponse) execute).close();
                            }
                        } catch (IOException e) {
                            this.log.error("{} Error closing HTTP response from {}", this.metadataURI, getLogPrefix(), e);
                        }
                    }
                    return null;
                }
                if (statusCode != 200) {
                    String str = "Non-ok status code " + statusCode + " returned from remote metadata source " + this.metadataURI;
                    this.log.error("{} " + str, getLogPrefix());
                    throw new ResolverException(str);
                }
                processConditionalRetrievalHeaders(execute);
                byte[] metadataBytesFromResponse = getMetadataBytesFromResponse(execute);
                this.log.debug("{} Successfully fetched {} bytes of metadata from {}", getLogPrefix(), Integer.valueOf(metadataBytesFromResponse.length), getMetadataURI());
                if (execute != null) {
                    try {
                        if (execute instanceof CloseableHttpResponse) {
                            ((CloseableHttpResponse) execute).close();
                        }
                    } catch (IOException e2) {
                        this.log.error("{} Error closing HTTP response from {}", this.metadataURI, getLogPrefix(), e2);
                    }
                }
                return metadataBytesFromResponse;
            } catch (IOException e3) {
                String str2 = "Error retrieving metadata from " + this.metadataURI;
                this.log.error("{} " + str2, getLogPrefix(), e3);
                throw new ResolverException(str2, e3);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    if (obj instanceof CloseableHttpResponse) {
                        ((CloseableHttpResponse) null).close();
                    }
                } catch (IOException e4) {
                    this.log.error("{} Error closing HTTP response from {}", this.metadataURI, getLogPrefix(), e4);
                    throw th;
                }
            }
            throw th;
        }
    }

    @Deprecated
    protected void checkTLSCredentialTrusted(HttpClientContext httpClientContext) throws SSLPeerUnverifiedException {
        DeprecationSupport.warnOnce(DeprecationSupport.ObjectType.METHOD, getClass().getName() + ".checkTLSCredentialTrusted", null, "HttpClientSecuritySupport.checkTLSCredentialEvaluated(..)");
        HttpClientSecuritySupport.checkTLSCredentialEvaluated(httpClientContext, this.metadataURI.getScheme());
    }

    protected HttpGet buildHttpGet() {
        HttpGet httpGet = new HttpGet(getMetadataURI());
        if (this.cachedMetadataETag != null) {
            httpGet.setHeader("If-None-Match", this.cachedMetadataETag);
        }
        if (this.cachedMetadataLastModified != null) {
            httpGet.setHeader("If-Modified-Since", this.cachedMetadataLastModified);
        }
        return httpGet;
    }

    protected HttpClientContext buildHttpClientContext() {
        DeprecationSupport.warn(DeprecationSupport.ObjectType.METHOD, getClass().getName() + ".buildHttpClientContext()", null, null);
        return buildHttpClientContext(null);
    }

    protected HttpClientContext buildHttpClientContext(@Nullable HttpUriRequest httpUriRequest) {
        HttpClientContext create = HttpClientContext.create();
        HttpClientSecuritySupport.marshalSecurityParameters(create, this.httpClientSecurityParameters, true);
        if (this.credentialsProvider != null) {
            create.setCredentialsProvider(this.credentialsProvider);
        }
        if (this.tlsTrustEngine != null) {
            create.setAttribute(HttpClientSecurityConstants.CONTEXT_KEY_TRUST_ENGINE, this.tlsTrustEngine);
        }
        if (httpUriRequest != null) {
            HttpClientSecuritySupport.addDefaultTLSTrustEngineCriteria(create, httpUriRequest);
        }
        return create;
    }

    protected void processConditionalRetrievalHeaders(HttpResponse httpResponse) {
        Header firstHeader = httpResponse.getFirstHeader("ETag");
        if (firstHeader != null) {
            this.cachedMetadataETag = firstHeader.getValue();
        }
        Header firstHeader2 = httpResponse.getFirstHeader("Last-Modified");
        if (firstHeader2 != null) {
            this.cachedMetadataLastModified = firstHeader2.getValue();
        }
    }

    protected byte[] getMetadataBytesFromResponse(HttpResponse httpResponse) throws ResolverException {
        this.log.debug("{} Attempting to extract metadata from response to request for metadata from '{}'", getLogPrefix(), getMetadataURI());
        try {
            try {
                byte[] inputstreamToByteArray = inputstreamToByteArray(httpResponse.getEntity().getContent());
                EntityUtils.consumeQuietly(httpResponse.getEntity());
                return inputstreamToByteArray;
            } catch (IOException e) {
                this.log.error("{} Unable to read response", getLogPrefix(), e);
                throw new ResolverException("Unable to read response", e);
            }
        } catch (Throwable th) {
            EntityUtils.consumeQuietly(httpResponse.getEntity());
            throw th;
        }
    }
}
