package edu.internet2.middleware.shibboleth.common.config.metadata;

import edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils;
import edu.internet2.middleware.shibboleth.common.config.resource.SVNResourceBeanDefinitionParser;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.xml.namespace.QName;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.ws.soap.client.http.HttpClientBuilder;
import org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory;
import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.XMLHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.ParserContext;
import org.w3c.dom.Element;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/config/metadata/HTTPMetadataProviderBeanDefinitionParser.class */
public class HTTPMetadataProviderBeanDefinitionParser extends AbstractReloadingMetadataProviderBeanDefinitionParser {
    public static final QName TYPE_NAME = new QName(MetadataNamespaceHandler.NAMESPACE, "HTTPMetadataProvider");
    private Logger log = LoggerFactory.getLogger(HTTPMetadataProviderBeanDefinitionParser.class);

    protected Class getBeanClass(Element element) {
        return HTTPMetadataProvider.class;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // edu.internet2.middleware.shibboleth.common.config.metadata.AbstractReloadingMetadataProviderBeanDefinitionParser, edu.internet2.middleware.shibboleth.common.config.metadata.AbstractMetadataProviderBeanDefinitionParser, edu.internet2.middleware.shibboleth.common.config.metadata.BaseMetadataProviderBeanDefinitionParser
    public void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder beanDefinitionBuilder) {
        String providerId = getProviderId(element);
        super.doParse(element, parserContext, beanDefinitionBuilder);
        String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "metadataURL"));
        try {
            beanDefinitionBuilder.addConstructorArgValue(buildHttpClient(element, providerId, new URL(safeTrimOrNullString)));
            this.log.debug("Metadata provider '{}' metadata URL: {}", providerId, safeTrimOrNullString);
            beanDefinitionBuilder.addConstructorArgValue(safeTrimOrNullString);
        } catch (MalformedURLException e) {
            throw new BeanCreationException("metadataURL attribute for metadata provider " + providerId + " must be present and must contain a valid URL");
        }
    }

    protected HttpClient buildHttpClient(Element element, String str, URL url) {
        HttpClientBuilder httpClientBuilder = new HttpClientBuilder();
        int i = 5000;
        if (element.hasAttributeNS(null, "requestTimeout")) {
            i = (int) SpringConfigurationUtils.parseDurationToMillis("'requestTimeout' on metadata provider " + str, element.getAttributeNS(null, "requestTimeout"), 0);
        }
        this.log.debug("Metadata provider '{}' HTTP request timeout: {}ms", str, Integer.valueOf(i));
        httpClientBuilder.setConnectionTimeout(i);
        if (url.getProtocol().equalsIgnoreCase("https")) {
            boolean z = false;
            if (element.hasAttributeNS(null, "disregardSslCertificate")) {
                z = XMLHelper.getAttributeValueAsBoolean(element.getAttributeNodeNS(null, "disregardSslCertificate")).booleanValue();
            }
            this.log.debug("Metadata provider '{}' disregards server SSL certificate: {}", str, Boolean.valueOf(z));
            if (z) {
                httpClientBuilder.setHttpsProtocolSocketFactory(new TLSProtocolSocketFactory((X509KeyManager) null, buildNoTrustTrustManager()));
            }
        }
        setHttpProxySettings(httpClientBuilder, element, str);
        HttpClient buildClient = httpClientBuilder.buildClient();
        setHttpBasicAuthSettings(buildClient, element, str, url);
        return buildClient;
    }

    protected X509TrustManager buildNoTrustTrustManager() {
        return new X509TrustManager() { // from class: edu.internet2.middleware.shibboleth.common.config.metadata.HTTPMetadataProviderBeanDefinitionParser.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
    }

    protected void setHttpProxySettings(HttpClientBuilder httpClientBuilder, Element element, String str) {
        String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, SVNResourceBeanDefinitionParser.PROXY_HOST_ATTRIB_NAME));
        if (safeTrimOrNullString == null) {
            return;
        }
        this.log.debug("Metadata provider '{}' HTTP proxy host: {}", str, safeTrimOrNullString);
        httpClientBuilder.setProxyHost(safeTrimOrNullString);
        if (element.hasAttributeNS(null, SVNResourceBeanDefinitionParser.PROXY_PORT_ATTRIB_NAME)) {
            int parseInt = Integer.parseInt(element.getAttributeNS(null, SVNResourceBeanDefinitionParser.PROXY_PORT_ATTRIB_NAME));
            this.log.debug("Metadata provider '{}' HTTP proxy port: ", str, Integer.valueOf(parseInt));
            httpClientBuilder.setProxyPort(parseInt);
        }
        String safeTrimOrNullString2 = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "proxyUser"));
        if (safeTrimOrNullString2 != null) {
            this.log.debug("Metadata provider '{}' HTTP proxy username: ", str, safeTrimOrNullString2);
            httpClientBuilder.setProxyUsername(safeTrimOrNullString2);
            this.log.debug("Metadata provider '{}' HTTP proxy password not shown", str);
            httpClientBuilder.setProxyPassword(DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, SVNResourceBeanDefinitionParser.PROXY_PASSWORD_ATTRIB_NAME)));
        }
    }

    protected void setHttpBasicAuthSettings(HttpClient httpClient, Element element, String str, URL url) {
        String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "basicAuthUser"));
        if (safeTrimOrNullString == null) {
            return;
        }
        this.log.debug("Metadata provider '{}' HTTP Basic Auth username: {}", str, safeTrimOrNullString);
        String safeTrimOrNullString2 = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "basicAuthPassword"));
        this.log.debug("Metadata provider '{}' HTTP Basic Auth password not show", str);
        UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials(safeTrimOrNullString, safeTrimOrNullString2);
        httpClient.getState().setCredentials(new AuthScope(url.getHost(), url.getPort()), usernamePasswordCredentials);
    }
}
