package net.shibboleth.idp.installer.impl;

import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.Security;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.Version;
import net.shibboleth.idp.admin.impl.IdPInfo;
import net.shibboleth.idp.cli.AbstractIdPHomeAwareCommandLine;
import net.shibboleth.idp.installer.InstallerSupport;
import net.shibboleth.idp.installer.impl.UpdateIdPArguments;
import net.shibboleth.idp.installer.plugin.impl.TrustStore;
import net.shibboleth.profile.installablecomponent.InstallableComponentInfo;
import net.shibboleth.profile.installablecomponent.InstallableComponentSupport;
import net.shibboleth.profile.installablecomponent.InstallableComponentVersion;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.spring.httpclient.resource.HTTPResource;
import org.apache.commons.lang3.SystemUtils;
import org.apache.hc.client5.http.classic.HttpClient;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.opensaml.security.httpclient.HttpClientSecurityContextHandler;
import org.slf4j.Logger;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;

/* loaded from: input_file:net/shibboleth/idp/installer/impl/UpdateIdPCLI.class */
public class UpdateIdPCLI extends AbstractIdPHomeAwareCommandLine<UpdateIdPArguments> {

    @Nonnull
    public static final String SHIBBOLETH_SIGNING_KEYS = "http://shibboleth.net/downloads/PGP_KEYS";

    @Nullable
    private Logger log;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: net.shibboleth.idp.installer.impl.UpdateIdPCLI$1, reason: invalid class name */
    /* loaded from: input_file:net/shibboleth/idp/installer/impl/UpdateIdPCLI$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$net$shibboleth$profile$installablecomponent$InstallableComponentSupport$SupportLevel = new int[InstallableComponentSupport.SupportLevel.values().length];

        static {
            try {
                $SwitchMap$net$shibboleth$profile$installablecomponent$InstallableComponentSupport$SupportLevel[InstallableComponentSupport.SupportLevel.Current.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$net$shibboleth$profile$installablecomponent$InstallableComponentSupport$SupportLevel[InstallableComponentSupport.SupportLevel.Secadv.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    @Nonnull
    protected Class<UpdateIdPArguments> getArgumentClass() {
        return UpdateIdPArguments.class;
    }

    @Nonnull
    protected String getVersion() {
        String version = Version.getVersion();
        if ($assertionsDisabled || version != null) {
            return version;
        }
        throw new AssertionError();
    }

    @Nonnull
    protected Logger getLogger() {
        Logger logger = this.log;
        if (logger == null) {
            Logger logger2 = LoggerFactory.getLogger(UpdateIdPCLI.class);
            this.log = logger2;
            logger = logger2;
        }
        return logger;
    }

    @Nonnull
    protected List<Resource> getAdditionalSpringResources() {
        return CollectionSupport.singletonList(new ClassPathResource("net/shibboleth/idp/conf/http-client.xml"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int doRun(@Nonnull UpdateIdPArguments updateIdPArguments) {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        if (updateIdPArguments.getHttpClientName() == null) {
            updateIdPArguments.setHttpClientName("shibboleth.InternalHttpClient");
        }
        super.doRun(updateIdPArguments);
        if (getHttpClient() == null) {
            getLogger().error("Could not not locate http client {}", updateIdPArguments.getHttpClientName());
            return 1;
        }
        List<String> listOf = updateIdPArguments.getUpdateURLs().isEmpty() ? CollectionSupport.listOf("https://shibboleth.net/downloads/identity-provider/plugins/idp-versions.properties", "http://plugins.shibboleth.net/idp-versions.properties") : updateIdPArguments.getUpdateURLs();
        ArrayList arrayList = new ArrayList(listOf.size());
        for (String str : listOf) {
            try {
                arrayList.add(new URL(str));
            } catch (MalformedURLException e) {
                getLogger().error("Could not convert {} to a URL", str);
                return 2;
            }
        }
        HttpClient httpClient = getHttpClient();
        if (!$assertionsDisabled && httpClient == null) {
            throw new AssertionError();
        }
        Properties loadInfo = InstallableComponentSupport.loadInfo(arrayList, httpClient, getHttpClientSecurityParameters());
        if (loadInfo == null) {
            return 2;
        }
        IdPInfo idPInfo = new IdPInfo(loadInfo);
        UpdateIdPArguments.OperationType operation = updateIdPArguments.getOperation();
        if (operation == UpdateIdPArguments.OperationType.LIST) {
            return list(updateIdPArguments, idPInfo);
        }
        return checkUpdate(updateIdPArguments, idPInfo, operation == UpdateIdPArguments.OperationType.DOWLOAD);
    }

    private int checkUpdate(@Nonnull UpdateIdPArguments updateIdPArguments, @Nonnull InstallableComponentInfo installableComponentInfo, boolean z) {
        InstallableComponentVersion updateFromVersion = updateIdPArguments.getUpdateFromVersion();
        InstallableComponentInfo.VersionInfo versionInfo = (InstallableComponentInfo.VersionInfo) installableComponentInfo.getAvailableVersions().get(updateFromVersion);
        if (versionInfo != null) {
            InstallableComponentSupport.SupportLevel supportLevel = versionInfo.getSupportLevel();
            switch (AnonymousClass1.$SwitchMap$net$shibboleth$profile$installablecomponent$InstallableComponentSupport$SupportLevel[supportLevel.ordinal()]) {
                case 1:
                    getLogger().info("Version {} is current");
                    break;
                case 2:
                    getLogger().error("Version {} has known security vulnerabilities", updateFromVersion);
                    break;
                default:
                    getLogger().warn("Support level for {} is {}", updateFromVersion, supportLevel);
                    break;
            }
        } else {
            getLogger().warn("Could not locate version info for version {}", updateFromVersion);
        }
        InstallableComponentVersion updateToVersion = updateIdPArguments.getUpdateToVersion();
        boolean z2 = updateToVersion != null;
        if (!z2) {
            updateToVersion = InstallableComponentSupport.getBestVersion(updateFromVersion, updateFromVersion, installableComponentInfo);
        }
        if (updateToVersion == null) {
            getLogger().info("No Upgrade available from {}", updateFromVersion);
            return 0;
        }
        if (z2) {
            getLogger().info("Download version {}", updateToVersion);
        } else {
            getLogger().info("Version {} can be upgraded to {}", updateFromVersion, updateToVersion);
        }
        if (!z) {
            return 0;
        }
        InstallableComponentInfo.VersionInfo versionInfo2 = (InstallableComponentInfo.VersionInfo) installableComponentInfo.getAvailableVersions().get(updateToVersion);
        if ($assertionsDisabled || versionInfo2 != null) {
            return download(updateIdPArguments, updateToVersion, installableComponentInfo);
        }
        throw new AssertionError();
    }

    private int list(@Nonnull UpdateIdPArguments updateIdPArguments, @Nonnull InstallableComponentInfo installableComponentInfo) {
        Map availableVersions = installableComponentInfo.getAvailableVersions();
        ArrayList<InstallableComponentVersion> arrayList = new ArrayList(availableVersions.keySet());
        arrayList.sort(null);
        InstallableComponentVersion updateFromVersion = updateIdPArguments.getUpdateFromVersion();
        for (InstallableComponentVersion installableComponentVersion : arrayList) {
            InstallableComponentInfo.VersionInfo versionInfo = (InstallableComponentInfo.VersionInfo) availableVersions.get(installableComponentVersion);
            Logger logger = getLogger();
            Object[] objArr = new Object[4];
            objArr[0] = installableComponentVersion;
            objArr[1] = installableComponentVersion.equals(updateFromVersion) ? " (current);" : ";";
            objArr[2] = versionInfo.getSupportLevel();
            objArr[3] = installableComponentInfo.isSupportedWithIdPVersion(installableComponentVersion, updateFromVersion) ? "yes" : "no";
            logger.info("Version {}{} Supported Status: {}, Upgrade Candidate: {}", objArr);
        }
        return 0;
    }

    private int download(@Nonnull UpdateIdPArguments updateIdPArguments, @Nonnull InstallableComponentVersion installableComponentVersion, @Nonnull InstallableComponentInfo installableComponentInfo) {
        String updateBaseName = installableComponentInfo.getUpdateBaseName(installableComponentVersion);
        if (updateBaseName == null) {
            getLogger().error("Could not get file name for idp update version {}", installableComponentVersion);
            return 2;
        }
        String str = updateBaseName + (SystemUtils.IS_OS_WINDOWS ? ".zip" : ".tgz");
        URL updateURL = installableComponentInfo.getUpdateURL(installableComponentVersion);
        if (updateURL == null) {
            getLogger().error("Could not get base URL for idp update version {}", installableComponentVersion);
            return 2;
        }
        getLogger().info("Downloading version {} to {}  from {}/{}", new Object[]{installableComponentVersion, updateIdPArguments.getDownloadLocation(), updateURL, str});
        try {
            HttpClient httpClient = getHttpClient();
            if (!$assertionsDisabled && httpClient == null) {
                throw new AssertionError();
            }
            HTTPResource hTTPResource = new HTTPResource(httpClient, updateURL);
            HttpClientSecurityContextHandler httpClientSecurityContextHandler = new HttpClientSecurityContextHandler();
            httpClientSecurityContextHandler.setHttpClientSecurityParameters(getHttpClientSecurityParameters());
            httpClientSecurityContextHandler.initialize();
            hTTPResource.setHttpClientContextHandler(httpClientSecurityContextHandler);
            InstallerSupport.download(hTTPResource, httpClientSecurityContextHandler, updateIdPArguments.getDownloadLocation(), str + ".asc");
            InstallerSupport.download(hTTPResource, httpClientSecurityContextHandler, updateIdPArguments.getDownloadLocation(), str);
            getLogger().debug("Checking signature");
            int checkSignature = checkSignature(updateIdPArguments, str);
            if (checkSignature != 0) {
                getLogger().info("Deleting downloaded files");
                try {
                    Files.delete(updateIdPArguments.getDownloadLocation().resolve(str));
                    Files.delete(updateIdPArguments.getDownloadLocation().resolve(str + ".asc"));
                } catch (IOException e) {
                    getLogger().error("Could not delete {}[.asc]", str, e);
                    updateIdPArguments.getDownloadLocation().resolve(str).toFile().deleteOnExit();
                    updateIdPArguments.getDownloadLocation().resolve(str + ".asc").toFile().deleteOnExit();
                }
            } else {
                getLogger().info("Signature checked OK");
            }
            return checkSignature;
        } catch (IOException | ComponentInitializationException e2) {
            getLogger().error("Could not download idp version {} from {}", new Object[]{installableComponentVersion, updateURL, e2});
            return 2;
        }
    }

    private int checkSignature(@Nonnull UpdateIdPArguments updateIdPArguments, @Nonnull String str) {
        BufferedInputStream bufferedInputStream;
        try {
            BufferedInputStream bufferedInputStream2 = new BufferedInputStream(new FileInputStream(updateIdPArguments.getDownloadLocation().resolve(str + ".asc").toFile()));
            try {
                TrustStore trustStore = new TrustStore();
                Path of = Path.of(updateIdPArguments.getIdPHome(), new String[0]);
                if (!$assertionsDisabled && of == null) {
                    throw new AssertionError();
                }
                trustStore.setIdpHome(of);
                trustStore.setTrustStore(updateIdPArguments.getTruststore());
                trustStore.setPluginId("net.shibboleth.idp");
                trustStore.initialize();
                TrustStore.Signature signatureOf = TrustStore.signatureOf(bufferedInputStream2);
                if (!trustStore.contains(signatureOf)) {
                    getLogger().info("TrustStore does not contain signature {}", signatureOf);
                    getLogger().info("Downloading {}", SHIBBOLETH_SIGNING_KEYS);
                    HttpClient httpClient = getHttpClient();
                    if (!$assertionsDisabled && httpClient == null) {
                        throw new AssertionError();
                    }
                    HTTPResource hTTPResource = new HTTPResource(httpClient, SHIBBOLETH_SIGNING_KEYS);
                    HttpClientSecurityContextHandler httpClientSecurityContextHandler = new HttpClientSecurityContextHandler();
                    httpClientSecurityContextHandler.setHttpClientSecurityParameters(getHttpClientSecurityParameters());
                    httpClientSecurityContextHandler.initialize();
                    hTTPResource.setHttpClientContextHandler(httpClientSecurityContextHandler);
                    bufferedInputStream = new BufferedInputStream(hTTPResource.getInputStream());
                    try {
                        trustStore.importKeyFromStream(signatureOf, bufferedInputStream, new InstallerSupport.InstallerQuery("Accept this key"));
                        bufferedInputStream.close();
                        if (!trustStore.contains(signatureOf)) {
                            getLogger().info("Key not added to Trust Store");
                            bufferedInputStream2.close();
                            return 2;
                        }
                    } finally {
                    }
                }
                bufferedInputStream = new BufferedInputStream(new FileInputStream(updateIdPArguments.getDownloadLocation().resolve(str).toFile()));
                try {
                    if (trustStore.checkSignature(bufferedInputStream, signatureOf)) {
                        bufferedInputStream.close();
                        bufferedInputStream2.close();
                        return 0;
                    }
                    getLogger().info("Signature checked for {} failed", str);
                    bufferedInputStream.close();
                    bufferedInputStream2.close();
                    return 2;
                } finally {
                }
            } finally {
            }
        } catch (ComponentInitializationException | IOException e) {
            getLogger().error("Could not manage truststore for [{}, {}] ", new Object[]{updateIdPArguments.getIdPHome(), "net.shibboleth.idp", e});
            return 2;
        }
    }

    public static int runMain(@Nonnull String[] strArr) {
        return new UpdateIdPCLI().run(strArr);
    }

    public static void main(@Nonnull String[] strArr) {
        System.exit(runMain(strArr));
    }

    static {
        $assertionsDisabled = !UpdateIdPCLI.class.desiredAssertionStatus();
    }
}
