package org.opensaml.saml.metadata.resolver.impl;

import com.google.common.base.Function;
import com.google.common.base.Strings;
import com.google.common.collect.Collections2;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Timer;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.net.ssl.SSLPeerUnverifiedException;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NotLive;
import net.shibboleth.utilities.java.support.annotation.constraint.Unmodifiable;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.HttpClient;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.security.httpclient.HttpClientSecurityConstants;
import org.opensaml.security.trust.TrustEngine;
import org.opensaml.security.x509.X509Credential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-283-10.zip:modules/system/layers/fuse/org/opensaml/3.1/opensaml-saml-impl-3.1.1.jar:org/opensaml/saml/metadata/resolver/impl/AbstractDynamicHTTPMetadataResolver.class */
public abstract class AbstractDynamicHTTPMetadataResolver extends AbstractDynamicMetadataResolver {
    public static final String[] DEFAULT_CONTENT_TYPES = {"application/samlmetadata+xml", "application/xml", "text/xml"};

    @Nonnull
    private final Logger log;

    @Nonnull
    private HttpClient httpClient;
    private List<String> supportedContentTypes;
    private String supportedContentTypesValue;
    private ResponseHandler<XMLObject> responseHandler;
    private CredentialsProvider credentialsProvider;
    private TrustEngine<? super X509Credential> tlsTrustEngine;

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-283-10.zip:modules/system/layers/fuse/org/opensaml/3.1/opensaml-saml-impl-3.1.1.jar:org/opensaml/saml/metadata/resolver/impl/AbstractDynamicHTTPMetadataResolver$BasicMetadataResponseHandler.class */
    public class BasicMetadataResponseHandler implements ResponseHandler<XMLObject> {
        public BasicMetadataResponseHandler() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.http.client.ResponseHandler
        public XMLObject handleResponse(@Nonnull HttpResponse httpResponse) throws IOException {
            int statusCode = httpResponse.getStatusLine().getStatusCode();
            if (statusCode == 304) {
                AbstractDynamicHTTPMetadataResolver.this.log.debug("Metadata document from '{}' has not changed since last retrieval");
                return null;
            }
            if (statusCode != 200) {
                AbstractDynamicHTTPMetadataResolver.this.log.warn("Non-ok status code '{}' returned from remote metadata source: {}", Integer.valueOf(statusCode));
                return null;
            }
            try {
                validateHttpResponse(httpResponse);
                try {
                    return AbstractDynamicHTTPMetadataResolver.this.unmarshallMetadata(httpResponse.getEntity().getContent());
                } catch (IOException | UnmarshallingException e) {
                    AbstractDynamicHTTPMetadataResolver.this.log.error("Error unmarshalling HTTP response stream", e);
                    return null;
                }
            } catch (ResolverException e2) {
                AbstractDynamicHTTPMetadataResolver.this.log.error("Problem validating dynamic metadata HTTP response", e2);
                return null;
            }
        }

        protected void validateHttpResponse(@Nonnull HttpResponse httpResponse) throws ResolverException {
            Header contentType;
            if (AbstractDynamicHTTPMetadataResolver.this.getSupportedContentTypes().isEmpty() || (contentType = httpResponse.getEntity().getContentType()) == null || contentType.getValue() == null) {
                return;
            }
            AbstractDynamicHTTPMetadataResolver.this.log.debug("Saw raw Content-Type from response header '{}'", contentType.getValue());
            String contentTypeMIMEType = getContentTypeMIMEType(contentType.getValue());
            AbstractDynamicHTTPMetadataResolver.this.log.debug("Extracted Content-Type MIME type to evaluate '{}'", contentTypeMIMEType);
            if (!AbstractDynamicHTTPMetadataResolver.this.getSupportedContentTypes().contains(contentTypeMIMEType)) {
                throw new ResolverException("HTTP response specified an unsupported Content-Type MIME type: " + contentTypeMIMEType);
            }
        }

        private String getContentTypeMIMEType(String str) {
            String trimOrNull = StringSupport.trimOrNull(str);
            if (trimOrNull == null) {
                return null;
            }
            return !trimOrNull.contains(";") ? trimOrNull.toLowerCase() : StringSupport.trim(trimOrNull.split(";")[0]).toLowerCase();
        }
    }

    public AbstractDynamicHTTPMetadataResolver(@Nonnull HttpClient httpClient) {
        this(null, httpClient);
    }

    public AbstractDynamicHTTPMetadataResolver(@Nullable Timer timer, @Nonnull HttpClient httpClient) {
        super(timer);
        this.log = LoggerFactory.getLogger(AbstractDynamicHTTPMetadataResolver.class);
        this.httpClient = (HttpClient) Constraint.isNotNull(httpClient, "HttpClient may not be null");
        this.responseHandler = new BasicMetadataResponseHandler();
    }

    public void setTLSTrustEngine(@Nullable TrustEngine<? super X509Credential> trustEngine) {
        this.tlsTrustEngine = trustEngine;
    }

    public void setCredentialsProvider(@Nullable CredentialsProvider credentialsProvider) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.credentialsProvider = credentialsProvider;
    }

    public void setBasicCredentials(@Nullable UsernamePasswordCredentials usernamePasswordCredentials) {
        setBasicCredentialsWithScope(usernamePasswordCredentials, null);
    }

    public void setBasicCredentialsWithScope(@Nullable UsernamePasswordCredentials usernamePasswordCredentials, @Nullable AuthScope authScope) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        if (usernamePasswordCredentials == null) {
            this.log.debug("Either username or password were null, disabling basic auth");
            this.credentialsProvider = null;
            return;
        }
        AuthScope authScope2 = authScope;
        if (authScope2 == null) {
            authScope2 = new AuthScope(AuthScope.ANY_HOST, -1);
        }
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(authScope2, usernamePasswordCredentials);
        this.credentialsProvider = basicCredentialsProvider;
    }

    @NonnullAfterInit
    @Unmodifiable
    @NotLive
    public List<String> getSupportedContentTypes() {
        return this.supportedContentTypes;
    }

    public void setSupportedContentTypes(@Nullable List<String> list) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        if (list == null) {
            this.supportedContentTypes = Collections.emptyList();
        } else {
            this.supportedContentTypes = new ArrayList(Collections2.transform(StringSupport.normalizeStringCollection(list), new Function<String, String>() { // from class: org.opensaml.saml.metadata.resolver.impl.AbstractDynamicHTTPMetadataResolver.1
                @Override // com.google.common.base.Function
                @Nullable
                public String apply(@Nullable String str) {
                    if (str == null) {
                        return null;
                    }
                    return str.toLowerCase();
                }
            }));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver, org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver
    public void initMetadataResolver() throws ComponentInitializationException {
        super.initMetadataResolver();
        setBackingStore(createNewBackingStore());
        if (getSupportedContentTypes() == null) {
            setSupportedContentTypes(Arrays.asList(DEFAULT_CONTENT_TYPES));
        }
        if (!getSupportedContentTypes().isEmpty()) {
            this.supportedContentTypesValue = StringSupport.listToStringValue(getSupportedContentTypes(), ", ");
        }
        this.log.debug("Supported content types are: {}", getSupportedContentTypes());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver, org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver
    public void doDestroy() {
        this.httpClient = null;
        this.credentialsProvider = null;
        this.supportedContentTypes = null;
        this.supportedContentTypesValue = null;
        super.doDestroy();
    }

    @Override // org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver
    @Nullable
    protected XMLObject fetchFromOriginSource(@Nonnull CriteriaSet criteriaSet) throws IOException {
        HttpUriRequest buildHttpRequest = buildHttpRequest(criteriaSet);
        if (buildHttpRequest == null) {
            this.log.debug("Could not build request based on input criteria, unable to query");
            return null;
        }
        HttpClientContext buildHttpClientContext = buildHttpClientContext();
        XMLObject xMLObject = (XMLObject) this.httpClient.execute(buildHttpRequest, this.responseHandler, buildHttpClientContext);
        checkTLSCredentialTrusted(buildHttpClientContext, buildHttpRequest);
        return xMLObject;
    }

    protected void checkTLSCredentialTrusted(HttpClientContext httpClientContext, HttpUriRequest httpUriRequest) throws SSLPeerUnverifiedException {
        if (this.tlsTrustEngine != null && "https".equalsIgnoreCase(httpUriRequest.getURI().getScheme()) && httpClientContext.getAttribute(HttpClientSecurityConstants.CONTEXT_KEY_SERVER_TLS_CREDENTIAL_TRUSTED) == null) {
            this.log.warn("Configured TLS trust engine was not used to verify server TLS credential, the appropriate socket factory was likely not configured");
            throw new SSLPeerUnverifiedException("Evaluation of server TLS credential with configured TrustEngine was not performed");
        }
    }

    @Nullable
    protected HttpUriRequest buildHttpRequest(@Nonnull CriteriaSet criteriaSet) {
        String buildRequestURL = buildRequestURL(criteriaSet);
        this.log.debug("Built request URL of: {}", buildRequestURL);
        if (buildRequestURL == null) {
            this.log.debug("Could not construct request URL from input criteria, unable to query");
            return null;
        }
        HttpGet httpGet = new HttpGet(buildRequestURL);
        if (!Strings.isNullOrEmpty(this.supportedContentTypesValue)) {
            httpGet.addHeader("Accept", this.supportedContentTypesValue);
        }
        return httpGet;
    }

    @Nullable
    protected abstract String buildRequestURL(@Nonnull CriteriaSet criteriaSet);

    protected HttpClientContext buildHttpClientContext() {
        HttpClientContext create = HttpClientContext.create();
        if (this.credentialsProvider != null) {
            create.setCredentialsProvider(this.credentialsProvider);
        }
        if (this.tlsTrustEngine != null) {
            create.setAttribute(HttpClientSecurityConstants.CONTEXT_KEY_TRUST_ENGINE, this.tlsTrustEngine);
        }
        return create;
    }
}
