package org.apereo.cas.support.saml.web.idp.metadata;

import com.google.common.base.Throwables;
import com.google.common.collect.Lists;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.annotation.PostConstruct;
import net.shibboleth.idp.installer.metadata.MetadataGenerator;
import net.shibboleth.idp.installer.metadata.MetadataGeneratorParameters;
import net.shibboleth.utilities.java.support.security.SelfSignedCertificateGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/metadata/ShibbolethIdpMetadataAndCertificatesGenerationService.class */
public class ShibbolethIdpMetadataAndCertificatesGenerationService implements SamlIdpMetadataAndCertificatesGenerationService {
    private static final String URI_SUBJECT_ALTNAME_POSTFIX = "idp/metadata";
    private transient Logger logger = LoggerFactory.getLogger(getClass());
    private File metadataFile;
    private File signingCertFile;
    private File signingKeyFile;
    private File encryptionCertFile;
    private File encryptionCertKeyFile;
    private File metadataLocation;
    private String entityId;
    private String hostName;
    private String scope;

    @PostConstruct
    public void initialize() {
        Assert.notNull(this.metadataLocation, "IdP metadataLocation cannot be null and must be defined");
        Assert.hasText(this.entityId, "IdP entityID cannot be empty and must be defined");
        Assert.hasText(this.hostName, "IdP hostName cannot be empty and must be defined");
        Assert.hasText(this.scope, "IdP scope cannot be empty and must be defined");
        if (!this.metadataLocation.exists() && !this.metadataLocation.mkdir()) {
            throw new IllegalArgumentException("Metadata directory location " + this.metadataLocation + " cannot be located/created");
        }
        this.logger.info("Metadata directory location is at [{}] with entityID [{}]", this.metadataLocation, this.entityId);
        this.metadataFile = new File(this.metadataLocation, "idp-metadata.xml");
        this.signingCertFile = new File(this.metadataLocation, "idp-signing.crt");
        this.signingKeyFile = new File(this.metadataLocation, "idp-signing.key");
        this.encryptionCertFile = new File(this.metadataLocation, "idp-encryption.crt");
        this.encryptionCertKeyFile = new File(this.metadataLocation, "idp-encryption.key");
    }

    public File getMetadataFile() {
        return this.metadataFile;
    }

    public String getEntityId() {
        return this.entityId;
    }

    public String getScope() {
        return this.scope;
    }

    public String getHostName() {
        return this.hostName;
    }

    public File getSigningCertFile() {
        return this.signingCertFile;
    }

    public File getEncryptionCertFile() {
        return this.encryptionCertFile;
    }

    public boolean isMetadataMissing() {
        return !this.metadataFile.exists();
    }

    @Override // org.apereo.cas.support.saml.web.idp.metadata.SamlIdpMetadataAndCertificatesGenerationService
    public File performGenerationSteps() {
        try {
            this.logger.debug("Preparing to generate metadata for entityId [{}]", this.entityId);
            if (isMetadataMissing()) {
                this.logger.info("Metadata does not exist at [{}]. Creating...", this.metadataFile);
                this.logger.info("Creating self-sign certificate for signing...");
                buildSelfSignedSigningCert();
                this.logger.info("Creating self-sign certificate for encryption...");
                buildSelfSignedEncryptionCert();
                this.logger.info("Creating metadata...");
                buildMetadataGeneratorParameters();
            }
            this.logger.info("Metadata is available at [{}]", this.metadataFile);
            return this.metadataFile;
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
            throw Throwables.propagate(e);
        }
    }

    protected void buildSelfSignedEncryptionCert() throws Exception {
        SelfSignedCertificateGenerator selfSignedCertificateGenerator = new SelfSignedCertificateGenerator();
        selfSignedCertificateGenerator.setHostName(this.hostName);
        selfSignedCertificateGenerator.setCertificateFile(this.encryptionCertFile);
        selfSignedCertificateGenerator.setPrivateKeyFile(this.encryptionCertKeyFile);
        selfSignedCertificateGenerator.setURISubjectAltNames(Lists.newArrayList(new String[]{this.hostName.concat(URI_SUBJECT_ALTNAME_POSTFIX)}));
        selfSignedCertificateGenerator.generate();
    }

    protected void buildSelfSignedSigningCert() throws Exception {
        SelfSignedCertificateGenerator selfSignedCertificateGenerator = new SelfSignedCertificateGenerator();
        selfSignedCertificateGenerator.setHostName(this.hostName);
        selfSignedCertificateGenerator.setCertificateFile(this.signingCertFile);
        selfSignedCertificateGenerator.setPrivateKeyFile(this.signingKeyFile);
        selfSignedCertificateGenerator.setURISubjectAltNames(Lists.newArrayList(new String[]{this.hostName.concat(URI_SUBJECT_ALTNAME_POSTFIX)}));
        selfSignedCertificateGenerator.generate();
    }

    protected void buildMetadataGeneratorParameters() throws IOException {
        MetadataGenerator metadataGenerator = new MetadataGenerator(this.metadataFile);
        MetadataGeneratorParameters metadataGeneratorParameters = new MetadataGeneratorParameters();
        metadataGeneratorParameters.setEncryptionCert(this.encryptionCertFile);
        metadataGeneratorParameters.setSigningCert(this.signingCertFile);
        ArrayList arrayList = new ArrayList(2);
        List backchannelCert = metadataGeneratorParameters.getBackchannelCert();
        if (null != backchannelCert) {
            arrayList.add(backchannelCert);
        }
        List signingCert = metadataGeneratorParameters.getSigningCert();
        if (null != signingCert) {
            arrayList.add(signingCert);
        }
        metadataGenerator.setSigningCerts(arrayList);
        List encryptionCert = metadataGeneratorParameters.getEncryptionCert();
        if (null != encryptionCert) {
            metadataGenerator.setEncryptionCerts(Collections.singletonList(encryptionCert));
        }
        metadataGenerator.setDNSName(this.hostName);
        metadataGenerator.setEntityID(this.entityId);
        metadataGenerator.setScope(this.scope);
        metadataGenerator.setSAML2AttributeQueryCommented(true);
        metadataGenerator.setSAML2LogoutCommented(false);
        metadataGenerator.generate();
    }

    public void setMetadataLocation(File file) {
        this.metadataLocation = file;
    }

    public void setEntityId(String str) {
        this.entityId = str;
    }

    public void setHostName(String str) {
        this.hostName = str;
    }

    public void setScope(String str) {
        this.scope = str;
    }
}
