package org.apereo.cas.support.saml.web.idp.metadata;

import com.google.common.base.Throwables;
import java.io.File;
import java.io.StringWriter;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import javax.annotation.PostConstruct;
import net.shibboleth.utilities.java.support.security.SelfSignedCertificateGenerator;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/metadata/TemplatedMetadataAndCertificatesGenerationService.class */
public class TemplatedMetadataAndCertificatesGenerationService implements SamlIdpMetadataAndCertificatesGenerationService {
    private static final String URI_SUBJECT_ALTNAME_POSTFIX = "/idp/metadata";
    private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----";
    private static final String END_CERTIFICATE = "-----END CERTIFICATE-----";
    private static final Logger LOGGER = LoggerFactory.getLogger(TemplatedMetadataAndCertificatesGenerationService.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    private ResourceLoader resourceLoader;

    @PostConstruct
    public void initialize() {
        try {
            SamlIdPProperties samlIdp = this.casProperties.getAuthn().getSamlIdp();
            Resource location = samlIdp.getMetadata().getLocation();
            if (!location.exists() && !location.getFile().mkdir()) {
                throw new IllegalArgumentException("Metadata directory location " + location + " cannot be located/created");
            }
            LOGGER.info("Metadata directory location is at [{}] with entityID [{}]", location, samlIdp.getEntityId());
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    public boolean isMetadataMissing() {
        try {
            return !this.casProperties.getAuthn().getSamlIdp().getMetadata().getMetadataFile().exists();
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    @Override // org.apereo.cas.support.saml.web.idp.metadata.SamlIdpMetadataAndCertificatesGenerationService
    public File performGenerationSteps() {
        try {
            SamlIdPProperties samlIdp = this.casProperties.getAuthn().getSamlIdp();
            LOGGER.debug("Preparing to generate metadata for entityId [{}]", samlIdp.getEntityId());
            if (isMetadataMissing()) {
                LOGGER.info("Metadata does not exist at [{}]. Creating...", samlIdp.getMetadata().getMetadataFile());
                LOGGER.info("Creating self-sign certificate for signing...");
                buildSelfSignedSigningCert();
                LOGGER.info("Creating self-sign certificate for encryption...");
                buildSelfSignedEncryptionCert();
                LOGGER.info("Creating metadata...");
                buildMetadataGeneratorParameters();
            }
            LOGGER.info("Metadata is available at [{}]", samlIdp.getMetadata().getMetadataFile());
            return samlIdp.getMetadata().getMetadataFile();
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            throw Throwables.propagate(e);
        }
    }

    private String getIdPEndpointUrl() {
        return this.casProperties.getServer().getPrefix().concat("/idp");
    }

    private String getIdPHostName() {
        try {
            return new URL(this.casProperties.getServer().getPrefix()).getHost();
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    protected void buildSelfSignedEncryptionCert() throws Exception {
        SamlIdPProperties samlIdp = this.casProperties.getAuthn().getSamlIdp();
        SelfSignedCertificateGenerator selfSignedCertificateGenerator = new SelfSignedCertificateGenerator();
        selfSignedCertificateGenerator.setHostName(getIdPHostName());
        selfSignedCertificateGenerator.setCertificateFile(samlIdp.getMetadata().getEncryptionCertFile().getFile());
        selfSignedCertificateGenerator.setPrivateKeyFile(samlIdp.getMetadata().getEncryptionKeyFile().getFile());
        selfSignedCertificateGenerator.setURISubjectAltNames(Arrays.asList(getIdPHostName().concat("/idp/metadata")));
        selfSignedCertificateGenerator.generate();
    }

    protected void buildSelfSignedSigningCert() throws Exception {
        SamlIdPProperties samlIdp = this.casProperties.getAuthn().getSamlIdp();
        SelfSignedCertificateGenerator selfSignedCertificateGenerator = new SelfSignedCertificateGenerator();
        selfSignedCertificateGenerator.setHostName(getIdPHostName());
        selfSignedCertificateGenerator.setCertificateFile(samlIdp.getMetadata().getSigningCertFile().getFile());
        selfSignedCertificateGenerator.setPrivateKeyFile(samlIdp.getMetadata().getSigningKeyFile().getFile());
        selfSignedCertificateGenerator.setURISubjectAltNames(Arrays.asList(getIdPHostName().concat("/idp/metadata")));
        selfSignedCertificateGenerator.generate();
    }

    protected void buildMetadataGeneratorParameters() throws Exception {
        SamlIdPProperties samlIdp = this.casProperties.getAuthn().getSamlIdp();
        Resource resource = this.resourceLoader.getResource("classpath:/template-idp-metadata.xml");
        String trim = StringUtils.remove(StringUtils.remove(FileUtils.readFileToString(samlIdp.getMetadata().getSigningCertFile().getFile(), StandardCharsets.UTF_8), BEGIN_CERTIFICATE), END_CERTIFICATE).trim();
        String trim2 = StringUtils.remove(StringUtils.remove(FileUtils.readFileToString(samlIdp.getMetadata().getEncryptionCertFile().getFile(), StandardCharsets.UTF_8), BEGIN_CERTIFICATE), END_CERTIFICATE).trim();
        StringWriter stringWriter = new StringWriter();
        Throwable th = null;
        try {
            try {
                IOUtils.copy(resource.getInputStream(), stringWriter, StandardCharsets.UTF_8);
                FileUtils.write(samlIdp.getMetadata().getMetadataFile(), stringWriter.toString().replace("${entityId}", samlIdp.getEntityId()).replace("${scope}", samlIdp.getScope()).replace("${idpEndpointUrl}", getIdPEndpointUrl()).replace("${encryptionKey}", trim2).replace("${signingKey}", trim), StandardCharsets.UTF_8);
                if (stringWriter != null) {
                    if (0 == 0) {
                        stringWriter.close();
                        return;
                    }
                    try {
                        stringWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (stringWriter != null) {
                if (th != null) {
                    try {
                        stringWriter.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    stringWriter.close();
                }
            }
            throw th4;
        }
    }
}
