package org.opensaml.saml.metadata.resolver.impl;

import com.google.common.base.Strings;
import com.google.common.io.ByteStreams;
import com.google.common.net.MediaType;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Timer;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NotLive;
import net.shibboleth.utilities.java.support.annotation.constraint.Unmodifiable;
import net.shibboleth.utilities.java.support.collection.LazySet;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.net.MediaTypeSupport;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.protocol.HttpContext;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.util.XMLObjectSource;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.opensaml.security.httpclient.HttpClientSecuritySupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;

/* loaded from: input_file:org/opensaml/saml/metadata/resolver/impl/AbstractDynamicHTTPMetadataResolver.class */
public abstract class AbstractDynamicHTTPMetadataResolver extends AbstractDynamicMetadataResolver {
    public static final String[] DEFAULT_CONTENT_TYPES = {"application/samlmetadata+xml", "application/xml", "text/xml"};
    public static final String MDC_ATTRIB_CURRENT_REQUEST_URI = AbstractDynamicHTTPMetadataResolver.class.getName() + ".currentRequestURI";

    @Nonnull
    private final Logger log;

    @Nonnull
    private HttpClient httpClient;

    @NonnullAfterInit
    private List<String> supportedContentTypes;

    @NonnullAfterInit
    private String supportedContentTypesValue;

    @NonnullAfterInit
    private Set<MediaType> supportedMediaTypes;

    @Nonnull
    private ResponseHandler<XMLObject> responseHandler;

    @Nullable
    private HttpClientSecurityParameters httpClientSecurityParameters;

    /* loaded from: input_file:org/opensaml/saml/metadata/resolver/impl/AbstractDynamicHTTPMetadataResolver$BasicMetadataResponseHandler.class */
    public class BasicMetadataResponseHandler implements ResponseHandler<XMLObject> {
        public BasicMetadataResponseHandler() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.http.client.ResponseHandler
        public XMLObject handleResponse(@Nonnull HttpResponse httpResponse) throws IOException {
            int statusCode = httpResponse.getStatusLine().getStatusCode();
            String str = MDC.get(AbstractDynamicHTTPMetadataResolver.MDC_ATTRIB_CURRENT_REQUEST_URI);
            if (statusCode == 304) {
                AbstractDynamicHTTPMetadataResolver.this.log.debug("{} Metadata document from '{}' has not changed since last retrieval", AbstractDynamicHTTPMetadataResolver.this.getLogPrefix(), str);
                return null;
            }
            if (statusCode != 200) {
                AbstractDynamicHTTPMetadataResolver.this.log.warn("{} Non-ok status code '{}' returned from remote metadata source: {}", new Object[]{AbstractDynamicHTTPMetadataResolver.this.getLogPrefix(), Integer.valueOf(statusCode), str});
                return null;
            }
            try {
                validateHttpResponse(httpResponse);
                try {
                    byte[] byteArray = ByteStreams.toByteArray(httpResponse.getEntity().getContent());
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArray);
                    try {
                        XMLObject unmarshallMetadata = AbstractDynamicHTTPMetadataResolver.this.unmarshallMetadata(byteArrayInputStream);
                        unmarshallMetadata.getObjectMetadata().put(new XMLObjectSource(byteArray));
                        byteArrayInputStream.close();
                        return unmarshallMetadata;
                    } finally {
                    }
                } catch (IOException | UnmarshallingException e) {
                    AbstractDynamicHTTPMetadataResolver.this.log.error("{} Error unmarshalling HTTP response stream", AbstractDynamicHTTPMetadataResolver.this.getLogPrefix(), e);
                    return null;
                }
            } catch (ResolverException e2) {
                AbstractDynamicHTTPMetadataResolver.this.log.error("{} Problem validating dynamic metadata HTTP response", AbstractDynamicHTTPMetadataResolver.this.getLogPrefix(), e2);
                return null;
            }
        }

        protected void validateHttpResponse(@Nonnull HttpResponse httpResponse) throws ResolverException {
            if (AbstractDynamicHTTPMetadataResolver.this.getSupportedMediaTypes().isEmpty()) {
                return;
            }
            String str = null;
            Header contentType = httpResponse.getEntity().getContentType();
            if (contentType != null && contentType.getValue() != null) {
                str = StringSupport.trimOrNull(contentType.getValue());
            }
            AbstractDynamicHTTPMetadataResolver.this.log.debug("{} Saw raw Content-Type from response header '{}'", AbstractDynamicHTTPMetadataResolver.this.getLogPrefix(), str);
            if (!MediaTypeSupport.validateContentType(str, AbstractDynamicHTTPMetadataResolver.this.getSupportedMediaTypes(), true, false)) {
                throw new ResolverException("HTTP response specified an unsupported Content-Type MIME type: " + str);
            }
        }
    }

    public AbstractDynamicHTTPMetadataResolver(@Nonnull HttpClient httpClient) {
        this(null, httpClient);
    }

    public AbstractDynamicHTTPMetadataResolver(@Nullable Timer timer, @Nonnull HttpClient httpClient) {
        super(timer);
        this.log = LoggerFactory.getLogger(AbstractDynamicHTTPMetadataResolver.class);
        this.httpClient = (HttpClient) Constraint.isNotNull(httpClient, "HttpClient may not be null");
        this.responseHandler = new BasicMetadataResponseHandler();
    }

    @Nullable
    protected HttpClientSecurityParameters getHttpClientSecurityParameters() {
        return this.httpClientSecurityParameters;
    }

    public void setHttpClientSecurityParameters(@Nullable HttpClientSecurityParameters httpClientSecurityParameters) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.httpClientSecurityParameters = httpClientSecurityParameters;
    }

    @NonnullAfterInit
    @Unmodifiable
    @NotLive
    protected Set<MediaType> getSupportedMediaTypes() {
        return this.supportedMediaTypes;
    }

    @NonnullAfterInit
    @Unmodifiable
    @NotLive
    public List<String> getSupportedContentTypes() {
        return this.supportedContentTypes;
    }

    public void setSupportedContentTypes(@Nullable List<String> list) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        if (list == null) {
            this.supportedContentTypes = Collections.emptyList();
        } else {
            this.supportedContentTypes = (List) StringSupport.normalizeStringCollection(list).stream().filter(str -> {
                return str != null;
            }).map((v0) -> {
                return v0.toLowerCase();
            }).collect(Collectors.toUnmodifiableList());
        }
    }

    @Override // org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver, org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver
    protected void initMetadataResolver() throws ComponentInitializationException {
        super.initMetadataResolver();
        if (getSupportedContentTypes() == null) {
            setSupportedContentTypes(Arrays.asList(DEFAULT_CONTENT_TYPES));
        }
        if (getSupportedContentTypes().isEmpty()) {
            this.supportedMediaTypes = Collections.emptySet();
        } else {
            this.supportedContentTypesValue = StringSupport.listToStringValue(getSupportedContentTypes(), ", ");
            this.supportedMediaTypes = new LazySet();
            Iterator<String> it = getSupportedContentTypes().iterator();
            while (it.hasNext()) {
                this.supportedMediaTypes.add(MediaType.parse(it.next()));
            }
        }
        this.log.debug("{} Supported content types are: {}", getLogPrefix(), getSupportedContentTypes());
    }

    @Override // org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver, org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver
    protected void doDestroy() {
        this.httpClient = null;
        this.httpClientSecurityParameters = null;
        this.supportedContentTypes = null;
        this.supportedContentTypesValue = null;
        this.supportedMediaTypes = null;
        super.doDestroy();
    }

    @Override // org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver
    @Nullable
    protected XMLObject fetchFromOriginSource(@Nonnull CriteriaSet criteriaSet) throws IOException {
        HttpUriRequest buildHttpRequest = buildHttpRequest(criteriaSet);
        if (buildHttpRequest == null) {
            this.log.debug("{} Could not build request based on input criteria, unable to query", getLogPrefix());
            return null;
        }
        HttpContext buildHttpClientContext = buildHttpClientContext(buildHttpRequest);
        try {
            MDC.put(MDC_ATTRIB_CURRENT_REQUEST_URI, buildHttpRequest.getURI().toString());
            XMLObject xMLObject = (XMLObject) this.httpClient.execute(buildHttpRequest, this.responseHandler, buildHttpClientContext);
            HttpClientSecuritySupport.checkTLSCredentialEvaluated(buildHttpClientContext, buildHttpRequest.getURI().getScheme());
            MDC.remove(MDC_ATTRIB_CURRENT_REQUEST_URI);
            return xMLObject;
        } catch (Throwable th) {
            MDC.remove(MDC_ATTRIB_CURRENT_REQUEST_URI);
            throw th;
        }
    }

    @Nullable
    protected HttpUriRequest buildHttpRequest(@Nonnull CriteriaSet criteriaSet) {
        String buildRequestURL = buildRequestURL(criteriaSet);
        this.log.debug("{} Built request URL of: {}", getLogPrefix(), buildRequestURL);
        if (buildRequestURL == null) {
            this.log.debug("{} Could not construct request URL from input criteria, unable to query", getLogPrefix());
            return null;
        }
        HttpGet httpGet = new HttpGet(buildRequestURL);
        if (!Strings.isNullOrEmpty(this.supportedContentTypesValue)) {
            httpGet.addHeader("Accept", this.supportedContentTypesValue);
        }
        return httpGet;
    }

    @Nullable
    protected abstract String buildRequestURL(@Nonnull CriteriaSet criteriaSet);

    protected HttpClientContext buildHttpClientContext(@Nonnull HttpUriRequest httpUriRequest) {
        HttpClientContext create = HttpClientContext.create();
        HttpClientSecuritySupport.marshalSecurityParameters(create, this.httpClientSecurityParameters, true);
        HttpClientSecuritySupport.addDefaultTLSTrustEngineCriteria(create, httpUriRequest);
        return create;
    }
}
