package org.apereo.cas.support.saml.idp.metadata;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.google.common.collect.Iterables;
import jakarta.annotation.Nonnull;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.ResolverException;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.util.function.FunctionUtils;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;
import org.springframework.retry.annotation.Backoff;
import org.springframework.retry.annotation.Retryable;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apereo/cas/support/saml/idp/metadata/SamlIdPMetadataResolver.class */
public class SamlIdPMetadataResolver extends BaseElementMetadataResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlIdPMetadataResolver.class);
    private final SamlIdPMetadataLocator locator;
    private final SamlIdPMetadataGenerator generator;
    private final OpenSamlConfigBean openSamlConfigBean;
    private final CasConfigurationProperties casProperties;
    private final Cache<String, Iterable<EntityDescriptor>> metadataCache;

    public SamlIdPMetadataResolver(SamlIdPMetadataLocator samlIdPMetadataLocator, SamlIdPMetadataGenerator samlIdPMetadataGenerator, OpenSamlConfigBean openSamlConfigBean, CasConfigurationProperties casConfigurationProperties) {
        this.locator = samlIdPMetadataLocator;
        this.generator = samlIdPMetadataGenerator;
        this.openSamlConfigBean = openSamlConfigBean;
        this.casProperties = casConfigurationProperties;
        setResolveViaPredicatesOnly(true);
        this.metadataCache = Caffeine.newBuilder().maximumSize(1000L).expireAfterAccess(Beans.newDuration(casConfigurationProperties.getAuthn().getSamlIdp().getMetadata().getCore().getCacheExpiration())).build();
    }

    private static List<Optional<SamlRegisteredService>> determineFilteringCriteria(CriteriaSet criteriaSet) {
        ArrayList arrayList = new ArrayList();
        if (criteriaSet.contains(SamlIdPSamlRegisteredServiceCriterion.class)) {
            arrayList.add(Optional.of(((SamlIdPSamlRegisteredServiceCriterion) Objects.requireNonNull((SamlIdPSamlRegisteredServiceCriterion) criteriaSet.get(SamlIdPSamlRegisteredServiceCriterion.class))).registeredService()));
        }
        arrayList.add(Optional.empty());
        return arrayList;
    }

    @Nonnull
    @Retryable(retryFor = {ResolverException.class}, maxAttempts = 3, backoff = @Backoff(delay = 1000, maxDelay = 5000))
    public Iterable<EntityDescriptor> resolve(CriteriaSet criteriaSet) {
        for (Optional<SamlRegisteredService> optional : determineFilteringCriteria(criteriaSet)) {
            String metadataCacheKey = getMetadataCacheKey(optional, criteriaSet);
            LOGGER.debug("Cache key for SAML IdP metadata is [{}]", metadataCacheKey);
            Iterable<EntityDescriptor> iterable = (Iterable) this.metadataCache.getIfPresent(metadataCacheKey);
            if (iterable != null) {
                return iterable;
            }
            Iterable<EntityDescriptor> iterable2 = (Iterable) FunctionUtils.doUnchecked(() -> {
                return resolveMetadata(criteriaSet, optional);
            });
            if (iterable2 != null && Iterables.size(iterable2) > 0) {
                this.metadataCache.put(metadataCacheKey, iterable2);
                return iterable2;
            }
        }
        return new ArrayList(0);
    }

    private String getMetadataCacheKey(Optional<SamlRegisteredService> optional, CriteriaSet criteriaSet) {
        return (String) optional.map(samlRegisteredService -> {
            return samlRegisteredService.getName() + samlRegisteredService.getId();
        }).or(() -> {
            return criteriaSet.contains(EntityIdCriterion.class) ? Optional.of(((EntityIdCriterion) criteriaSet.get(EntityIdCriterion.class)).getEntityId()) : Optional.empty();
        }).orElseGet(() -> {
            return this.casProperties.getAuthn().getSamlIdp().getCore().getEntityId();
        });
    }

    private Iterable<EntityDescriptor> resolveMetadata(CriteriaSet criteriaSet, Optional<SamlRegisteredService> optional) throws Throwable {
        if (!this.locator.exists(optional) && this.locator.shouldGenerateMetadataFor(optional)) {
            this.generator.generate(optional);
        }
        Resource resolveMetadata = this.locator.resolveMetadata(optional);
        LOGGER.trace("Resolved metadata resource is [{}]", resolveMetadata);
        if (resolveMetadata.contentLength() <= 0) {
            return null;
        }
        Element rootElementFrom = SamlUtils.getRootElementFrom(resolveMetadata.getInputStream(), this.openSamlConfigBean);
        LOGGER.trace("Located metadata root element [{}]", rootElementFrom.getNodeName());
        setMetadataRootElement(rootElementFrom);
        LOGGER.trace("Resolving metadata for criteria [{}]", criteriaSet);
        return super.resolve(criteriaSet);
    }
}
