package org.apereo.cas.support.saml.idp.metadata.locator;

import com.github.benmanes.caffeine.cache.Cache;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlIdPMetadataDocument;
import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.jooq.lambda.Unchecked;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.core.io.Resource;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-saml-idp-core-6.6.15.jar:org/apereo/cas/support/saml/idp/metadata/locator/AbstractSamlIdPMetadataLocator.class */
public abstract class AbstractSamlIdPMetadataLocator implements SamlIdPMetadataLocator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractSamlIdPMetadataLocator.class);
    private static final String CACHE_KEY_METADATA = "CasSamlIdentityProviderMetadata";
    protected final CipherExecutor<String, String> metadataCipherExecutor;
    private final Cache<String, SamlIdPMetadataDocument> metadataCache;

    private static Resource getResource(String str) {
        return new ByteArrayResource(StringUtils.defaultString(str).getBytes(StandardCharsets.UTF_8));
    }

    private static String buildCacheKey(Optional<SamlRegisteredService> optional) {
        if (optional.isEmpty()) {
            LOGGER.trace("No registered service provided; using default cache key for metadata");
            return CACHE_KEY_METADATA;
        }
        SamlRegisteredService samlRegisteredService = optional.get();
        long id = samlRegisteredService.getId();
        samlRegisteredService.getName();
        String str = "CasSamlIdentityProviderMetadata_" + id + "_" + id;
        LOGGER.trace("Using [{}] as cache key for metadata for service definition", str);
        return str;
    }

    @Override // org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator
    public Resource resolveSigningCertificate(Optional<SamlRegisteredService> optional) {
        SamlIdPMetadataDocument fetch = fetch(optional);
        if (fetch == null || !fetch.isValid()) {
            return ResourceUtils.EMPTY_RESOURCE;
        }
        LOGGER.trace("Fetching signing certificate resource for metadata document [{}]", Long.valueOf(fetch.getId()));
        return getResource(fetch.getSigningCertificateDecoded());
    }

    @Override // org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator
    public Resource resolveSigningKey(Optional<SamlRegisteredService> optional) {
        SamlIdPMetadataDocument fetch = fetch(optional);
        if (fetch == null || !fetch.isValid()) {
            return ResourceUtils.EMPTY_RESOURCE;
        }
        String signingKey = fetch.getSigningKey();
        LOGGER.trace("Fetching signing key resource for metadata document [{}]", Long.valueOf(fetch.getId()));
        return getResource(this.metadataCipherExecutor.decode(signingKey));
    }

    @Override // org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator
    public Resource resolveMetadata(Optional<SamlRegisteredService> optional) {
        SamlIdPMetadataDocument fetch = fetch(optional);
        if (fetch == null || !fetch.isValid()) {
            return ResourceUtils.EMPTY_RESOURCE;
        }
        LOGGER.trace("Fetching metadata resource for metadata document [{}]", Long.valueOf(fetch.getId()));
        return getResource(fetch.getMetadataDecoded());
    }

    @Override // org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator
    public Resource getEncryptionCertificate(Optional<SamlRegisteredService> optional) {
        SamlIdPMetadataDocument fetch = fetch(optional);
        if (fetch == null || !fetch.isValid()) {
            return ResourceUtils.EMPTY_RESOURCE;
        }
        LOGGER.trace("Fetching encryption certificate resource for metadata document [{}]", Long.valueOf(fetch.getId()));
        return getResource(fetch.getEncryptionCertificateDecoded());
    }

    @Override // org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator
    public Resource resolveEncryptionKey(Optional<SamlRegisteredService> optional) {
        SamlIdPMetadataDocument fetch = fetch(optional);
        if (fetch == null || !fetch.isValid()) {
            return ResourceUtils.EMPTY_RESOURCE;
        }
        String encryptionKey = fetch.getEncryptionKey();
        LOGGER.trace("Fetching encryption key resource for metadata document [{}]", Long.valueOf(fetch.getId()));
        return getResource(this.metadataCipherExecutor.decode(encryptionKey));
    }

    @Override // org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator
    public boolean exists(Optional<SamlRegisteredService> optional) {
        SamlIdPMetadataDocument fetch = fetch(optional);
        return fetch != null && fetch.isValid();
    }

    @Override // org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator
    public SamlIdPMetadataDocument fetch(Optional<SamlRegisteredService> optional) {
        String buildCacheKey = buildCacheKey(optional);
        return getMetadataCache().get(buildCacheKey, Unchecked.function(str -> {
            SamlIdPMetadataDocument fetchInternal = fetchInternal(optional);
            if (fetchInternal == null || !fetchInternal.isValid()) {
                LOGGER.trace("SAML IdP metadata document [{}] is considered invalid", fetchInternal);
                return null;
            }
            LOGGER.trace("Fetched and cached SAML IdP metadata document [{}] under key [{}]", fetchInternal, buildCacheKey);
            return fetchInternal;
        }));
    }

    protected abstract SamlIdPMetadataDocument fetchInternal(Optional<SamlRegisteredService> optional) throws Exception;

    @Generated
    public CipherExecutor<String, String> getMetadataCipherExecutor() {
        return this.metadataCipherExecutor;
    }

    @Generated
    public Cache<String, SamlIdPMetadataDocument> getMetadataCache() {
        return this.metadataCache;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Generated
    public AbstractSamlIdPMetadataLocator(CipherExecutor<String, String> cipherExecutor, Cache<String, SamlIdPMetadataDocument> cache) {
        this.metadataCipherExecutor = cipherExecutor;
        this.metadataCache = cache;
    }
}
