package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils;

import at.gv.egiz.components.spring.api.IDestroyableObject;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import java.net.MalformedURLException;
import java.util.List;
import java.util.Timer;
import javax.xml.namespace.QName;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.MOAHttpClient;
import org.apache.commons.httpclient.params.HttpClientParams;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service("EidasCentralAuthMetadataProvider")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.class */
public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider implements IDestroyableObject {

    @Autowired(required = true)
    AuthConfiguration moaAuthConfig;
    private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider();
    private Timer timer = null;

    public EidasCentralAuthMetadataProvider() {
        this.metadataProvider.setRequireValidMetadata(true);
    }

    public void addMetadataWithMetadataURL(String str) throws MetadataProviderException {
        internalInitialize(str);
    }

    public void destroy() {
        fullyDestroy();
    }

    public boolean requireValidMetadata() {
        return this.metadataProvider.requireValidMetadata();
    }

    public void setRequireValidMetadata(boolean z) {
        this.metadataProvider.setRequireValidMetadata(z);
    }

    public MetadataFilter getMetadataFilter() {
        return this.metadataProvider.getMetadataFilter();
    }

    public void setMetadataFilter(MetadataFilter metadataFilter) throws MetadataProviderException {
        Logger.fatal("Set Metadata Filter is not implemented her!");
    }

    public XMLObject getMetadata() throws MetadataProviderException {
        return this.metadataProvider.getMetadata();
    }

    public EntitiesDescriptor getEntitiesDescriptor(String str) throws MetadataProviderException {
        return this.metadataProvider.getEntitiesDescriptor(str);
    }

    public EntityDescriptor getEntityDescriptor(String str) throws MetadataProviderException {
        EntityDescriptor entityDescriptor;
        try {
            entityDescriptor = this.metadataProvider.getEntityDescriptor(str);
        } catch (MetadataProviderException e) {
            Logger.info("Access ms-specific eIDAS node: " + str + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
        }
        if (entityDescriptor != null) {
            return entityDescriptor;
        }
        Logger.info("No ms-specific eIDAS node: " + str + " Starting refresh process ...");
        internalInitialize(str);
        try {
            EntityDescriptor entityDescriptor2 = this.metadataProvider.getEntityDescriptor(str);
            if (entityDescriptor2 != null) {
                return entityDescriptor2;
            }
            Logger.error("MS-specific eIDAS node Client ERROR: No EntityID with " + str);
            throw new MetadataProviderException("No EntityID with " + str);
        } catch (MetadataProviderException e2) {
            Logger.error("MS-specific eIDAS node Client ERROR: Metadata extraction FAILED.", e2);
            throw new MetadataProviderException("Metadata extraction FAILED", e2);
        }
    }

    public List<RoleDescriptor> getRole(String str, QName qName) throws MetadataProviderException {
        List<RoleDescriptor> role;
        try {
            role = this.metadataProvider.getRole(str, qName);
        } catch (MetadataProviderException e) {
            Logger.info("Access ms-specific eIDAS node: " + str + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
        }
        if (role != null) {
            return role;
        }
        Logger.info("No ms-specific eIDAS node: " + str + " Starting refresh process ...");
        internalInitialize(str);
        return this.metadataProvider.getRole(str, qName);
    }

    public RoleDescriptor getRole(String str, QName qName, String str2) throws MetadataProviderException {
        RoleDescriptor role;
        try {
            role = this.metadataProvider.getRole(str, qName, str2);
        } catch (MetadataProviderException e) {
            Logger.info("Access ms-specific eIDAS node: " + str + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
        }
        if (role != null) {
            return role;
        }
        Logger.info("No ms-specific eIDAS node: " + str + " Starting refresh process ...");
        internalInitialize(str);
        return this.metadataProvider.getRole(str, qName, str2);
    }

    private synchronized void internalInitialize(String str) throws MetadataProviderException {
        boolean z = true;
        try {
            z = this.metadataProvider.getEntityDescriptor(str) == null;
        } catch (MetadataProviderException e) {
        }
        if (!z) {
            for (HTTPMetadataProvider hTTPMetadataProvider : this.metadataProvider.getProviders()) {
                if (hTTPMetadataProvider instanceof HTTPMetadataProvider) {
                    HTTPMetadataProvider hTTPMetadataProvider2 = hTTPMetadataProvider;
                    if (hTTPMetadataProvider2.getMetadataURI().equals(str)) {
                        hTTPMetadataProvider2.refresh();
                    }
                } else {
                    Logger.warn("'ms-specific eIDAS node' Metadata provider is not of Type 'HTTPMetadataProvider'! Something is suspect!!!!");
                }
            }
            return;
        }
        Logger.info("Initialize PVP MetadataProvider:" + str + " to connect ms-specific eIDAS node");
        String basicConfiguration = this.authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_TRUSTPROFILEID);
        if (MiscUtil.isEmpty(basicConfiguration)) {
            Logger.error("Create ms-specific eIDAS node Client FAILED: No trustProfileID to verify PVP metadata.");
            throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
        }
        if (this.timer == null) {
            this.timer = new Timer(true);
        }
        MetadataFilterChain metadataFilterChain = new MetadataFilterChain();
        metadataFilterChain.addFilter(new SchemaValidationFilter(true));
        metadataFilterChain.addFilter(new MOASPMetadataSignatureFilter(basicConfiguration));
        MetadataProvider createNewSimpleMetadataProvider = createNewSimpleMetadataProvider(str, metadataFilterChain, EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, this.timer, new BasicParserPool(), createHttpClient(str));
        if (createNewSimpleMetadataProvider == null) {
            Logger.error("Create ms-specific eIDAS node Client FAILED.");
            throw new MetadataProviderException("Can not initialize 'ms-specific eIDAS node' metadata provider.");
        }
        createNewSimpleMetadataProvider.setRequireValidMetadata(true);
        this.metadataProvider.addMetadataProvider(createNewSimpleMetadataProvider);
    }

    public void fullyDestroy() {
        Logger.info("Destroy 'ms-specific eIDAS node' PVP metadata pool ... ");
        if (this.metadataProvider != null) {
            this.metadataProvider.destroy();
        }
        if (this.timer != null) {
            this.timer.cancel();
        }
    }

    private HttpClient createHttpClient(String str) {
        MOAHttpClient mOAHttpClient = new MOAHttpClient();
        HttpClientParams httpClientParams = new HttpClientParams();
        httpClientParams.setSoTimeout(20000);
        mOAHttpClient.setParams(httpClientParams);
        if (str.startsWith("https:")) {
            try {
                mOAHttpClient.setCustomSSLTrustStore(str, new MOAHttpProtocolSocketFactory("MOAMetaDataProvider", this.moaAuthConfig.getBasicConfigurationBoolean("configuration.ssl.useStandardJavaTrustStore", false), this.moaAuthConfig.getTrustedCACertificates(), (String) null, "pkix", this.moaAuthConfig.isTrustmanagerrevoationchecking(), this.moaAuthConfig.getRevocationMethodOrder(), this.moaAuthConfig.getBasicConfigurationBoolean("configuration.ssl.validation.hostname", false)));
            } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
                Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
            }
        }
        return mOAHttpClient;
    }
}
