package at.gv.egovernment.moa.id.auth.modules.eidas.engine;

import at.gv.egiz.components.spring.api.IDestroyableObject;
import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
import at.gv.egiz.eaaf.core.api.IPostStartupInitializable;
import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.engine.AbstractProtocolEngine;
import java.net.MalformedURLException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Timer;
import javax.xml.namespace.QName;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.MOAHttpClient;
import org.apache.commons.httpclient.params.HttpClientParams;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
import org.opensaml.xml.XMLObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service("eIDASMetadataProvider")
/* loaded from: input_file:at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.class */
public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable {

    @Autowired(required = true)
    IConfigurationWithSP basicConfig;
    private Timer timer = null;
    private MetadataProvider internalProvider = new ChainingMetadataProvider();
    private Map<String, Date> lastAccess;

    public MOAeIDASChainingMetadataProvider() {
        this.lastAccess = null;
        this.lastAccess = new HashMap();
    }

    public void executeAfterStartup() {
        try {
            initializeEidasMetadataFromFileSystem();
        } catch (ConfigurationException e) {
            Logger.error("Post start-up initialization of eIDAS Metadata-Provider FAILED.", e);
        }
    }

    protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException {
        try {
            Map basicConfigurationWithPrefix = this.basicConfig.getBasicConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
            if (!basicConfigurationWithPrefix.isEmpty()) {
                Logger.info("Load static configurated eIDAS metadata ... ");
                Iterator it = basicConfigurationWithPrefix.values().iterator();
                while (it.hasNext()) {
                    String makeAbsoluteURL = FileUtils.makeAbsoluteURL((String) it.next(), this.authConfig.getConfigurationRootDirectory());
                    Logger.info("  Load eIDAS metadata from: " + makeAbsoluteURL);
                    refreshMetadataProvider(makeAbsoluteURL);
                }
                Logger.info("Load static configurated eIDAS metadata finished ");
            }
        } catch (MalformedURLException e) {
            Logger.warn("MOA-ID configuration error.", e);
            throw new ConfigurationException("MOA-ID configuration error.", (Object[]) null, e);
        }
    }

    public void fullyDestroy() {
        if (this.timer != null) {
            this.timer.cancel();
        }
        Map<String, HTTPMetadataProvider> allActuallyLoadedProviders = getAllActuallyLoadedProviders();
        if (allActuallyLoadedProviders != null) {
            for (Map.Entry<String, HTTPMetadataProvider> entry : allActuallyLoadedProviders.entrySet()) {
                try {
                    entry.getValue().destroy();
                    Logger.debug("Destroy eIDAS Matadataprovider: " + entry.getKey() + " finished");
                } catch (Exception e) {
                    Logger.warn("Destroy eIDAS Matadataprovider: " + entry.getKey() + " FAILED");
                }
            }
        }
    }

    public void runGarbageCollector() {
        if (this.lastAccess.isEmpty()) {
            return;
        }
        Date date = new Date(new Date().getTime() - Constants.CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT);
        Logger.debug("Starting eIDAS Metadata garbag collection (Expioredate:" + date + ")");
        ArrayList<String> arrayList = new ArrayList();
        for (Map.Entry<String, Date> entry : this.lastAccess.entrySet()) {
            if (entry.getValue().before(date)) {
                Logger.debug("Remove unused eIDAS Metadate: " + entry.getKey());
                arrayList.add(entry.getKey());
            }
        }
        ChainingMetadataProvider chainingMetadataProvider = this.internalProvider;
        boolean z = false;
        Map<String, HTTPMetadataProvider> allActuallyLoadedProviders = getAllActuallyLoadedProviders();
        if (!arrayList.isEmpty()) {
            for (String str : arrayList) {
                if (allActuallyLoadedProviders.containsKey(str)) {
                    allActuallyLoadedProviders.get(str).destroy();
                    allActuallyLoadedProviders.remove(str);
                    z = true;
                    Logger.info("Remove not used eIDAS MetadataProvider " + str + " after timeout.");
                } else {
                    Logger.info("eIDAS metadata for EntityID: " + str + " is marked as expired, but no currently loaded HTTPMetadataProvider metadata provider is found.");
                }
            }
        }
        ArrayList<String> arrayList2 = new ArrayList();
        for (HTTPMetadataProvider hTTPMetadataProvider : allActuallyLoadedProviders.values()) {
            try {
                hTTPMetadataProvider.refresh();
            } catch (MetadataProviderException e) {
                Logger.info("eIDAS MetadataProvider: " + hTTPMetadataProvider.getMetadataURI() + " is not valid any more. Reason:" + e.getMessage());
                if (Logger.isDebugEnabled()) {
                    Logger.warn("Reason", e);
                }
                arrayList2.add(hTTPMetadataProvider.getMetadataURI());
            }
        }
        for (String str2 : arrayList2) {
            HTTPMetadataProvider hTTPMetadataProvider2 = allActuallyLoadedProviders.get(str2);
            if (hTTPMetadataProvider2 != null) {
                hTTPMetadataProvider2.destroy();
                allActuallyLoadedProviders.remove(str2);
                z = true;
            } else {
                Logger.error("Can not destroy eIDAS metadata for: " + str2 + " Reason: !!!!!NOT FOUND ANY MORE!!!!!!");
            }
        }
        if (z) {
            try {
                synchronized (chainingMetadataProvider) {
                    chainingMetadataProvider.setProviders(new ArrayList(allActuallyLoadedProviders.values()));
                    emitChangeEvent();
                }
            } catch (MetadataProviderException e2) {
                Logger.warn("ReInitalize eIDASA MetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e2);
            }
        }
    }

    private MetadataProvider createNewHTTPMetaDataProvider(String str) {
        if (this.timer == null) {
            this.timer = new Timer(true);
        }
        MetadataFilterChain metadataFilterChain = new MetadataFilterChain();
        metadataFilterChain.addFilter(new MOASPMetadataSignatureFilter(this.authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
        return createNewSimpleMetadataProvider(str, metadataFilterChain, "eIDAS metadata-provider", this.timer, AbstractProtocolEngine.getSecuredParserPool(), createHttpClient(str));
    }

    private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
        HashMap hashMap = new HashMap();
        for (HTTPMetadataProvider hTTPMetadataProvider : this.internalProvider.getProviders()) {
            if (hTTPMetadataProvider instanceof HTTPMetadataProvider) {
                HTTPMetadataProvider hTTPMetadataProvider2 = hTTPMetadataProvider;
                hashMap.put(hTTPMetadataProvider2.getMetadataURI(), hTTPMetadataProvider2);
            } else if (hTTPMetadataProvider instanceof FilesystemMetadataProvider) {
                try {
                    Logger.debug("Skip eIDAS metadata: " + (hTTPMetadataProvider.getMetadata() instanceof EntityDescriptor ? hTTPMetadataProvider.getMetadata().getEntityID() : "'!!NO-ENTITYID!!'") + " because it is loaded from local Filesystem");
                } catch (MetadataProviderException e) {
                    Logger.info("Collect currently loaded eIDAS metadata provider has an internel process error: " + e.getMessage());
                }
            } else {
                Logger.info("Skip " + hTTPMetadataProvider.getClass().getName() + " from list of currently loaded eIDAS metadata provider");
            }
        }
        Logger.debug("Find #" + hashMap.size() + " eIDAS metadata provider");
        return hashMap;
    }

    public boolean refreshMetadataProvider(String str) {
        try {
            if (MiscUtil.isNotEmpty(str)) {
                Map<String, HTTPMetadataProvider> allActuallyLoadedProviders = getAllActuallyLoadedProviders();
                if (allActuallyLoadedProviders.containsKey(str)) {
                    allActuallyLoadedProviders.get(str).refresh();
                    Logger.info("eIDAS metadata for " + str + " is refreshed.");
                    return true;
                }
                ChainingMetadataProvider chainingMetadataProvider = this.internalProvider;
                MetadataProvider createNewHTTPMetaDataProvider = createNewHTTPMetaDataProvider(str);
                if (createNewHTTPMetaDataProvider != null) {
                    chainingMetadataProvider.addMetadataProvider(createNewHTTPMetaDataProvider);
                    emitChangeEvent();
                    Logger.info("eIDAS metadata for " + str + " is added.");
                    return true;
                }
                Logger.warn("Can not load eIDAS metadata from URL: " + str);
            } else {
                Logger.debug("Can not refresh eIDAS metadata: NO eIDAS metadata URL.");
            }
            return false;
        } catch (MetadataProviderException e) {
            Logger.warn("Refresh eIDAS metadata for " + str + " FAILED.", e);
            return false;
        }
    }

    public boolean requireValidMetadata() {
        return this.internalProvider.requireValidMetadata();
    }

    public void setRequireValidMetadata(boolean z) {
        this.internalProvider.setRequireValidMetadata(z);
    }

    public MetadataFilter getMetadataFilter() {
        return this.internalProvider.getMetadataFilter();
    }

    public void setMetadataFilter(MetadataFilter metadataFilter) throws MetadataProviderException {
        this.internalProvider.setMetadataFilter(metadataFilter);
    }

    public XMLObject getMetadata() throws MetadataProviderException {
        return this.internalProvider.getMetadata();
    }

    public EntitiesDescriptor getEntitiesDescriptor(String str) throws MetadataProviderException {
        Logger.warn("eIDAS metadata not support 'EntitiesDescriptor' elements!");
        return null;
    }

    public EntityDescriptor getEntityDescriptor(String str) throws MetadataProviderException {
        EntityDescriptor entityDescriptor = null;
        try {
            entityDescriptor = this.internalProvider.getEntityDescriptor(str);
            if (entityDescriptor == null) {
                Logger.debug("Can not find eIDAS metadata for entityID: " + str + " Start refreshing process ...");
                if (refreshMetadataProvider(str)) {
                    entityDescriptor = this.internalProvider.getEntityDescriptor(str);
                }
            } else if (!entityDescriptor.isValid() && refreshMetadataProvider(str)) {
                entityDescriptor = this.internalProvider.getEntityDescriptor(str);
            }
        } catch (MetadataProviderException e) {
            Logger.debug("Can not find eIDAS metadata for entityID: " + str + " Start refreshing process ...");
            if (refreshMetadataProvider(str)) {
                entityDescriptor = this.internalProvider.getEntityDescriptor(str);
            }
        }
        if (entityDescriptor != null) {
            this.lastAccess.put(str, new Date());
        }
        return entityDescriptor;
    }

    public List<RoleDescriptor> getRole(String str, QName qName) throws MetadataProviderException {
        EntityDescriptor entityDescriptor = getEntityDescriptor(str);
        if (entityDescriptor != null) {
            return entityDescriptor.getRoleDescriptors(qName);
        }
        return null;
    }

    public RoleDescriptor getRole(String str, QName qName, String str2) throws MetadataProviderException {
        if (getEntityDescriptor(str) != null) {
            return this.internalProvider.getRole(str, qName, str2);
        }
        return null;
    }

    public List<ObservableMetadataProvider.Observer> getObservers() {
        return this.internalProvider.getObservers();
    }

    protected void emitChangeEvent() {
        if (getObservers() == null || getObservers().size() == 0) {
            return;
        }
        for (ObservableMetadataProvider.Observer observer : new ArrayList(getObservers())) {
            if (observer != null) {
                observer.onEvent(this);
            }
        }
    }

    private HttpClient createHttpClient(String str) {
        MOAHttpClient mOAHttpClient = new MOAHttpClient();
        HttpClientParams httpClientParams = new HttpClientParams();
        httpClientParams.setSoTimeout(20000);
        mOAHttpClient.setParams(httpClientParams);
        if (str.startsWith("https:")) {
            try {
                if (this.basicConfig instanceof AuthConfiguration) {
                    AuthConfiguration authConfiguration = this.basicConfig;
                    mOAHttpClient.setCustomSSLTrustStore(str, new MOAHttpProtocolSocketFactory("MOAMetaDataProvider", this.basicConfig.getBasicConfigurationBoolean("configuration.ssl.useStandardJavaTrustStore", false), authConfiguration.getTrustedCACertificates(), (String) null, "pkix", authConfiguration.isTrustmanagerrevoationchecking(), authConfiguration.getRevocationMethodOrder(), authConfiguration.getBasicConfigurationBoolean("configuration.ssl.validation.hostname", false)));
                }
            } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
                Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
            }
        }
        return mOAHttpClient;
    }
}
