package net.shibboleth.idp.plugin.authn.webauthn.metadata;

import com.yubico.fido.metadata.FidoMetadataDownloader;
import com.yubico.fido.metadata.FidoMetadataService;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.GuardedBy;
import net.shibboleth.shared.annotation.constraint.Live;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.AbstractIdentifiableInitializableComponent;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.security.x509.X509Support;
import org.slf4j.Logger;
import org.springframework.beans.FatalBeanException;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.core.io.Resource;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/metadata/FidoMetadataServiceFactory.class */
public class FidoMetadataServiceFactory extends AbstractIdentifiableInitializableComponent implements FactoryBean<FidoMetadataService> {

    @GuardedBy("this")
    @NonnullAfterInit
    private Resource trustRootFile;

    @GuardedBy("this")
    @Nullable
    private Resource cacheFile;

    @GuardedBy("this")
    @Nullable
    private Resource metadataBlobUrl;

    @GuardedBy("this")
    @Nullable
    private Resource metadataBlobFile;

    @GuardedBy("this")
    @NonnullAfterInit
    private String[] expectedLegalHeaders;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(FidoMetadataServiceFactory.class);

    @Nonnull
    @GuardedBy("this")
    private List<Resource> crls = CollectionSupport.emptyList();

    /* renamed from: getObject, reason: merged with bridge method [inline-methods] */
    public FidoMetadataService m17getObject() throws Exception {
        FidoMetadataDownloader build;
        Resource metadataBlobUrl = getMetadataBlobUrl();
        Resource metadataBlobFile = getMetadataBlobFile();
        Resource cacheFile = getCacheFile();
        if (metadataBlobFile != null) {
            this.log.debug("{}: Loading FIDO metadata blob from local file '{}'", getId(), this.metadataBlobFile);
            build = FidoMetadataDownloader.builder().expectLegalHeader(getExpectedLegalHeaders()).useTrustRoot(X509Support.decodeCertificate(getTrustRootFile().getFile())).useBlob(loadMetadataJwt(metadataBlobFile)).useCrls(loadCrls()).build();
        } else {
            if (metadataBlobUrl == null || cacheFile == null) {
                throw new FatalBeanException("Local FIDO metadata blob file not specified or the metadata blob URL and local cache file not specified. Please use either a local file or a known URL");
            }
            this.log.debug("{}: Loading FIDO metadata blob from '{}'", getId(), this.metadataBlobUrl);
            build = FidoMetadataDownloader.builder().expectLegalHeader(getExpectedLegalHeaders()).useTrustRoot(X509Support.decodeCertificate(getTrustRootFile().getFile())).downloadBlob(metadataBlobUrl.getURL()).useBlobCacheFile(cacheFile.getFile()).useCrls(loadCrls()).verifyDownloadsOnly(true).build();
        }
        if (!$assertionsDisabled && build == null) {
            throw new AssertionError();
        }
        try {
            FidoMetadataService build2 = FidoMetadataService.builder().useBlob(build.loadCachedBlob()).build();
            this.log.debug("{}: loaded FIDO metadata blob", getId());
            return build2;
        } catch (Exception e) {
            throw new FatalBeanException("Can not construct FIDO Metadata service", e);
        }
    }

    @Nonnull
    private Collection<CRL> loadCrls() {
        List<Resource> crls = getCrls();
        if (crls.isEmpty()) {
            return CollectionSupport.emptyList();
        }
        ArrayList arrayList = new ArrayList(crls.size());
        for (Resource resource : crls) {
            try {
                InputStream inputStream = resource.getInputStream();
                try {
                    arrayList.addAll(X509Support.decodeCRLs(inputStream));
                    if (inputStream != null) {
                        inputStream.close();
                    }
                } finally {
                }
            } catch (IOException | CRLException e) {
                this.log.error("Could not decode CRL file at {}: {}", resource.getDescription(), e.getMessage());
                throw new FatalBeanException("Could not decode provided CRL file " + resource.getDescription(), e);
            }
        }
        return arrayList;
    }

    @Nonnull
    private String loadMetadataJwt(@Nonnull Resource resource) throws IOException {
        if (resource.exists()) {
            return resource.getContentAsString(StandardCharsets.UTF_8);
        }
        throw new FileNotFoundException("Metadata blob file does not exist");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.trustRootFile == null) {
            throw new ComponentInitializationException("trustRootFile cannot be null");
        }
        if (this.metadataBlobUrl == null && this.metadataBlobFile == null) {
            throw new ComponentInitializationException("Metadata blob URL or file must be set");
        }
    }

    public synchronized void setCacheFile(@Nullable Resource resource) {
        checkSetterPreconditions();
        this.cacheFile = resource;
    }

    @Nullable
    private synchronized Resource getCacheFile() {
        checkComponentActive();
        return this.cacheFile;
    }

    public synchronized void setTrustRootFile(@Nonnull Resource resource) {
        checkSetterPreconditions();
        this.trustRootFile = (Resource) Constraint.isNotNull(resource, "trustRootCacheFile can not be null");
    }

    @NonnullAfterInit
    private synchronized Resource getTrustRootFile() {
        checkComponentActive();
        return this.trustRootFile;
    }

    @Nullable
    private synchronized Resource getMetadataBlobUrl() {
        checkComponentActive();
        return this.metadataBlobUrl;
    }

    public synchronized void setMetadataBlobUrl(@Nullable Resource resource) {
        checkSetterPreconditions();
        this.metadataBlobUrl = resource;
    }

    public synchronized void setMetadataBlobFile(@Nullable Resource resource) {
        checkSetterPreconditions();
        this.metadataBlobFile = resource;
    }

    @Nullable
    private synchronized Resource getMetadataBlobFile() {
        return this.metadataBlobFile;
    }

    public synchronized void setExpectedLegalHeaders(@Nonnull String[] strArr) {
        checkSetterPreconditions();
        this.expectedLegalHeaders = (String[]) Constraint.isNotNull(strArr, "expectedLegalHeaders can not be null");
    }

    @NonnullAfterInit
    private synchronized String[] getExpectedLegalHeaders() {
        return this.expectedLegalHeaders;
    }

    public synchronized void setCrls(@Nullable List<Resource> list) {
        checkSetterPreconditions();
        if (list != null) {
            this.crls = CollectionSupport.copyToList(list);
        } else {
            this.crls = CollectionSupport.emptyList();
        }
    }

    @Nonnull
    @Live
    private synchronized List<Resource> getCrls() {
        return this.crls;
    }

    public Class<?> getObjectType() {
        return FidoMetadataService.class;
    }

    static {
        $assertionsDisabled = !FidoMetadataServiceFactory.class.desiredAssertionStatus();
    }
}
