package net.shibboleth.oidc.metadata.impl;

import com.google.common.net.MediaType;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.io.IOException;
import java.util.function.BiFunction;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.Immutable;
import javax.annotation.concurrent.ThreadSafe;
import net.shibboleth.oidc.metadata.criterion.IssuerIDCriterion;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.net.MediaTypeSupport;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.ResolverException;
import org.apache.commons.lang3.StringUtils;
import org.apache.hc.client5.http.classic.HttpClient;
import org.apache.hc.core5.http.ClassicHttpResponse;
import org.apache.hc.core5.http.io.HttpClientResponseHandler;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.MDC;

@ThreadSafe
/* loaded from: input_file:net/shibboleth/oidc/metadata/impl/HTTPProviderConfigurationFetchingStrategy.class */
public class HTTPProviderConfigurationFetchingStrategy extends AbstractDynamicHTTPFetchingStrategy<OIDCProviderMetadata> {

    @Nonnull
    private static final MediaType CONTENT_TYPE = MediaType.JSON_UTF_8;

    @Nonnull
    @NotEmpty
    private static final String DEFAULT_OPENID_PROVIDER_WELL_KNOWN_PATH = "/.well-known/openid-configuration";

    @Nonnull
    private final Logger log;

    @Nonnull
    @NotEmpty
    private String wellKnownPath;

    @Nonnull
    private BiFunction<Issuer, String, String> wellKnownLocationCompositionStrategy;

    @ThreadSafe
    @Immutable
    /* loaded from: input_file:net/shibboleth/oidc/metadata/impl/HTTPProviderConfigurationFetchingStrategy$DefaultWellKnownPathCompositionStrategy.class */
    private static final class DefaultWellKnownPathCompositionStrategy implements BiFunction<Issuer, String, String> {
        private DefaultWellKnownPathCompositionStrategy() {
        }

        @Override // java.util.function.BiFunction
        @Nullable
        public String apply(@Nullable Issuer issuer, @NotEmpty @Nullable String str) {
            if (issuer == null) {
                return null;
            }
            String removeEnd = StringUtils.removeEnd(issuer.getValue(), "/");
            StringBuilder sb = new StringBuilder();
            sb.append(removeEnd).append(str);
            return sb.toString();
        }
    }

    @ThreadSafe
    @Immutable
    /* loaded from: input_file:net/shibboleth/oidc/metadata/impl/HTTPProviderConfigurationFetchingStrategy$OIDCProviderMetadataResponseHandler.class */
    public static final class OIDCProviderMetadataResponseHandler implements HttpClientResponseHandler<OIDCProviderMetadata> {

        @Nonnull
        private final Logger log = LoggerFactory.getLogger(OIDCProviderMetadataResponseHandler.class);
        static final /* synthetic */ boolean $assertionsDisabled;

        @Nullable
        /* renamed from: handleResponse, reason: merged with bridge method [inline-methods] */
        public OIDCProviderMetadata m16handleResponse(ClassicHttpResponse classicHttpResponse) throws IOException {
            int code = classicHttpResponse.getCode();
            String str = MDC.get(AbstractDynamicHTTPFetchingStrategy.MDC_ATTRIB_CURRENT_REQUEST_URI);
            if (code == 304) {
                this.log.debug("Metadata document from '{}' has not changed since last retrieval", str);
                return null;
            }
            if (code != 200) {
                this.log.warn("Non-ok status code '{}' returned from remote metadata source: {}", Integer.valueOf(code), str);
                return null;
            }
            try {
                validateHttpResponse(classicHttpResponse);
                try {
                    OIDCProviderMetadata parse = OIDCProviderMetadata.parse(EntityUtils.toString(classicHttpResponse.getEntity()));
                    if (!$assertionsDisabled && parse == null) {
                        throw new AssertionError();
                    }
                    if (metadataValid(parse, str)) {
                        return parse;
                    }
                    return null;
                } catch (Exception e) {
                    this.log.error("Error parsing HTTP response stream", e);
                    return null;
                }
            } catch (ResolverException e2) {
                this.log.error("Problem validating dynamic OIDC metadata HTTP response", e2);
                return null;
            }
        }

        private final boolean metadataValid(@Nonnull OIDCProviderMetadata oIDCProviderMetadata, @Nullable String str) {
            if (str == null || oIDCProviderMetadata.getIssuer() == null) {
                return false;
            }
            if (str.startsWith(oIDCProviderMetadata.getIssuer().getValue())) {
                return true;
            }
            this.log.warn("OIDC metadata was not valid, Issuer in metadata did not match Issuer URL. Issuer was '{}', IssuerURL was '{}'", oIDCProviderMetadata.getIssuer().getValue(), str);
            return false;
        }

        protected void validateHttpResponse(@Nonnull ClassicHttpResponse classicHttpResponse) throws ResolverException {
            String contentType = classicHttpResponse.getEntity().getContentType();
            this.log.debug("Saw raw Content-Type from response header '{}'", contentType);
            if (!MediaTypeSupport.validateContentType(contentType, CollectionSupport.setOf(HTTPProviderConfigurationFetchingStrategy.CONTENT_TYPE), true, false)) {
                throw new ResolverException("HTTP response specified an unsupported Content-Type MIME type: " + contentType);
            }
        }

        static {
            $assertionsDisabled = !HTTPProviderConfigurationFetchingStrategy.class.desiredAssertionStatus();
        }
    }

    protected HTTPProviderConfigurationFetchingStrategy(@Nonnull HttpClient httpClient, @Nonnull HttpClientResponseHandler<OIDCProviderMetadata> httpClientResponseHandler) {
        super(httpClient, httpClientResponseHandler);
        this.log = LoggerFactory.getLogger(HTTPProviderConfigurationFetchingStrategy.class);
        this.wellKnownPath = DEFAULT_OPENID_PROVIDER_WELL_KNOWN_PATH;
        this.wellKnownLocationCompositionStrategy = new DefaultWellKnownPathCompositionStrategy();
    }

    public void setWellKnownPath(@Nonnull @NotEmpty String str) {
        ifInitializedThrowUnmodifiabledComponentException();
        ifDestroyedThrowDestroyedComponentException();
        this.wellKnownPath = Constraint.isNotEmpty(str, "Well-know path can not be null");
    }

    public void setWellKnownLocationCompositionStrategy(@Nullable BiFunction<Issuer, String, String> biFunction) {
        ifInitializedThrowUnmodifiabledComponentException();
        ifDestroyedThrowDestroyedComponentException();
        if (biFunction != null) {
            this.wellKnownLocationCompositionStrategy = biFunction;
        }
    }

    @Override // net.shibboleth.oidc.metadata.impl.AbstractDynamicHTTPFetchingStrategy
    protected String buildRequestURL(@Nullable CriteriaSet criteriaSet) {
        IssuerIDCriterion issuerIDCriterion = criteriaSet != null ? (IssuerIDCriterion) criteriaSet.get(IssuerIDCriterion.class) : null;
        if (issuerIDCriterion == null) {
            return null;
        }
        String apply = this.wellKnownLocationCompositionStrategy.apply(issuerIDCriterion.getIssuerID(), this.wellKnownPath);
        this.log.debug("URL generated by request builder was: {}", apply);
        return apply;
    }
}
