package org.cloudfoundry.identity.uaa.login.saml;

import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.ConcurrentHashMap;
import javax.annotation.PostConstruct;
import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.authentication.Origin;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityProvider;
import org.cloudfoundry.identity.uaa.zone.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.x509.PKIXValidationInformationResolver;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.springframework.beans.factory.BeanNameAware;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.metadata.CachingMetadataManager;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.security.saml.metadata.ExtendedMetadataProvider;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.security.saml.trust.httpclient.TLSProtocolConfigurer;

/* loaded from: input_file:org/cloudfoundry/identity/uaa/login/saml/ZoneAwareMetadataManager.class */
public class ZoneAwareMetadataManager extends MetadataManager implements ExtendedMetadataProvider, InitializingBean, DisposableBean, BeanNameAware {
    private static final Log logger = LogFactory.getLog(ZoneAwareMetadataManager.class);
    private IdentityProviderProvisioning providerDao;
    private IdentityZoneProvisioning zoneDao;
    private SamlIdentityProviderConfigurator configurator;
    private KeyManager keyManager;
    private Map<IdentityZone, ExtensionMetadataManager> metadataManagers;
    private long refreshInterval;
    private long lastRefresh;
    private Timer timer;
    private String beanName;
    private ProviderChangedListener providerChangedListener;

    /* loaded from: input_file:org/cloudfoundry/identity/uaa/login/saml/ZoneAwareMetadataManager$ExtensionMetadataManager.class */
    public static class ExtensionMetadataManager extends CachingMetadataManager {
        public ExtensionMetadataManager(List<MetadataProvider> list) throws MetadataProviderException {
            super(list);
            setRefreshCheckInterval(0L);
        }

        public EntityDescriptor getEntityDescriptor(String str) throws MetadataProviderException {
            return super.getEntityDescriptor(str);
        }

        public EntityDescriptor getEntityDescriptor(byte[] bArr) throws MetadataProviderException {
            return super.getEntityDescriptor(bArr);
        }

        public String getEntityIdForAlias(String str) throws MetadataProviderException {
            return super.getEntityIdForAlias(str);
        }

        public ExtendedMetadata getExtendedMetadata(String str) throws MetadataProviderException {
            return super.getExtendedMetadata(str);
        }

        public void refreshMetadata() {
            super.refreshMetadata();
        }

        public void addMetadataProvider(MetadataProvider metadataProvider) throws MetadataProviderException {
            ComparableProvider comparableProvider = null;
            if ((metadataProvider instanceof ExtendedMetadataDelegate) && (((ExtendedMetadataDelegate) metadataProvider).getDelegate() instanceof ComparableProvider)) {
                comparableProvider = (ComparableProvider) ((ExtendedMetadataDelegate) metadataProvider).getDelegate();
            } else {
                ZoneAwareMetadataManager.logger.warn("Adding Unknown SAML Provider type:" + (metadataProvider != null ? metadataProvider.getClass() : null) + ":" + metadataProvider);
            }
            Iterator<ExtendedMetadataDelegate> it = getAvailableProviders().iterator();
            while (it.hasNext()) {
                MetadataProvider metadataProvider2 = (MetadataProvider) it.next();
                if (metadataProvider.equals(metadataProvider2)) {
                    removeMetadataProvider(metadataProvider2);
                    if (comparableProvider != null) {
                        ZoneAwareMetadataManager.logger.debug("Found duplicate SAML provider, removing before readding zone[" + comparableProvider.getZoneId() + "] alias[" + comparableProvider.getAlias() + "]");
                    }
                }
            }
            super.addMetadataProvider(metadataProvider);
            if (comparableProvider != null) {
                ZoneAwareMetadataManager.logger.debug("Added Metadata for SAML provider zone[" + comparableProvider.getZoneId() + "] alias[" + comparableProvider.getAlias() + "]");
            }
        }

        public void destroy() {
            super.destroy();
        }

        public List<ExtendedMetadataDelegate> getAvailableProviders() {
            return super.getAvailableProviders();
        }

        public ExtendedMetadata getDefaultExtendedMetadata() {
            return super.getDefaultExtendedMetadata();
        }

        public String getDefaultIDP() throws MetadataProviderException {
            return super.getDefaultIDP();
        }

        public String getHostedSPName() {
            return super.getHostedSPName();
        }

        public Set<String> getIDPEntityNames() {
            return super.getIDPEntityNames();
        }

        public PKIXValidationInformationResolver getPKIXResolver(MetadataProvider metadataProvider, Set<String> set, Set<String> set2) {
            return super.getPKIXResolver(metadataProvider, set, set2);
        }

        public List<MetadataProvider> getProviders() {
            return super.getProviders();
        }

        public Set<String> getSPEntityNames() {
            return super.getSPEntityNames();
        }

        public SignatureTrustEngine getTrustEngine(MetadataProvider metadataProvider) {
            return super.getTrustEngine(metadataProvider);
        }

        public void initializeProvider(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
            super.initializeProvider(extendedMetadataDelegate);
        }

        public void initializeProviderData(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
            super.initializeProviderData(extendedMetadataDelegate);
        }

        public void initializeProviderFilters(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
            super.initializeProviderFilters(extendedMetadataDelegate);
        }

        public boolean isIDPValid(String str) {
            return super.isIDPValid(str);
        }

        public boolean isRefreshRequired() {
            return super.isRefreshRequired();
        }

        public boolean isSPValid(String str) {
            return super.isSPValid(str);
        }

        public List<String> parseProvider(MetadataProvider metadataProvider) throws MetadataProviderException {
            return super.parseProvider(metadataProvider);
        }

        public void removeMetadataProvider(MetadataProvider metadataProvider) {
            ComparableProvider comparableProvider = null;
            if ((metadataProvider instanceof ExtendedMetadataDelegate) && (((ExtendedMetadataDelegate) metadataProvider).getDelegate() instanceof ComparableProvider)) {
                comparableProvider = (ComparableProvider) ((ExtendedMetadataDelegate) metadataProvider).getDelegate();
            } else {
                ZoneAwareMetadataManager.logger.warn("Removing Unknown SAML Provider type:" + (metadataProvider != null ? metadataProvider.getClass() : null) + ":" + metadataProvider);
            }
            super.removeMetadataProvider(metadataProvider);
            if (comparableProvider != null) {
                ZoneAwareMetadataManager.logger.debug("Removed Metadata for SAML provider zone[" + comparableProvider.getZoneId() + "] alias[" + comparableProvider.getAlias() + "]");
            }
        }

        public void setDefaultExtendedMetadata(ExtendedMetadata extendedMetadata) {
            super.setDefaultExtendedMetadata(extendedMetadata);
        }

        public void setDefaultIDP(String str) {
            super.setDefaultIDP(str);
        }

        public void setHostedSPName(String str) {
            super.setHostedSPName(str);
        }

        public void setKeyManager(KeyManager keyManager) {
            super.setKeyManager(keyManager);
        }

        public void setProviders(List<MetadataProvider> list) throws MetadataProviderException {
            super.setProviders(list);
        }

        public void setRefreshCheckInterval(long j) {
            super.setRefreshCheckInterval(j);
        }

        public void setRefreshRequired(boolean z) {
            super.setRefreshRequired(z);
        }

        public void setTLSConfigurer(TLSProtocolConfigurer tLSProtocolConfigurer) {
            super.setTLSConfigurer(tLSProtocolConfigurer);
        }

        public void doAddMetadataProvider(MetadataProvider metadataProvider, List<MetadataProvider> list) {
            super.doAddMetadataProvider(metadataProvider, list);
        }

        public void emitChangeEvent() {
            super.emitChangeEvent();
        }

        public EntitiesDescriptor getEntitiesDescriptor(String str) throws MetadataProviderException {
            return super.getEntitiesDescriptor(str);
        }

        public XMLObject getMetadata() throws MetadataProviderException {
            return super.getMetadata();
        }

        public MetadataFilter getMetadataFilter() {
            return super.getMetadataFilter();
        }

        public List<ObservableMetadataProvider.Observer> getObservers() {
            return super.getObservers();
        }

        public List<RoleDescriptor> getRole(String str, QName qName) throws MetadataProviderException {
            return super.getRole(str, qName);
        }

        public RoleDescriptor getRole(String str, QName qName, String str2) throws MetadataProviderException {
            return super.getRole(str, qName, str2);
        }

        public void setMetadataFilter(MetadataFilter metadataFilter) throws MetadataProviderException {
            super.setMetadataFilter(metadataFilter);
        }

        public void setRequireValidMetadata(boolean z) {
            super.setRequireValidMetadata(z);
        }

        public boolean requireValidMetadata() {
            return super.requireValidMetadata();
        }
    }

    /* loaded from: input_file:org/cloudfoundry/identity/uaa/login/saml/ZoneAwareMetadataManager$MetadataProviderObserver.class */
    public static class MetadataProviderObserver implements ObservableMetadataProvider.Observer {
        private ExtensionMetadataManager manager;

        public MetadataProviderObserver(ExtensionMetadataManager extensionMetadataManager) {
            this.manager = extensionMetadataManager;
        }

        public void onEvent(MetadataProvider metadataProvider) {
            this.manager.setRefreshRequired(true);
        }
    }

    /* loaded from: input_file:org/cloudfoundry/identity/uaa/login/saml/ZoneAwareMetadataManager$RefreshTask.class */
    private class RefreshTask extends TimerTask {
        private RefreshTask() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            try {
                ZoneAwareMetadataManager.this.refreshAllProviders(false);
            } catch (Exception e) {
                ZoneAwareMetadataManager.this.log.error("Unable to run SAML provider refresh task:", e);
            }
        }
    }

    public ZoneAwareMetadataManager(IdentityProviderProvisioning identityProviderProvisioning, IdentityZoneProvisioning identityZoneProvisioning, SamlIdentityProviderConfigurator samlIdentityProviderConfigurator, KeyManager keyManager, ProviderChangedListener providerChangedListener) throws MetadataProviderException {
        super(Collections.emptyList());
        this.refreshInterval = 30000L;
        this.lastRefresh = 0L;
        this.beanName = ZoneAwareMetadataManager.class.getName() + "-" + System.identityHashCode(this);
        this.providerDao = identityProviderProvisioning;
        this.zoneDao = identityZoneProvisioning;
        this.configurator = samlIdentityProviderConfigurator;
        this.keyManager = keyManager;
        super.setKeyManager(keyManager);
        super.setRefreshCheckInterval(0L);
        if (this.metadataManagers == null) {
            this.metadataManagers = new ConcurrentHashMap();
        }
        this.providerChangedListener = providerChangedListener;
    }

    public void setBeanName(String str) {
        this.beanName = str;
    }

    @PostConstruct
    public void checkAllProviders() throws MetadataProviderException {
        Iterator<Map.Entry<IdentityZone, ExtensionMetadataManager>> it = this.metadataManagers.entrySet().iterator();
        while (it.hasNext()) {
            it.next().getValue().setKeyManager(this.keyManager);
        }
        refreshAllProviders();
        this.timer = new Timer("ZoneAwareMetadataManager.Refresh[" + this.beanName + "]", true);
        this.timer.schedule(new RefreshTask(), this.refreshInterval, this.refreshInterval);
        this.providerChangedListener.setMetadataManager(this);
    }

    protected void refreshAllProviders() throws MetadataProviderException {
        refreshAllProviders(true);
    }

    protected String getThreadNameAndId() {
        return Thread.currentThread().getName() + "-" + System.identityHashCode(Thread.currentThread());
    }

    protected void refreshAllProviders(boolean z) throws MetadataProviderException {
        logger.debug("Running SAML IDP refresh[" + getThreadNameAndId() + "] - ignoreTimestamp=" + z);
        for (IdentityZone identityZone : this.zoneDao.retrieveAll()) {
            ExtensionMetadataManager manager = getManager(identityZone);
            boolean z2 = false;
            for (IdentityProvider identityProvider : this.providerDao.retrieveAll(false, identityZone.getId())) {
                if (Origin.SAML.equals(identityProvider.getType()) && (z || this.lastRefresh < identityProvider.getLastModified().getTime())) {
                    try {
                        SamlIdentityProviderDefinition samlIdentityProviderDefinition = (SamlIdentityProviderDefinition) JsonUtils.readValue(identityProvider.getConfig(), SamlIdentityProviderDefinition.class);
                        try {
                            if (identityProvider.isActive()) {
                                this.log.info("Adding SAML IDP zone[" + identityZone.getId() + "] alias[" + samlIdentityProviderDefinition.getIdpEntityAlias() + "]");
                                MetadataProvider[] addSamlIdentityProviderDefinition = this.configurator.addSamlIdentityProviderDefinition(samlIdentityProviderDefinition);
                                if (addSamlIdentityProviderDefinition[1] != null) {
                                    manager.removeMetadataProvider(addSamlIdentityProviderDefinition[1]);
                                }
                                manager.addMetadataProvider(addSamlIdentityProviderDefinition[0]);
                            } else {
                                this.log.info("Removing SAML IDP zone[" + identityZone.getId() + "] alias[" + samlIdentityProviderDefinition.getIdpEntityAlias() + "]");
                                ExtendedMetadataDelegate removeIdentityProviderDefinition = this.configurator.removeIdentityProviderDefinition(samlIdentityProviderDefinition);
                                if (removeIdentityProviderDefinition != null) {
                                    manager.removeMetadataProvider(removeIdentityProviderDefinition);
                                }
                            }
                            z2 = true;
                        } catch (MetadataProviderException e) {
                            logger.error("Unable to refresh identity provider:" + samlIdentityProviderDefinition, e);
                        }
                    } catch (JsonUtils.JsonUtilException e2) {
                        logger.error("Unable to load provider:" + identityProvider, e2);
                    }
                }
            }
            if (z2) {
                refreshZoneManager(manager);
            }
        }
        this.lastRefresh = System.currentTimeMillis();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ExtensionMetadataManager getManager(IdentityZone identityZone) {
        if (this.metadataManagers == null) {
            this.metadataManagers = new ConcurrentHashMap();
        }
        if (this.metadataManagers.get(identityZone) == null) {
            try {
                ExtensionMetadataManager extensionMetadataManager = new ExtensionMetadataManager(Collections.emptyList());
                extensionMetadataManager.setKeyManager(this.keyManager);
                ((ConcurrentHashMap) this.metadataManagers).putIfAbsent(identityZone, extensionMetadataManager);
            } catch (MetadataProviderException e) {
                throw new IllegalStateException((Throwable) e);
            }
        }
        return this.metadataManagers.get(identityZone);
    }

    protected ExtensionMetadataManager getManager() {
        return getManager(IdentityZoneHolder.get());
    }

    public void setProviders(List<MetadataProvider> list) throws MetadataProviderException {
        getManager().setProviders(list);
    }

    public void refreshMetadata() {
        getManager().refreshMetadata();
    }

    public void addMetadataProvider(MetadataProvider metadataProvider) throws MetadataProviderException {
        getManager().addMetadataProvider(metadataProvider);
    }

    public void removeMetadataProvider(MetadataProvider metadataProvider) {
        getManager().removeMetadataProvider(metadataProvider);
    }

    public List<MetadataProvider> getProviders() {
        return getManager().getProviders();
    }

    public List<ExtendedMetadataDelegate> getAvailableProviders() {
        return getManager().getAvailableProviders();
    }

    protected void initializeProvider(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
        getManager().initializeProvider(extendedMetadataDelegate);
    }

    protected void initializeProviderData(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
        getManager().initializeProviderData(extendedMetadataDelegate);
    }

    protected void initializeProviderFilters(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
        getManager().initializeProviderFilters(extendedMetadataDelegate);
    }

    protected SignatureTrustEngine getTrustEngine(MetadataProvider metadataProvider) {
        return getManager().getTrustEngine(metadataProvider);
    }

    protected PKIXValidationInformationResolver getPKIXResolver(MetadataProvider metadataProvider, Set<String> set, Set<String> set2) {
        return getManager().getPKIXResolver(metadataProvider, set, set2);
    }

    protected List<String> parseProvider(MetadataProvider metadataProvider) throws MetadataProviderException {
        return getManager().parseProvider(metadataProvider);
    }

    public Set<String> getIDPEntityNames() {
        return getManager().getIDPEntityNames();
    }

    public Set<String> getSPEntityNames() {
        return getManager().getSPEntityNames();
    }

    public boolean isIDPValid(String str) {
        return getManager().isIDPValid(str);
    }

    public boolean isSPValid(String str) {
        return getManager().isSPValid(str);
    }

    public String getHostedSPName() {
        return getManager().getHostedSPName();
    }

    public void setHostedSPName(String str) {
        getManager().setHostedSPName(str);
    }

    public String getDefaultIDP() throws MetadataProviderException {
        return getManager().getDefaultIDP();
    }

    public void setDefaultIDP(String str) {
        getManager().setDefaultIDP(str);
    }

    public EntityDescriptor getEntityDescriptor(byte[] bArr) throws MetadataProviderException {
        return getManager().getEntityDescriptor(bArr);
    }

    public String getEntityIdForAlias(String str) throws MetadataProviderException {
        return getManager().getEntityIdForAlias(str);
    }

    public ExtendedMetadata getDefaultExtendedMetadata() {
        return getManager().getDefaultExtendedMetadata();
    }

    public void setDefaultExtendedMetadata(ExtendedMetadata extendedMetadata) {
        getManager().setDefaultExtendedMetadata(extendedMetadata);
    }

    public boolean isRefreshRequired() {
        return getManager().isRefreshRequired();
    }

    public void setRefreshRequired(boolean z) {
        getManager().setRefreshRequired(z);
    }

    public void setRefreshCheckInterval(long j) {
        this.refreshInterval = j;
    }

    public void setKeyManager(KeyManager keyManager) {
        getManager().setKeyManager(keyManager);
    }

    public void setTLSConfigurer(TLSProtocolConfigurer tLSProtocolConfigurer) {
        getManager().setTLSConfigurer(tLSProtocolConfigurer);
    }

    protected void doAddMetadataProvider(MetadataProvider metadataProvider, List<MetadataProvider> list) {
        getManager().doAddMetadataProvider(metadataProvider, list);
    }

    public void setRequireValidMetadata(boolean z) {
        getManager().setRequireValidMetadata(z);
    }

    public MetadataFilter getMetadataFilter() {
        return getManager().getMetadataFilter();
    }

    public void setMetadataFilter(MetadataFilter metadataFilter) throws MetadataProviderException {
        getManager().setMetadataFilter(metadataFilter);
    }

    public XMLObject getMetadata() throws MetadataProviderException {
        return getManager().getMetadata();
    }

    public EntitiesDescriptor getEntitiesDescriptor(String str) throws MetadataProviderException {
        return getManager().getEntitiesDescriptor(str);
    }

    public EntityDescriptor getEntityDescriptor(String str) throws MetadataProviderException {
        return getManager().getEntityDescriptor(str);
    }

    public List<RoleDescriptor> getRole(String str, QName qName) throws MetadataProviderException {
        return getManager().getRole(str, qName);
    }

    public RoleDescriptor getRole(String str, QName qName, String str2) throws MetadataProviderException {
        return getManager().getRole(str, qName, str2);
    }

    public List<ObservableMetadataProvider.Observer> getObservers() {
        return getManager().getObservers();
    }

    protected void emitChangeEvent() {
        getManager().emitChangeEvent();
    }

    public boolean requireValidMetadata() {
        return getManager().requireValidMetadata();
    }

    public void destroy() {
        if (this.timer != null) {
            this.timer.cancel();
            this.timer.purge();
            this.timer = null;
        }
        Iterator<Map.Entry<IdentityZone, ExtensionMetadataManager>> it = this.metadataManagers.entrySet().iterator();
        while (it.hasNext()) {
            it.next().getValue().destroy();
        }
        this.metadataManagers.clear();
        super.destroy();
    }

    public ExtendedMetadata getExtendedMetadata(String str) throws MetadataProviderException {
        return super.getExtendedMetadata(str);
    }

    protected Set<ComparableProvider> refreshZoneManager(ExtensionMetadataManager extensionMetadataManager) {
        HashSet hashSet = new HashSet();
        try {
            this.log.trace("Executing metadata refresh task");
            Iterator<MetadataProvider> it = extensionMetadataManager.getProviders().iterator();
            while (it.hasNext()) {
                it.next().getMetadata();
            }
            if (extensionMetadataManager.isRefreshRequired()) {
                extensionMetadataManager.refreshMetadata();
            }
            Iterator<MetadataProvider> it2 = extensionMetadataManager.getProviders().iterator();
            while (it2.hasNext()) {
                ComparableProvider comparableProvider = (MetadataProvider) it2.next();
                if (comparableProvider instanceof ComparableProvider) {
                    hashSet.add(comparableProvider);
                } else if ((comparableProvider instanceof ExtendedMetadataDelegate) && (((ExtendedMetadataDelegate) comparableProvider).getDelegate() instanceof ComparableProvider)) {
                    hashSet.add(((ExtendedMetadataDelegate) comparableProvider).getDelegate());
                }
            }
        } catch (Throwable th) {
            this.log.warn("Metadata refreshing has failed", th);
        }
        return hashSet;
    }
}
