package org.squashtest.tm.plugin.saml;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Objects;
import java.util.Timer;
import javax.annotation.PreDestroy;
import javax.inject.Inject;
import javax.servlet.Filter;
import org.opensaml.saml2.metadata.provider.AbstractMetadataProvider;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider;
import org.opensaml.util.resource.FilesystemResource;
import org.opensaml.util.resource.ResourceException;
import org.opensaml.xml.parse.ParserPool;
import org.opensaml.xml.parse.StaticBasicParserPool;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.core.io.PathResource;
import org.springframework.core.io.Resource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.squashtest.tm.plugin.saml.config.SamlLoginRedirectFilter;
import org.squashtest.tm.plugin.saml.controller.SquashSAMLAuthFailureController;
import org.squashtest.tm.plugin.saml.properties.HttpClientConf;
import org.squashtest.tm.plugin.saml.properties.IDPProperties;
import org.squashtest.tm.plugin.saml.properties.KeystoreProperties;
import org.squashtest.tm.plugin.saml.properties.MetadataProperties;
import org.squashtest.tm.plugin.saml.properties.ReverseProxyProperties;
import org.squashtest.tm.plugin.saml.properties.SAMLProperties;
import org.squashtest.tm.plugin.saml.properties.SPProperties;
import org.squashtest.tm.plugin.saml.properties.SessionProperties;
import sqsaml.org.apache.commons.httpclient.HttpClient;
import sqsaml.org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
import sqsaml.org.apache.commons.httpclient.UsernamePasswordCredentials;
import sqsaml.org.apache.commons.httpclient.auth.AuthScope;
import sqsaml.org.apache.velocity.app.VelocityEngine;
import sqsaml.org.springframework.security.saml.SAMLAuthenticationProvider;
import sqsaml.org.springframework.security.saml.SAMLBootstrap;
import sqsaml.org.springframework.security.saml.SAMLEntryPoint;
import sqsaml.org.springframework.security.saml.SAMLLogoutFilter;
import sqsaml.org.springframework.security.saml.SAMLLogoutProcessingFilter;
import sqsaml.org.springframework.security.saml.SAMLProcessingFilter;
import sqsaml.org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter;
import sqsaml.org.springframework.security.saml.context.SAMLContextProvider;
import sqsaml.org.springframework.security.saml.context.SAMLContextProviderImpl;
import sqsaml.org.springframework.security.saml.context.SAMLContextProviderLB;
import sqsaml.org.springframework.security.saml.key.JKSKeyManager;
import sqsaml.org.springframework.security.saml.key.KeyManager;
import sqsaml.org.springframework.security.saml.log.SAMLDefaultLogger;
import sqsaml.org.springframework.security.saml.metadata.CachingMetadataManager;
import sqsaml.org.springframework.security.saml.metadata.ExtendedMetadata;
import sqsaml.org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import sqsaml.org.springframework.security.saml.metadata.MetadataDisplayFilter;
import sqsaml.org.springframework.security.saml.metadata.MetadataManager;
import sqsaml.org.springframework.security.saml.parser.ParserPoolHolder;
import sqsaml.org.springframework.security.saml.processor.HTTPArtifactBinding;
import sqsaml.org.springframework.security.saml.processor.HTTPPAOS11Binding;
import sqsaml.org.springframework.security.saml.processor.HTTPPostBinding;
import sqsaml.org.springframework.security.saml.processor.HTTPRedirectDeflateBinding;
import sqsaml.org.springframework.security.saml.processor.HTTPSOAP11Binding;
import sqsaml.org.springframework.security.saml.processor.SAMLProcessorImpl;
import sqsaml.org.springframework.security.saml.util.VelocityFactory;
import sqsaml.org.springframework.security.saml.websso.ArtifactResolutionProfile;
import sqsaml.org.springframework.security.saml.websso.ArtifactResolutionProfileImpl;
import sqsaml.org.springframework.security.saml.websso.SingleLogoutProfile;
import sqsaml.org.springframework.security.saml.websso.SingleLogoutProfileImpl;
import sqsaml.org.springframework.security.saml.websso.WebSSOProfile;
import sqsaml.org.springframework.security.saml.websso.WebSSOProfileConsumer;
import sqsaml.org.springframework.security.saml.websso.WebSSOProfileConsumerHoKImpl;
import sqsaml.org.springframework.security.saml.websso.WebSSOProfileConsumerImpl;
import sqsaml.org.springframework.security.saml.websso.WebSSOProfileECPImpl;
import sqsaml.org.springframework.security.saml.websso.WebSSOProfileHoKImpl;
import sqsaml.org.springframework.security.saml.websso.WebSSOProfileImpl;
import sqsaml.org.springframework.security.saml.websso.WebSSOProfileOptions;

@EnableConfigurationProperties({SAMLProperties.class})
@SAMLActivationSwitch
@Configuration
/* loaded from: input_file:org/squashtest/tm/plugin/saml/SAMLConfig.class */
public class SAMLConfig {
    private static final Logger LOGGER = LoggerFactory.getLogger(SAMLConfig.class);
    public static final String SAML_PROVIDER_NAME = "saml";
    private final MultiThreadedHttpConnectionManager multiThreadedHttpConnectionManager = new MultiThreadedHttpConnectionManager();

    @Inject
    private SAMLProperties samlProperties;

    @Value("${squash.path.config-path}")
    private String confFolder;

    @PreDestroy
    public void destroy() {
        this.multiThreadedHttpConnectionManager.shutdown();
    }

    @Bean
    public AuthenticationManager samlAuthenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        ProviderManager providerManager;
        ProviderManager authenticationManager = authenticationConfiguration.getAuthenticationManager();
        if (!(authenticationManager instanceof ProviderManager) || (providerManager = authenticationManager) != authenticationManager) {
            return authenticationManager;
        }
        providerManager.getProviders().add(samlAuthenticationProvider());
        providerManager.setEraseCredentialsAfterAuthentication(true);
        return providerManager;
    }

    @Bean
    @Order(sqsaml.org.owasp.esapi.Logger.FATAL)
    public SecurityFilterChain samlSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.httpBasic().authenticationEntryPoint(samlEntryPoint()).and().addFilterBefore(samlFilter(samlAuthenticationManager((AuthenticationConfiguration) httpSecurity.getSharedObject(AuthenticationConfiguration.class))), BasicAuthenticationFilter.class);
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    public SAMLEntryPoint samlEntryPoint() throws Exception {
        LOGGER.info("initializing : samlEntryPoint");
        SAMLEntryPoint sAMLEntryPoint = new SAMLEntryPoint();
        sAMLEntryPoint.setDefaultProfileOptions(samlWebSSOProfileOptions());
        sAMLEntryPoint.setWebSSOprofile(samlWebSSOprofile());
        sAMLEntryPoint.setWebSSOprofileECP(samlEcpProfile());
        sAMLEntryPoint.setWebSSOprofileHoK(samlHokWebSSOProfile());
        sAMLEntryPoint.setSamlLogger(samlLogger());
        sAMLEntryPoint.setContextProvider(samlContextProvider());
        sAMLEntryPoint.setMetadata(samlMetadataManager());
        return sAMLEntryPoint;
    }

    @ConditionalOnProperty(value = {"authentication.provider"}, havingValue = SAML_PROVIDER_NAME)
    @Bean
    public SamlLoginRedirectFilter samlLoginRedirectFilter() {
        LOGGER.info("initializing : samlLoginRedirectFilter");
        return new SamlLoginRedirectFilter();
    }

    @Bean
    public WebSSOProfileOptions samlWebSSOProfileOptions() {
        LOGGER.info("initializing : samlWebSSOProfileOptions");
        return this.samlProperties.getSso();
    }

    @Bean
    public FilterChainProxy samlFilter(@Qualifier("samlAuthenticationManager") AuthenticationManager authenticationManager) throws Exception {
        LOGGER.info("initializing : samlFilter");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/auth/saml/login/**"), new Filter[]{samlEntryPoint()}));
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/auth/saml/logout/**"), new Filter[]{samlLogoutFilter()}));
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/auth/saml/metadata/**"), new Filter[]{samlMetadataDisplayFilter()}));
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/auth/saml/SSO/**"), new Filter[]{samlWebSSOProcessingFilter(authenticationManager)}));
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/auth/saml/SSOHoK/**"), new Filter[]{samlWebSSOHoKProcessingFilter(authenticationManager)}));
        arrayList.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/auth/saml/SingleLogout/**"), new Filter[]{samlLogoutProcessingFilter()}));
        return new FilterChainProxy(arrayList);
    }

    @Bean
    public MetadataDisplayFilter samlMetadataDisplayFilter() {
        LOGGER.info("initializing : samlMetadataDisplayFilter");
        return new MetadataDisplayFilter();
    }

    @Bean
    public SavedRequestAwareAuthenticationSuccessHandler samlSuccessRedirectHandler() {
        LOGGER.info("initializing : samlSuccessRedirectHandler");
        SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        savedRequestAwareAuthenticationSuccessHandler.setDefaultTargetUrl("/");
        return savedRequestAwareAuthenticationSuccessHandler;
    }

    @Bean
    public SimpleUrlAuthenticationFailureHandler samlAuthenticationFailureHandler() {
        LOGGER.info("initializing : samlAuthenticationFailureHandler");
        SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler = new SimpleUrlAuthenticationFailureHandler();
        simpleUrlAuthenticationFailureHandler.setDefaultFailureUrl(SquashSAMLAuthFailureController.FAIL_URL);
        return simpleUrlAuthenticationFailureHandler;
    }

    @Bean
    public SAMLProcessingFilter samlWebSSOProcessingFilter(@Qualifier("samlAuthenticationManager") AuthenticationManager authenticationManager) {
        LOGGER.info("initializing : samlWebSSOProcessingFilter");
        SAMLProcessingFilter sAMLProcessingFilter = new SAMLProcessingFilter();
        sAMLProcessingFilter.setAuthenticationManager(authenticationManager);
        sAMLProcessingFilter.setAuthenticationSuccessHandler(samlSuccessRedirectHandler());
        sAMLProcessingFilter.setAuthenticationFailureHandler(samlAuthenticationFailureHandler());
        return sAMLProcessingFilter;
    }

    @Bean
    public SAMLWebSSOHoKProcessingFilter samlWebSSOHoKProcessingFilter(@Qualifier("samlAuthenticationManager") AuthenticationManager authenticationManager) {
        LOGGER.info("initializing : samlWebSSOHoKProcessingFilter");
        SAMLWebSSOHoKProcessingFilter sAMLWebSSOHoKProcessingFilter = new SAMLWebSSOHoKProcessingFilter();
        sAMLWebSSOHoKProcessingFilter.setAuthenticationManager(authenticationManager);
        sAMLWebSSOHoKProcessingFilter.setAuthenticationSuccessHandler(samlSuccessRedirectHandler());
        sAMLWebSSOHoKProcessingFilter.setAuthenticationFailureHandler(samlAuthenticationFailureHandler());
        return sAMLWebSSOHoKProcessingFilter;
    }

    public SecurityContextLogoutHandler samlLogoutHandler() {
        LOGGER.info("initializing : samlLogoutHandler");
        SecurityContextLogoutHandler securityContextLogoutHandler = new SecurityContextLogoutHandler();
        securityContextLogoutHandler.setInvalidateHttpSession(true);
        securityContextLogoutHandler.setClearAuthentication(true);
        return securityContextLogoutHandler;
    }

    @Bean
    public SAMLLogoutProcessingFilter samlLogoutProcessingFilter() {
        LOGGER.info("initializing : samlLogoutProcessingFilter");
        return new SAMLLogoutProcessingFilter("/", samlLogoutHandler());
    }

    @Bean
    public SAMLLogoutFilter samlLogoutFilter() {
        LOGGER.info("initializing : samlLogoutFilter");
        return new SAMLLogoutFilter("/", new LogoutHandler[]{samlLogoutHandler()}, new LogoutHandler[]{samlLogoutHandler()});
    }

    @Bean
    public VelocityEngine samlVelocityEngine() {
        LOGGER.info("initializing : samlVelocityEngine");
        return VelocityFactory.getEngine();
    }

    @Bean(initMethod = "initialize")
    public ParserPool samlParserPool() {
        LOGGER.info("initializing : samlParserPool");
        return new StaticBasicParserPool();
    }

    @Bean
    public ParserPoolHolder samlParserPoolHolder() {
        LOGGER.info("initializing : samlParserPoolHolder");
        return new ParserPoolHolder();
    }

    @Bean
    public SAMLAuthenticationProvider samlAuthenticationProvider() {
        LOGGER.info("initializing : samlAuthenticationProvider");
        SquashSAMLAuthProvider squashSAMLAuthProvider = new SquashSAMLAuthProvider();
        squashSAMLAuthProvider.setExcludeCredential(true);
        squashSAMLAuthProvider.setConsumer(samlWebSSOprofileConsumer());
        squashSAMLAuthProvider.setHokConsumer(samlHokWebSSOprofileConsumer());
        squashSAMLAuthProvider.setSamlLogger(samlLogger());
        squashSAMLAuthProvider.setUserDetails(samlUserDetailsService());
        squashSAMLAuthProvider.setFeatures(samlProviderFeatures());
        return squashSAMLAuthProvider;
    }

    @Bean
    public SAMLProviderFeatures samlProviderFeatures() {
        return new SAMLProviderFeatures();
    }

    @Bean
    public SquashSAMLUserDetailsService samlUserDetailsService() {
        return new SquashSAMLUserDetailsService(this.samlProperties.getUserMapping());
    }

    @Bean
    public SAMLContextProvider samlContextProvider() {
        SAMLContextProviderImpl sAMLContextProviderImpl;
        LOGGER.info("initializing : samlContextProvider");
        ReverseProxyProperties proxy = this.samlProperties.getProxy();
        if (proxy.isEnabled()) {
            LOGGER.trace("using the reverse-proxy friendly implementation");
            SAMLContextProviderLB sAMLContextProviderLB = new SAMLContextProviderLB();
            sAMLContextProviderLB.setScheme(proxy.getScheme());
            sAMLContextProviderLB.setContextPath(proxy.getContextPath());
            sAMLContextProviderLB.setIncludeServerPortInRequestURL(proxy.isIncludePortInUrl());
            sAMLContextProviderLB.setServerName(proxy.getServerName());
            sAMLContextProviderLB.setServerPort(proxy.getServerPort());
            sAMLContextProviderImpl = sAMLContextProviderLB;
        } else {
            LOGGER.trace("using the standard implementation");
            sAMLContextProviderImpl = new SAMLContextProviderImpl();
        }
        return sAMLContextProviderImpl;
    }

    @Bean
    public static SAMLBootstrap samlBootstrap() {
        LOGGER.info("initializing : samlBootstrap");
        return new CustomSAMLBootstrap();
    }

    @Bean
    public SAMLDefaultLogger samlLogger() {
        LOGGER.info("initializing : samlLogger");
        return new SAMLDefaultLogger();
    }

    @Bean({"webSSOprofile"})
    public WebSSOProfile samlWebSSOprofile() {
        LOGGER.info("initializing : samlWebSSOprofile");
        return new WebSSOProfileImpl();
    }

    @Bean({"webSSOprofileConsumer"})
    public WebSSOProfileConsumer samlWebSSOprofileConsumer() {
        LOGGER.info("initializing : samlWebSSOprofileConsumer");
        SessionProperties session = this.samlProperties.getSession();
        WebSSOProfileConsumerImpl webSSOProfileConsumerImpl = new WebSSOProfileConsumerImpl();
        webSSOProfileConsumerImpl.setMaxAuthenticationAge(session.getMaxAuthTime());
        webSSOProfileConsumerImpl.setMaxAssertionTime(session.getMaxAssertionTime());
        return webSSOProfileConsumerImpl;
    }

    @Bean({"hokWebSSOProfile"})
    public WebSSOProfile samlHokWebSSOProfile() {
        LOGGER.info("initializing : samlHokWebSSOProfile");
        return new WebSSOProfileHoKImpl();
    }

    @Bean({"hokWebSSOprofileConsumer"})
    public WebSSOProfileConsumerHoKImpl samlHokWebSSOprofileConsumer() {
        LOGGER.info("initializing : samlHokWebSSOprofileConsumer");
        SessionProperties session = this.samlProperties.getSession();
        WebSSOProfileConsumerHoKImpl webSSOProfileConsumerHoKImpl = new WebSSOProfileConsumerHoKImpl();
        webSSOProfileConsumerHoKImpl.setMaxAuthenticationAge(session.getMaxAuthTime());
        webSSOProfileConsumerHoKImpl.setMaxAssertionTime(session.getMaxAssertionTime());
        return webSSOProfileConsumerHoKImpl;
    }

    @Bean({"ecpprofile"})
    public WebSSOProfile samlEcpProfile() {
        LOGGER.info("initializing : samlEcpProfile");
        return new WebSSOProfileECPImpl();
    }

    @Bean
    public SingleLogoutProfile samlLogoutProfile() {
        LOGGER.info("initializing : samlLogoutProfile");
        return new SingleLogoutProfileImpl();
    }

    private HttpClient baseSamlHttpClient(HttpClientConf httpClientConf) {
        HttpClient httpClient = new HttpClient(this.multiThreadedHttpConnectionManager);
        if (httpClientConf.hasProxy()) {
            httpClient.getHostConfiguration().setProxy(httpClientConf.getHost(), httpClientConf.getPort());
        }
        if (httpClientConf.hasBasicCredentials()) {
            httpClient.getState().setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(httpClientConf.getUsername(), httpClientConf.getPassword()));
        }
        return httpClient;
    }

    private ArtifactResolutionProfile samlArtifactResolutionProfile() throws Exception {
        LOGGER.info("initializing : samlArtifactResolutionProfile");
        ArtifactResolutionProfileImpl artifactResolutionProfileImpl = new ArtifactResolutionProfileImpl(baseSamlHttpClient(this.samlProperties.getIdp().getHttpConf()));
        artifactResolutionProfileImpl.setProcessor(new SAMLProcessorImpl(new HTTPSOAP11Binding(samlParserPool())));
        artifactResolutionProfileImpl.setMetadata(samlMetadataManager());
        artifactResolutionProfileImpl.afterPropertiesSet();
        return artifactResolutionProfileImpl;
    }

    @Bean
    public HTTPArtifactBinding samlArtifactBinding() throws Exception {
        LOGGER.info("initializing : samlArtifactBinding");
        return new HTTPArtifactBinding(samlParserPool(), samlVelocityEngine(), samlArtifactResolutionProfile());
    }

    @Bean
    public HTTPPostBinding samlHttpPostBinding() {
        LOGGER.info("initializing : samlHttpPostBinding");
        return new HTTPPostBinding(samlParserPool(), samlVelocityEngine());
    }

    @Bean
    public HTTPRedirectDeflateBinding samlHttpRedirectDeflateBinding() {
        LOGGER.info("initializing : samlHttpRedirectDeflateBinding");
        return new HTTPRedirectDeflateBinding(samlParserPool());
    }

    @Bean
    public HTTPSOAP11Binding samlHttpSOAP11Binding() {
        LOGGER.info("initializing : samlHttpSOAP11Binding");
        return new HTTPSOAP11Binding(samlParserPool());
    }

    @Bean
    public HTTPPAOS11Binding samlHttpPAOS11Binding() {
        LOGGER.info("initializing : samlHttpPAOS11Binding");
        return new HTTPPAOS11Binding(samlParserPool());
    }

    @Bean
    public SAMLProcessorImpl samlProcessor() throws Exception {
        LOGGER.info("initializing : samlProcessor");
        ArrayList arrayList = new ArrayList();
        arrayList.add(samlHttpRedirectDeflateBinding());
        arrayList.add(samlHttpPostBinding());
        arrayList.add(samlArtifactBinding());
        arrayList.add(samlHttpSOAP11Binding());
        arrayList.add(samlHttpPAOS11Binding());
        return new SAMLProcessorImpl(arrayList);
    }

    @Bean
    public KeyManager samlKeyManager() {
        LOGGER.info("initializing : samlKeyManager");
        KeystoreProperties keystore = this.samlProperties.getKeystore();
        return new JKSKeyManager(findKeystoreResource(keystore.getUrl()), keystore.getPassword(), keystore.getCredentials(), keystore.getDefaultKey());
    }

    @Bean({"metadata"})
    public MetadataManager samlMetadataManager() throws MetadataProviderException {
        LOGGER.info("initializing : samlMetadataManager");
        CachingMetadataManager cachingMetadataManager = new CachingMetadataManager(Arrays.asList(samlSPMetadataProvider(), samlIDPMetadataProvider()));
        cachingMetadataManager.setRefreshCheckInterval(3600000L);
        return cachingMetadataManager;
    }

    @Bean
    public MetadataProvider samlSPMetadataProvider() {
        LOGGER.info("initializing : samlSPMetadataProvider");
        SPProperties sp = this.samlProperties.getSp();
        ExtendedMetadataDelegate extendedMetadataDelegate = getExtendedMetadataDelegate(sp.getMetadata(), samlSPExtendedMetadata());
        sp.configure(extendedMetadataDelegate);
        return extendedMetadataDelegate;
    }

    @Bean
    public MetadataProvider samlIDPMetadataProvider() {
        LOGGER.info("initializing : samlIDPMetadataProvider");
        IDPProperties idp = this.samlProperties.getIdp();
        ExtendedMetadataDelegate extendedMetadataDelegate = getExtendedMetadataDelegate(idp.getMetadata(), samlIDPExtendedMetadata());
        idp.configure(extendedMetadataDelegate);
        return extendedMetadataDelegate;
    }

    private ExtendedMetadataDelegate getExtendedMetadataDelegate(MetadataProperties metadataProperties, ExtendedMetadata extendedMetadata) {
        try {
            AbstractMetadataProvider createProvider = createProvider(metadataProperties.getUrl());
            createProvider.setParserPool(samlParserPool());
            return new ExtendedMetadataDelegate(createProvider, extendedMetadata);
        } catch (MetadataProviderException | ResourceException e) {
            throw new RuntimeException("Unable to create the metadata provider", e);
        }
    }

    @Bean
    public ExtendedMetadata samlIDPExtendedMetadata() {
        LOGGER.info("initializing : samlIDPExtendedMetadata");
        IDPProperties idp = this.samlProperties.getIdp();
        ExtendedMetadata extendedMetadata = new ExtendedMetadata();
        idp.configure(extendedMetadata);
        return extendedMetadata;
    }

    @Bean
    public ExtendedMetadata samlSPExtendedMetadata() {
        LOGGER.info("initializing : samlSPExtendedMetadata");
        SPProperties sp = this.samlProperties.getSp();
        ExtendedMetadata extendedMetadata = new ExtendedMetadata();
        sp.configure(extendedMetadata);
        return extendedMetadata;
    }

    private String resolvePath(String str) {
        String resolveRelativePath;
        if (str.startsWith("file:")) {
            LOGGER.trace("path {} use the file protocol ", str);
            resolveRelativePath = resolveAbsoluteUrlPath(str);
        } else {
            LOGGER.trace("path {} is a relative path", str);
            resolveRelativePath = resolveRelativePath(str);
        }
        return resolveRelativePath;
    }

    private String resolveRelativePath(String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(resolveUrlPath(this.confFolder));
        if (!this.confFolder.endsWith("/")) {
            sb.append("/");
        }
        sb.append(str);
        return sb.toString();
    }

    private String resolveAbsoluteUrlPath(String str) {
        try {
            String path = new URI(str).getPath();
            return Objects.nonNull(path) ? path : resolveUrlPath(str);
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException("The path " + str + " is not valid", e);
        }
    }

    private String resolveUrlPath(String str) {
        return str.replaceFirst("^(\\w+):(//)?", "");
    }

    private Resource findKeystoreResource(String str) {
        return new PathResource(resolvePath(str));
    }

    private AbstractMetadataProvider createProvider(String str) throws MetadataProviderException, ResourceException {
        AbstractMetadataProvider resourceBackedMetadataProvider;
        LOGGER.debug("resolving resource {}", str);
        if (str.startsWith("http")) {
            LOGGER.debug("resource accessible by http(s)");
            resourceBackedMetadataProvider = new HTTPMetadataProvider(new Timer(), baseSamlHttpClient(HttpClientConf.DEFAULT), str);
        } else {
            String resolvePath = resolvePath(str);
            LOGGER.debug("resource accessible by file path {}", resolvePath);
            resourceBackedMetadataProvider = new ResourceBackedMetadataProvider(new Timer(), new FilesystemResource(resolvePath));
        }
        return resourceBackedMetadataProvider;
    }
}
