package net.shibboleth.idp.attribute.filter.policyrule.saml.impl;

import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.attribute.filter.PolicyRequirementRule;
import net.shibboleth.idp.attribute.filter.context.AttributeFilterContext;
import net.shibboleth.idp.attribute.filter.policyrule.impl.AbstractPolicyRule;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.saml.common.messaging.context.SAMLMetadataContext;
import org.opensaml.saml.saml2.metadata.NameIDFormat;
import org.opensaml.saml.saml2.metadata.SSODescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/attribute/filter/policyrule/saml/impl/AttributeRequesterNameIDFormatExactPolicyRule.class */
public class AttributeRequesterNameIDFormatExactPolicyRule extends AbstractPolicyRule {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AttributeRequesterNameIDFormatExactPolicyRule.class);

    @NonnullAfterInit
    @NotEmpty
    private String nameIdFormat;

    @NonnullAfterInit
    @NotEmpty
    public String getNameIdFormat() {
        return this.nameIdFormat;
    }

    public void setNameIdFormat(@Nullable String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.nameIdFormat = StringSupport.trimOrNull(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.attribute.filter.policyrule.impl.AbstractPolicyRule
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (null == this.nameIdFormat) {
            throw new ComponentInitializationException(getLogPrefix() + " No NameID format specified");
        }
    }

    @Nullable
    protected SSODescriptor getEntitySSODescriptor(@Nonnull AttributeFilterContext attributeFilterContext) {
        SAMLMetadataContext requesterMetadataContext = attributeFilterContext.getRequesterMetadataContext();
        if (null == requesterMetadataContext) {
            this.log.debug("{} No requester metadata context found", getLogPrefix());
            return null;
        }
        SSODescriptor roleDescriptor = requesterMetadataContext.getRoleDescriptor();
        if (null == roleDescriptor) {
            this.log.warn("{} Could not locate RoleDescriptor in requester metadata context", getLogPrefix());
            return null;
        }
        if (roleDescriptor instanceof SSODescriptor) {
            return roleDescriptor;
        }
        this.log.warn("{} Located Role descriptor was of type {} and so could not be used", getLogPrefix(), roleDescriptor.getClass().toString());
        return null;
    }

    public PolicyRequirementRule.Tristate matches(@Nonnull AttributeFilterContext attributeFilterContext) {
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        SSODescriptor entitySSODescriptor = getEntitySSODescriptor(attributeFilterContext);
        if (entitySSODescriptor == null) {
            return PolicyRequirementRule.Tristate.FALSE;
        }
        List nameIDFormats = entitySSODescriptor.getNameIDFormats();
        if (nameIDFormats == null || nameIDFormats.isEmpty()) {
            this.log.debug("{} Entity SSO role descriptor does not list any supported NameID formats", getLogPrefix());
            return PolicyRequirementRule.Tristate.FALSE;
        }
        Iterator it = nameIDFormats.iterator();
        while (it.hasNext()) {
            if (this.nameIdFormat.equals(((NameIDFormat) it.next()).getURI())) {
                this.log.debug("{} Entity does support the NameID format '{}'", getLogPrefix(), this.nameIdFormat);
                return PolicyRequirementRule.Tristate.TRUE;
            }
        }
        this.log.debug("{} Entity does not support the NameID format '{}'", getLogPrefix(), this.nameIdFormat);
        return PolicyRequirementRule.Tristate.FALSE;
    }
}
