package net.shibboleth.idp.attribute.filter.matcher.saml.impl;

import java.time.Instant;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.attribute.AttributesMapContainer;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.IdPAttributeValue;
import net.shibboleth.idp.attribute.IdPRequestedAttribute;
import net.shibboleth.idp.attribute.StringAttributeValue;
import net.shibboleth.idp.attribute.filter.Matcher;
import net.shibboleth.idp.attribute.filter.context.AttributeFilterContext;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.annotation.constraint.Unmodifiable;
import net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.xml.DOMTypeSupport;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.schema.XSAny;
import org.opensaml.core.xml.schema.XSBase64Binary;
import org.opensaml.core.xml.schema.XSBoolean;
import org.opensaml.core.xml.schema.XSDateTime;
import org.opensaml.core.xml.schema.XSInteger;
import org.opensaml.core.xml.schema.XSString;
import org.opensaml.core.xml.schema.XSURI;
import org.opensaml.saml.common.messaging.context.AttributeConsumingServiceContext;
import org.opensaml.saml.common.messaging.context.SAMLMetadataContext;
import org.opensaml.saml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml.saml2.metadata.RequestedAttribute;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/attribute/filter/matcher/saml/impl/AttributeInMetadataMatcher.class */
public class AttributeInMetadataMatcher extends AbstractIdentifiableInitializableComponent implements Matcher {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AttributeInMetadataMatcher.class);
    private boolean onlyIfRequired = true;
    private boolean matchIfMetadataSilent;

    @NotEmpty
    @Nullable
    private String attributeName;

    @NotEmpty
    @Nullable
    private String attributeNameFormat;

    @NotEmpty
    @Nullable
    private String logPrefix;

    public boolean getOnlyIfRequired() {
        return this.onlyIfRequired;
    }

    public void setOnlyIfRequired(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.onlyIfRequired = z;
    }

    public boolean getMatchIfMetadataSilent() {
        return this.matchIfMetadataSilent;
    }

    public void setMatchIfMetadataSilent(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.matchIfMetadataSilent = z;
    }

    @NotEmpty
    @Nullable
    public String getAttributeName() {
        return this.attributeName;
    }

    public void setAttributeName(@NotEmpty @Nullable String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.attributeName = StringSupport.trimOrNull(str);
    }

    @NotEmpty
    @Nullable
    public String getAttributeNameFormat() {
        return this.attributeNameFormat;
    }

    public void setAttributeNameFormat(@NotEmpty @Nullable String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.attributeNameFormat = StringSupport.trimOrNull(str);
        if (this.attributeNameFormat == null || !"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified".equals(this.attributeNameFormat)) {
            return;
        }
        this.attributeNameFormat = null;
    }

    @Nonnull
    public Set<IdPAttributeValue> getMatchingValues(@Nonnull IdPAttribute idPAttribute, @Nonnull AttributeFilterContext attributeFilterContext) {
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        AttributeConsumingService attributeConsumingService = getAttributeConsumingService(attributeFilterContext);
        if (null == attributeConsumingService) {
            if (this.matchIfMetadataSilent) {
                this.log.debug("{} The peer's metadata did not contain requested attribute information, returning all the input values", getLogPrefix());
                return Set.copyOf(idPAttribute.getValues());
            }
            this.log.debug("{} The peer's metadata did not contain requested attribute information, returning no values", getLogPrefix());
            return Collections.emptySet();
        }
        if (this.attributeName != null) {
            this.log.debug("Looking for RequestedAttribute {} (NameFormat {}) in metadata", this.attributeName, this.attributeNameFormat);
            RequestedAttribute findInMetadata = findInMetadata(attributeConsumingService, this.attributeName, this.attributeNameFormat);
            String id = this.attributeName != null ? this.attributeName : idPAttribute.getId();
            if (null == findInMetadata) {
                this.log.debug("{} Attribute {} not found in metadata", getLogPrefix(), id);
                return Collections.emptySet();
            }
            if (this.onlyIfRequired && !findInMetadata.isRequired().booleanValue()) {
                this.log.debug("{} Attribute {} found in metadata, but was not required, values not matched", getLogPrefix(), id);
                return Collections.emptySet();
            }
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            linkedHashSet.addAll(filterValues(id, idPAttribute, findInMetadata.getAttributeValues()));
            return linkedHashSet;
        }
        List list = attributeConsumingService.getObjectMetadata().get(AttributesMapContainer.class);
        if (null == list || list.isEmpty() || ((AttributesMapContainer) list.get(0)).get() == null || ((AttributesMapContainer) list.get(0)).get().isEmpty()) {
            this.log.debug("{} No decoded attributes found when filtering", getLogPrefix());
            if (this.matchIfMetadataSilent) {
                this.log.debug("{} The peer's metadata did not contain requested attribute information, returning all the input values", getLogPrefix());
                return Set.copyOf(idPAttribute.getValues());
            }
            this.log.debug("{} The peer's metadata did not contain requested attribute information, returning no values", getLogPrefix());
            return Collections.emptySet();
        }
        if (list.size() > 1) {
            this.log.error("{} More than one set of mapped attributes found when filtering, this shouldn't ever happen", getLogPrefix());
        }
        Collection collection = ((AttributesMapContainer) list.get(0)).get().get(idPAttribute.getId());
        if (null == collection) {
            this.log.debug("{} Decoded attribute {} not found in metadata", getLogPrefix(), idPAttribute.getId());
            return Collections.emptySet();
        }
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        for (IdPRequestedAttribute idPRequestedAttribute : List.copyOf(collection)) {
            if ((idPRequestedAttribute instanceof IdPRequestedAttribute) && !idPRequestedAttribute.isRequired() && this.onlyIfRequired) {
                this.log.debug("{} Decoded attribute {} found in metadata, but not required, values not matched", getLogPrefix(), idPAttribute.getId());
            } else {
                linkedHashSet2.addAll(filterValues(idPAttribute, idPRequestedAttribute.getValues()));
            }
        }
        return linkedHashSet2;
    }

    @Nullable
    private AttributeConsumingService getAttributeConsumingService(@Nonnull AttributeFilterContext attributeFilterContext) {
        SAMLMetadataContext requesterMetadataContext = attributeFilterContext.getRequesterMetadataContext();
        if (null == requesterMetadataContext) {
            this.log.warn("{} No metadata context when filtering", getLogPrefix());
            return null;
        }
        AttributeConsumingServiceContext subcontext = requesterMetadataContext.getSubcontext(AttributeConsumingServiceContext.class);
        if (subcontext != null) {
            return subcontext.getAttributeConsumingService();
        }
        return null;
    }

    @Nullable
    private RequestedAttribute findInMetadata(@Nonnull AttributeConsumingService attributeConsumingService, @Nonnull String str, @Nullable String str2) {
        for (RequestedAttribute requestedAttribute : attributeConsumingService.getRequestedAttributes()) {
            if (requestedAttribute.getName().equals(str)) {
                String nameFormat = requestedAttribute.getNameFormat();
                if (str2 == null || nameFormat == null || nameFormat.equals("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified") || str2.equals(nameFormat)) {
                    return requestedAttribute;
                }
            }
        }
        return null;
    }

    @Nonnull
    private Set<IdPAttributeValue> filterValues(@Nullable IdPAttribute idPAttribute, @NonnullElements @Nonnull List<IdPAttributeValue> list) {
        if (null == list || list.isEmpty()) {
            this.log.debug("{} Attribute {} found in metadata and no values specified", getLogPrefix(), idPAttribute.getId());
            return Set.copyOf(idPAttribute.getValues());
        }
        Set<IdPAttributeValue> set = (Set) idPAttribute.getValues().stream().filter(idPAttributeValue -> {
            return list.contains(idPAttributeValue);
        }).collect(Collectors.toUnmodifiableSet());
        this.log.debug("{} Values matched with metadata for Attribute {} : {}", new Object[]{getLogPrefix(), idPAttribute.getId(), set});
        return set;
    }

    @NonnullElements
    @Nonnull
    @Unmodifiable
    private Set<IdPAttributeValue> filterValues(@Nonnull String str, @Nullable IdPAttribute idPAttribute, @NonnullElements @Nonnull List<XMLObject> list) {
        if (list.isEmpty()) {
            this.log.debug("{} Attribute {} found in metadata and no values specified", getLogPrefix(), str);
            return Set.copyOf(idPAttribute.getValues());
        }
        HashSet hashSet = new HashSet(idPAttribute.getValues().size());
        for (StringAttributeValue stringAttributeValue : idPAttribute.getValues()) {
            if (stringAttributeValue instanceof StringAttributeValue) {
                Iterator<XMLObject> it = list.iterator();
                while (it.hasNext()) {
                    if (match(it.next(), stringAttributeValue.getValue())) {
                        hashSet.add(stringAttributeValue);
                    }
                }
            } else {
                this.log.warn("{} Attribute {} value not a simple string, can't match against values in metadata", getLogPrefix(), idPAttribute.getId());
            }
        }
        this.log.debug("{} Values matched with metadata for Attribute {} : {}", new Object[]{getLogPrefix(), str, hashSet});
        return Set.copyOf(hashSet);
    }

    private boolean match(XMLObject xMLObject, String str) {
        String str2 = null;
        if (xMLObject instanceof XSString) {
            str2 = ((XSString) xMLObject).getValue();
        } else if (xMLObject instanceof XSURI) {
            str2 = ((XSURI) xMLObject).getURI();
        } else if (xMLObject instanceof XSBoolean) {
            str2 = ((XSBoolean) xMLObject).getValue().getValue().booleanValue() ? "1" : "0";
        } else if (xMLObject instanceof XSInteger) {
            str2 = ((XSInteger) xMLObject).getValue().toString();
        } else if (xMLObject instanceof XSDateTime) {
            Instant value = ((XSDateTime) xMLObject).getValue();
            if (value != null) {
                str2 = DOMTypeSupport.instantToString(value);
            }
        } else if (xMLObject instanceof XSBase64Binary) {
            str2 = ((XSBase64Binary) xMLObject).getValue();
        } else if (xMLObject instanceof XSAny) {
            XSAny xSAny = (XSAny) xMLObject;
            if (xSAny.getUnknownAttributes().isEmpty() && xSAny.getUnknownXMLObjects().isEmpty()) {
                str2 = xSAny.getTextContent();
            }
        }
        if (str2 != null) {
            return str2.equals(str);
        }
        this.log.warn("Unrecognized XMLObject type, unable to match as a string to candidate value");
        return false;
    }

    @Nonnull
    protected String getLogPrefix() {
        String str = this.logPrefix;
        if (null == str) {
            str = "Attribute Filter '" + getId() + "':";
            if (null == this.logPrefix) {
                this.logPrefix = str;
            }
        }
        return str;
    }
}
