package net.shibboleth.idp.attribute.filter.policyrule.saml.impl;

import java.time.Instant;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.attribute.AttributesMapContainer;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.StringAttributeValue;
import net.shibboleth.idp.attribute.filter.PolicyRequirementRule;
import net.shibboleth.idp.attribute.filter.context.AttributeFilterContext;
import net.shibboleth.idp.attribute.filter.policyrule.impl.AbstractPolicyRule;
import net.shibboleth.idp.saml.xmlobject.ScopedValue;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.xml.DOMTypeSupport;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.schema.XSAny;
import org.opensaml.core.xml.schema.XSBase64Binary;
import org.opensaml.core.xml.schema.XSBoolean;
import org.opensaml.core.xml.schema.XSDateTime;
import org.opensaml.core.xml.schema.XSInteger;
import org.opensaml.core.xml.schema.XSString;
import org.opensaml.core.xml.schema.XSURI;
import org.opensaml.saml.ext.saml2mdattr.EntityAttributes;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.Extensions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/attribute/filter/policyrule/saml/impl/AbstractEntityAttributePolicyRule.class */
public abstract class AbstractEntityAttributePolicyRule extends AbstractPolicyRule {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AbstractEntityAttributePolicyRule.class);

    @NonnullAfterInit
    @NotEmpty
    private String attrName;

    @NotEmpty
    @Nullable
    private String nameFormat;
    private boolean ignoreUnmappedEntityAttributes;

    @NonnullAfterInit
    @NotEmpty
    public String getAttributeName() {
        return this.attrName;
    }

    public void setAttributeName(@NotEmpty @Nullable String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.attrName = StringSupport.trimOrNull(str);
    }

    @NotEmpty
    @Nullable
    public String getNameFormat() {
        return this.nameFormat;
    }

    public void setNameFormat(@NotEmpty @Nullable String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.nameFormat = StringSupport.trimOrNull(str);
    }

    public boolean getIgnoreUnmappedEntityAttributes() {
        return this.ignoreUnmappedEntityAttributes;
    }

    public void setIgnoreUnmappedEntityAttributes(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.ignoreUnmappedEntityAttributes = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.attribute.filter.policyrule.impl.AbstractPolicyRule
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.attrName == null) {
            throw new ComponentInitializationException(getLogPrefix() + " Attribute name is null");
        }
        if (this.nameFormat != null) {
            this.ignoreUnmappedEntityAttributes = false;
        }
    }

    public PolicyRequirementRule.Tristate matches(@Nonnull AttributeFilterContext attributeFilterContext) {
        Constraint.isNotNull(attributeFilterContext, "Context must be supplied");
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        EntityDescriptor entityMetadata = getEntityMetadata(attributeFilterContext);
        if (entityMetadata == null) {
            this.log.debug("{} No metadata available for entity, returning FALSE", getLogPrefix());
            return PolicyRequirementRule.Tristate.FALSE;
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        getEntityAttributeValues(entityMetadata, entityMetadata.getEntityID(), linkedHashSet);
        XMLObject parent = entityMetadata.getParent();
        while (true) {
            XMLObject xMLObject = parent;
            if (!(xMLObject instanceof EntitiesDescriptor)) {
                break;
            }
            getEntityAttributeValues(xMLObject, ((EntitiesDescriptor) xMLObject).getName(), linkedHashSet);
            parent = xMLObject.getParent();
        }
        if (linkedHashSet.isEmpty()) {
            this.log.debug("{} No values found for entity attribute {} for entity {}, returning FALSE", new Object[]{getLogPrefix(), getAttributeName(), entityMetadata.getEntityID()});
            return PolicyRequirementRule.Tristate.FALSE;
        }
        if (entityAttributeValueMatches(linkedHashSet)) {
            this.log.debug("{} Entity attribute values for {} match requirements", getLogPrefix(), getAttributeName());
            return PolicyRequirementRule.Tristate.TRUE;
        }
        this.log.debug("{} Entity attribute values for {} do not match requirements", getLogPrefix(), getAttributeName());
        return PolicyRequirementRule.Tristate.FALSE;
    }

    @Nullable
    protected abstract EntityDescriptor getEntityMetadata(AttributeFilterContext attributeFilterContext);

    protected abstract boolean entityAttributeValueMatches(@NotEmpty @NonnullElements @Nonnull Set<String> set);

    private void getEntityAttributeValues(@Nonnull XMLObject xMLObject, @NotEmpty @Nullable String str, @NonnullElements @Nonnull Set<String> set) {
        if (this.nameFormat == null) {
            getMappedEntityAttributeValues(xMLObject, set);
            if (this.ignoreUnmappedEntityAttributes) {
                return;
            }
        }
        Extensions extensions = null;
        if (xMLObject instanceof EntityDescriptor) {
            extensions = ((EntityDescriptor) xMLObject).getExtensions();
        } else if (xMLObject instanceof EntitiesDescriptor) {
            extensions = ((EntitiesDescriptor) xMLObject).getExtensions();
        }
        List unknownXMLObjects = extensions != null ? extensions.getUnknownXMLObjects(EntityAttributes.DEFAULT_ELEMENT_NAME) : null;
        if (unknownXMLObjects == null || unknownXMLObjects.isEmpty()) {
            this.log.debug("{} Metadata for {} does not contain EntityAttributes extension", getLogPrefix(), str);
            return;
        }
        if (unknownXMLObjects.size() > 1) {
            this.log.debug("{} Metadata for {} contains more than one EntityAttributes extension, only using the first one", getLogPrefix(), str);
        }
        List<Attribute> attributes = ((EntityAttributes) unknownXMLObjects.get(0)).getAttributes();
        if (attributes == null || attributes.isEmpty()) {
            this.log.debug("{} EntityAttributes extension for {} does not contain Attributes", getLogPrefix(), str);
            return;
        }
        for (Attribute attribute : attributes) {
            if (Objects.equals(getAttributeName(), attribute.getName()) && (getNameFormat() == null || Objects.equals(getNameFormat(), attribute.getNameFormat()))) {
                this.log.debug("{} Metadata for {} contains Attribute matching name {} and format {}", new Object[]{getLogPrefix(), str, getAttributeName(), getNameFormat()});
                set.addAll((Collection) attribute.getAttributeValues().stream().filter(xMLObject2 -> {
                    return xMLObject2 != null;
                }).map(this::getStringValue).collect(Collectors.toList()));
            }
        }
    }

    private void getMappedEntityAttributeValues(@Nonnull XMLObject xMLObject, @NonnullElements @Nonnull Set<String> set) {
        List list = xMLObject.getObjectMetadata().get(AttributesMapContainer.class);
        if (null == list || list.isEmpty() || ((AttributesMapContainer) list.get(0)).get() == null || ((AttributesMapContainer) list.get(0)).get().isEmpty()) {
            this.log.debug("{} No mapped entity attributes found for {}", getLogPrefix(), this.attrName);
            return;
        }
        this.log.debug("{} Checking for mapped entity attributes named {}", getLogPrefix(), this.attrName);
        int i = 0;
        Iterator it = ((AttributesMapContainer) list.get(0)).get().get(this.attrName).iterator();
        while (it.hasNext()) {
            for (StringAttributeValue stringAttributeValue : ((IdPAttribute) it.next()).getValues()) {
                if (stringAttributeValue instanceof StringAttributeValue) {
                    set.add(stringAttributeValue.getValue());
                    i++;
                } else {
                    this.log.error("{} Ignoring non-string value in mapped entity attribute {}", getLogPrefix(), this.attrName);
                }
            }
        }
        this.log.debug("{} Added {} values of mapped entity attribute {} for evaluation", new Object[]{getLogPrefix(), Integer.valueOf(i), this.attrName});
    }

    @Nullable
    private String getStringValue(@Nonnull XMLObject xMLObject) {
        String str = null;
        if (xMLObject instanceof XSString) {
            str = ((XSString) xMLObject).getValue();
        } else if (xMLObject instanceof XSURI) {
            str = ((XSURI) xMLObject).getURI();
        } else if (xMLObject instanceof XSBoolean) {
            str = ((XSBoolean) xMLObject).getValue().getValue().booleanValue() ? "1" : "0";
        } else if (xMLObject instanceof XSInteger) {
            str = ((XSInteger) xMLObject).getValue().toString();
        } else if (xMLObject instanceof XSDateTime) {
            Instant value = ((XSDateTime) xMLObject).getValue();
            str = value != null ? DOMTypeSupport.instantToString(value) : null;
        } else if (xMLObject instanceof XSBase64Binary) {
            str = ((XSBase64Binary) xMLObject).getValue();
        } else if (xMLObject instanceof ScopedValue) {
            str = ((ScopedValue) xMLObject).getValue();
        } else if (xMLObject instanceof XSAny) {
            XSAny xSAny = (XSAny) xMLObject;
            str = (xSAny.getUnknownAttributes().isEmpty() && xSAny.getUnknownXMLObjects().isEmpty()) ? xSAny.getTextContent() : null;
        }
        if (null == str) {
            this.log.info("Value of type {} could not be converted", xMLObject.getClass().getSimpleName());
        }
        return str;
    }
}
