package net.shibboleth.metadata.dom.saml;

import com.google.common.base.Objects;
import com.google.common.base.Predicates;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.ThreadSafe;
import javax.xml.namespace.QName;
import net.shibboleth.metadata.dom.DomElementItem;
import net.shibboleth.metadata.pipeline.BaseIteratingStage;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NullableElements;
import net.shibboleth.utilities.java.support.annotation.constraint.Unmodifiable;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.xml.DomTypeSupport;
import net.shibboleth.utilities.java.support.xml.ElementSupport;
import net.shibboleth.utilities.java.support.xml.QNameSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

@ThreadSafe
/* loaded from: input_file:net/shibboleth/metadata/dom/saml/EntityRoleFilterStage.class */
public class EntityRoleFilterStage extends BaseIteratingStage<DomElementItem> {
    public static final QName ROLE_DESCRIPTOR_NAME = new QName(SamlMetadataSupport.MD_NS, "RoleDescriptor");
    public static final QName IDP_SSO_DESCRIPTOR_NAME = new QName(SamlMetadataSupport.MD_NS, "IDPSSODescriptor");
    public static final QName SP_SSO_DESCRIPTOR_NAME = new QName(SamlMetadataSupport.MD_NS, "SPSSODescriptor");
    public static final QName AUTHN_AUTHORITY_DESCRIPTOR_NAME = new QName(SamlMetadataSupport.MD_NS, "AuthnAuthorityDescriptor");
    public static final QName ATTRIBUTE_AUTHORITY_DESCRIPTOR_NAME = new QName(SamlMetadataSupport.MD_NS, "AttributeAuthorityDescriptor");
    public static final QName PDP_DESCRIPTOR_NAME = new QName(SamlMetadataSupport.MD_NS, "PDPDescriptor");
    private boolean whitelistingRoles;
    private final Logger log = LoggerFactory.getLogger(EntityRoleFilterStage.class);
    private final Set<QName> namedRoles = ImmutableSet.of(IDP_SSO_DESCRIPTOR_NAME, SP_SSO_DESCRIPTOR_NAME, AUTHN_AUTHORITY_DESCRIPTOR_NAME, ATTRIBUTE_AUTHORITY_DESCRIPTOR_NAME, PDP_DESCRIPTOR_NAME);
    private Collection<QName> designatedRoles = Collections.emptyList();
    private boolean removingRolelessEntities = true;
    private boolean removingEntitylessEntitiesDescriptor = true;

    @NonnullElements
    @Nonnull
    @Unmodifiable
    public Collection<QName> getDesignatedRoles() {
        return this.designatedRoles;
    }

    public synchronized void setDesignatedRoles(@Nullable @NullableElements Collection<QName> collection) {
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        if (collection == null || collection.isEmpty()) {
            this.designatedRoles = Collections.emptyList();
        } else {
            this.designatedRoles = ImmutableList.copyOf(Iterables.filter(collection, Predicates.notNull()));
        }
    }

    public boolean isWhitelistingRoles() {
        return this.whitelistingRoles;
    }

    public synchronized void setWhitelistingRoles(boolean z) {
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.whitelistingRoles = z;
    }

    public boolean isRemovingRolelessEntities() {
        return this.removingRolelessEntities;
    }

    public synchronized void setRemoveRolelessEntities(boolean z) {
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.removingRolelessEntities = z;
    }

    public boolean isRemovingEntitylessEntitiesDescriptor() {
        return this.removingEntitylessEntitiesDescriptor;
    }

    public synchronized void setRemovingEntitylessEntitiesDescriptor(boolean z) {
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.removingEntitylessEntitiesDescriptor = z;
    }

    protected void doDestroy() {
        this.designatedRoles = null;
        super.doDestroy();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.metadata.pipeline.BaseIteratingStage
    public boolean doExecute(@Nonnull DomElementItem domElementItem) {
        Element unwrap = domElementItem.unwrap();
        return SamlMetadataSupport.isEntitiesDescriptor(unwrap) ? !processEntitiesDescriptor(unwrap) : (SamlMetadataSupport.isEntityDescriptor(unwrap) && processEntityDescriptor(unwrap)) ? false : true;
    }

    protected boolean processEntitiesDescriptor(@Nonnull Element element) {
        List childElements = ElementSupport.getChildElements(element, SamlMetadataSupport.ENTITIES_DESCRIPTOR_NAME);
        Iterator it = childElements.iterator();
        while (it.hasNext()) {
            Element element2 = (Element) it.next();
            if (processEntitiesDescriptor(element2)) {
                element.removeChild(element2);
                it.remove();
            }
        }
        List childElements2 = ElementSupport.getChildElements(element, SamlMetadataSupport.ENTITY_DESCRIPTOR_NAME);
        Iterator it2 = childElements2.iterator();
        while (it2.hasNext()) {
            Element element3 = (Element) it2.next();
            if (processEntityDescriptor(element3)) {
                element.removeChild(element3);
                it2.remove();
            }
        }
        return this.removingEntitylessEntitiesDescriptor && childElements.isEmpty() && childElements2.isEmpty();
    }

    protected boolean processEntityDescriptor(@Nonnull Element element) {
        if (this.designatedRoles.isEmpty()) {
            return false;
        }
        String attributeNS = element.getAttributeNS(null, "entityID");
        this.log.debug("{} pipeline stage filtering roles from EntityDescriptor {}", getId(), attributeNS);
        return this.removingRolelessEntities && getFilteredRoles(attributeNS, element).isEmpty();
    }

    protected List<Element> getFilteredRoles(@Nonnull String str, @Nonnull Element element) {
        QName xSIType;
        List<Element> childElements = ElementSupport.getChildElements(element);
        Iterator<Element> it = childElements.iterator();
        while (it.hasNext()) {
            Element next = it.next();
            QName nodeQName = QNameSupport.getNodeQName(next);
            if (Objects.equal(nodeQName, ROLE_DESCRIPTOR_NAME)) {
                xSIType = DomTypeSupport.getXSIType(next);
            } else if (this.namedRoles.contains(nodeQName)) {
                xSIType = nodeQName;
            } else {
                it.remove();
            }
            boolean contains = this.designatedRoles.contains(xSIType);
            if (xSIType != null) {
                if ((!isWhitelistingRoles() || contains) && (isWhitelistingRoles() || !contains)) {
                    this.log.debug("{} pipeline did not remove role {} from EntityDescriptor {}", new Object[]{getId(), xSIType, str});
                } else {
                    this.log.debug("{} pipeline stage removing role {} from EntityDescriptor {}", new Object[]{getId(), xSIType, str});
                    element.removeChild(next);
                    it.remove();
                }
            }
        }
        return childElements;
    }
}
