package org.opensaml.saml.metadata.resolver.filter.impl;

import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.Multimap;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.AbstractInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.ext.saml2alg.DigestMethod;
import org.opensaml.saml.ext.saml2alg.SigningMethod;
import org.opensaml.saml.metadata.resolver.filter.FilterException;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilterContext;
import org.opensaml.saml.saml2.metadata.EncryptionMethod;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.Extensions;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.security.credential.UsageType;
import org.opensaml.xmlsec.algorithm.AlgorithmDescriptor;
import org.opensaml.xmlsec.algorithm.AlgorithmRegistry;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opensaml/saml/metadata/resolver/filter/impl/AlgorithmFilter.class */
public class AlgorithmFilter extends AbstractInitializableComponent implements MetadataFilter {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) AlgorithmFilter.class);

    @Nonnull
    private AlgorithmRegistry registry = AlgorithmSupport.getGlobalAlgorithmRegistry();

    @Nonnull
    private final SAMLObjectBuilder<Extensions> extBuilder = (SAMLObjectBuilder) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(Extensions.DEFAULT_ELEMENT_NAME);

    @NonnullElements
    @Nonnull
    private Multimap<Predicate<EntityDescriptor>, XMLObject> applyMap = ArrayListMultimap.create();

    public void setRules(@NonnullElements @Nonnull Map<Predicate<EntityDescriptor>, Collection<XMLObject>> map) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        Constraint.isNotNull(map, "Rules map cannot be null");
        Stream<R> flatMap = map.values().stream().flatMap((v0) -> {
            return v0.stream();
        });
        Class<DigestMethod> cls = DigestMethod.class;
        Objects.requireNonNull(DigestMethod.class);
        Stream filter = flatMap.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<DigestMethod> cls2 = DigestMethod.class;
        Objects.requireNonNull(DigestMethod.class);
        filter.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.getAlgorithm();
        }).distinct().forEach(str -> {
            checkDigestMethod(str);
        });
        Stream<R> flatMap2 = map.values().stream().flatMap((v0) -> {
            return v0.stream();
        });
        Class<SigningMethod> cls3 = SigningMethod.class;
        Objects.requireNonNull(SigningMethod.class);
        Stream filter2 = flatMap2.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<SigningMethod> cls4 = SigningMethod.class;
        Objects.requireNonNull(SigningMethod.class);
        filter2.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.getAlgorithm();
        }).distinct().forEach(str2 -> {
            checkSigningMethod(str2);
        });
        Stream<R> flatMap3 = map.values().stream().flatMap((v0) -> {
            return v0.stream();
        });
        Class<EncryptionMethod> cls5 = EncryptionMethod.class;
        Objects.requireNonNull(EncryptionMethod.class);
        Stream filter3 = flatMap3.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<EncryptionMethod> cls6 = EncryptionMethod.class;
        Objects.requireNonNull(EncryptionMethod.class);
        filter3.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.getAlgorithm();
        }).distinct().forEach(str3 -> {
            checkEncryptionMethod(str3);
        });
        this.applyMap = ArrayListMultimap.create(map.size(), 1);
        for (Map.Entry<Predicate<EntityDescriptor>, Collection<XMLObject>> entry : map.entrySet()) {
            if (entry.getKey() != null && entry.getValue() != null) {
                this.applyMap.putAll(entry.getKey(), List.copyOf(entry.getValue()));
            }
        }
    }

    @Override // org.opensaml.saml.metadata.resolver.filter.MetadataFilter
    @Nullable
    public XMLObject filter(@Nullable XMLObject xMLObject, @Nonnull MetadataFilterContext metadataFilterContext) throws FilterException {
        if (xMLObject == null) {
            return null;
        }
        if (xMLObject instanceof EntitiesDescriptor) {
            filterEntitiesDescriptor((EntitiesDescriptor) xMLObject);
        } else {
            filterEntityDescriptor((EntityDescriptor) xMLObject);
        }
        return xMLObject;
    }

    protected void filterEntityDescriptor(@Nonnull EntityDescriptor entityDescriptor) {
        Set emptySet = Collections.emptySet();
        Set emptySet2 = Collections.emptySet();
        Extensions extensions = entityDescriptor.getExtensions();
        if (extensions != null) {
            Stream<XMLObject> stream = extensions.getUnknownXMLObjects(DigestMethod.DEFAULT_ELEMENT_NAME).stream();
            Class<DigestMethod> cls = DigestMethod.class;
            Objects.requireNonNull(DigestMethod.class);
            Stream<XMLObject> filter = stream.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<DigestMethod> cls2 = DigestMethod.class;
            Objects.requireNonNull(DigestMethod.class);
            emptySet = (Set) filter.map((v1) -> {
                return r1.cast(v1);
            }).map((v0) -> {
                return v0.getAlgorithm();
            }).distinct().collect(Collectors.toUnmodifiableSet());
            Stream<XMLObject> stream2 = extensions.getUnknownXMLObjects(SigningMethod.DEFAULT_ELEMENT_NAME).stream();
            Class<SigningMethod> cls3 = SigningMethod.class;
            Objects.requireNonNull(SigningMethod.class);
            Stream<XMLObject> filter2 = stream2.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<SigningMethod> cls4 = SigningMethod.class;
            Objects.requireNonNull(SigningMethod.class);
            emptySet2 = (Set) filter2.map((v1) -> {
                return r1.cast(v1);
            }).map((v0) -> {
                return v0.getAlgorithm();
            }).distinct().collect(Collectors.toUnmodifiableSet());
        }
        for (Map.Entry entry : this.applyMap.asMap().entrySet()) {
            if (!((Collection) entry.getValue()).isEmpty() && ((Predicate) entry.getKey()).test(entityDescriptor)) {
                for (XMLObject xMLObject : (Collection) entry.getValue()) {
                    try {
                        if (xMLObject instanceof DigestMethod) {
                            if (emptySet.contains(((DigestMethod) xMLObject).getAlgorithm())) {
                                this.log.debug("Skipping pre-existing DigestMethod ({}) on EntityDescriptor ({})", ((DigestMethod) xMLObject).getAlgorithm(), entityDescriptor.getEntityID());
                            } else {
                                this.log.info("Adding DigestMethod ({}) to EntityDescriptor ({})", ((DigestMethod) xMLObject).getAlgorithm(), entityDescriptor.getEntityID());
                                getExtensions(entityDescriptor).getUnknownXMLObjects().add(XMLObjectSupport.cloneXMLObject(xMLObject));
                            }
                        } else if (xMLObject instanceof SigningMethod) {
                            if (emptySet2.contains(((SigningMethod) xMLObject).getAlgorithm())) {
                                this.log.debug("Skipping pre-existing SigningMethod ({}) on EntityDescriptor ({})", ((SigningMethod) xMLObject).getAlgorithm(), entityDescriptor.getEntityID());
                            } else {
                                this.log.info("Adding SigningMethod ({}) to EntityDescriptor ({})", ((SigningMethod) xMLObject).getAlgorithm(), entityDescriptor.getEntityID());
                                getExtensions(entityDescriptor).getUnknownXMLObjects().add(XMLObjectSupport.cloneXMLObject(xMLObject));
                            }
                        } else if (xMLObject instanceof EncryptionMethod) {
                            addEncryptionMethod(entityDescriptor, (EncryptionMethod) xMLObject);
                        }
                    } catch (MarshallingException | UnmarshallingException e) {
                        this.log.error("Error cloning XMLObject", e);
                    }
                }
            }
        }
    }

    protected void filterEntitiesDescriptor(@Nonnull EntitiesDescriptor entitiesDescriptor) {
        Iterator<EntitiesDescriptor> it = entitiesDescriptor.getEntitiesDescriptors().iterator();
        while (it.hasNext()) {
            filterEntitiesDescriptor(it.next());
        }
        Iterator<EntityDescriptor> it2 = entitiesDescriptor.getEntityDescriptors().iterator();
        while (it2.hasNext()) {
            filterEntityDescriptor(it2.next());
        }
    }

    @Nonnull
    protected Extensions getExtensions(@Nonnull EntityDescriptor entityDescriptor) {
        Extensions extensions = entityDescriptor.getExtensions();
        if (extensions == null) {
            extensions = this.extBuilder.mo6339buildObject();
            entityDescriptor.setExtensions(extensions);
        }
        return extensions;
    }

    protected void addEncryptionMethod(@Nonnull EntityDescriptor entityDescriptor, @Nonnull EncryptionMethod encryptionMethod) {
        Iterator<RoleDescriptor> it = entityDescriptor.getRoleDescriptors().iterator();
        while (it.hasNext()) {
            for (KeyDescriptor keyDescriptor : it.next().getKeyDescriptors()) {
                if (keyDescriptor.getUse() == null || keyDescriptor.getUse() != UsageType.SIGNING) {
                    List<EncryptionMethod> encryptionMethods = keyDescriptor.getEncryptionMethods();
                    Iterator<EncryptionMethod> it2 = encryptionMethods.iterator();
                    while (it2.hasNext()) {
                        if (Objects.equals(it2.next().getAlgorithm(), encryptionMethod.getAlgorithm())) {
                            this.log.debug("Skipping pre-existing EncryptionMethod ({}) on EntityDescriptor ({})", encryptionMethod.getAlgorithm(), entityDescriptor.getEntityID());
                            return;
                        }
                    }
                    try {
                        this.log.info("Adding EncryptionMethod ({}) to EntityDescriptor ({})", encryptionMethod.getAlgorithm(), entityDescriptor.getEntityID());
                        encryptionMethods.add((EncryptionMethod) XMLObjectSupport.cloneXMLObject(encryptionMethod));
                    } catch (MarshallingException | UnmarshallingException e) {
                        this.log.error("Error cloning XMLObject", e);
                    }
                }
            }
        }
    }

    private void checkDigestMethod(@NotEmpty @Nonnull String str) {
        if (this.registry != null) {
            if (!this.registry.getRegisteredURIsByType(AlgorithmDescriptor.AlgorithmType.MessageDigest).contains(str)) {
                this.log.warn("DigestMethod {} unrecognized by algorithm registry", str);
            } else {
                if (this.registry.isRuntimeSupported(str)) {
                    return;
                }
                this.log.warn("DigestMethod {} unsupported by runtime", str);
            }
        }
    }

    private void checkSigningMethod(@NotEmpty @Nonnull String str) {
        if (this.registry != null) {
            if (!this.registry.getRegisteredURIsByType(AlgorithmDescriptor.AlgorithmType.Signature).contains(str) && !this.registry.getRegisteredURIsByType(AlgorithmDescriptor.AlgorithmType.Mac).contains(str)) {
                this.log.warn("SigningMethod {} unrecognized by algorithm registry", str);
            } else {
                if (this.registry.isRuntimeSupported(str)) {
                    return;
                }
                this.log.warn("SigningMethod {} unsupported by runtime", str);
            }
        }
    }

    private void checkEncryptionMethod(@NotEmpty @Nonnull String str) {
        if (this.registry != null) {
            if (!this.registry.getRegisteredURIsByType(AlgorithmDescriptor.AlgorithmType.BlockEncryption).contains(str) && !this.registry.getRegisteredURIsByType(AlgorithmDescriptor.AlgorithmType.KeyTransport).contains(str) && !this.registry.getRegisteredURIsByType(AlgorithmDescriptor.AlgorithmType.KeyAgreement).contains(str) && !this.registry.getRegisteredURIsByType(AlgorithmDescriptor.AlgorithmType.SymmetricKeyWrap).contains(str)) {
                this.log.warn("EncryptionMethod {} unrecognized by algorithm registry", str);
            } else {
                if (this.registry.isRuntimeSupported(str)) {
                    return;
                }
                this.log.warn("EncryptionMethod {} unsupported by runtime", str);
            }
        }
    }
}
