package org.opensaml.saml.metadata.resolver.impl;

import com.google.common.base.Strings;
import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.DeprecationSupport;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.criterion.ProtocolCriterion;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.metadata.resolver.RoleDescriptorResolver;
import org.opensaml.saml.saml2.common.SAML2Support;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Deprecated
/* loaded from: input_file:lib/opensaml-saml-impl-3.4.6.jar:org/opensaml/saml/metadata/resolver/impl/BasicRoleDescriptorResolver.class */
public class BasicRoleDescriptorResolver extends AbstractIdentifiedInitializableComponent implements RoleDescriptorResolver {
    private Logger log = LoggerFactory.getLogger((Class<?>) BasicRoleDescriptorResolver.class);
    private boolean requireValidMetadata;
    private MetadataResolver entityDescriptorResolver;

    public BasicRoleDescriptorResolver(@Nonnull MetadataResolver metadataResolver) {
        DeprecationSupport.warnOnce(DeprecationSupport.ObjectType.CLASS, getClass().getName(), null, PredicateRoleDescriptorResolver.class.getName());
        this.entityDescriptorResolver = (MetadataResolver) Constraint.isNotNull(metadataResolver, "Resolver for EntityDescriptors may not be null");
        setId(UUID.randomUUID().toString());
    }

    @Override // org.opensaml.saml.metadata.resolver.RoleDescriptorResolver
    public boolean isRequireValidMetadata() {
        return this.requireValidMetadata;
    }

    @Override // org.opensaml.saml.metadata.resolver.RoleDescriptorResolver
    public void setRequireValidMetadata(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.requireValidMetadata = z;
    }

    @Override // net.shibboleth.utilities.java.support.resolver.Resolver
    @Nullable
    public RoleDescriptor resolveSingle(CriteriaSet criteriaSet) throws ResolverException {
        Iterator<RoleDescriptor> it;
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        Iterable<RoleDescriptor> resolve = resolve(criteriaSet);
        if (resolve == null || (it = resolve.iterator()) == null || !it.hasNext()) {
            return null;
        }
        return it.next();
    }

    @Override // net.shibboleth.utilities.java.support.resolver.Resolver
    @Nonnull
    public Iterable<RoleDescriptor> resolve(CriteriaSet criteriaSet) throws ResolverException {
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        EntityIdCriterion entityIdCriterion = (EntityIdCriterion) criteriaSet.get(EntityIdCriterion.class);
        EntityRoleCriterion entityRoleCriterion = (EntityRoleCriterion) criteriaSet.get(EntityRoleCriterion.class);
        ProtocolCriterion protocolCriterion = (ProtocolCriterion) criteriaSet.get(ProtocolCriterion.class);
        if (entityIdCriterion == null || Strings.isNullOrEmpty(entityIdCriterion.getEntityId())) {
            throw new ResolverException("Entity Id was not supplied in criteria set");
        }
        if (entityRoleCriterion == null || entityRoleCriterion.getRole() == null) {
            throw new ResolverException("Entity role was not supplied in criteria set");
        }
        if (protocolCriterion == null) {
            return getRole(entityIdCriterion.getEntityId(), entityRoleCriterion.getRole());
        }
        RoleDescriptor role = getRole(entityIdCriterion.getEntityId(), entityRoleCriterion.getRole(), protocolCriterion.getProtocol());
        return role != null ? Collections.singletonList(role) : Collections.emptyList();
    }

    @NonnullElements
    @Nonnull
    protected List<RoleDescriptor> getRole(@Nullable String str, @Nullable QName qName) throws ResolverException {
        if (Strings.isNullOrEmpty(str)) {
            this.log.debug("EntityDescriptor entityID was null or empty, skipping search for roles");
            return Collections.emptyList();
        }
        if (qName == null) {
            this.log.debug("Role descriptor name was null, skipping search for roles");
            return Collections.emptyList();
        }
        List<RoleDescriptor> doGetRole = doGetRole(str, qName);
        if (doGetRole == null || doGetRole.isEmpty()) {
            this.log.debug("Entity descriptor {} did not contain any {} roles", str, qName);
            return Collections.emptyList();
        }
        Iterator<RoleDescriptor> it = doGetRole.iterator();
        while (it.hasNext()) {
            if (!isValid(it.next())) {
                this.log.debug("Metadata document contained a role of type {} for entity {}, but it was invalid", qName, str);
                it.remove();
            }
        }
        if (doGetRole.isEmpty()) {
            this.log.debug("Entity descriptor {} did not contain any valid {} roles", str, qName);
        }
        return doGetRole;
    }

    @NonnullElements
    @Nonnull
    protected List<RoleDescriptor> doGetRole(@Nullable String str, @Nullable QName qName) throws ResolverException {
        EntityDescriptor doGetEntityDescriptor = doGetEntityDescriptor(str);
        if (doGetEntityDescriptor == null) {
            this.log.debug("Metadata document did not contain a descriptor for entity {}", str);
            return Collections.emptyList();
        }
        List<RoleDescriptor> roleDescriptors = doGetEntityDescriptor.getRoleDescriptors(qName);
        return (roleDescriptors == null || roleDescriptors.isEmpty()) ? Collections.emptyList() : new ArrayList(roleDescriptors);
    }

    protected EntityDescriptor doGetEntityDescriptor(String str) throws ResolverException {
        return this.entityDescriptorResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(str)));
    }

    @Nullable
    protected RoleDescriptor getRole(@Nullable String str, @Nullable QName qName, @Nullable String str2) throws ResolverException {
        if (Strings.isNullOrEmpty(str)) {
            this.log.debug("EntityDescriptor entityID was null or empty, skipping search for role");
            return null;
        }
        if (qName == null) {
            this.log.debug("Role descriptor name was null, skipping search for role");
            return null;
        }
        if (Strings.isNullOrEmpty(str2)) {
            this.log.debug("Supported protocol was null, skipping search for role.");
            return null;
        }
        RoleDescriptor doGetRole = doGetRole(str, qName, str2);
        if (doGetRole == null) {
            this.log.debug("Metadata document does not contain a role of type {} supporting protocol {} for entity {}", qName, str2, str);
            return null;
        }
        if (isValid(doGetRole)) {
            return doGetRole;
        }
        this.log.debug("Metadata document contained a role of type {} supporting protocol {} for entity {}, but it was not longer valid", qName, str2, str);
        return null;
    }

    protected RoleDescriptor doGetRole(String str, QName qName, String str2) throws ResolverException {
        List<RoleDescriptor> doGetRole = doGetRole(str, qName);
        if (doGetRole == null || doGetRole.isEmpty()) {
            this.log.debug("Metadata document did not contain any role descriptors of type {} for entity {}", qName, str);
            return null;
        }
        for (RoleDescriptor roleDescriptor : doGetRole) {
            if (roleDescriptor != null && roleDescriptor.isSupportedProtocol(str2)) {
                return roleDescriptor;
            }
        }
        return null;
    }

    protected boolean isValid(XMLObject xMLObject) {
        if (xMLObject == null) {
            return false;
        }
        if (isRequireValidMetadata()) {
            return SAML2Support.isValid(xMLObject);
        }
        return true;
    }
}
