package se.litsec.opensaml.saml2.metadata.provider;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.Optional;
import java.util.function.Predicate;
import java.util.stream.Stream;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.component.AbstractInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.joda.time.DateTime;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.saml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.metadata.resolver.RefreshableMetadataResolver;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
import org.opensaml.saml.metadata.resolver.filter.impl.PredicateFilter;
import org.opensaml.saml.metadata.resolver.filter.impl.SchemaValidationFilter;
import org.opensaml.saml.metadata.resolver.filter.impl.SignatureValidationFilter;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.security.credential.impl.StaticCredentialResolver;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider;
import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import se.litsec.opensaml.utils.ObjectUtils;
import se.litsec.opensaml.utils.PredicateWrapper;

/* loaded from: input_file:se/litsec/opensaml/saml2/metadata/provider/AbstractMetadataProvider.class */
public abstract class AbstractMetadataProvider extends AbstractInitializableComponent implements MetadataProvider {
    private Logger log = LoggerFactory.getLogger(AbstractMetadataProvider.class);
    private boolean requireValidMetadata = true;
    private boolean failFastInitialization = false;
    private X509Certificate signatureVerificationCertificate = null;
    private boolean performSchemaValidation = false;
    private List<Predicate<EntityDescriptor>> inclusionPredicates = null;
    private List<Predicate<EntityDescriptor>> exclusionPredicates = null;
    private XMLObject metadata;
    private DateTime downloadTime;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:se/litsec/opensaml/saml2/metadata/provider/AbstractMetadataProvider$EntityDescriptorIterator.class */
    public static class EntityDescriptorIterator implements Iterator<EntityDescriptor>, Iterable<EntityDescriptor> {
        private Iterator<EntityDescriptor> iterator;

        public EntityDescriptorIterator(Optional<XMLObject> optional) {
            this(optional, null);
        }

        public EntityDescriptorIterator(Optional<XMLObject> optional, QName qName) {
            this.iterator = null;
            if (optional.isPresent()) {
                if (optional.get() instanceof EntityDescriptor) {
                    this.iterator = Arrays.asList((EntityDescriptor) optional.get()).iterator();
                } else {
                    if (!(optional.get() instanceof EntitiesDescriptor)) {
                        throw new IllegalArgumentException("Expected EntityDescriptor or EntitiesDescriptor");
                    }
                    this.iterator = setup(optional.get(), qName).iterator();
                }
            }
        }

        private static List<EntityDescriptor> setup(EntitiesDescriptor entitiesDescriptor, QName qName) {
            ArrayList arrayList = new ArrayList();
            Stream filter = entitiesDescriptor.getEntityDescriptors().stream().filter(filterRole(qName));
            arrayList.getClass();
            filter.forEach((v1) -> {
                r1.add(v1);
            });
            Iterator it = entitiesDescriptor.getEntitiesDescriptors().iterator();
            while (it.hasNext()) {
                arrayList.addAll(setup((EntitiesDescriptor) it.next(), qName));
            }
            return arrayList;
        }

        public static Predicate<EntityDescriptor> filterRole(QName qName) {
            return entityDescriptor -> {
                return qName == null || !entityDescriptor.getRoleDescriptors(qName).isEmpty();
            };
        }

        @Override // java.util.Iterator
        public boolean hasNext() {
            if (this.iterator != null) {
                return this.iterator.hasNext();
            }
            return false;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.Iterator
        public EntityDescriptor next() {
            if (this.iterator != null) {
                return this.iterator.next();
            }
            throw new NoSuchElementException();
        }

        @Override // java.lang.Iterable
        public Iterator<EntityDescriptor> iterator() {
            return this;
        }
    }

    @Override // se.litsec.opensaml.saml2.metadata.provider.MetadataProvider
    public synchronized Optional<XMLObject> getMetadata() {
        return Optional.ofNullable(this.metadata);
    }

    @Override // se.litsec.opensaml.saml2.metadata.provider.MetadataProvider
    public Optional<Element> getMetadataDOM() throws MarshallingException {
        Optional<XMLObject> metadata = getMetadata();
        return !metadata.isPresent() ? Optional.empty() : metadata.get().getDOM() != null ? Optional.of(metadata.get().getDOM()) : Optional.of(ObjectUtils.marshall(metadata.get()));
    }

    @Override // se.litsec.opensaml.saml2.metadata.provider.MetadataProvider
    public Optional<DateTime> getLastUpdate() {
        return RefreshableMetadataResolver.class.isInstance(getMetadataResolver()) ? Optional.ofNullable(getMetadataResolver().getLastUpdate()) : Optional.ofNullable(this.downloadTime);
    }

    @Override // se.litsec.opensaml.saml2.metadata.provider.MetadataProvider
    public void refresh() throws ResolverException {
        if (RefreshableMetadataResolver.class.isInstance(getMetadataResolver())) {
            getMetadataResolver().refresh();
        } else {
            this.log.debug("Refresh of metadata is not supported by {}", getClass().getName());
        }
    }

    @Override // se.litsec.opensaml.saml2.metadata.provider.MetadataProvider
    public Iterable<EntityDescriptor> iterator() {
        return new EntityDescriptorIterator(getMetadata());
    }

    @Override // se.litsec.opensaml.saml2.metadata.provider.MetadataProvider
    public Iterable<EntityDescriptor> iterator(QName qName) {
        return new EntityDescriptorIterator(getMetadata(), qName);
    }

    @Override // se.litsec.opensaml.saml2.metadata.provider.MetadataProvider
    public Optional<EntityDescriptor> getEntityDescriptor(String str) throws ResolverException {
        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.add(new EntityIdCriterion(str));
        return Optional.ofNullable(getMetadataResolver().resolveSingle(criteriaSet));
    }

    @Override // se.litsec.opensaml.saml2.metadata.provider.MetadataProvider
    public Optional<IDPSSODescriptor> getIDPSSODescriptor(String str) throws ResolverException {
        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.add(new EntityIdCriterion(str));
        criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        EntityDescriptor entityDescriptor = (EntityDescriptor) getMetadataResolver().resolveSingle(criteriaSet);
        return entityDescriptor != null ? Optional.ofNullable(entityDescriptor.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol")) : Optional.empty();
    }

    @Override // se.litsec.opensaml.saml2.metadata.provider.MetadataProvider
    public Optional<SPSSODescriptor> getSPSSODescriptor(String str) throws ResolverException {
        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.add(new EntityIdCriterion(str));
        criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
        EntityDescriptor entityDescriptor = (EntityDescriptor) getMetadataResolver().resolveSingle(criteriaSet);
        return entityDescriptor != null ? Optional.ofNullable(entityDescriptor.getSPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol")) : Optional.empty();
    }

    @Override // se.litsec.opensaml.saml2.metadata.provider.MetadataProvider
    public List<EntityDescriptor> getIdentityProviders() throws ResolverException {
        ArrayList arrayList = new ArrayList();
        Iterable<EntityDescriptor> it = iterator(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
        arrayList.getClass();
        it.forEach((v1) -> {
            r1.add(v1);
        });
        return arrayList;
    }

    @Override // se.litsec.opensaml.saml2.metadata.provider.MetadataProvider
    public List<EntityDescriptor> getServiceProviders() throws ResolverException {
        ArrayList arrayList = new ArrayList();
        Iterable<EntityDescriptor> it = iterator(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        arrayList.getClass();
        it.forEach((v1) -> {
            r1.add(v1);
        });
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final synchronized void setMetadata(XMLObject xMLObject) {
        this.metadata = xMLObject;
        this.downloadTime = new DateTime();
    }

    protected final void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        try {
            createMetadataResolver(this.requireValidMetadata, this.failFastInitialization, createFilter());
            initializeMetadataResolver();
        } catch (ResolverException e) {
            throw new ComponentInitializationException(e);
        }
    }

    protected MetadataFilter createFilter() {
        ArrayList arrayList = new ArrayList();
        if (this.signatureVerificationCertificate != null) {
            arrayList.add(new SignatureValidationFilter(new ExplicitKeySignatureTrustEngine(new StaticCredentialResolver(new BasicX509Credential(this.signatureVerificationCertificate)), new BasicProviderKeyInfoCredentialResolver(Arrays.asList(new RSAKeyValueProvider(), new InlineX509DataProvider(), new DSAKeyValueProvider(), new DEREncodedKeyValueProvider())))));
        }
        if (this.performSchemaValidation) {
            arrayList.add(new SchemaValidationFilter(new SAMLSchemaBuilder(SAMLSchemaBuilder.SAML1Version.SAML_11)));
        }
        if (this.inclusionPredicates != null) {
            Iterator<Predicate<EntityDescriptor>> it = this.inclusionPredicates.iterator();
            while (it.hasNext()) {
                arrayList.add(new PredicateFilter(PredicateFilter.Direction.INCLUDE, PredicateWrapper.wrap(it.next())));
            }
        }
        if (this.exclusionPredicates != null) {
            Iterator<Predicate<EntityDescriptor>> it2 = this.exclusionPredicates.iterator();
            while (it2.hasNext()) {
                arrayList.add(new PredicateFilter(PredicateFilter.Direction.EXCLUDE, PredicateWrapper.wrap(it2.next())));
            }
        }
        arrayList.add(new MetadataFilter() { // from class: se.litsec.opensaml.saml2.metadata.provider.AbstractMetadataProvider.1
            public XMLObject filter(XMLObject xMLObject) {
                AbstractMetadataProvider.this.setMetadata(xMLObject);
                return xMLObject;
            }
        });
        if (arrayList.size() == 1) {
            return (MetadataFilter) arrayList.get(0);
        }
        MetadataFilterChain metadataFilterChain = new MetadataFilterChain();
        metadataFilterChain.setFilters(arrayList);
        return metadataFilterChain;
    }

    protected void doDestroy() {
        super.doDestroy();
        destroyMetadataResolver();
    }

    protected abstract void createMetadataResolver(boolean z, boolean z2, MetadataFilter metadataFilter) throws ResolverException;

    protected abstract void initializeMetadataResolver() throws ComponentInitializationException;

    protected abstract void destroyMetadataResolver();

    public void setRequireValidMetadata(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.requireValidMetadata = z;
    }

    public void setFailFastInitialization(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.failFastInitialization = z;
    }

    public void setSignatureVerificationCertificate(X509Certificate x509Certificate) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.signatureVerificationCertificate = x509Certificate;
    }

    public void setPerformSchemaValidation(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.performSchemaValidation = z;
    }

    public void setInclusionPredicates(List<Predicate<EntityDescriptor>> list) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.inclusionPredicates = list;
    }

    public void setExclusionPredicates(List<Predicate<EntityDescriptor>> list) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.exclusionPredicates = list;
    }
}
