package org.opensaml.saml.metadata.resolver.impl;

import com.google.common.base.Predicates;
import com.google.common.collect.Iterables;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.ParameterName;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.CriterionPredicateRegistry;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import net.shibboleth.utilities.java.support.resolver.ResolverSupport;
import org.opensaml.core.criterion.SatisfyAnyCriterion;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.criterion.ProtocolCriterion;
import org.opensaml.saml.metadata.criteria.role.EvaluableRoleDescriptorCriterion;
import org.opensaml.saml.metadata.criteria.role.impl.RoleDescriptorCriterionPredicateRegistry;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.metadata.resolver.RoleDescriptorResolver;
import org.opensaml.saml.saml2.common.IsTimeboundSAMLObjectValidPredicate;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/opensaml-saml-impl-4.0.1.jar:org/opensaml/saml/metadata/resolver/impl/PredicateRoleDescriptorResolver.class */
public class PredicateRoleDescriptorResolver extends AbstractIdentifiedInitializableComponent implements RoleDescriptorResolver {
    private static final Predicate<XMLObject> IS_VALID_PREDICATE = new IsTimeboundSAMLObjectValidPredicate();
    private Logger log = LoggerFactory.getLogger((Class<?>) PredicateRoleDescriptorResolver.class);
    private boolean requireValidMetadata;
    private MetadataResolver entityDescriptorResolver;
    private boolean satisfyAnyPredicates;
    private CriterionPredicateRegistry<RoleDescriptor> criterionPredicateRegistry;
    private boolean useDefaultPredicateRegistry;
    private boolean resolveViaPredicatesOnly;

    public PredicateRoleDescriptorResolver(@Nonnull @ParameterName(name = "mdResolver") MetadataResolver metadataResolver) {
        this.entityDescriptorResolver = (MetadataResolver) Constraint.isNotNull(metadataResolver, "Resolver for EntityDescriptors may not be null");
        setId(UUID.randomUUID().toString());
        this.requireValidMetadata = true;
        this.useDefaultPredicateRegistry = true;
    }

    @Override // org.opensaml.saml.metadata.resolver.RoleDescriptorResolver
    public boolean isRequireValidMetadata() {
        return this.requireValidMetadata;
    }

    @Override // org.opensaml.saml.metadata.resolver.RoleDescriptorResolver
    public void setRequireValidMetadata(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.requireValidMetadata = z;
    }

    public boolean isSatisfyAnyPredicates() {
        return this.satisfyAnyPredicates;
    }

    public void setSatisfyAnyPredicates(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.satisfyAnyPredicates = z;
    }

    @NonnullAfterInit
    public CriterionPredicateRegistry<RoleDescriptor> getCriterionPredicateRegistry() {
        return this.criterionPredicateRegistry;
    }

    public void setCriterionPredicateRegistry(@Nullable CriterionPredicateRegistry<RoleDescriptor> criterionPredicateRegistry) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.criterionPredicateRegistry = criterionPredicateRegistry;
    }

    public boolean isUseDefaultPredicateRegistry() {
        return this.useDefaultPredicateRegistry;
    }

    public void setUseDefaultPredicateRegistry(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.useDefaultPredicateRegistry = z;
    }

    public boolean isResolveViaPredicatesOnly() {
        return this.resolveViaPredicatesOnly;
    }

    public void setResolveViaPredicatesOnly(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.resolveViaPredicatesOnly = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent, net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (getCriterionPredicateRegistry() == null && isUseDefaultPredicateRegistry()) {
            setCriterionPredicateRegistry(new RoleDescriptorCriterionPredicateRegistry());
        }
    }

    @Override // net.shibboleth.utilities.java.support.resolver.Resolver
    @Nullable
    public RoleDescriptor resolveSingle(CriteriaSet criteriaSet) throws ResolverException {
        Iterator<RoleDescriptor> it;
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        Iterable<RoleDescriptor> resolve = resolve(criteriaSet);
        if (resolve == null || (it = resolve.iterator()) == null || !it.hasNext()) {
            return null;
        }
        return it.next();
    }

    @Override // net.shibboleth.utilities.java.support.resolver.Resolver
    @Nonnull
    public Iterable<RoleDescriptor> resolve(CriteriaSet criteriaSet) throws ResolverException {
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        Iterable<EntityDescriptor> resolve = this.entityDescriptorResolver.resolve(criteriaSet);
        if (!resolve.iterator().hasNext()) {
            this.log.debug("Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection");
            return Collections.emptySet();
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("Resolved {} source EntityDescriptors", Integer.valueOf(Iterables.size(resolve)));
        }
        Predicate alwaysTrue = isRequireValidMetadata() ? IS_VALID_PREDICATE : Predicates.alwaysTrue();
        if (haveRoleCriteria(criteriaSet)) {
            Iterable<RoleDescriptor> candidatesByRoleAndProtocol = getCandidatesByRoleAndProtocol(resolve, criteriaSet);
            if (this.log.isDebugEnabled()) {
                this.log.debug("Resolved {} RoleDescriptor candidates via role criteria, performing predicate filtering", Integer.valueOf(Iterables.size(candidatesByRoleAndProtocol)));
            }
            Objects.requireNonNull(alwaysTrue);
            return predicateFilterCandidates(Iterables.filter(candidatesByRoleAndProtocol, (v1) -> {
                return r2.test(v1);
            }), criteriaSet, false);
        }
        if (!isResolveViaPredicatesOnly()) {
            this.log.debug("Found no role criteria and predicate-only resolution is disabled, returning empty collection");
            return Collections.emptySet();
        }
        Iterable<RoleDescriptor> allCandidates = getAllCandidates(resolve);
        if (this.log.isDebugEnabled()) {
            this.log.debug("Resolved {} RoleDescriptor total candidates for predicate-only resolution", Integer.valueOf(Iterables.size(allCandidates)));
        }
        Objects.requireNonNull(alwaysTrue);
        return predicateFilterCandidates(Iterables.filter(allCandidates, (v1) -> {
            return r2.test(v1);
        }), criteriaSet, true);
    }

    protected boolean haveRoleCriteria(@Nonnull CriteriaSet criteriaSet) {
        return criteriaSet.contains(EntityRoleCriterion.class);
    }

    protected Iterable<RoleDescriptor> getCandidatesByRoleAndProtocol(@Nonnull Iterable<EntityDescriptor> iterable, @Nonnull CriteriaSet criteriaSet) {
        EntityRoleCriterion entityRoleCriterion = (EntityRoleCriterion) Constraint.isNotNull((EntityRoleCriterion) criteriaSet.get(EntityRoleCriterion.class), "EntityRoleCriterion was not supplied");
        ProtocolCriterion protocolCriterion = (ProtocolCriterion) criteriaSet.get(ProtocolCriterion.class);
        ArrayList arrayList = new ArrayList();
        for (EntityDescriptor entityDescriptor : iterable) {
            if (protocolCriterion != null) {
                arrayList.add(entityDescriptor.getRoleDescriptors(entityRoleCriterion.getRole(), protocolCriterion.getProtocol()));
            } else {
                arrayList.add(entityDescriptor.getRoleDescriptors(entityRoleCriterion.getRole()));
            }
        }
        return Iterables.concat(arrayList);
    }

    protected Iterable<RoleDescriptor> getAllCandidates(@Nonnull Iterable<EntityDescriptor> iterable) {
        ArrayList arrayList = new ArrayList();
        Iterator<EntityDescriptor> it = iterable.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getRoleDescriptors());
        }
        return Iterables.concat(arrayList);
    }

    protected Iterable<RoleDescriptor> predicateFilterCandidates(@Nonnull Iterable<RoleDescriptor> iterable, @Nonnull CriteriaSet criteriaSet, boolean z) throws ResolverException {
        boolean isSatisfyAnyPredicates;
        if (!iterable.iterator().hasNext()) {
            this.log.debug("Candidates iteration was empty, nothing to filter via predicates");
            return Collections.emptySet();
        }
        this.log.debug("Attempting to filter candidate RoleDescriptors via resolved Predicates");
        Set predicates = ResolverSupport.getPredicates(criteriaSet, EvaluableRoleDescriptorCriterion.class, getCriterionPredicateRegistry());
        this.log.trace("Resolved {} Predicates: {}", Integer.valueOf(predicates.size()), predicates);
        SatisfyAnyCriterion satisfyAnyCriterion = (SatisfyAnyCriterion) criteriaSet.get(SatisfyAnyCriterion.class);
        if (satisfyAnyCriterion != null) {
            this.log.trace("CriteriaSet contained SatisfyAnyCriterion");
            isSatisfyAnyPredicates = satisfyAnyCriterion.isSatisfyAny();
        } else {
            this.log.trace("CriteriaSet did NOT contain SatisfyAnyCriterion");
            isSatisfyAnyPredicates = isSatisfyAnyPredicates();
        }
        this.log.trace("Effective satisyAny value: {}", Boolean.valueOf(isSatisfyAnyPredicates));
        Iterable<RoleDescriptor> filteredIterable = ResolverSupport.getFilteredIterable(iterable, predicates, isSatisfyAnyPredicates, z);
        if (this.log.isDebugEnabled()) {
            this.log.debug("After predicate filtering {} RoleDescriptors remain", Integer.valueOf(Iterables.size(filteredIterable)));
        }
        return filteredIterable;
    }
}
