package org.opensaml.saml.common.messaging.context;

import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml1.core.Assertion;
import org.opensaml.saml.saml1.core.AttributeQuery;
import org.opensaml.saml.saml1.core.AuthorizationDecisionQuery;
import org.opensaml.saml.saml1.core.Request;
import org.opensaml.saml.saml1.core.Response;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.core.StatusResponseType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-20161104.090424-27.zip:modules/system/layers/fuse/org/opensaml/3.1/opensaml-saml-api-3.1.1.jar:org/opensaml/saml/common/messaging/context/SAMLPeerEntityContext.class */
public class SAMLPeerEntityContext extends AbstractAuthenticatableSAMLEntityContext {

    @Nonnull
    private Logger log = LoggerFactory.getLogger(SAMLPeerEntityContext.class);
    private boolean useSAML1QueryResourceAsEntityId = true;

    @Override // org.opensaml.saml.common.messaging.context.AbstractSAMLEntityContext
    @NotEmpty
    @Nullable
    public String getEntityId() {
        if (super.getEntityId() == null) {
            setEntityId(resolveEntityId());
        }
        return super.getEntityId();
    }

    public boolean getUseSAML1QueryResourceAsEntityId() {
        return this.useSAML1QueryResourceAsEntityId;
    }

    public void setUseSAML1QueryResourceAsEntityId(boolean z) {
        this.useSAML1QueryResourceAsEntityId = z;
    }

    @Nullable
    protected String resolveEntityId() {
        SAMLObject resolveSAMLMessage = resolveSAMLMessage();
        if (resolveSAMLMessage instanceof RequestAbstractType) {
            return processSaml2Request((RequestAbstractType) resolveSAMLMessage);
        }
        if (resolveSAMLMessage instanceof StatusResponseType) {
            return processSaml2Response((StatusResponseType) resolveSAMLMessage);
        }
        if (resolveSAMLMessage instanceof Response) {
            return processSaml1Response((Response) resolveSAMLMessage);
        }
        if (resolveSAMLMessage instanceof Request) {
            return processSaml1Request((Request) resolveSAMLMessage);
        }
        return null;
    }

    @Nullable
    protected String processSaml2Request(@Nonnull RequestAbstractType requestAbstractType) {
        if (requestAbstractType.getIssuer() != null) {
            return processSaml2Issuer(requestAbstractType.getIssuer());
        }
        return null;
    }

    @Nullable
    protected String processSaml2Response(@Nonnull StatusResponseType statusResponseType) {
        if (statusResponseType.getIssuer() != null) {
            return processSaml2Issuer(statusResponseType.getIssuer());
        }
        return null;
    }

    @Nullable
    protected String processSaml2Issuer(@Nonnull Issuer issuer) {
        if (issuer.getFormat() == null || issuer.getFormat().equals("urn:oasis:names:tc:SAML:2.0:nameid-format:entity")) {
            return issuer.getValue();
        }
        this.log.warn("Couldn't dynamically resolve SAML 2 peer entity ID due to unsupported NameID format: {}", issuer.getFormat());
        return null;
    }

    @Nullable
    protected String processSaml1Response(@Nonnull Response response) {
        String str = null;
        List<Assertion> assertions = response.getAssertions();
        if (assertions != null && assertions.size() > 0) {
            this.log.info("Attempting to extract issuer from enclosed SAML 1.x Assertion(s)");
            for (Assertion assertion : assertions) {
                if (assertion != null && assertion.getIssuer() != null) {
                    if (str != null && !str.equals(assertion.getIssuer())) {
                        this.log.warn("SAML 1.x assertions, within response '{}' contain different issuer IDs, can not dynamically resolve SAML peer entity ID", response.getID());
                        return null;
                    }
                    str = assertion.getIssuer();
                }
            }
        }
        if (str == null) {
            this.log.warn("Issuer could not be extracted from standard SAML 1.x response message");
        }
        return str;
    }

    @Nullable
    protected String processSaml1Request(@Nonnull Request request) {
        String processSaml1AuthorizationDecisionQuery;
        String processSaml1AttributeQuery;
        if (request.getAttributeQuery() != null && (processSaml1AttributeQuery = processSaml1AttributeQuery(request.getAttributeQuery())) != null) {
            return processSaml1AttributeQuery;
        }
        if (request.getAuthorizationDecisionQuery() == null || (processSaml1AuthorizationDecisionQuery = processSaml1AuthorizationDecisionQuery(request.getAuthorizationDecisionQuery())) == null) {
            return null;
        }
        return processSaml1AuthorizationDecisionQuery;
    }

    @Nullable
    protected String processSaml1AttributeQuery(@Nonnull AttributeQuery attributeQuery) {
        if (!getUseSAML1QueryResourceAsEntityId()) {
            return null;
        }
        this.log.debug("Attempting to extract entity ID from SAML 1 AttributeQuery Resource attribute");
        String trimOrNull = StringSupport.trimOrNull(attributeQuery.getResource());
        if (trimOrNull == null) {
            return null;
        }
        this.log.debug("Extracted entity ID from SAML 1.x AttributeQuery: {}", trimOrNull);
        return trimOrNull;
    }

    @Nullable
    protected String processSaml1AuthorizationDecisionQuery(@Nonnull AuthorizationDecisionQuery authorizationDecisionQuery) {
        if (!getUseSAML1QueryResourceAsEntityId()) {
            return null;
        }
        this.log.debug("Attempting to extract entity ID from SAML 1 AuthorizationDecisionQuery Resource attribute");
        String trimOrNull = StringSupport.trimOrNull(authorizationDecisionQuery.getResource());
        if (trimOrNull == null) {
            return null;
        }
        this.log.debug("Extracted entity ID from SAML 1.x AuthorizationDecisionQuery: {}", trimOrNull);
        return trimOrNull;
    }

    @Nullable
    protected SAMLObject resolveSAMLMessage() {
        if (!(getParent() instanceof MessageContext)) {
            return null;
        }
        MessageContext parent = getParent();
        if (parent.getMessage() instanceof SAMLObject) {
            return (SAMLObject) parent.getMessage();
        }
        return null;
    }
}
