package edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector;

import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
import edu.internet2.middleware.shibboleth.common.attribute.provider.BasicAttribute;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethResolutionContext;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDStore;
import edu.internet2.middleware.shibboleth.common.profile.provider.SAMLProfileRequestContext;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.Collection;
import java.util.Map;
import java.util.UUID;
import javax.sql.DataSource;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.LazyMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/attribute/resolver/provider/dataConnector/StoredIDDataConnector.class */
public class StoredIDDataConnector extends BaseDataConnector {
    private final Logger log = LoggerFactory.getLogger(StoredIDDataConnector.class);
    private StoredIDStore pidStore;
    private String generatedAttribute;
    private String sourceAttribute;
    private byte[] salt;

    public StoredIDDataConnector(DataSource dataSource, String str, String str2, byte[] bArr) {
        if (dataSource == null) {
            throw new IllegalArgumentException("Data source may not be null");
        }
        this.pidStore = new StoredIDStore(dataSource);
        if (DatatypeHelper.isEmpty(str)) {
            throw new IllegalArgumentException("Provided generated attribute ID must not be empty");
        }
        this.generatedAttribute = str;
        if (DatatypeHelper.isEmpty(str2)) {
            throw new IllegalArgumentException("Provided source attribute ID must not be empty");
        }
        this.sourceAttribute = str2;
        if (bArr.length < 16) {
            throw new IllegalArgumentException("Provided salt must be at least 16 bytes in size.");
        }
        this.salt = bArr;
    }

    public StoredIDStore getStoredIDStore() {
        return this.pidStore;
    }

    public byte[] getSalt() {
        return this.salt;
    }

    public String getSourceAttributeId() {
        return this.sourceAttribute;
    }

    public String getGeneratedAttributeId() {
        return this.generatedAttribute;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ResolutionPlugIn
    public Map<String, BaseAttribute> resolve(ShibbolethResolutionContext shibbolethResolutionContext) throws AttributeResolutionException {
        if (shibbolethResolutionContext.getAttributeRequestContext().getLocalEntityId() == null) {
            throw new AttributeResolutionException("No local entity ID given in resolution context");
        }
        if (shibbolethResolutionContext.getAttributeRequestContext().getInboundMessageIssuer() == null) {
            throw new AttributeResolutionException("No relying party entity ID given in resolution context");
        }
        if (shibbolethResolutionContext.getAttributeRequestContext().getPrincipalName() == null) {
            throw new AttributeResolutionException("No principal name given in resolution context");
        }
        LazyMap lazyMap = new LazyMap();
        String storedId = getStoredId(shibbolethResolutionContext);
        if (storedId != null) {
            BasicAttribute basicAttribute = new BasicAttribute();
            basicAttribute.setId(getGeneratedAttributeId());
            basicAttribute.getValues().add(storedId);
            lazyMap.put(basicAttribute.getId(), basicAttribute);
        }
        return lazyMap;
    }

    @Override // edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ResolutionPlugIn
    public void validate() throws AttributeResolutionException {
        if (getDependencyIds() == null || getDependencyIds().size() != 1) {
            this.log.error("Computed ID " + getId() + " data connectore requires exactly one dependency");
            throw new AttributeResolutionException("Computed ID " + getId() + " data connectore requires exactly one dependency");
        }
        try {
            this.pidStore.getActivePersistentIdEntry("1");
        } catch (SQLException e) {
            throw new AttributeResolutionException("Unable to connect to persistent ID store.");
        }
    }

    protected String getStoredId(ShibbolethResolutionContext shibbolethResolutionContext) throws AttributeResolutionException {
        SAMLProfileRequestContext attributeRequestContext = shibbolethResolutionContext.getAttributeRequestContext();
        String localId = getLocalId(shibbolethResolutionContext);
        if (localId == null) {
            return null;
        }
        try {
            StoredIDStore.PersistentIdEntry activePersistentIdEntry = this.pidStore.getActivePersistentIdEntry(attributeRequestContext.getLocalEntityId(), attributeRequestContext.getInboundMessageIssuer(), localId);
            if (activePersistentIdEntry == null) {
                activePersistentIdEntry = createPersistentId(shibbolethResolutionContext, localId, this.salt);
                this.pidStore.storePersistentIdEntry(activePersistentIdEntry);
                this.log.debug("Created stored ID {}", activePersistentIdEntry);
            } else {
                this.log.debug("Located existing stored ID {}", activePersistentIdEntry);
            }
            return activePersistentIdEntry.getPersistentId();
        } catch (SQLException e) {
            this.log.error("Database error retrieving persistent identifier", e);
            throw new AttributeResolutionException("Database error retrieving persistent identifier", e);
        }
    }

    protected String getLocalId(ShibbolethResolutionContext shibbolethResolutionContext) throws AttributeResolutionException {
        Collection<Object> valuesFromAllDependencies = getValuesFromAllDependencies(shibbolethResolutionContext, getSourceAttributeId());
        if (valuesFromAllDependencies == null || valuesFromAllDependencies.isEmpty()) {
            this.log.debug("Source attribute {} for connector {} provide no values.  No identifier will be generated.", getSourceAttributeId(), getId());
            return null;
        }
        if (valuesFromAllDependencies.size() > 1) {
            this.log.warn("Source attribute {} for connector {} has more than one value, only the first value is used", getSourceAttributeId(), getId());
        }
        return valuesFromAllDependencies.iterator().next().toString();
    }

    protected StoredIDStore.PersistentIdEntry createPersistentId(ShibbolethResolutionContext shibbolethResolutionContext, String str, byte[] bArr) throws SQLException {
        String encodeBytes;
        StoredIDStore storedIDStore = this.pidStore;
        storedIDStore.getClass();
        StoredIDStore.PersistentIdEntry persistentIdEntry = new StoredIDStore.PersistentIdEntry();
        persistentIdEntry.setLocalEntityId(shibbolethResolutionContext.getAttributeRequestContext().getLocalEntityId());
        persistentIdEntry.setPeerEntityId(shibbolethResolutionContext.getAttributeRequestContext().getInboundMessageIssuer());
        persistentIdEntry.setPrincipalName(shibbolethResolutionContext.getAttributeRequestContext().getPrincipalName());
        persistentIdEntry.setLocalId(str);
        if (this.pidStore.getNumberOfPersistentIdEntries(persistentIdEntry.getLocalEntityId(), persistentIdEntry.getPeerEntityId(), persistentIdEntry.getLocalId()) == 0) {
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA");
                messageDigest.update(persistentIdEntry.getPeerEntityId().getBytes());
                messageDigest.update((byte) 33);
                messageDigest.update(str.getBytes());
                messageDigest.update((byte) 33);
                encodeBytes = Base64.encodeBytes(messageDigest.digest(bArr));
            } catch (NoSuchAlgorithmException e) {
                this.log.error("JVM error, SHA-1 is not supported, unable to compute ID");
                throw new SQLException("SHA-1 is not supported, unable to compute ID");
            }
        } else {
            encodeBytes = UUID.randomUUID().toString();
        }
        while (this.pidStore.getPersistentIdEntry(encodeBytes, false) != null) {
            this.log.debug("Generated persistent ID was already assigned to another user, regenerating");
            encodeBytes = UUID.randomUUID().toString();
        }
        persistentIdEntry.setPersistentId(encodeBytes);
        persistentIdEntry.setCreationTime(new Timestamp(System.currentTimeMillis()));
        return persistentIdEntry;
    }
}
