package edu.internet2.middleware.shibboleth.common.attribute.resolver.provider;

import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolver;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.AttributeDefinition;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.ContextualAttributeDefinition;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.ContextualDataConnector;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.DataConnector;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.principalConnector.ContextualPrincipalConnector;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.principalConnector.PrincipalConnector;
import edu.internet2.middleware.shibboleth.common.config.BaseReloadableService;
import edu.internet2.middleware.shibboleth.common.profile.provider.SAMLProfileRequestContext;
import edu.internet2.middleware.shibboleth.common.service.ServiceException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import org.jgrapht.DirectedGraph;
import org.jgrapht.graph.DefaultEdge;
import org.opensaml.common.SAMLObject;
import org.opensaml.saml1.core.NameIdentifier;
import org.opensaml.saml2.core.NameID;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/attribute/resolver/provider/ShibbolethAttributeResolver.class */
public class ShibbolethAttributeResolver extends BaseReloadableService implements AttributeResolver<SAMLProfileRequestContext> {
    public static final Collection<Class> PLUGIN_TYPES = Arrays.asList(DataConnector.class, AttributeDefinition.class, PrincipalConnector.class);
    private final Logger log = LoggerFactory.getLogger(ShibbolethAttributeResolver.class.getName());
    private Map<String, DataConnector> dataConnectors = new HashMap();
    private Map<String, AttributeDefinition> definitions = new HashMap();
    private Map<String, PrincipalConnector> principalConnectors = new HashMap();

    public Map<String, AttributeDefinition> getAttributeDefinitions() {
        return this.definitions;
    }

    public Map<String, DataConnector> getDataConnectors() {
        return this.dataConnectors;
    }

    public Map<String, PrincipalConnector> getPrincipalConnectors() {
        return this.principalConnectors;
    }

    @Override // edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolver
    public Map<String, BaseAttribute> resolveAttributes(SAMLProfileRequestContext sAMLProfileRequestContext) throws AttributeResolutionException {
        ShibbolethResolutionContext shibbolethResolutionContext = new ShibbolethResolutionContext(sAMLProfileRequestContext);
        this.log.debug("{} resolving attributes for principal {}", getId(), sAMLProfileRequestContext.getPrincipalName());
        if (getAttributeDefinitions().size() == 0) {
            this.log.debug("No attribute definitions loaded in {} so no attributes can be resolved for principal {}", getId(), sAMLProfileRequestContext.getPrincipalName());
            return new HashMap();
        }
        Lock readLock = getReadWriteLock().readLock();
        readLock.lock();
        try {
            Map<String, BaseAttribute> resolveAttributes = resolveAttributes(shibbolethResolutionContext);
            cleanResolvedAttributes(resolveAttributes, shibbolethResolutionContext);
            readLock.unlock();
            this.log.debug(getId() + " resolved, for principal {}, the attributes: {}", sAMLProfileRequestContext.getPrincipalName(), resolveAttributes.keySet());
            return resolveAttributes;
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    @Override // edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolver
    public void validate() throws AttributeResolutionException {
        for (DataConnector dataConnector : this.dataConnectors.values()) {
            if (dataConnector != null) {
                dataConnector.validate();
            }
        }
        for (AttributeDefinition attributeDefinition : this.definitions.values()) {
            if (attributeDefinition != null) {
                attributeDefinition.validate();
            }
        }
        for (PrincipalConnector principalConnector : this.principalConnectors.values()) {
            if (principalConnector != null) {
                principalConnector.validate();
            }
        }
    }

    public String resolvePrincipalName(SAMLProfileRequestContext sAMLProfileRequestContext) throws AttributeResolutionException {
        String nameIdentifierFormat = getNameIdentifierFormat(sAMLProfileRequestContext.getSubjectNameIdentifier());
        this.log.debug("Resolving principal name from name identifier of format: {}", nameIdentifierFormat);
        PrincipalConnector principalConnector = null;
        Iterator<PrincipalConnector> it = this.principalConnectors.values().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            PrincipalConnector next = it.next();
            if (next.getFormat().equals(nameIdentifierFormat)) {
                if (next.getRelyingParties().contains(sAMLProfileRequestContext.getInboundMessageIssuer())) {
                    principalConnector = next;
                    break;
                }
                if (next.getRelyingParties().isEmpty()) {
                    principalConnector = next;
                }
            }
        }
        if (principalConnector == null) {
            throw new AttributeResolutionException("No principal connector available to resolve a subject name with format " + nameIdentifierFormat + " for relying party " + sAMLProfileRequestContext.getInboundMessageIssuer());
        }
        this.log.debug("Using principal connector {} to resolve principal name.", principalConnector.getId());
        ContextualPrincipalConnector contextualPrincipalConnector = new ContextualPrincipalConnector(principalConnector);
        ShibbolethResolutionContext shibbolethResolutionContext = new ShibbolethResolutionContext(sAMLProfileRequestContext);
        resolveDependencies(contextualPrincipalConnector, shibbolethResolutionContext);
        return contextualPrincipalConnector.resolve(shibbolethResolutionContext);
    }

    protected String getNameIdentifierFormat(SAMLObject sAMLObject) {
        String str = null;
        if (sAMLObject instanceof NameIdentifier) {
            str = ((NameIdentifier) sAMLObject).getFormat();
        } else if (sAMLObject instanceof NameID) {
            str = ((NameID) sAMLObject).getFormat();
        }
        if (DatatypeHelper.isEmpty(str)) {
            str = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
        }
        return str;
    }

    protected Map<String, BaseAttribute> resolveAttributes(ShibbolethResolutionContext shibbolethResolutionContext) throws AttributeResolutionException {
        Collection<String> requestedAttributesIds = shibbolethResolutionContext.getAttributeRequestContext().getRequestedAttributesIds();
        HashMap hashMap = new HashMap();
        if (requestedAttributesIds == null || requestedAttributesIds.isEmpty()) {
            this.log.debug("Specific attributes for principal {} were not requested, resolving all attributes.", shibbolethResolutionContext.getAttributeRequestContext().getPrincipalName());
            requestedAttributesIds = getAttributeDefinitions().keySet();
        }
        Lock readLock = getReadWriteLock().readLock();
        readLock.lock();
        try {
            Iterator<String> it = requestedAttributesIds.iterator();
            while (it.hasNext()) {
                BaseAttribute resolveAttribute = resolveAttribute(it.next(), shibbolethResolutionContext);
                if (resolveAttribute != null) {
                    hashMap.put(resolveAttribute.getId(), resolveAttribute);
                }
            }
            return hashMap;
        } finally {
            readLock.unlock();
        }
    }

    protected BaseAttribute resolveAttribute(String str, ShibbolethResolutionContext shibbolethResolutionContext) throws AttributeResolutionException {
        AttributeDefinition attributeDefinition = shibbolethResolutionContext.getResolvedAttributeDefinitions().get(str);
        if (attributeDefinition == null) {
            this.log.debug("Resolving attribute {} for principal {}", str, shibbolethResolutionContext.getAttributeRequestContext().getPrincipalName());
            AttributeDefinition attributeDefinition2 = getAttributeDefinitions().get(str);
            if (attributeDefinition2 == null) {
                this.log.warn("{} requested attribute {} but no attribute definition exists for that attribute", shibbolethResolutionContext.getAttributeRequestContext().getInboundMessageIssuer(), str);
                return null;
            }
            attributeDefinition = new ContextualAttributeDefinition(attributeDefinition2);
            shibbolethResolutionContext.getResolvedPlugins().put(str, attributeDefinition);
        }
        resolveDependencies(attributeDefinition, shibbolethResolutionContext);
        BaseAttribute resolve = attributeDefinition.resolve(shibbolethResolutionContext);
        this.log.debug("Resolved attribute {} containing {} values", str, Integer.valueOf(resolve.getValues().size()));
        return resolve;
    }

    protected void resolveDataConnector(String str, ShibbolethResolutionContext shibbolethResolutionContext) throws AttributeResolutionException {
        DataConnector dataConnector = shibbolethResolutionContext.getResolvedDataConnectors().get(str);
        if (dataConnector == null) {
            this.log.debug("Resolving data connector {} for principal {}", str, shibbolethResolutionContext.getAttributeRequestContext().getPrincipalName());
            dataConnector = getDataConnectors().get(str);
            if (dataConnector == null) {
                this.log.warn("{} requested to resolve data connector {} but does not have such a data connector", getId(), str);
            } else {
                dataConnector = new ContextualDataConnector(dataConnector);
                shibbolethResolutionContext.getResolvedPlugins().put(str, dataConnector);
            }
        }
        resolveDependencies(dataConnector, shibbolethResolutionContext);
        try {
            dataConnector.resolve(shibbolethResolutionContext);
        } catch (AttributeResolutionException e) {
            String failoverDependencyId = dataConnector.getFailoverDependencyId();
            if (DatatypeHelper.isEmpty(failoverDependencyId)) {
                this.log.error("Received the following error from data connector " + dataConnector.getId() + ", no failover data connector available", e);
                throw e;
            }
            this.log.warn("Received the following error from data connector " + dataConnector.getId() + ", trying its failover connector " + failoverDependencyId, e.getMessage());
            this.log.debug("Error recieved from data connector " + dataConnector.getId(), e);
            resolveDataConnector(failoverDependencyId, shibbolethResolutionContext);
            DataConnector dataConnector2 = shibbolethResolutionContext.getResolvedDataConnectors().get(failoverDependencyId);
            this.log.debug("Using failover connector {} in place of {} for the remainder of this resolution", dataConnector2.getId(), str);
            shibbolethResolutionContext.getResolvedPlugins().put(str, dataConnector2);
        }
    }

    protected void resolveDependencies(ResolutionPlugIn<?> resolutionPlugIn, ShibbolethResolutionContext shibbolethResolutionContext) throws AttributeResolutionException {
        for (String str : resolutionPlugIn.getDependencyIds()) {
            if (this.dataConnectors.containsKey(str)) {
                resolveDataConnector(str, shibbolethResolutionContext);
            } else if (this.definitions.containsKey(str)) {
                resolveAttribute(str, shibbolethResolutionContext);
            }
        }
    }

    protected void cleanResolvedAttributes(Map<String, BaseAttribute> map, ShibbolethResolutionContext shibbolethResolutionContext) {
        Iterator<Map.Entry<String, BaseAttribute>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            BaseAttribute value = it.next().getValue();
            if (value == null) {
                it.remove();
            } else if (getAttributeDefinitions().get(value.getId()).isDependencyOnly()) {
                this.log.debug("Removing dependency-only attribute {} from resolution result for principal {}.", value.getId(), shibbolethResolutionContext.getAttributeRequestContext().getPrincipalName());
                it.remove();
            } else if (value.getValues().size() == 0) {
                this.log.debug("Removing attribute {} from resolution result for principal {}.  It contains no values.", value.getId(), shibbolethResolutionContext.getAttributeRequestContext().getPrincipalName());
                it.remove();
            } else {
                Iterator it2 = value.getValues().iterator();
                HashSet hashSet = new HashSet();
                while (it2.hasNext()) {
                    Object next = it2.next();
                    if (!hashSet.add(next)) {
                        this.log.debug("Removing duplicate value {} of attribute {} from resolution result", next, value.getId());
                        it2.remove();
                    }
                }
            }
        }
    }

    protected void addVertex(DirectedGraph<ResolutionPlugIn, DefaultEdge> directedGraph, ResolutionPlugIn<?> resolutionPlugIn) {
        directedGraph.addVertex(resolutionPlugIn);
        Object obj = null;
        for (String str : resolutionPlugIn.getDependencyIds()) {
            if (this.dataConnectors.containsKey(str)) {
                obj = (ResolutionPlugIn) this.dataConnectors.get(str);
            } else if (this.definitions.containsKey(str)) {
                obj = (ResolutionPlugIn) this.definitions.get(str);
            }
            if (obj != null) {
                directedGraph.addVertex(obj);
                directedGraph.addEdge(resolutionPlugIn, obj);
            }
        }
    }

    @Override // edu.internet2.middleware.shibboleth.common.config.BaseService
    protected void onNewContextCreated(ApplicationContext applicationContext) throws ServiceException {
        Map<String, DataConnector> map = this.dataConnectors;
        HashMap hashMap = new HashMap();
        String[] beanNamesForType = applicationContext.getBeanNamesForType(DataConnector.class);
        this.log.debug("Loading {} data connectors", Integer.valueOf(beanNamesForType.length));
        for (String str : beanNamesForType) {
            DataConnector dataConnector = (DataConnector) applicationContext.getBean(str);
            hashMap.put(dataConnector.getId(), dataConnector);
        }
        Map<String, AttributeDefinition> map2 = this.definitions;
        HashMap hashMap2 = new HashMap();
        String[] beanNamesForType2 = applicationContext.getBeanNamesForType(AttributeDefinition.class);
        this.log.debug("Loading {} attribute definitions", Integer.valueOf(beanNamesForType2.length));
        for (String str2 : beanNamesForType2) {
            AttributeDefinition attributeDefinition = (AttributeDefinition) applicationContext.getBean(str2);
            hashMap2.put(attributeDefinition.getId(), attributeDefinition);
        }
        Map<String, PrincipalConnector> map3 = this.principalConnectors;
        HashMap hashMap3 = new HashMap();
        String[] beanNamesForType3 = applicationContext.getBeanNamesForType(PrincipalConnector.class);
        this.log.debug("Loading {} principal connectors", Integer.valueOf(beanNamesForType3.length));
        for (String str3 : beanNamesForType3) {
            PrincipalConnector principalConnector = (PrincipalConnector) applicationContext.getBean(str3);
            hashMap3.put(principalConnector.getId(), principalConnector);
        }
        try {
            this.dataConnectors = hashMap;
            this.definitions = hashMap2;
            this.principalConnectors = hashMap3;
            validate();
        } catch (AttributeResolutionException e) {
            this.dataConnectors = map;
            this.definitions = map2;
            this.principalConnectors = map3;
            throw new ServiceException(getId() + " configuration is not valid, retaining old configuration", e);
        }
    }
}
