package edu.internet2.middleware.shibboleth.common.attribute.filtering.provider;

import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
import edu.internet2.middleware.shibboleth.common.attribute.filtering.AttributeFilteringEngine;
import edu.internet2.middleware.shibboleth.common.attribute.filtering.AttributeFilteringException;
import edu.internet2.middleware.shibboleth.common.config.BaseReloadableService;
import edu.internet2.middleware.shibboleth.common.profile.provider.SAMLProfileRequestContext;
import edu.internet2.middleware.shibboleth.common.service.ServiceException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/attribute/filtering/provider/ShibbolethAttributeFilteringEngine.class */
public class ShibbolethAttributeFilteringEngine extends BaseReloadableService implements AttributeFilteringEngine<SAMLProfileRequestContext> {
    private final Logger log = LoggerFactory.getLogger(ShibbolethAttributeFilteringEngine.class);
    private List<AttributeFilterPolicy> filterPolicies = new ArrayList();

    public List<AttributeFilterPolicy> getFilterPolicies() {
        return this.filterPolicies;
    }

    /* renamed from: filterAttributes, reason: avoid collision after fix types in other method */
    public Map<String, BaseAttribute> filterAttributes2(Map<String, BaseAttribute> map, SAMLProfileRequestContext sAMLProfileRequestContext) throws AttributeFilteringException {
        this.log.debug(getId() + " filtering {} attributes for principal {}", Integer.valueOf(map.size()), sAMLProfileRequestContext.getPrincipalName());
        if (map.size() == 0) {
            return new HashMap();
        }
        if (getFilterPolicies() == null) {
            this.log.debug("No filter policies were loaded in {}, filtering out all attributes for {}", getId(), sAMLProfileRequestContext.getPrincipalName());
            return new HashMap();
        }
        ShibbolethFilteringContext shibbolethFilteringContext = new ShibbolethFilteringContext(map, sAMLProfileRequestContext);
        Lock readLock = getReadWriteLock().readLock();
        readLock.lock();
        try {
            Iterator<AttributeFilterPolicy> it = this.filterPolicies.iterator();
            while (it.hasNext()) {
                filterAttributes(shibbolethFilteringContext, it.next());
                runDenyRules(shibbolethFilteringContext);
            }
            Iterator<Map.Entry<String, BaseAttribute>> it2 = map.entrySet().iterator();
            while (it2.hasNext()) {
                BaseAttribute value = it2.next().getValue();
                Collection retainedValues = shibbolethFilteringContext.getRetainedValues(value.getId(), false);
                value.getValues().clear();
                value.getValues().addAll(retainedValues);
                if (value.getValues().size() == 0) {
                    this.log.debug("Removing attribute from return set, no more values: {}", value.getId());
                    it2.remove();
                } else {
                    this.log.trace("Permitted values for attribute {} are: {}", value.getId(), value.getValues());
                }
            }
            this.log.debug("Filtered attributes for principal {}.  The following attributes remain: {}", sAMLProfileRequestContext.getPrincipalName(), map.keySet());
            return map;
        } finally {
            readLock.unlock();
        }
    }

    protected void filterAttributes(ShibbolethFilteringContext shibbolethFilteringContext, AttributeFilterPolicy attributeFilterPolicy) throws FilterProcessingException {
        this.log.debug("Evaluating if filter policy {} is active for principal {}", attributeFilterPolicy.getPolicyId(), shibbolethFilteringContext.getAttributeRequestContext().getPrincipalName());
        MatchFunctor policyRequirementRule = attributeFilterPolicy.getPolicyRequirementRule();
        if (policyRequirementRule == null || !policyRequirementRule.evaluatePolicyRequirement(shibbolethFilteringContext)) {
            this.log.debug("Filter policy {} is not active for principal {}", attributeFilterPolicy.getPolicyId(), shibbolethFilteringContext.getAttributeRequestContext().getPrincipalName());
            return;
        }
        this.log.debug("Filter policy {} is active for principal {}", attributeFilterPolicy.getPolicyId(), shibbolethFilteringContext.getAttributeRequestContext().getPrincipalName());
        Iterator<AttributeRule> it = attributeFilterPolicy.getAttributeRules().iterator();
        while (it.hasNext()) {
            filterAttributes(shibbolethFilteringContext, it.next());
        }
    }

    protected void filterAttributes(ShibbolethFilteringContext shibbolethFilteringContext, AttributeRule attributeRule) throws FilterProcessingException {
        String attributeId = attributeRule.getAttributeId();
        Collection retainedValues = shibbolethFilteringContext.getRetainedValues(attributeId, false);
        MatchFunctor permitValueRule = attributeRule.getPermitValueRule();
        if (permitValueRule != null) {
            this.log.debug("Processing permit value rule for attribute {} for principal {}", attributeId, shibbolethFilteringContext.getAttributeRequestContext().getPrincipalName());
            BaseAttribute baseAttribute = shibbolethFilteringContext.getUnfilteredAttributes().get(attributeId);
            if (baseAttribute == null) {
                return;
            }
            Iterator it = baseAttribute.getValues().iterator();
            while (it.hasNext()) {
                Object next = it.next();
                if (permitValueRule.evaluatePermitValue(shibbolethFilteringContext, attributeId, next)) {
                    this.log.trace("The following value for attribute {} meets the permit value rule: {}", attributeId, next == null ? "<null>" : next.toString());
                    retainedValues.add(next);
                } else {
                    this.log.trace("The following value for attribute {} does not meet permit value rule: {}", attributeId, next == null ? "<null>" : next.toString());
                }
            }
        }
        MatchFunctor denyValueRule = attributeRule.getDenyValueRule();
        if (denyValueRule != null) {
            this.log.debug("Registering deny value rule for attribute {} for principal {}", attributeId, shibbolethFilteringContext.getAttributeRequestContext().getPrincipalName());
            List<MatchFunctor> list = shibbolethFilteringContext.getDenyValueRules().get(attributeId);
            if (list == null) {
                list = new ArrayList();
                shibbolethFilteringContext.getDenyValueRules().put(attributeId, list);
            }
            list.add(denyValueRule);
        }
    }

    protected void runDenyRules(ShibbolethFilteringContext shibbolethFilteringContext) throws FilterProcessingException {
        Map<String, List<MatchFunctor>> denyValueRules = shibbolethFilteringContext.getDenyValueRules();
        if (denyValueRules.isEmpty()) {
            return;
        }
        for (Map.Entry<String, List<MatchFunctor>> entry : denyValueRules.entrySet()) {
            List<MatchFunctor> value = entry.getValue();
            Collection retainedValues = shibbolethFilteringContext.getRetainedValues(entry.getKey(), false);
            if (!value.isEmpty() && !retainedValues.isEmpty()) {
                Iterator it = retainedValues.iterator();
                for (MatchFunctor matchFunctor : value) {
                    while (it.hasNext()) {
                        Object next = it.next();
                        if (matchFunctor.evaluateDenyRule(shibbolethFilteringContext, entry.getKey(), next)) {
                            this.log.trace("Removing the following value of attribute {} per deny rule: {}", entry.getKey(), next);
                            it.remove();
                        }
                    }
                }
            }
        }
    }

    @Override // edu.internet2.middleware.shibboleth.common.config.BaseService
    protected void onNewContextCreated(ApplicationContext applicationContext) throws ServiceException {
        List<AttributeFilterPolicy> list = this.filterPolicies;
        try {
            ArrayList arrayList = new ArrayList();
            for (String str : applicationContext.getBeanNamesForType(AttributeFilterPolicy.class)) {
                arrayList.add((AttributeFilterPolicy) applicationContext.getBean(str));
            }
            this.filterPolicies = arrayList;
        } catch (Exception e) {
            this.filterPolicies = list;
            throw new ServiceException(getId() + " configuration is not valid, retaining old configuration", e);
        }
    }

    @Override // edu.internet2.middleware.shibboleth.common.attribute.filtering.AttributeFilteringEngine
    public /* bridge */ /* synthetic */ Map filterAttributes(Map map, SAMLProfileRequestContext sAMLProfileRequestContext) throws AttributeFilteringException {
        return filterAttributes2((Map<String, BaseAttribute>) map, sAMLProfileRequestContext);
    }
}
