package edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.saml;

import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
import edu.internet2.middleware.shibboleth.common.attribute.encoding.AttributeEncoder;
import edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML1AttributeEncoder;
import edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2AttributeEncoder;
import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.FilterProcessingException;
import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethFilteringContext;
import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.AbstractMatchFunctor;
import java.util.Iterator;
import java.util.List;
import org.joda.time.DateTime;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.schema.XSAny;
import org.opensaml.xml.schema.XSBase64Binary;
import org.opensaml.xml.schema.XSBoolean;
import org.opensaml.xml.schema.XSDateTime;
import org.opensaml.xml.schema.XSInteger;
import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.XSURI;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/attribute/filtering/provider/match/saml/AttributeInMetadataMatchFunctor.class */
public class AttributeInMetadataMatchFunctor extends AbstractMatchFunctor {
    private final Logger log = LoggerFactory.getLogger(AttributeInMetadataMatchFunctor.class);
    private boolean onlyIfRequired;
    private boolean matchIfMetadataSilent;

    public boolean isOnlyIfRequired() {
        return this.onlyIfRequired;
    }

    public void setOnlyIfRequired(boolean z) {
        this.onlyIfRequired = z;
    }

    public boolean isMatchIfMetadataSilent() {
        return this.matchIfMetadataSilent;
    }

    public void setMatchIfMetadataSilent(boolean z) {
        this.matchIfMetadataSilent = z;
    }

    @Override // edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.AbstractMatchFunctor
    protected boolean doEvaluatePolicyRequirement(ShibbolethFilteringContext shibbolethFilteringContext) throws FilterProcessingException {
        throw new FilterProcessingException("This match functor is not supported in policy requirements");
    }

    @Override // edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.AbstractMatchFunctor
    protected boolean doEvaluateValue(ShibbolethFilteringContext shibbolethFilteringContext, String str, Object obj) throws FilterProcessingException {
        Integer attributeConsumingServiceIndex;
        SPSSODescriptor peerEntityRoleMetadata = shibbolethFilteringContext.getAttributeRequestContext().getPeerEntityRoleMetadata();
        if (!(peerEntityRoleMetadata instanceof SPSSODescriptor)) {
            this.log.debug("attribute requester's metadata role does not contain attribute requirements");
            return false;
        }
        AttributeConsumingService attributeConsumingService = null;
        AuthnRequest inboundSAMLMessage = shibbolethFilteringContext.getAttributeRequestContext().getInboundSAMLMessage();
        if (inboundSAMLMessage != null && (inboundSAMLMessage instanceof AuthnRequest) && (attributeConsumingServiceIndex = inboundSAMLMessage.getAttributeConsumingServiceIndex()) != null) {
            Iterator it = peerEntityRoleMetadata.getAttributeConsumingServices().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AttributeConsumingService attributeConsumingService2 = (AttributeConsumingService) it.next();
                if (attributeConsumingService2.getIndex() == attributeConsumingServiceIndex.intValue()) {
                    attributeConsumingService = attributeConsumingService2;
                    break;
                }
            }
            if (attributeConsumingService == null) {
                this.log.warn("Incoming AuthnRequest's AttributeConsumingServiceIndex did not match peer's metadata");
                return false;
            }
        }
        if (attributeConsumingService == null) {
            attributeConsumingService = peerEntityRoleMetadata.getDefaultAttributeConsumingService();
        }
        if (attributeConsumingService == null) {
            this.log.debug("The peer's metadata did not contain an AttributeConsumingService descriptor");
            return this.matchIfMetadataSilent;
        }
        this.log.debug("Using AttributeConsumingService descriptor with index {}", Integer.valueOf(attributeConsumingService.getIndex()));
        BaseAttribute baseAttribute = shibbolethFilteringContext.getUnfilteredAttributes().get(str);
        if (baseAttribute == null || baseAttribute.getValues() == null) {
            return false;
        }
        Iterator<AttributeEncoder> it2 = baseAttribute.getEncoders().iterator();
        while (it2.hasNext()) {
            RequestedAttribute findInMetadata = findInMetadata(attributeConsumingService, it2.next());
            if (findInMetadata != null) {
                if (this.onlyIfRequired && !findInMetadata.isRequired().booleanValue()) {
                    this.log.debug("Attribute {} requested in metadata, but was not required", str);
                    return false;
                }
                this.log.debug("Found attribute {} requested in metadata", str);
                List attributeValues = findInMetadata.getAttributeValues();
                if (attributeValues == null || attributeValues.isEmpty()) {
                    return true;
                }
                String obj2 = obj.toString();
                Iterator it3 = attributeValues.iterator();
                while (it3.hasNext()) {
                    if (match((XMLObject) it3.next(), obj2)) {
                        return true;
                    }
                }
                this.log.debug("Attribute {} found in metadata, but value not among those requested", str);
                return false;
            }
        }
        this.log.debug("Attribute {} not found in metadata", str);
        return false;
    }

    private RequestedAttribute findInMetadata(AttributeConsumingService attributeConsumingService, AttributeEncoder attributeEncoder) {
        for (RequestedAttribute requestedAttribute : attributeConsumingService.getRequestAttributes()) {
            if (requestedAttribute.getName().equals(attributeEncoder.getAttributeName())) {
                String str = null;
                if (attributeEncoder instanceof SAML2AttributeEncoder) {
                    str = ((SAML2AttributeEncoder) attributeEncoder).getNameFormat();
                } else if (attributeEncoder instanceof SAML1AttributeEncoder) {
                    str = ((SAML1AttributeEncoder) attributeEncoder).getNamespace();
                }
                String nameFormat = requestedAttribute.getNameFormat();
                if (str == null || nameFormat == null || nameFormat.equals("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified") || str.equals(nameFormat)) {
                    return requestedAttribute;
                }
            }
        }
        return null;
    }

    private boolean match(XMLObject xMLObject, String str) {
        String str2 = null;
        if (xMLObject instanceof XSString) {
            str2 = ((XSString) xMLObject).getValue();
        } else if (xMLObject instanceof XSURI) {
            str2 = ((XSURI) xMLObject).getValue();
        } else if (xMLObject instanceof XSBoolean) {
            str2 = ((XSBoolean) xMLObject).getValue().getValue().booleanValue() ? "1" : "0";
        } else if (xMLObject instanceof XSInteger) {
            str2 = ((XSInteger) xMLObject).getValue().toString();
        } else if (xMLObject instanceof XSDateTime) {
            DateTime value = ((XSDateTime) xMLObject).getValue();
            if (value != null) {
                str2 = ((XSDateTime) xMLObject).getDateTimeFormatter().print(value);
            }
        } else if (xMLObject instanceof XSBase64Binary) {
            str2 = ((XSBase64Binary) xMLObject).getValue();
        } else if (xMLObject instanceof XSAny) {
            XSAny xSAny = (XSAny) xMLObject;
            if (xSAny.getUnknownAttributes().isEmpty() && xSAny.getUnknownXMLObjects().isEmpty()) {
                str2 = xSAny.getTextContent();
            }
        }
        if (str2 != null) {
            return str2.equals(str);
        }
        this.log.warn("Unrecognized XMLObject type, unable to match as a string to candidate value");
        return false;
    }
}
