package net.shibboleth.idp.attribute.filter.policyrule.saml.impl;

import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.attribute.filter.PolicyRequirementRule;
import net.shibboleth.idp.attribute.filter.context.AttributeFilterContext;
import net.shibboleth.idp.attribute.filter.policyrule.impl.AbstractPolicyRule;
import net.shibboleth.shared.annotation.constraint.NotLive;
import net.shibboleth.shared.annotation.constraint.Unmodifiable;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.StringSupport;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.ext.saml2mdrpi.RegistrationInfo;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.Extensions;
import org.slf4j.Logger;

/* loaded from: input_file:WEB-INF/lib/shib-attribute-filter-impl-5.0.0.jar:net/shibboleth/idp/attribute/filter/policyrule/saml/impl/AbstractRegistrationAuthorityPolicyRule.class */
public abstract class AbstractRegistrationAuthorityPolicyRule extends AbstractPolicyRule {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) AbstractRegistrationAuthorityPolicyRule.class);

    @Nonnull
    private Set<String> registrars = CollectionSupport.emptySet();
    private boolean matchIfMetadataSilent;

    @Unmodifiable
    @Nonnull
    @NotLive
    public Set<String> getRegistrars() {
        return CollectionSupport.copyToSet(this.registrars);
    }

    public void setRegistrars(@Nonnull Collection<String> collection) {
        Constraint.isNotNull(collection, "Registrar collection cannot be null");
        this.registrars = new LinkedHashSet(collection.size());
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            String trimOrNull = StringSupport.trimOrNull(it.next());
            if (trimOrNull != null) {
                this.registrars.add(trimOrNull);
            }
        }
    }

    public boolean isMatchIfMetadataSilent() {
        return this.matchIfMetadataSilent;
    }

    public void setMatchIfMetadataSilent(boolean z) {
        this.matchIfMetadataSilent = z;
    }

    @Nullable
    protected abstract EntityDescriptor getEntityMetadata(@Nonnull AttributeFilterContext attributeFilterContext);

    @Nullable
    private RegistrationInfo getRegistrationInfo(@Nonnull AttributeFilterContext attributeFilterContext) {
        EntityDescriptor entityMetadata = getEntityMetadata(attributeFilterContext);
        if (null == entityMetadata) {
            this.log.debug("{} Filtering on registration, but no peer metadata available", getLogPrefix());
            return null;
        }
        Extensions extensions = entityMetadata.getExtensions();
        if (null != extensions) {
            for (XMLObject xMLObject : extensions.getUnknownXMLObjects(RegistrationInfo.DEFAULT_ELEMENT_NAME)) {
                if (xMLObject instanceof RegistrationInfo) {
                    return (RegistrationInfo) xMLObject;
                }
            }
        }
        XMLObject parent = entityMetadata.getParent();
        while (true) {
            EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) parent;
            if (null == entitiesDescriptor) {
                this.log.debug("{} Filtering on registration, but no RegistrationInfo available", getLogPrefix());
                return null;
            }
            Extensions extensions2 = entitiesDescriptor.getExtensions();
            if (null != extensions2) {
                for (XMLObject xMLObject2 : extensions2.getUnknownXMLObjects(RegistrationInfo.DEFAULT_ELEMENT_NAME)) {
                    if (xMLObject2 instanceof RegistrationInfo) {
                        return (RegistrationInfo) xMLObject2;
                    }
                }
            }
            parent = entitiesDescriptor.getParent();
        }
    }

    @Override // net.shibboleth.idp.attribute.filter.PolicyRequirementRule
    @Nonnull
    public PolicyRequirementRule.Tristate matches(@Nonnull AttributeFilterContext attributeFilterContext) {
        RegistrationInfo registrationInfo = getRegistrationInfo(attributeFilterContext);
        if (registrationInfo == null) {
            this.log.debug("{} The peer's metadata did not contain a RegistrationInfo descriptor", getLogPrefix());
            return this.matchIfMetadataSilent ? PolicyRequirementRule.Tristate.TRUE : PolicyRequirementRule.Tristate.FALSE;
        }
        String registrationAuthority = registrationInfo.getRegistrationAuthority();
        this.log.debug("{} Peer's metadata has registration authority: {}", getLogPrefix(), registrationAuthority);
        if (this.registrars.contains(registrationAuthority)) {
            this.log.debug("{} Peer's metadata registration authority matches", getLogPrefix());
            return PolicyRequirementRule.Tristate.TRUE;
        }
        this.log.debug("{} Peer's metadata registration authority does not match", getLogPrefix());
        return PolicyRequirementRule.Tristate.FALSE;
    }
}
