package net.shibboleth.idp.saml.security.impl;

import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import net.shibboleth.idp.saml.security.KeyAuthoritySupport;
import net.shibboleth.idp.saml.xmlobject.KeyAuthority;
import net.shibboleth.shared.annotation.constraint.NotLive;
import net.shibboleth.shared.annotation.constraint.Unmodifiable;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.metadata.resolver.filter.FilterException;
import org.opensaml.saml.metadata.resolver.filter.MetadataNodeProcessor;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.Extensions;
import org.opensaml.security.SecurityException;
import org.opensaml.security.x509.PKIXValidationInformation;
import org.slf4j.Logger;

/* loaded from: input_file:WEB-INF/lib/shib-metadata-impl-5.1.3.jar:net/shibboleth/idp/saml/security/impl/KeyAuthorityNodeProcessor.class */
public class KeyAuthorityNodeProcessor implements MetadataNodeProcessor {

    @Nonnull
    private Logger log = LoggerFactory.getLogger((Class<?>) KeyAuthority.class);

    @Override // org.opensaml.saml.metadata.resolver.filter.MetadataNodeProcessor
    public void process(@Nonnull XMLObject xMLObject) throws FilterException {
        if (xMLObject instanceof EntitiesDescriptor) {
            handleEntitiesDescriptor((EntitiesDescriptor) xMLObject);
        } else if (xMLObject instanceof EntityDescriptor) {
            handleEntityDescriptor((EntityDescriptor) xMLObject);
        }
    }

    protected void handleEntitiesDescriptor(@Nonnull EntitiesDescriptor entitiesDescriptor) throws FilterException {
        this.log.debug("Processing EntitiesDescriptor with id '{}', name '{}'", entitiesDescriptor.getID(), entitiesDescriptor.getName());
        List<XMLObject> keyAuthorities = getKeyAuthorities(entitiesDescriptor);
        if (keyAuthorities.isEmpty()) {
            return;
        }
        this.log.debug("Saw at least one KeyAuthority for EntitiesDescriptor with id '{}', name '{}'", entitiesDescriptor.getID(), entitiesDescriptor.getName());
        for (XMLObject xMLObject : keyAuthorities) {
            try {
                PKIXValidationInformation extractPKIXValidationInfo = KeyAuthoritySupport.extractPKIXValidationInfo((KeyAuthority) xMLObject);
                if (extractPKIXValidationInfo != null) {
                    xMLObject.getObjectMetadata().put(extractPKIXValidationInfo);
                }
            } catch (SecurityException e) {
                throw new FilterException("Error extracting PKIX validation info from KeyAuthority", e);
            }
        }
    }

    protected void handleEntityDescriptor(@Nonnull EntityDescriptor entityDescriptor) throws FilterException {
        XMLObject parent = entityDescriptor.getParent();
        while (true) {
            XMLObject xMLObject = parent;
            if (xMLObject == null) {
                return;
            }
            if (xMLObject instanceof EntitiesDescriptor) {
                Iterator<XMLObject> it = getKeyAuthorities((EntitiesDescriptor) xMLObject).iterator();
                while (it.hasNext()) {
                    entityDescriptor.getObjectMetadata().putAll(it.next().getObjectMetadata().get(PKIXValidationInformation.class));
                }
            }
            parent = xMLObject.getParent();
        }
    }

    @Unmodifiable
    @Nonnull
    @NotLive
    protected List<XMLObject> getKeyAuthorities(@Nonnull EntitiesDescriptor entitiesDescriptor) {
        Extensions extensions = entitiesDescriptor.getExtensions();
        return extensions == null ? CollectionSupport.emptyList() : CollectionSupport.copyToList(extensions.getUnknownXMLObjects(KeyAuthority.DEFAULT_ELEMENT_NAME));
    }
}
