package org.apereo.cas.util;

import com.google.common.collect.Multimap;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.Spliterators;
import java.util.stream.StreamSupport;
import lombok.Generated;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.configuration.model.support.saml.sps.AbstractSamlSPProperties;
import org.apereo.cas.services.ChainingAttributeReleasePolicy;
import org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy;
import org.apereo.cas.services.ReturnMappedAttributeReleasePolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.util.model.TriStateBoolean;
import org.opensaml.core.criterion.SatisfyAnyCriterion;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.metadata.resolver.ChainingMetadataResolver;
import org.opensaml.saml.metadata.resolver.filter.impl.PredicateFilter;
import org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/util/SamlSPUtils.class */
public final class SamlSPUtils {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlSPUtils.class);

    public static SamlRegisteredService newSamlServiceProviderService(AbstractSamlSPProperties abstractSamlSPProperties, SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver) {
        if (StringUtils.isBlank(abstractSamlSPProperties.getMetadata())) {
            LOGGER.debug("Skipped registration of [{}] since no metadata location is defined", abstractSamlSPProperties.getName());
            return null;
        }
        SamlRegisteredService samlRegisteredService = new SamlRegisteredService();
        samlRegisteredService.setName(abstractSamlSPProperties.getName());
        samlRegisteredService.setDescription(abstractSamlSPProperties.getDescription());
        samlRegisteredService.setEvaluationOrder(Integer.MAX_VALUE);
        samlRegisteredService.setMetadataLocation(abstractSamlSPProperties.getMetadata());
        ArrayList arrayList = new ArrayList(abstractSamlSPProperties.getAttributes());
        if (StringUtils.isNotBlank(abstractSamlSPProperties.getNameIdAttribute())) {
            arrayList.add(abstractSamlSPProperties.getNameIdAttribute());
            samlRegisteredService.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider(abstractSamlSPProperties.getNameIdAttribute()));
        }
        if (StringUtils.isNotBlank(abstractSamlSPProperties.getNameIdFormat())) {
            samlRegisteredService.setRequiredNameIdFormat(abstractSamlSPProperties.getNameIdFormat());
        }
        Multimap transformPrincipalAttributesListIntoMultiMap = CoreAuthenticationUtils.transformPrincipalAttributesListIntoMultiMap(arrayList);
        ChainingAttributeReleasePolicy chainingAttributeReleasePolicy = new ChainingAttributeReleasePolicy();
        chainingAttributeReleasePolicy.addPolicies(new RegisteredServiceAttributeReleasePolicy[]{new ReturnMappedAttributeReleasePolicy().setAllowedAttributes(CollectionUtils.wrap(transformPrincipalAttributesListIntoMultiMap))});
        samlRegisteredService.setAttributeReleasePolicy(chainingAttributeReleasePolicy);
        samlRegisteredService.setMetadataCriteriaRoles(SPSSODescriptor.DEFAULT_ELEMENT_NAME.getLocalPart());
        samlRegisteredService.setMetadataCriteriaRemoveEmptyEntitiesDescriptors(true);
        samlRegisteredService.setMetadataCriteriaRemoveRolelessEntityDescriptors(true);
        if (StringUtils.isNotBlank(abstractSamlSPProperties.getSignatureLocation())) {
            samlRegisteredService.setMetadataSignatureLocation(abstractSamlSPProperties.getSignatureLocation());
        }
        List<String> determineEntityIdList = determineEntityIdList(abstractSamlSPProperties, samlRegisteredServiceCachingMetadataResolver, samlRegisteredService);
        if (determineEntityIdList.isEmpty()) {
            LOGGER.warn("Skipped registration of [{}] since no metadata entity ids could be found", abstractSamlSPProperties.getName());
            return null;
        }
        String collectionToDelimitedString = org.springframework.util.StringUtils.collectionToDelimitedString(determineEntityIdList, "|");
        samlRegisteredService.setMetadataCriteriaDirection(PredicateFilter.Direction.INCLUDE.name());
        samlRegisteredService.setMetadataCriteriaPattern(collectionToDelimitedString);
        LOGGER.debug("Registering saml service [{}] by entity id [{}]", abstractSamlSPProperties.getName(), collectionToDelimitedString);
        samlRegisteredService.setServiceId(collectionToDelimitedString);
        samlRegisteredService.setSignAssertions(abstractSamlSPProperties.getSignAssertions());
        samlRegisteredService.setSignResponses(TriStateBoolean.fromBoolean(abstractSamlSPProperties.isSignResponses()));
        return samlRegisteredService;
    }

    private static List<String> determineEntityIdList(AbstractSamlSPProperties abstractSamlSPProperties, SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, SamlRegisteredService samlRegisteredService) {
        List<String> entityIds = abstractSamlSPProperties.getEntityIds();
        if (entityIds.isEmpty()) {
            CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
            criteriaSet.add(new SatisfyAnyCriterion());
            ChainingMetadataResolver resolve = samlRegisteredServiceCachingMetadataResolver.resolve(samlRegisteredService, criteriaSet);
            ArrayList arrayList = new ArrayList();
            if (resolve instanceof ChainingMetadataResolver) {
                arrayList.addAll(resolve.getResolvers());
            } else {
                arrayList.add(resolve);
            }
            arrayList.forEach(metadataResolver -> {
                if (metadataResolver instanceof AbstractBatchMetadataResolver) {
                    Optional findFirst = StreamSupport.stream(Spliterators.spliteratorUnknownSize(((AbstractBatchMetadataResolver) metadataResolver).iterator(), 16), false).filter(entityDescriptor -> {
                        return entityDescriptor.getSPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol") != null;
                    }).findFirst();
                    if (findFirst.isPresent()) {
                        entityIds.add(((EntityDescriptor) findFirst.get()).getEntityID());
                    } else {
                        LOGGER.warn("Skipped registration of [{}] since no entity id could be found", abstractSamlSPProperties.getName());
                    }
                }
            });
        }
        return entityIds;
    }

    public static void saveService(RegisteredService registeredService, ServicesManager servicesManager) {
        LOGGER.debug("Attempting to save service definition [{}]", registeredService);
        servicesManager.load();
        if (!servicesManager.findServiceBy(registeredService2 -> {
            return (registeredService2 instanceof SamlRegisteredService) && registeredService2.getServiceId().equals(registeredService.getServiceId());
        }).isEmpty()) {
            LOGGER.info("Service [{}] exists in the registry and will not be added again.", registeredService.getServiceId());
            return;
        }
        LOGGER.info("Service [{}] does not exist in the registry and will be added.", registeredService.getServiceId());
        servicesManager.save(registeredService);
        servicesManager.load();
    }

    @Generated
    private SamlSPUtils() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
