package net.shibboleth.idp.relyingparty.impl;

import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.Collections2;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.ext.spring.service.AbstractServiceableComponent;
import net.shibboleth.idp.profile.config.SecurityConfiguration;
import net.shibboleth.idp.profile.logic.VerifiedProfilePredicate;
import net.shibboleth.idp.relyingparty.RelyingPartyConfiguration;
import net.shibboleth.idp.relyingparty.RelyingPartyConfigurationResolver;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.annotation.constraint.NotLive;
import net.shibboleth.utilities.java.support.annotation.constraint.Unmodifiable;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.component.IdentifiableComponent;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.security.credential.Credential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/idp-profile-impl-3.3.3.jar:net/shibboleth/idp/relyingparty/impl/DefaultRelyingPartyConfigurationResolver.class */
public class DefaultRelyingPartyConfigurationResolver extends AbstractServiceableComponent<RelyingPartyConfigurationResolver> implements RelyingPartyConfigurationResolver, IdentifiableComponent {

    @Nullable
    private RelyingPartyConfiguration unverifiedConfiguration;

    @NonnullAfterInit
    private RelyingPartyConfiguration defaultConfiguration;

    @Nullable
    private SecurityConfiguration defaultSecurityConfiguration;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) DefaultRelyingPartyConfigurationResolver.class);

    @Nonnull
    private List<RelyingPartyConfiguration> rpConfigurations = Collections.emptyList();

    @NonnullAfterInit
    private Predicate<ProfileRequestContext> verificationPredicate = new VerifiedProfilePredicate();

    @NonnullElements
    @Nonnull
    private Map<String, SecurityConfiguration> securityConfigurationMap = Collections.emptyMap();

    @Nullable
    private List<Credential> signingCredentials = Collections.emptyList();

    @Nullable
    private List<Credential> encryptionCredentials = Collections.emptyList();

    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public List<RelyingPartyConfiguration> getRelyingPartyConfigurations() {
        return ImmutableList.copyOf((Collection) this.rpConfigurations);
    }

    public void setRelyingPartyConfigurations(@NonnullElements @Nonnull List<RelyingPartyConfiguration> list) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        Constraint.isNotNull(list, "RelyingPartyConfiguration list cannot be null");
        this.rpConfigurations = new ArrayList(Collections2.filter(list, Predicates.notNull()));
    }

    @NonnullAfterInit
    public RelyingPartyConfiguration getDefaultConfiguration() {
        return this.defaultConfiguration;
    }

    public void setDefaultConfiguration(@Nonnull RelyingPartyConfiguration relyingPartyConfiguration) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.defaultConfiguration = (RelyingPartyConfiguration) Constraint.isNotNull(relyingPartyConfiguration, "Default RP configuration cannot be null");
    }

    @NonnullAfterInit
    public RelyingPartyConfiguration getUnverifiedConfiguration() {
        return this.unverifiedConfiguration;
    }

    public void setUnverifiedConfiguration(@Nonnull RelyingPartyConfiguration relyingPartyConfiguration) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.unverifiedConfiguration = (RelyingPartyConfiguration) Constraint.isNotNull(relyingPartyConfiguration, "Unverified RP configuration cannot be null");
    }

    @Nonnull
    public Predicate<ProfileRequestContext> getVerificationPredicate() {
        return this.verificationPredicate;
    }

    public void setVerificationPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.verificationPredicate = (Predicate) Constraint.isNotNull(predicate, "Verification predicate cannot be null");
    }

    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public Map<String, SecurityConfiguration> getSecurityConfigurationMap() {
        return ImmutableMap.copyOf((Map) this.securityConfigurationMap);
    }

    public void setSecurityConfigurationMap(@NonnullElements @Nonnull Map<String, SecurityConfiguration> map) {
        String trimOrNull;
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        Constraint.isNotNull(map, "SecurityConfiguration map cannot be null");
        this.securityConfigurationMap = new HashMap(map.size());
        for (Map.Entry<String, SecurityConfiguration> entry : map.entrySet()) {
            if (entry.getValue() != null && (trimOrNull = StringSupport.trimOrNull(entry.getKey())) != null) {
                this.securityConfigurationMap.put(trimOrNull, entry.getValue());
            }
        }
    }

    public void setDefaultSecurityConfiguration(@Nullable SecurityConfiguration securityConfiguration) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.defaultSecurityConfiguration = securityConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.ext.spring.service.AbstractServiceableComponent, net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent, net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        HashSet hashSet = new HashSet(this.rpConfigurations.size());
        for (RelyingPartyConfiguration relyingPartyConfiguration : this.rpConfigurations) {
            if (hashSet.contains(relyingPartyConfiguration.getId())) {
                throw new ComponentInitializationException("Multiple replying party configurations with ID " + relyingPartyConfiguration.getId() + " detected. Configuration IDs must be unique.");
            }
            hashSet.add(relyingPartyConfiguration.getId());
        }
    }

    @Override // net.shibboleth.utilities.java.support.resolver.Resolver
    @NonnullElements
    @Nonnull
    public Iterable<RelyingPartyConfiguration> resolve(@Nullable ProfileRequestContext profileRequestContext) throws ResolverException {
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        if (profileRequestContext == null) {
            return Collections.emptyList();
        }
        this.log.debug("Resolving relying party configuration");
        if (!this.verificationPredicate.apply(profileRequestContext)) {
            if (getUnverifiedConfiguration() == null) {
                this.log.warn("Profile request was unverified, but no such configuration is available");
                return Collections.emptyList();
            }
            this.log.debug("Profile request is unverified, returning configuration {}", getUnverifiedConfiguration().getId());
            return Collections.singleton(getUnverifiedConfiguration());
        }
        ArrayList arrayList = new ArrayList();
        for (RelyingPartyConfiguration relyingPartyConfiguration : this.rpConfigurations) {
            this.log.debug("Checking if relying party configuration {} is applicable", relyingPartyConfiguration.getId());
            if (relyingPartyConfiguration.apply(profileRequestContext)) {
                this.log.debug("Relying party configuration {} is applicable", relyingPartyConfiguration.getId());
                arrayList.add(relyingPartyConfiguration);
            } else {
                this.log.debug("Relying party configuration {} is not applicable", relyingPartyConfiguration.getId());
            }
        }
        if (!arrayList.isEmpty()) {
            return arrayList;
        }
        this.log.debug("No matching Relying Party Configuration found, returning the default configuration {}", getDefaultConfiguration().getId());
        return Collections.singleton(getDefaultConfiguration());
    }

    @Override // net.shibboleth.utilities.java.support.resolver.Resolver
    @Nullable
    public RelyingPartyConfiguration resolveSingle(@Nullable ProfileRequestContext profileRequestContext) throws ResolverException {
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        if (profileRequestContext == null) {
            return null;
        }
        this.log.debug("Resolving relying party configuration");
        if (!this.verificationPredicate.apply(profileRequestContext)) {
            if (getUnverifiedConfiguration() == null) {
                this.log.warn("Profile request was unverified, but no such configuration is available");
                return null;
            }
            this.log.debug("Profile request is unverified, returning configuration {}", getUnverifiedConfiguration().getId());
            return getUnverifiedConfiguration();
        }
        for (RelyingPartyConfiguration relyingPartyConfiguration : this.rpConfigurations) {
            this.log.debug("Checking if relying party configuration {} is applicable", relyingPartyConfiguration.getId());
            if (relyingPartyConfiguration.apply(profileRequestContext)) {
                this.log.debug("Relying party configuration {} is applicable", relyingPartyConfiguration.getId());
                return relyingPartyConfiguration;
            }
            this.log.debug("Relying party configuration {} is not applicable", relyingPartyConfiguration.getId());
        }
        this.log.debug("No relying party configurations are applicable, returning the default configuration {}", getDefaultConfiguration().getId());
        return getDefaultConfiguration();
    }

    @Override // net.shibboleth.idp.relyingparty.RelyingPartyConfigurationResolver
    @Nullable
    public SecurityConfiguration getDefaultSecurityConfiguration(@NotEmpty @Nonnull String str) {
        SecurityConfiguration securityConfiguration = this.securityConfigurationMap.get(str);
        return securityConfiguration != null ? securityConfiguration : this.defaultSecurityConfiguration;
    }

    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public List<Credential> getSigningCredentials() {
        return ImmutableList.copyOf((Collection) this.signingCredentials);
    }

    public void setSigningCredentials(@Nullable List<Credential> list) {
        if (list == null) {
            this.signingCredentials = Collections.emptyList();
        } else {
            this.signingCredentials = new ArrayList(Collections2.filter(list, Predicates.notNull()));
        }
    }

    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public List<Credential> getEncryptionCredentials() {
        return ImmutableList.copyOf((Collection) this.encryptionCredentials);
    }

    public void setEncryptionCredentials(@Nullable List<Credential> list) {
        if (list == null) {
            this.encryptionCredentials = Collections.emptyList();
        } else {
            this.encryptionCredentials = new ArrayList(Collections2.filter(list, Predicates.notNull()));
        }
    }

    @Override // net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent, net.shibboleth.utilities.java.support.component.IdentifiableComponent
    public void setId(@Nonnull String str) {
        super.setId(str);
    }

    @Override // net.shibboleth.ext.spring.service.AbstractServiceableComponent, net.shibboleth.utilities.java.support.service.ServiceableComponent
    @Nonnull
    public RelyingPartyConfigurationResolver getComponent() {
        return this;
    }
}
