package org.opensaml.saml2.binding;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.opensaml.common.binding.BasicEndpointSelector;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.saml2.metadata.IndexedEndpoint;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/opensaml-2.6.4.jar:org/opensaml/saml2/binding/AuthnResponseEndpointSelector.class */
public class AuthnResponseEndpointSelector extends BasicEndpointSelector {
    private final Logger log = LoggerFactory.getLogger((Class<?>) AuthnResponseEndpointSelector.class);

    @Override // org.opensaml.common.binding.BasicEndpointSelector, org.opensaml.common.binding.AbstractEndpointSelector
    public Endpoint selectEndpoint() {
        if (getEntityRoleMetadata() == null) {
            this.log.debug("Unable to select endpoint, no entity role metadata available.");
            return null;
        }
        List<Endpoint> endpoints = getEntityRoleMetadata().getEndpoints(getEndpointType());
        if (endpoints == null || endpoints.size() == 0) {
            return null;
        }
        Endpoint endpoint = null;
        AuthnRequest authnRequest = (AuthnRequest) getSamlRequest();
        if (authnRequest != null) {
            endpoints = filterEndpointsByProtocolBinding(endpoints);
            if (endpoints == null || endpoints.isEmpty()) {
                return null;
            }
            if (authnRequest.getAssertionConsumerServiceIndex() != null) {
                this.log.debug("Selecting endpoint by ACS index '{}' for request '{}' from entity '{}'", authnRequest.getAssertionConsumerServiceIndex(), authnRequest.getID(), getEntityMetadata().getEntityID());
                endpoint = selectEndpointByACSIndex(authnRequest, endpoints);
            } else if (authnRequest.getAssertionConsumerServiceURL() != null) {
                this.log.debug("Selecting endpoint by ACS URL '{}' and protocol binding '{}' for request '{}' from entity '{}'", authnRequest.getAssertionConsumerServiceURL(), authnRequest.getProtocolBinding(), authnRequest.getID(), getEntityMetadata().getEntityID());
                endpoint = selectEndpointByACSURL(authnRequest, endpoints);
            }
        }
        if (endpoint == null && authnRequest.getAssertionConsumerServiceIndex() == null && authnRequest.getAssertionConsumerServiceURL() == null) {
            this.log.debug("No ACS index or URL given, selecting endpoint without additional constraints.");
            endpoint = endpoints.get(0) instanceof IndexedEndpoint ? selectIndexedEndpoint(endpoints) : selectNonIndexedEndpoint(endpoints);
        }
        return endpoint;
    }

    @Override // org.opensaml.common.binding.BasicEndpointSelector
    protected List<? extends Endpoint> filterEndpointsByProtocolBinding(List<? extends Endpoint> list) {
        this.log.debug("Filtering peer endpoints.  Supported peer endpoint bindings: {}", getSupportedIssuerBindings());
        AuthnRequest authnRequest = (AuthnRequest) getSamlRequest();
        boolean z = false;
        String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(authnRequest.getProtocolBinding());
        if (safeTrimOrNullString != null && authnRequest.getAssertionConsumerServiceIndex() != null) {
            z = true;
        }
        ArrayList arrayList = new ArrayList(list);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            Endpoint endpoint = (Endpoint) it.next();
            if (!getSupportedIssuerBindings().contains(endpoint.getBinding())) {
                this.log.debug("Removing endpoint {} because its binding {} is not supported", endpoint.getLocation(), endpoint.getBinding());
                it.remove();
            } else if (z && !endpoint.getBinding().equals(safeTrimOrNullString)) {
                this.log.debug("Removing endpoint {} because its binding {} does not match request's requested binding", endpoint.getLocation(), endpoint.getBinding());
                it.remove();
            }
        }
        return arrayList;
    }

    protected Endpoint selectEndpointByACSIndex(AuthnRequest authnRequest, List<IndexedEndpoint> list) {
        Integer assertionConsumerServiceIndex = authnRequest.getAssertionConsumerServiceIndex();
        for (IndexedEndpoint indexedEndpoint : list) {
            if (indexedEndpoint == null || !getSupportedIssuerBindings().contains(indexedEndpoint.getBinding())) {
                this.log.debug("Endpoint '{}' with binding '{}' discarded because it requires an unsupported outbound binding.", indexedEndpoint.getLocation(), indexedEndpoint.getBinding());
            } else {
                if (DatatypeHelper.safeEquals(assertionConsumerServiceIndex, indexedEndpoint.getIndex())) {
                    return indexedEndpoint;
                }
                this.log.debug("Endpoint '{}' with index '{}' discard because it does have the required index '{}'", indexedEndpoint.getLocation(), indexedEndpoint.getIndex(), assertionConsumerServiceIndex);
            }
        }
        this.log.warn("Relying party '{}' requested the response to be returned to endpoint with ACS index '{}' however no endpoint, with that index and using a supported binding, can be found  in the relying party's metadata ", getEntityMetadata().getEntityID(), assertionConsumerServiceIndex);
        return null;
    }

    protected Endpoint selectEndpointByACSURL(AuthnRequest authnRequest, List<IndexedEndpoint> list) {
        String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(authnRequest.getProtocolBinding());
        for (IndexedEndpoint indexedEndpoint : list) {
            if (!getSupportedIssuerBindings().contains(indexedEndpoint.getBinding())) {
                this.log.debug("Endpoint '{}' with binding '{}' discarded because that is not a supported outbound binding.", indexedEndpoint.getLocation(), indexedEndpoint.getBinding());
            } else if (safeTrimOrNullString == null || DatatypeHelper.safeEquals(safeTrimOrNullString, indexedEndpoint.getBinding())) {
                String safeTrim = DatatypeHelper.safeTrim(indexedEndpoint.getResponseLocation());
                if (safeTrim == null) {
                    String safeTrim2 = DatatypeHelper.safeTrim(indexedEndpoint.getLocation());
                    if (safeTrim2 != null && DatatypeHelper.safeEquals(safeTrim2, authnRequest.getAssertionConsumerServiceURL())) {
                        return indexedEndpoint;
                    }
                } else if (DatatypeHelper.safeEquals(safeTrim, authnRequest.getAssertionConsumerServiceURL())) {
                    return indexedEndpoint;
                }
                this.log.debug("Endpoint with Location '{}' discarded because neither its Location nor ResponseLocation match ACS URL '{}'", indexedEndpoint.getLocation(), authnRequest.getAssertionConsumerServiceURL());
            } else {
                this.log.debug("Endpoint '{}' with binding '{}' discarded because it does not meet protocol binding selection criteria", indexedEndpoint.getLocation(), indexedEndpoint.getBinding());
            }
        }
        Logger logger = this.log;
        Object[] objArr = new Object[3];
        objArr[0] = getEntityMetadata().getEntityID();
        objArr[1] = authnRequest.getAssertionConsumerServiceURL();
        objArr[2] = safeTrimOrNullString == null ? "any" : safeTrimOrNullString;
        logger.warn("Relying party '{}' requested the response to be returned to endpoint with ACS URL '{}'  and binding '{}' however no endpoint, with that URL and using a supported binding,  can be found in the relying party's metadata ", objArr);
        return null;
    }
}
