package org.apereo.cas.support.saml;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.util.CollectionUtils;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.criterion.BindingCriterion;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.metadata.resolver.ChainingMetadataResolver;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.metadata.resolver.RoleDescriptorResolver;
import org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.saml2.metadata.impl.AssertionConsumerServiceBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/cas-server-support-saml-idp-core-5.3.0-RC4.jar:org/apereo/cas/support/saml/SamlIdPUtils.class */
public final class SamlIdPUtils {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SamlIdPUtils.class);

    public static void preparePeerEntitySamlEndpointContext(MessageContext messageContext, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, String str) throws SamlException {
        String entityId = samlRegisteredServiceServiceProviderMetadataFacade.getEntityId();
        if (!samlRegisteredServiceServiceProviderMetadataFacade.containsAssertionConsumerServices()) {
            throw new SamlException("No assertion consumer service could be found for entity " + entityId);
        }
        SAMLPeerEntityContext sAMLPeerEntityContext = (SAMLPeerEntityContext) messageContext.getSubcontext(SAMLPeerEntityContext.class, true);
        if (sAMLPeerEntityContext == null) {
            throw new SamlException("SAMLPeerEntityContext could not be defined for entity " + entityId);
        }
        sAMLPeerEntityContext.setEntityId(entityId);
        SAMLEndpointContext sAMLEndpointContext = (SAMLEndpointContext) sAMLPeerEntityContext.getSubcontext(SAMLEndpointContext.class, true);
        if (sAMLEndpointContext == null) {
            throw new SamlException("SAMLEndpointContext could not be defined for entity " + entityId);
        }
        AssertionConsumerService assertionConsumerService = samlRegisteredServiceServiceProviderMetadataFacade.getAssertionConsumerService(str);
        if (StringUtils.isBlank(assertionConsumerService.getBinding()) || StringUtils.isBlank(assertionConsumerService.getLocation())) {
            throw new SamlException("Assertion consumer service does not define a binding or location for " + entityId);
        }
        LOGGER.debug("Configured peer entity endpoint to be [{}] with binding [{}]", assertionConsumerService.getLocation(), assertionConsumerService.getBinding());
        sAMLEndpointContext.setEndpoint(assertionConsumerService);
    }

    @SuppressFBWarnings({"PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS"})
    public static MetadataResolver getMetadataResolverForAllSamlServices(ServicesManager servicesManager, String str, SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver) {
        Class<SamlRegisteredService> cls = SamlRegisteredService.class;
        Objects.requireNonNull(SamlRegisteredService.class);
        Collection<RegisteredService> findServiceBy = servicesManager.findServiceBy((v1) -> {
            return r1.isInstance(v1);
        });
        ChainingMetadataResolver chainingMetadataResolver = new ChainingMetadataResolver();
        Stream<RegisteredService> stream = findServiceBy.stream();
        Class<SamlRegisteredService> cls2 = SamlRegisteredService.class;
        Objects.requireNonNull(SamlRegisteredService.class);
        Stream<RegisteredService> filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<SamlRegisteredService> cls3 = SamlRegisteredService.class;
        Objects.requireNonNull(SamlRegisteredService.class);
        List<? extends MetadataResolver> list = (List) filter.map((v1) -> {
            return r1.cast(v1);
        }).map(samlRegisteredService -> {
            return SamlRegisteredServiceServiceProviderMetadataFacade.get(samlRegisteredServiceCachingMetadataResolver, samlRegisteredService, str);
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).map((v0) -> {
            return v0.getMetadataResolver();
        }).collect(Collectors.toList());
        LOGGER.debug("Located [{}] metadata resolvers to match against [{}]", list, str);
        chainingMetadataResolver.setResolvers(list);
        chainingMetadataResolver.setId(str);
        chainingMetadataResolver.initialize();
        return chainingMetadataResolver;
    }

    public static AssertionConsumerService getAssertionConsumerServiceFor(AuthnRequest authnRequest, ServicesManager servicesManager, SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver) {
        try {
            AssertionConsumerService mo8755buildObject = new AssertionConsumerServiceBuilder().mo8755buildObject();
            if (authnRequest.getAssertionConsumerServiceIndex() != null) {
                String issuerFromSamlRequest = getIssuerFromSamlRequest(authnRequest);
                MetadataResolver metadataResolverForAllSamlServices = getMetadataResolverForAllSamlServices(servicesManager, issuerFromSamlRequest, samlRegisteredServiceCachingMetadataResolver);
                CriteriaSet criteriaSet = new CriteriaSet();
                criteriaSet.add(new EntityIdCriterion(issuerFromSamlRequest));
                criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
                criteriaSet.add(new BindingCriterion(CollectionUtils.wrap(SAMLConstants.SAML2_POST_BINDING_URI)));
                metadataResolverForAllSamlServices.resolve(criteriaSet).forEach(entityDescriptor -> {
                    List<AssertionConsumerService> assertionConsumerServices = entityDescriptor.getSPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol").getAssertionConsumerServices();
                    if (assertionConsumerServices.isEmpty()) {
                        throw new IllegalArgumentException("Metadata resolved for entity id " + issuerFromSamlRequest + " has no defined ACS endpoints");
                    }
                    int intValue = authnRequest.getAssertionConsumerServiceIndex().intValue();
                    if (intValue + 1 > assertionConsumerServices.size()) {
                        throw new IllegalArgumentException("AssertionConsumerService index specified in the request " + intValue + " is invalid since the total endpoints available to " + issuerFromSamlRequest + " is " + assertionConsumerServices.size());
                    }
                    AssertionConsumerService assertionConsumerService = assertionConsumerServices.get(intValue);
                    mo8755buildObject.setBinding(assertionConsumerService.getBinding());
                    mo8755buildObject.setLocation(assertionConsumerService.getLocation());
                    mo8755buildObject.setResponseLocation(assertionConsumerService.getResponseLocation());
                    mo8755buildObject.setIndex(Integer.valueOf(intValue));
                });
            } else {
                mo8755buildObject.setBinding(authnRequest.getProtocolBinding());
                mo8755buildObject.setLocation(authnRequest.getAssertionConsumerServiceURL());
                mo8755buildObject.setResponseLocation(authnRequest.getAssertionConsumerServiceURL());
                mo8755buildObject.setIndex(0);
                mo8755buildObject.setIsDefault(Boolean.TRUE);
            }
            LOGGER.debug("Resolved AssertionConsumerService from the request is [{}]", mo8755buildObject);
            if (StringUtils.isBlank(mo8755buildObject.getBinding())) {
                throw new SamlException("AssertionConsumerService has no protocol binding defined");
            }
            if (StringUtils.isBlank(mo8755buildObject.getLocation()) && StringUtils.isBlank(mo8755buildObject.getResponseLocation())) {
                throw new SamlException("AssertionConsumerService has no location or response location defined");
            }
            return mo8755buildObject;
        } catch (Exception e) {
            throw new IllegalArgumentException(new SamlException(e.getMessage(), e));
        }
    }

    public static String getIssuerFromSamlRequest(RequestAbstractType requestAbstractType) {
        return requestAbstractType.getIssuer().getValue();
    }

    public static RoleDescriptorResolver getRoleDescriptorResolver(SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, boolean z) throws Exception {
        return getRoleDescriptorResolver(samlRegisteredServiceServiceProviderMetadataFacade.getMetadataResolver(), z);
    }

    public static RoleDescriptorResolver getRoleDescriptorResolver(MetadataResolver metadataResolver, boolean z) throws Exception {
        PredicateRoleDescriptorResolver predicateRoleDescriptorResolver = new PredicateRoleDescriptorResolver(metadataResolver);
        predicateRoleDescriptorResolver.setSatisfyAnyPredicates(true);
        predicateRoleDescriptorResolver.setUseDefaultPredicateRegistry(true);
        predicateRoleDescriptorResolver.setRequireValidMetadata(z);
        predicateRoleDescriptorResolver.initialize();
        return predicateRoleDescriptorResolver;
    }

    @Generated
    private SamlIdPUtils() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
