package org.apereo.cas.support.saml.services.idp.metadata;

import java.time.Duration;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.apache.commons.lang3.ObjectUtils;
import org.apereo.cas.support.saml.SamlIdPUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.util.DateTimeUtils;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.ContactPerson;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.Extensions;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.NameIDFormat;
import org.opensaml.saml.saml2.metadata.Organization;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.xmlsec.signature.Signature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-saml-idp-core-6.2.2.jar:org/apereo/cas/support/saml/services/idp/metadata/SamlRegisteredServiceServiceProviderMetadataFacade.class */
public class SamlRegisteredServiceServiceProviderMetadataFacade {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SamlRegisteredServiceServiceProviderMetadataFacade.class);
    private final SPSSODescriptor ssoDescriptor;
    private final EntityDescriptor entityDescriptor;
    private final MetadataResolver metadataResolver;

    public static Optional<SamlRegisteredServiceServiceProviderMetadataFacade> get(SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, SamlRegisteredService samlRegisteredService, String str) {
        return get(samlRegisteredServiceCachingMetadataResolver, samlRegisteredService, str, new CriteriaSet());
    }

    public static Optional<SamlRegisteredServiceServiceProviderMetadataFacade> get(SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, SamlRegisteredService samlRegisteredService, RequestAbstractType requestAbstractType) {
        return get(samlRegisteredServiceCachingMetadataResolver, samlRegisteredService, SamlIdPUtils.getIssuerFromSamlObject(requestAbstractType));
    }

    private static Optional<SamlRegisteredServiceServiceProviderMetadataFacade> get(SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, SamlRegisteredService samlRegisteredService, String str, CriteriaSet criteriaSet) {
        LOGGER.trace("Adapting SAML metadata for CAS service [{}] issued by [{}]", samlRegisteredService.getName(), str);
        criteriaSet.add(new EntityIdCriterion(str), true);
        LOGGER.debug("Locating metadata for entityID [{}] by attempting to run through the metadata chain...", str);
        MetadataResolver resolve = samlRegisteredServiceCachingMetadataResolver.resolve(samlRegisteredService, criteriaSet);
        LOGGER.info("Resolved metadata chain from [{}]. Filtering the chain by entity ID [{}]", samlRegisteredService.getMetadataLocation(), str);
        EntityDescriptor resolveSingle = resolve.resolveSingle(criteriaSet);
        if (resolveSingle == null) {
            LOGGER.warn("Cannot find entity [{}] in metadata provider Ensure the metadata is valid and has not expired.", str);
            return Optional.empty();
        }
        LOGGER.trace("Located entity descriptor in metadata for [{}]", str);
        if (resolveSingle.getValidUntil() == null || !resolveSingle.getValidUntil().isBefore(ZonedDateTime.now(ZoneOffset.UTC).toInstant())) {
            return getServiceProviderSsoDescriptor(str, resolve, resolveSingle);
        }
        LOGGER.warn("Entity descriptor in the metadata has expired at [{}]", resolveSingle.getValidUntil());
        return Optional.empty();
    }

    private static Optional<SamlRegisteredServiceServiceProviderMetadataFacade> getServiceProviderSsoDescriptor(String str, MetadataResolver metadataResolver, EntityDescriptor entityDescriptor) {
        SPSSODescriptor sPSSODescriptor = entityDescriptor.getSPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
        if (sPSSODescriptor == null) {
            LOGGER.warn("Could not locate SP SSODescriptor in the metadata for [{}]", str);
            return Optional.empty();
        }
        LOGGER.debug("Located SP SSODescriptor in metadata for [{}]. Metadata is valid until [{}]", str, ObjectUtils.defaultIfNull(sPSSODescriptor.getValidUntil(), "forever"));
        if (sPSSODescriptor.getValidUntil() == null || !DateTimeUtils.zonedDateTimeOf(sPSSODescriptor.getValidUntil()).isBefore(ZonedDateTime.now(ZoneOffset.UTC))) {
            return Optional.of(new SamlRegisteredServiceServiceProviderMetadataFacade(sPSSODescriptor, entityDescriptor, metadataResolver));
        }
        LOGGER.warn("SP SSODescriptor in the metadata has expired at [{}]", sPSSODescriptor.getValidUntil());
        return Optional.empty();
    }

    public ZonedDateTime getValidUntil() {
        return DateTimeUtils.zonedDateTimeOf(this.ssoDescriptor.getValidUntil());
    }

    public Organization getOrganization() {
        return this.ssoDescriptor.getOrganization();
    }

    public Signature getSignature() {
        return this.ssoDescriptor.getSignature();
    }

    public List<ContactPerson> getContactPersons() {
        return this.ssoDescriptor.getContactPersons();
    }

    public Duration getCacheDuration() {
        return this.ssoDescriptor.getCacheDuration();
    }

    public List<KeyDescriptor> getKeyDescriptors() {
        return this.ssoDescriptor.getKeyDescriptors();
    }

    public Extensions getExtensions() {
        return this.ssoDescriptor.getExtensions();
    }

    public List<String> getSupportedProtocols() {
        return this.ssoDescriptor.getSupportedProtocols();
    }

    public boolean isWantAssertionsSigned() {
        return this.ssoDescriptor.getWantAssertionsSigned().booleanValue();
    }

    public boolean isAuthnRequestsSigned() {
        return this.ssoDescriptor.isAuthnRequestsSigned().booleanValue();
    }

    public boolean isSupportedProtocol(String str) {
        return this.ssoDescriptor.isSupportedProtocol(str);
    }

    public String getEntityId() {
        return this.entityDescriptor.getEntityID();
    }

    public List<String> getSupportedNameIdFormats() {
        ArrayList arrayList = new ArrayList();
        List<XMLObject> orderedChildren = this.ssoDescriptor.getOrderedChildren();
        if (orderedChildren != null) {
            Stream<XMLObject> stream = orderedChildren.stream();
            Class<NameIDFormat> cls = NameIDFormat.class;
            Objects.requireNonNull(NameIDFormat.class);
            arrayList.addAll((Collection) stream.filter((v1) -> {
                return r2.isInstance(v1);
            }).map(xMLObject -> {
                return ((NameIDFormat) xMLObject).getURI();
            }).collect(Collectors.toList()));
        }
        return arrayList;
    }

    private List<AssertionConsumerService> getAssertionConsumerServices() {
        return this.ssoDescriptor.getEndpoints(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
    }

    public List<SingleLogoutService> getSingleLogoutServices() {
        return this.ssoDescriptor.getEndpoints(SingleLogoutService.DEFAULT_ELEMENT_NAME);
    }

    public SingleLogoutService getSingleLogoutService() {
        return getSingleLogoutServices().get(0);
    }

    public SingleLogoutService getSingleLogoutService(String str) {
        return getSingleLogoutServices().stream().filter(singleLogoutService -> {
            return singleLogoutService.getBinding().equalsIgnoreCase(str);
        }).findFirst().orElse(null);
    }

    public AssertionConsumerService getAssertionConsumerService(String str) {
        return getAssertionConsumerServices().stream().filter(assertionConsumerService -> {
            return assertionConsumerService.getBinding().equalsIgnoreCase(str);
        }).findFirst().orElse(null);
    }

    public AssertionConsumerService getAssertionConsumerServiceForPaosBinding() {
        return getAssertionConsumerService(SAMLConstants.SAML2_PAOS_BINDING_URI);
    }

    public AssertionConsumerService getAssertionConsumerServiceForPostBinding() {
        return getAssertionConsumerService(SAMLConstants.SAML2_POST_BINDING_URI);
    }

    public AssertionConsumerService getAssertionConsumerServiceForArtifactBinding() {
        return getAssertionConsumerService(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
    }

    public boolean containsAssertionConsumerServices() {
        return !getAssertionConsumerServices().isEmpty();
    }

    public int assertionConsumerServicesSize() {
        return getAssertionConsumerServices().size();
    }

    @Generated
    public SamlRegisteredServiceServiceProviderMetadataFacade(SPSSODescriptor sPSSODescriptor, EntityDescriptor entityDescriptor, MetadataResolver metadataResolver) {
        this.ssoDescriptor = sPSSODescriptor;
        this.entityDescriptor = entityDescriptor;
        this.metadataResolver = metadataResolver;
    }

    @Generated
    public SPSSODescriptor getSsoDescriptor() {
        return this.ssoDescriptor;
    }

    @Generated
    public EntityDescriptor getEntityDescriptor() {
        return this.entityDescriptor;
    }

    @Generated
    public MetadataResolver getMetadataResolver() {
        return this.metadataResolver;
    }
}
