package org.cloudfoundry.identity.uaa.provider.saml;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Timer;
import javax.xml.namespace.QName;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning;
import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.common.Extensions;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataFilterChain;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.SignatureValidationFilter;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.Namespace;
import org.opensaml.xml.NamespaceManager;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.schema.XSBooleanValue;
import org.opensaml.xml.security.x509.BasicPKIXValidationInformation;
import org.opensaml.xml.security.x509.BasicX509CredentialNameEvaluator;
import org.opensaml.xml.security.x509.CertPathPKIXValidationOptions;
import org.opensaml.xml.security.x509.PKIXValidationInformationResolver;
import org.opensaml.xml.security.x509.StaticPKIXValidationInformationResolver;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
import org.opensaml.xml.util.IDIndex;
import org.opensaml.xml.util.LazySet;
import org.opensaml.xml.validation.ValidationException;
import org.opensaml.xml.validation.Validator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.security.saml.metadata.ExtendedMetadataProvider;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.security.saml.metadata.MetadataMemoryProvider;
import org.springframework.security.saml.trust.AllowAllSignatureTrustEngine;
import org.springframework.security.saml.trust.CertPathPKIXTrustEvaluator;
import org.springframework.security.saml.trust.httpclient.TLSProtocolConfigurer;
import org.springframework.security.saml.util.SAMLUtil;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.7.0.jar:org/cloudfoundry/identity/uaa/provider/saml/NonSnarlMetadataManager.class */
public class NonSnarlMetadataManager extends MetadataManager implements ExtendedMetadataProvider, InitializingBean, DisposableBean {
    protected final Logger log;
    private ExtendedMetadata defaultExtendedMetadata;
    private Timer timer;
    protected KeyManager keyManager;
    private final SamlIdentityProviderConfigurator configurator;
    private Map<IdentityZone, ExtendedMetadataDelegate> localSps;

    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.7.0.jar:org/cloudfoundry/identity/uaa/provider/saml/NonSnarlMetadataManager$ChainingEntitiesDescriptor.class */
    public class ChainingEntitiesDescriptor implements EntitiesDescriptor {
        private ArrayList<XMLObject> childDescriptors = new ArrayList<>();

        public ChainingEntitiesDescriptor() throws MetadataProviderException {
            Iterator<MetadataProvider> it = NonSnarlMetadataManager.this.getProviders().iterator();
            while (it.hasNext()) {
                this.childDescriptors.add(it.next().getMetadata());
            }
        }

        @Override // org.opensaml.saml2.metadata.EntitiesDescriptor
        public List<EntitiesDescriptor> getEntitiesDescriptors() {
            ArrayList arrayList = new ArrayList();
            Iterator<XMLObject> it = this.childDescriptors.iterator();
            while (it.hasNext()) {
                XMLObject next = it.next();
                if (next instanceof EntitiesDescriptor) {
                    arrayList.add((EntitiesDescriptor) next);
                }
            }
            return arrayList;
        }

        @Override // org.opensaml.saml2.metadata.EntitiesDescriptor
        public List<EntityDescriptor> getEntityDescriptors() {
            ArrayList arrayList = new ArrayList();
            Iterator<XMLObject> it = this.childDescriptors.iterator();
            while (it.hasNext()) {
                XMLObject next = it.next();
                if (next instanceof EntityDescriptor) {
                    arrayList.add((EntityDescriptor) next);
                }
            }
            return arrayList;
        }

        @Override // org.opensaml.saml2.metadata.EntitiesDescriptor
        public Extensions getExtensions() {
            return null;
        }

        @Override // org.opensaml.saml2.metadata.EntitiesDescriptor
        public String getID() {
            return null;
        }

        @Override // org.opensaml.saml2.metadata.EntitiesDescriptor
        public String getName() {
            return null;
        }

        @Override // org.opensaml.saml2.metadata.EntitiesDescriptor
        public void setExtensions(Extensions extensions) {
        }

        @Override // org.opensaml.saml2.metadata.EntitiesDescriptor
        public void setID(String str) {
        }

        @Override // org.opensaml.saml2.metadata.EntitiesDescriptor
        public void setName(String str) {
        }

        @Override // org.opensaml.common.SignableSAMLObject
        public String getSignatureReferenceID() {
            return null;
        }

        @Override // org.opensaml.xml.signature.SignableXMLObject
        public Signature getSignature() {
            return null;
        }

        @Override // org.opensaml.xml.signature.SignableXMLObject
        public boolean isSigned() {
            return false;
        }

        @Override // org.opensaml.xml.signature.SignableXMLObject
        public void setSignature(Signature signature) {
        }

        @Override // org.opensaml.xml.XMLObject
        public void addNamespace(Namespace namespace) {
        }

        @Override // org.opensaml.xml.XMLObject
        public void detach() {
        }

        @Override // org.opensaml.xml.XMLObject
        public Element getDOM() {
            return null;
        }

        @Override // org.opensaml.xml.XMLObject
        public QName getElementQName() {
            return EntitiesDescriptor.DEFAULT_ELEMENT_NAME;
        }

        @Override // org.opensaml.xml.XMLObject
        public IDIndex getIDIndex() {
            return null;
        }

        @Override // org.opensaml.xml.XMLObject
        public NamespaceManager getNamespaceManager() {
            return null;
        }

        @Override // org.opensaml.xml.XMLObject
        public Set<Namespace> getNamespaces() {
            return new LazySet();
        }

        @Override // org.opensaml.xml.XMLObject
        public String getNoNamespaceSchemaLocation() {
            return null;
        }

        @Override // org.opensaml.xml.XMLObject
        public List<XMLObject> getOrderedChildren() {
            ArrayList arrayList = new ArrayList();
            try {
                Iterator<MetadataProvider> it = NonSnarlMetadataManager.this.getProviders().iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().getMetadata());
                }
            } catch (MetadataProviderException e) {
                NonSnarlMetadataManager.this.log.error("Unable to generate list of child descriptors", (Throwable) e);
            }
            return arrayList;
        }

        @Override // org.opensaml.xml.XMLObject
        public XMLObject getParent() {
            return null;
        }

        @Override // org.opensaml.xml.XMLObject
        public String getSchemaLocation() {
            return null;
        }

        @Override // org.opensaml.xml.XMLObject
        public QName getSchemaType() {
            return EntitiesDescriptor.TYPE_NAME;
        }

        @Override // org.opensaml.xml.XMLObject
        public boolean hasChildren() {
            return !getOrderedChildren().isEmpty();
        }

        @Override // org.opensaml.xml.XMLObject
        public boolean hasParent() {
            return false;
        }

        @Override // org.opensaml.xml.XMLObject
        public void releaseChildrenDOM(boolean z) {
        }

        @Override // org.opensaml.xml.XMLObject
        public void releaseDOM() {
        }

        @Override // org.opensaml.xml.XMLObject
        public void releaseParentDOM(boolean z) {
        }

        @Override // org.opensaml.xml.XMLObject
        public void removeNamespace(Namespace namespace) {
        }

        @Override // org.opensaml.xml.XMLObject
        public XMLObject resolveID(String str) {
            return null;
        }

        @Override // org.opensaml.xml.XMLObject
        public XMLObject resolveIDFromRoot(String str) {
            return null;
        }

        @Override // org.opensaml.xml.XMLObject
        public void setDOM(Element element) {
        }

        @Override // org.opensaml.xml.XMLObject
        public void setNoNamespaceSchemaLocation(String str) {
        }

        @Override // org.opensaml.xml.XMLObject
        public void setParent(XMLObject xMLObject) {
        }

        @Override // org.opensaml.xml.XMLObject
        public void setSchemaLocation(String str) {
        }

        @Override // org.opensaml.xml.validation.ValidatingXMLObject
        public void deregisterValidator(Validator validator) {
        }

        @Override // org.opensaml.xml.validation.ValidatingXMLObject
        public List<Validator> getValidators() {
            return new ArrayList();
        }

        @Override // org.opensaml.xml.validation.ValidatingXMLObject
        public void registerValidator(Validator validator) {
        }

        @Override // org.opensaml.xml.validation.ValidatingXMLObject
        public void validate(boolean z) throws ValidationException {
        }

        @Override // org.opensaml.saml2.common.TimeBoundSAMLObject
        public DateTime getValidUntil() {
            return null;
        }

        @Override // org.opensaml.saml2.common.TimeBoundSAMLObject
        public boolean isValid() {
            return true;
        }

        @Override // org.opensaml.saml2.common.TimeBoundSAMLObject
        public void setValidUntil(DateTime dateTime) {
        }

        @Override // org.opensaml.saml2.common.CacheableSAMLObject
        public Long getCacheDuration() {
            return null;
        }

        @Override // org.opensaml.saml2.common.CacheableSAMLObject
        public void setCacheDuration(Long l) {
        }

        @Override // org.opensaml.xml.XMLObject
        public Boolean isNil() {
            return Boolean.FALSE;
        }

        @Override // org.opensaml.xml.XMLObject
        public XSBooleanValue isNilXSBoolean() {
            return new XSBooleanValue(Boolean.FALSE, false);
        }

        @Override // org.opensaml.xml.XMLObject
        public void setNil(Boolean bool) {
        }

        @Override // org.opensaml.xml.XMLObject
        public void setNil(XSBooleanValue xSBooleanValue) {
        }
    }

    public NonSnarlMetadataManager(IdentityProviderProvisioning identityProviderProvisioning, IdentityZoneProvisioning identityZoneProvisioning, SamlIdentityProviderConfigurator samlIdentityProviderConfigurator) throws MetadataProviderException {
        super(Collections.EMPTY_LIST);
        this.log = LoggerFactory.getLogger((Class<?>) NonSnarlMetadataManager.class);
        this.localSps = new HashMap();
        this.configurator = samlIdentityProviderConfigurator;
        this.defaultExtendedMetadata = new ExtendedMetadata();
        super.setRefreshCheckInterval(0L);
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager, org.opensaml.saml2.metadata.provider.ChainingMetadataProvider, org.opensaml.saml2.metadata.provider.BaseMetadataProvider, org.springframework.beans.factory.DisposableBean
    public void destroy() {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager, org.opensaml.saml2.metadata.provider.ChainingMetadataProvider
    public void setProviders(List<MetadataProvider> list) throws MetadataProviderException {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public void refreshMetadata() {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager, org.opensaml.saml2.metadata.provider.ChainingMetadataProvider
    public void addMetadataProvider(MetadataProvider metadataProvider) throws MetadataProviderException {
        if (metadataProvider instanceof ExtendedMetadataDelegate) {
            ExtendedMetadataDelegate extendedMetadataDelegate = (ExtendedMetadataDelegate) metadataProvider;
            if (extendedMetadataDelegate.getDelegate() instanceof MetadataMemoryProvider) {
                this.localSps.put(IdentityZoneHolder.get(), extendedMetadataDelegate);
            }
        }
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager, org.opensaml.saml2.metadata.provider.ChainingMetadataProvider
    public void removeMetadataProvider(MetadataProvider metadataProvider) {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager, org.opensaml.saml2.metadata.provider.ChainingMetadataProvider
    public List<MetadataProvider> getProviders() {
        ArrayList arrayList = new ArrayList();
        Iterator<ExtendedMetadataDelegate> it = getAvailableProviders().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next());
        }
        return arrayList;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public List<ExtendedMetadataDelegate> getAvailableProviders() {
        IdentityZone identityZone = IdentityZoneHolder.get();
        ArrayList arrayList = new ArrayList();
        ExtendedMetadataDelegate extendedMetadataDelegate = this.localSps.get(IdentityZoneHolder.get());
        if (extendedMetadataDelegate != null) {
            arrayList.add(extendedMetadataDelegate);
        }
        for (SamlIdentityProviderDefinition samlIdentityProviderDefinition : this.configurator.getIdentityProviderDefinitions()) {
            this.log.info("Adding SAML IDP zone[" + identityZone.getId() + "] alias[" + samlIdentityProviderDefinition.getIdpEntityAlias() + "]");
            try {
                ExtendedMetadataDelegate extendedMetadataDelegate2 = this.configurator.getExtendedMetadataDelegate(samlIdentityProviderDefinition);
                initializeProvider(extendedMetadataDelegate2);
                initializeProviderData(extendedMetadataDelegate2);
                initializeProviderFilters(extendedMetadataDelegate2);
                arrayList.add(extendedMetadataDelegate2);
            } catch (MetadataProviderException e) {
                this.log.error("Invalid SAML IDP zone[" + identityZone.getId() + "] alias[" + samlIdentityProviderDefinition.getIdpEntityAlias() + "]", (Throwable) e);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.saml.metadata.MetadataManager
    public void initializeProvider(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
        this.log.debug("Initializing extendedMetadataDelegate {}", extendedMetadataDelegate);
        extendedMetadataDelegate.initialize();
    }

    protected String getProviderIdpAlias(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
        for (String str : parseProvider(extendedMetadataDelegate)) {
            if (extendedMetadataDelegate.getRole(str, IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) != null) {
                return str;
            }
        }
        return null;
    }

    protected String getProviderSpAlias(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
        for (String str : parseProvider(extendedMetadataDelegate)) {
            if (extendedMetadataDelegate.getRole(str, SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) != null) {
                return str;
            }
        }
        return null;
    }

    protected String getHostedSpName(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
        ExtendedMetadata extendedMetadata;
        for (String str : parseProvider(extendedMetadataDelegate)) {
            if (extendedMetadataDelegate.getRole(str, SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) != null && (extendedMetadata = getExtendedMetadata(str, extendedMetadataDelegate)) != null && extendedMetadata.isLocal()) {
                return str;
            }
        }
        return null;
    }

    protected String getProviderAlias(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
        for (String str : parseProvider(extendedMetadataDelegate)) {
            ExtendedMetadata extendedMetadata = getExtendedMetadata(str, extendedMetadataDelegate);
            if (extendedMetadata == null) {
                this.log.debug("No extended metadata available for entity {}", str);
            } else if (extendedMetadata.isLocal()) {
                String alias = extendedMetadata.getAlias();
                if (alias != null) {
                    SAMLUtil.verifyAlias(alias, str);
                    return alias;
                }
                this.log.debug("Local entity {} doesn't have an alias", str);
            } else {
                this.log.debug("Remote entity {} available", str);
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.saml.metadata.MetadataManager
    public void initializeProviderData(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.saml.metadata.MetadataManager
    public void initializeProviderFilters(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
        boolean isMetadataRequireSignature = extendedMetadataDelegate.isMetadataRequireSignature();
        SignatureValidationFilter signatureValidationFilter = new SignatureValidationFilter(getTrustEngine(extendedMetadataDelegate));
        signatureValidationFilter.setRequireSignature(isMetadataRequireSignature);
        this.log.debug("Created new trust manager for metadata provider {}", extendedMetadataDelegate);
        MetadataFilter metadataFilter = extendedMetadataDelegate.getMetadataFilter();
        if (metadataFilter == null) {
            this.log.debug("Adding signature filter");
            extendedMetadataDelegate.setMetadataFilter(signatureValidationFilter);
        } else if (metadataFilter instanceof MetadataFilterChain) {
            this.log.debug("Adding signature filter into existing chain");
            ((MetadataFilterChain) metadataFilter).getFilters().add(signatureValidationFilter);
        } else {
            this.log.debug("Combining signature filter with the existing in a new chain");
            MetadataFilterChain metadataFilterChain = new MetadataFilterChain();
            metadataFilterChain.getFilters().add(metadataFilter);
            metadataFilterChain.getFilters().add(signatureValidationFilter);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.saml.metadata.MetadataManager
    public SignatureTrustEngine getTrustEngine(MetadataProvider metadataProvider) {
        Set<String> set = null;
        boolean z = true;
        boolean z2 = false;
        if (metadataProvider instanceof ExtendedMetadataDelegate) {
            ExtendedMetadataDelegate extendedMetadataDelegate = (ExtendedMetadataDelegate) metadataProvider;
            set = extendedMetadataDelegate.getMetadataTrustedKeys();
            z = extendedMetadataDelegate.isMetadataTrustCheck();
            z2 = extendedMetadataDelegate.isForceMetadataRevocationCheck();
        }
        if (!z) {
            this.log.debug("Trust verification skipped for metadata provider {}", metadataProvider);
            return new AllowAllSignatureTrustEngine(Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
        }
        this.log.debug("Setting trust verification for metadata provider {}", metadataProvider);
        CertPathPKIXValidationOptions certPathPKIXValidationOptions = new CertPathPKIXValidationOptions();
        if (z2) {
            this.log.debug("Revocation checking forced to true");
            certPathPKIXValidationOptions.setForceRevocationEnabled(true);
        } else {
            this.log.debug("Revocation checking not forced");
            certPathPKIXValidationOptions.setForceRevocationEnabled(false);
        }
        return new PKIXSignatureTrustEngine(getPKIXResolver(metadataProvider, set, null), Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver(), new CertPathPKIXTrustEvaluator(certPathPKIXValidationOptions), new BasicX509CredentialNameEvaluator());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.saml.metadata.MetadataManager
    public PKIXValidationInformationResolver getPKIXResolver(MetadataProvider metadataProvider, Set<String> set, Set<String> set2) {
        if (set == null) {
            set = this.keyManager.getAvailableCredentials();
        }
        LinkedList linkedList = new LinkedList();
        for (String str : set) {
            this.log.debug("Adding PKIX trust anchor {} for metadata verification of provider {}", str, metadataProvider);
            X509Certificate certificate = this.keyManager.getCertificate(str);
            if (certificate != null) {
                linkedList.add(certificate);
            } else {
                this.log.warn("Cannot construct PKIX trust anchor for key with alias {} for provider {}, key isn't included in the keystore", str, metadataProvider);
            }
        }
        LinkedList linkedList2 = new LinkedList();
        linkedList2.add(new BasicPKIXValidationInformation(linkedList, null, 4));
        return new StaticPKIXValidationInformationResolver(linkedList2, set2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.saml.metadata.MetadataManager
    public List<String> parseProvider(MetadataProvider metadataProvider) throws MetadataProviderException {
        LinkedList linkedList = new LinkedList();
        XMLObject metadata = metadataProvider.getMetadata();
        if (metadata instanceof EntityDescriptor) {
            addDescriptor(linkedList, (EntityDescriptor) metadata);
        } else if (metadata instanceof EntitiesDescriptor) {
            addDescriptors(linkedList, (EntitiesDescriptor) metadata);
        }
        return linkedList;
    }

    private void addDescriptors(List<String> list, EntitiesDescriptor entitiesDescriptor) throws MetadataProviderException {
        this.log.debug("Found metadata EntitiesDescriptor with ID", entitiesDescriptor.getID());
        if (entitiesDescriptor.getEntitiesDescriptors() != null) {
            Iterator<EntitiesDescriptor> it = entitiesDescriptor.getEntitiesDescriptors().iterator();
            while (it.hasNext()) {
                addDescriptors(list, it.next());
            }
        }
        if (entitiesDescriptor.getEntityDescriptors() != null) {
            Iterator<EntityDescriptor> it2 = entitiesDescriptor.getEntityDescriptors().iterator();
            while (it2.hasNext()) {
                addDescriptor(list, it2.next());
            }
        }
    }

    private void addDescriptor(List<String> list, EntityDescriptor entityDescriptor) throws MetadataProviderException {
        String entityID = entityDescriptor.getEntityID();
        this.log.debug("Found metadata EntityDescriptor with ID", entityID);
        list.add(entityID);
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public Set<String> getIDPEntityNames() {
        HashSet hashSet = new HashSet();
        for (ExtendedMetadataDelegate extendedMetadataDelegate : getAvailableProviders()) {
            try {
                String providerIdpAlias = getProviderIdpAlias(extendedMetadataDelegate);
                if (StringUtils.hasText(providerIdpAlias)) {
                    hashSet.add(providerIdpAlias);
                }
            } catch (MetadataProviderException e) {
                this.log.error("Unable to get IDP alias for:" + extendedMetadataDelegate, (Throwable) e);
            }
        }
        return hashSet;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public Set<String> getSPEntityNames() {
        HashSet hashSet = new HashSet();
        for (ExtendedMetadataDelegate extendedMetadataDelegate : getAvailableProviders()) {
            try {
                String hostedSpName = getHostedSpName(extendedMetadataDelegate);
                if (StringUtils.hasText(hostedSpName)) {
                    hashSet.add(hostedSpName);
                }
            } catch (MetadataProviderException e) {
                this.log.error("Unable to get IDP alias for:" + extendedMetadataDelegate, (Throwable) e);
            }
        }
        return hashSet;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public boolean isIDPValid(String str) {
        return getIDPEntityNames().contains(str);
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public boolean isSPValid(String str) {
        return getIDPEntityNames().contains(str);
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public String getHostedSPName() {
        String hostedSpName;
        for (ExtendedMetadataDelegate extendedMetadataDelegate : getAvailableProviders()) {
            try {
                hostedSpName = getHostedSpName(extendedMetadataDelegate);
            } catch (MetadataProviderException e) {
                this.log.error("Unable to find hosted SP name:" + extendedMetadataDelegate, (Throwable) e);
            }
            if (StringUtils.hasText(hostedSpName)) {
                return hostedSpName;
            }
        }
        return null;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public void setHostedSPName(String str) {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public String getDefaultIDP() throws MetadataProviderException {
        Iterator<String> it = getIDPEntityNames().iterator();
        if (it.hasNext()) {
            return it.next();
        }
        throw new MetadataProviderException("No IDP was configured, please update included metadata with at least one IDP");
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public void setDefaultIDP(String str) {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager, org.springframework.security.saml.metadata.ExtendedMetadataProvider
    public ExtendedMetadata getExtendedMetadata(String str) throws MetadataProviderException {
        Iterator<MetadataProvider> it = getProviders().iterator();
        while (it.hasNext()) {
            ExtendedMetadata extendedMetadata = getExtendedMetadata(str, it.next());
            if (extendedMetadata != null) {
                return extendedMetadata;
            }
        }
        return getDefaultExtendedMetadata().mo2328clone();
    }

    private ExtendedMetadata getExtendedMetadata(String str, MetadataProvider metadataProvider) throws MetadataProviderException {
        ExtendedMetadata extendedMetadata;
        if (!(metadataProvider instanceof ExtendedMetadataProvider) || (extendedMetadata = ((ExtendedMetadataProvider) metadataProvider).getExtendedMetadata(str)) == null) {
            return null;
        }
        return extendedMetadata.mo2328clone();
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public EntityDescriptor getEntityDescriptor(byte[] bArr) throws MetadataProviderException {
        for (String str : getIDPEntityNames()) {
            if (SAMLUtil.compare(bArr, str)) {
                return getEntityDescriptor(str);
            }
        }
        for (String str2 : getSPEntityNames()) {
            if (SAMLUtil.compare(bArr, str2)) {
                return getEntityDescriptor(str2);
            }
        }
        return null;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public String getEntityIdForAlias(String str) throws MetadataProviderException {
        if (str == null) {
            return null;
        }
        String str2 = null;
        for (String str3 : getIDPEntityNames()) {
            ExtendedMetadata extendedMetadata = getExtendedMetadata(str3);
            if (extendedMetadata.isLocal() && str.equals(extendedMetadata.getAlias())) {
                if (str2 != null && !str2.equals(str3)) {
                    throw new MetadataProviderException("Alias " + str + " is used both for entity " + str2 + " and " + str3);
                }
                str2 = str3;
            }
        }
        for (String str4 : getSPEntityNames()) {
            ExtendedMetadata extendedMetadata2 = getExtendedMetadata(str4);
            if (extendedMetadata2.isLocal() && str.equals(extendedMetadata2.getAlias())) {
                if (str2 != null && !str2.equals(str4)) {
                    throw new MetadataProviderException("Alias " + str + " is used both for entity " + str2 + " and " + str4);
                }
                str2 = str4;
            }
        }
        return str2;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public ExtendedMetadata getDefaultExtendedMetadata() {
        return this.defaultExtendedMetadata;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public void setDefaultExtendedMetadata(ExtendedMetadata extendedMetadata) {
        this.defaultExtendedMetadata = extendedMetadata;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public boolean isRefreshRequired() {
        return false;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public void setRefreshRequired(boolean z) {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public void setRefreshCheckInterval(long j) {
        super.setRefreshCheckInterval(0L);
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    @Autowired
    public void setKeyManager(KeyManager keyManager) {
        this.keyManager = keyManager;
        super.setKeyManager(keyManager);
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    @Autowired(required = false)
    public void setTLSConfigurer(TLSProtocolConfigurer tLSProtocolConfigurer) {
    }

    @Override // org.opensaml.saml2.metadata.provider.ChainingMetadataProvider, org.opensaml.saml2.metadata.provider.MetadataProvider
    public EntitiesDescriptor getEntitiesDescriptor(String str) throws MetadataProviderException {
        EntitiesDescriptor entitiesDescriptor = null;
        for (MetadataProvider metadataProvider : getProviders()) {
            this.log.debug("Checking child metadata provider for entities descriptor with name: {}", str);
            try {
                entitiesDescriptor = metadataProvider.getEntitiesDescriptor(str);
            } catch (MetadataProviderException e) {
                this.log.warn("Error retrieving metadata from provider of type {}, proceeding to next provider", metadataProvider.getClass().getName(), e);
            }
            if (entitiesDescriptor != null) {
                break;
            }
        }
        return entitiesDescriptor;
    }

    @Override // org.opensaml.saml2.metadata.provider.ChainingMetadataProvider, org.opensaml.saml2.metadata.provider.MetadataProvider
    public EntityDescriptor getEntityDescriptor(String str) throws MetadataProviderException {
        EntityDescriptor entityDescriptor = null;
        for (MetadataProvider metadataProvider : getProviders()) {
            this.log.debug("Checking child metadata provider for entity descriptor with entity ID: {}", str);
            try {
                entityDescriptor = metadataProvider.getEntityDescriptor(str);
            } catch (MetadataProviderException e) {
                this.log.warn("Error retrieving metadata from provider of type {}, proceeding to next provider", metadataProvider.getClass().getName(), e);
            }
            if (entityDescriptor != null) {
                break;
            }
        }
        return entityDescriptor;
    }

    @Override // org.opensaml.saml2.metadata.provider.ChainingMetadataProvider, org.opensaml.saml2.metadata.provider.MetadataProvider
    public List<RoleDescriptor> getRole(String str, QName qName) throws MetadataProviderException {
        List<RoleDescriptor> list = null;
        for (MetadataProvider metadataProvider : getProviders()) {
            this.log.debug("Checking child metadata provider for entity descriptor with entity ID: {}", str);
            try {
                list = metadataProvider.getRole(str, qName);
                if (list != null && !list.isEmpty()) {
                    break;
                }
            } catch (MetadataProviderException e) {
                this.log.warn("Error retrieving metadata from provider of type {}, proceeding to next provider", metadataProvider.getClass().getName(), e);
            }
        }
        return list;
    }

    @Override // org.opensaml.saml2.metadata.provider.ChainingMetadataProvider, org.opensaml.saml2.metadata.provider.MetadataProvider
    public RoleDescriptor getRole(String str, QName qName, String str2) throws MetadataProviderException {
        RoleDescriptor roleDescriptor = null;
        for (MetadataProvider metadataProvider : getProviders()) {
            this.log.debug("Checking child metadata provider for entity descriptor with entity ID: {}", str);
            try {
                roleDescriptor = metadataProvider.getRole(str, qName, str2);
            } catch (MetadataProviderException e) {
                this.log.warn("Error retrieving metadata from provider of type {}, proceeding to next provider", metadataProvider.getClass().getName(), e);
            }
            if (roleDescriptor != null) {
                break;
            }
        }
        return roleDescriptor;
    }

    @Override // org.opensaml.saml2.metadata.provider.ChainingMetadataProvider, org.opensaml.saml2.metadata.provider.MetadataProvider
    public XMLObject getMetadata() throws MetadataProviderException {
        return new ChainingEntitiesDescriptor();
    }
}
