package org.cloudfoundry.identity.uaa.provider.saml.idp;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.springframework.beans.factory.BeanNameAware;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.security.saml.metadata.ExtendedMetadataProvider;
import org.springframework.security.saml.metadata.MetadataMemoryProvider;
import org.springframework.security.saml.trust.httpclient.TLSProtocolConfigurer;
import org.springframework.security.saml.util.SAMLUtil;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.11.0.jar:org/cloudfoundry/identity/uaa/provider/saml/idp/NonSnarlIdpMetadataManager.class */
public class NonSnarlIdpMetadataManager extends IdpMetadataManager implements ExtendedMetadataProvider, InitializingBean, DisposableBean, BeanNameAware {
    private static final Log logger = LogFactory.getLog(NonSnarlIdpMetadataManager.class);
    private SamlServiceProviderConfigurator configurator;
    private IdpMetadataGenerator generator;
    private Map<String, String> zoneHostedIdpNames;
    private ExtendedMetadata defaultExtendedMetadata;
    private String beanName;

    public NonSnarlIdpMetadataManager(SamlServiceProviderConfigurator samlServiceProviderConfigurator) throws MetadataProviderException {
        super(Collections.emptyList());
        this.beanName = NonSnarlIdpMetadataManager.class.getName() + "-" + System.identityHashCode(this);
        this.configurator = samlServiceProviderConfigurator;
        super.setKeyManager(IdentityZoneHolder.getSamlSPKeyManager());
        super.setRefreshCheckInterval(0L);
        logger.info("-----> Internal Timer is disabled");
        this.defaultExtendedMetadata = new ExtendedMetadata();
        if (this.zoneHostedIdpNames == null) {
            this.zoneHostedIdpNames = new ConcurrentHashMap();
        }
    }

    @Override // org.springframework.beans.factory.BeanNameAware
    public void setBeanName(String str) {
        this.beanName = str;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager, org.opensaml.saml2.metadata.provider.ChainingMetadataProvider
    public void setProviders(List<MetadataProvider> list) throws MetadataProviderException {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public void refreshMetadata() {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager, org.opensaml.saml2.metadata.provider.ChainingMetadataProvider
    public void addMetadataProvider(MetadataProvider metadataProvider) throws MetadataProviderException {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager, org.opensaml.saml2.metadata.provider.ChainingMetadataProvider
    public void removeMetadataProvider(MetadataProvider metadataProvider) {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager, org.opensaml.saml2.metadata.provider.ChainingMetadataProvider
    public List<MetadataProvider> getProviders() {
        ArrayList arrayList = new ArrayList();
        Iterator<ExtendedMetadataDelegate> it = getAvailableProviders().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next());
        }
        return arrayList;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public List<ExtendedMetadataDelegate> getAvailableProviders() {
        IdentityZone identityZone = IdentityZoneHolder.get();
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.add(getLocalIdp());
            for (SamlServiceProviderHolder samlServiceProviderHolder : this.configurator.getSamlServiceProviders()) {
                this.log.info("Adding SAML SP zone[" + identityZone.getId() + "] alias[" + samlServiceProviderHolder.getSamlServiceProvider().getEntityId() + "]");
                try {
                    ExtendedMetadataDelegate extendedMetadataDelegate = samlServiceProviderHolder.getExtendedMetadataDelegate();
                    initializeProvider(extendedMetadataDelegate);
                    initializeProviderData(extendedMetadataDelegate);
                    initializeProviderFilters(extendedMetadataDelegate);
                    arrayList.add(extendedMetadataDelegate);
                } catch (MetadataProviderException e) {
                    this.log.error("Invalid SAML IDP zone[" + identityZone.getId() + "] alias[" + samlServiceProviderHolder.getSamlServiceProvider().getEntityId() + "]", (Throwable) e);
                }
            }
            return arrayList;
        } catch (MetadataProviderException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public ExtendedMetadataDelegate getLocalIdp() throws MetadataProviderException {
        EntityDescriptor generateMetadata = this.generator.generateMetadata();
        IdpExtendedMetadata generateExtendedMetadata = this.generator.generateExtendedMetadata();
        this.log.info("Initialized local identity provider for entityID: " + generateMetadata.getEntityID());
        MetadataMemoryProvider metadataMemoryProvider = new MetadataMemoryProvider(generateMetadata);
        metadataMemoryProvider.initialize();
        return new ExtendedMetadataDelegate(metadataMemoryProvider, generateExtendedMetadata);
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    protected void initializeProvider(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
        this.log.debug("Initializing extendedMetadataDelegate {}", extendedMetadataDelegate);
        extendedMetadataDelegate.initialize();
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    protected void initializeProviderData(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public Set<String> getIDPEntityNames() {
        HashSet hashSet = new HashSet();
        ExtendedMetadataDelegate extendedMetadataDelegate = null;
        try {
            extendedMetadataDelegate = getLocalIdp();
            String providerIdpAlias = getProviderIdpAlias(extendedMetadataDelegate);
            if (StringUtils.hasText(providerIdpAlias)) {
                hashSet.add(providerIdpAlias);
            }
        } catch (MetadataProviderException e) {
            this.log.error("Unable to get IDP alias for:" + extendedMetadataDelegate, (Throwable) e);
        }
        return hashSet;
    }

    protected String getProviderIdpAlias(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
        for (String str : parseProvider(extendedMetadataDelegate)) {
            if (extendedMetadataDelegate.getRole(str, IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) != null) {
                return str;
            }
        }
        return null;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public Set<String> getSPEntityNames() {
        HashSet hashSet = new HashSet();
        for (ExtendedMetadataDelegate extendedMetadataDelegate : getAvailableProviders()) {
            try {
                String spName = getSpName(extendedMetadataDelegate);
                if (StringUtils.hasText(spName)) {
                    hashSet.add(spName);
                }
            } catch (MetadataProviderException e) {
                this.log.error("Unable to get IDP alias for:" + extendedMetadataDelegate, (Throwable) e);
            }
        }
        return hashSet;
    }

    protected String getSpName(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
        for (String str : parseProvider(extendedMetadataDelegate)) {
            if (extendedMetadataDelegate.getRole(str, SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) != null && getExtendedMetadata(str, extendedMetadataDelegate) != null) {
                return str;
            }
        }
        return null;
    }

    protected String getHostedSpName(ExtendedMetadataDelegate extendedMetadataDelegate) throws MetadataProviderException {
        String spName = getSpName(extendedMetadataDelegate);
        if (getExtendedMetadata(spName, extendedMetadataDelegate).isLocal()) {
            return spName;
        }
        return null;
    }

    @Override // org.opensaml.saml2.metadata.provider.ChainingMetadataProvider, org.opensaml.saml2.metadata.provider.MetadataProvider
    public List<RoleDescriptor> getRole(String str, QName qName) throws MetadataProviderException {
        List<RoleDescriptor> list = null;
        for (MetadataProvider metadataProvider : getProviders()) {
            this.log.debug("Checking child metadata provider for entity descriptor with entity ID: {}", str);
            try {
                list = metadataProvider.getRole(str, qName);
                if (list != null && !list.isEmpty()) {
                    break;
                }
            } catch (MetadataProviderException e) {
                this.log.warn("Error retrieving metadata from provider of type {}, proceeding to next provider", metadataProvider.getClass().getName(), e);
            }
        }
        return list;
    }

    @Override // org.opensaml.saml2.metadata.provider.ChainingMetadataProvider, org.opensaml.saml2.metadata.provider.MetadataProvider
    public RoleDescriptor getRole(String str, QName qName, String str2) throws MetadataProviderException {
        RoleDescriptor roleDescriptor = null;
        for (MetadataProvider metadataProvider : getProviders()) {
            this.log.debug("Checking child metadata provider for entity descriptor with entity ID: {}", str);
            try {
                roleDescriptor = metadataProvider.getRole(str, qName, str2);
            } catch (MetadataProviderException e) {
                this.log.warn("Error retrieving metadata from provider of type {}, proceeding to next provider", metadataProvider.getClass().getName(), e);
            }
            if (roleDescriptor != null) {
                break;
            }
        }
        return roleDescriptor;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public boolean isIDPValid(String str) {
        return getIDPEntityNames().contains(str);
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public boolean isSPValid(String str) {
        return getSPEntityNames().contains(str);
    }

    @Override // org.cloudfoundry.identity.uaa.provider.saml.idp.IdpMetadataManager
    public String getHostedIdpName() {
        return this.zoneHostedIdpNames.get(IdentityZoneHolder.get().getId());
    }

    @Override // org.cloudfoundry.identity.uaa.provider.saml.idp.IdpMetadataManager
    public void setHostedIdpName(String str) {
        this.zoneHostedIdpNames.put(IdentityZoneHolder.get().getId(), str);
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public String getHostedSPName() {
        String hostedSpName;
        for (ExtendedMetadataDelegate extendedMetadataDelegate : getAvailableProviders()) {
            try {
                hostedSpName = getHostedSpName(extendedMetadataDelegate);
            } catch (MetadataProviderException e) {
                this.log.error("Unable to find hosted SP name:" + extendedMetadataDelegate, (Throwable) e);
            }
            if (StringUtils.hasText(hostedSpName)) {
                return hostedSpName;
            }
        }
        return null;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public void setHostedSPName(String str) {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public String getDefaultIDP() throws MetadataProviderException {
        Iterator<String> it = getIDPEntityNames().iterator();
        if (it.hasNext()) {
            return it.next();
        }
        throw new MetadataProviderException("No IDP was configured, please update included metadata with at least one IDP");
    }

    @Override // org.opensaml.saml2.metadata.provider.ChainingMetadataProvider, org.opensaml.saml2.metadata.provider.MetadataProvider
    public EntityDescriptor getEntityDescriptor(String str) throws MetadataProviderException {
        EntityDescriptor entityDescriptor = null;
        for (MetadataProvider metadataProvider : getProviders()) {
            this.log.debug("Checking child metadata provider for entity descriptor with entity ID: {}", str);
            try {
                entityDescriptor = metadataProvider.getEntityDescriptor(str);
            } catch (MetadataProviderException e) {
                this.log.warn("Error retrieving metadata from provider of type {}, proceeding to next provider", metadataProvider.getClass().getName(), e);
            }
            if (entityDescriptor != null) {
                break;
            }
        }
        return entityDescriptor;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public EntityDescriptor getEntityDescriptor(byte[] bArr) throws MetadataProviderException {
        for (String str : getSPEntityNames()) {
            if (SAMLUtil.compare(bArr, str)) {
                return getEntityDescriptor(str);
            }
        }
        for (String str2 : getIDPEntityNames()) {
            if (SAMLUtil.compare(bArr, str2)) {
                return getEntityDescriptor(str2);
            }
        }
        return null;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public String getEntityIdForAlias(String str) throws MetadataProviderException {
        if (str == null) {
            return null;
        }
        String str2 = null;
        for (String str3 : getSPEntityNames()) {
            if (str.equals(getExtendedMetadata(str3).getAlias())) {
                if (str2 != null && !str2.equals(str3)) {
                    throw new MetadataProviderException("Alias " + str + " is used both for entity " + str2 + " and " + str3);
                }
                str2 = str3;
            }
        }
        for (String str4 : getIDPEntityNames()) {
            if (str.equals(getExtendedMetadata(str4).getAlias())) {
                if (str2 != null && !str2.equals(str4)) {
                    throw new MetadataProviderException("Alias " + str + " is used both for entity " + str2 + " and " + str4);
                }
                str2 = str4;
            }
        }
        return str2;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public ExtendedMetadata getDefaultExtendedMetadata() {
        return this.defaultExtendedMetadata;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public void setDefaultExtendedMetadata(ExtendedMetadata extendedMetadata) {
        this.defaultExtendedMetadata = extendedMetadata;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public boolean isRefreshRequired() {
        return false;
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public void setRefreshRequired(boolean z) {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    public void setKeyManager(KeyManager keyManager) {
        this.keyManager = keyManager;
        super.setKeyManager(keyManager);
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager
    @Autowired(required = false)
    public void setTLSConfigurer(TLSProtocolConfigurer tLSProtocolConfigurer) {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager, org.opensaml.saml2.metadata.provider.ChainingMetadataProvider, org.opensaml.saml2.metadata.provider.BaseMetadataProvider, org.springframework.beans.factory.DisposableBean
    public void destroy() {
    }

    @Override // org.springframework.security.saml.metadata.MetadataManager, org.springframework.security.saml.metadata.ExtendedMetadataProvider
    public ExtendedMetadata getExtendedMetadata(String str) throws MetadataProviderException {
        Iterator<ExtendedMetadataDelegate> it = getAvailableProviders().iterator();
        while (it.hasNext()) {
            ExtendedMetadata extendedMetadata = getExtendedMetadata(str, it.next());
            if (extendedMetadata != null) {
                return extendedMetadata;
            }
        }
        return getDefaultExtendedMetadata().mo3912clone();
    }

    private ExtendedMetadata getExtendedMetadata(String str, MetadataProvider metadataProvider) throws MetadataProviderException {
        ExtendedMetadata extendedMetadata;
        if (!(metadataProvider instanceof ExtendedMetadataProvider) || (extendedMetadata = ((ExtendedMetadataProvider) metadataProvider).getExtendedMetadata(str)) == null) {
            return null;
        }
        return extendedMetadata.mo3912clone();
    }

    public IdpMetadataGenerator getGenerator() {
        return this.generator;
    }

    public void setGenerator(IdpMetadataGenerator idpMetadataGenerator) {
        this.generator = idpMetadataGenerator;
    }
}
