package org.opensaml.saml.metadata.resolver.filter.impl;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotLive;
import net.shibboleth.utilities.java.support.annotation.constraint.Unmodifiable;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.metadata.resolver.filter.FilterException;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/opensaml-saml-impl-3.3.1.jar:org/opensaml/saml/metadata/resolver/filter/impl/EntityRoleFilter.class */
public class EntityRoleFilter implements MetadataFilter {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) EntityRoleFilter.class);

    @NonnullElements
    @Nonnull
    private List<QName> roleWhiteList;
    private boolean removeRolelessEntityDescriptors;
    private boolean removeEmptyEntitiesDescriptors;

    @Nonnull
    private final QName extRoleDescriptor;

    public EntityRoleFilter(@Nullable List<QName> list) {
        this.roleWhiteList = new ArrayList();
        if (list != null) {
            this.roleWhiteList.addAll(list);
        }
        this.roleWhiteList = Collections.unmodifiableList(this.roleWhiteList);
        this.removeRolelessEntityDescriptors = true;
        this.removeEmptyEntitiesDescriptors = true;
        this.extRoleDescriptor = new QName("urn:oasis:names:tc:SAML:2.0:metadata", RoleDescriptor.DEFAULT_ELEMENT_LOCAL_NAME);
    }

    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public List<QName> getRoleWhiteList() {
        return this.roleWhiteList;
    }

    public boolean getRemoveRolelessEntityDescriptors() {
        return this.removeRolelessEntityDescriptors;
    }

    public void setRemoveRolelessEntityDescriptors(boolean z) {
        this.removeRolelessEntityDescriptors = z;
    }

    public boolean getRemoveEmptyEntitiesDescriptors() {
        return this.removeEmptyEntitiesDescriptors;
    }

    public void setRemoveEmptyEntitiesDescriptors(boolean z) {
        this.removeEmptyEntitiesDescriptors = z;
    }

    @Override // org.opensaml.saml.metadata.resolver.filter.MetadataFilter
    @Nullable
    public XMLObject filter(@Nullable XMLObject xMLObject) throws FilterException {
        if (xMLObject == null) {
            return null;
        }
        if (xMLObject instanceof EntitiesDescriptor) {
            filterEntitiesDescriptor((EntitiesDescriptor) xMLObject);
        } else {
            filterEntityDescriptor((EntityDescriptor) xMLObject);
        }
        return xMLObject;
    }

    protected void filterEntitiesDescriptor(@Nonnull EntitiesDescriptor entitiesDescriptor) throws FilterException {
        List<RoleDescriptor> roleDescriptors;
        List<EntityDescriptor> entityDescriptors = entitiesDescriptor.getEntityDescriptors();
        if (entityDescriptors != null && !entityDescriptors.isEmpty()) {
            ArrayList arrayList = new ArrayList();
            for (EntityDescriptor entityDescriptor : entityDescriptors) {
                filterEntityDescriptor(entityDescriptor);
                if (getRemoveRolelessEntityDescriptors() && ((roleDescriptors = entityDescriptor.getRoleDescriptors()) == null || roleDescriptors.isEmpty())) {
                    this.log.trace("Filtering out entity descriptor {} from entity group {}", entityDescriptor.getEntityID(), entitiesDescriptor.getName());
                    arrayList.add(entityDescriptor);
                }
            }
            entityDescriptors.removeAll(arrayList);
        }
        List<EntitiesDescriptor> entitiesDescriptors = entitiesDescriptor.getEntitiesDescriptors();
        if (entitiesDescriptors == null || entitiesDescriptors.isEmpty()) {
            return;
        }
        ArrayList arrayList2 = new ArrayList();
        for (EntitiesDescriptor entitiesDescriptor2 : entitiesDescriptors) {
            filterEntitiesDescriptor(entitiesDescriptor2);
            if (getRemoveEmptyEntitiesDescriptors() && (entitiesDescriptor2.getEntityDescriptors() == null || entitiesDescriptor2.getEntityDescriptors().isEmpty())) {
                if (entitiesDescriptor2.getEntitiesDescriptors() == null || entitiesDescriptor2.getEntitiesDescriptors().isEmpty()) {
                    this.log.trace("Filtering out entity descriptor {} from entity group {}", entitiesDescriptor2.getName(), entitiesDescriptor.getName());
                    arrayList2.add(entitiesDescriptor2);
                }
            }
        }
        entitiesDescriptors.removeAll(arrayList2);
    }

    protected void filterEntityDescriptor(@Nonnull EntityDescriptor entityDescriptor) throws FilterException {
        List<RoleDescriptor> roleDescriptors = entityDescriptor.getRoleDescriptors();
        if (roleDescriptors == null || roleDescriptors.isEmpty()) {
            return;
        }
        Iterator<RoleDescriptor> it = roleDescriptors.iterator();
        while (it.hasNext()) {
            QName roleName = getRoleName(it.next());
            if (!this.roleWhiteList.contains(roleName)) {
                this.log.trace("Filtering out role {} from entity {}", roleName, entityDescriptor.getEntityID());
                it.remove();
            }
        }
    }

    protected QName getRoleName(@Nonnull RoleDescriptor roleDescriptor) throws FilterException {
        QName elementQName = roleDescriptor.getElementQName();
        if (this.extRoleDescriptor.equals(elementQName)) {
            elementQName = roleDescriptor.getSchemaType();
            if (elementQName == null) {
                throw new FilterException("Role descriptor element was " + this.extRoleDescriptor + " but did not contain a schema type.  This is illegal.");
            }
        }
        return elementQName;
    }
}
