package com.appiancorp.security.auth.saml;

import com.appian.logging.AppianLogger;
import com.appiancorp.common.CastUtil;
import com.google.common.base.Strings;
import com.google.common.collect.Maps;
import java.util.Map;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.saml.metadata.criteria.entity.impl.EvaluableEntityRoleEntityDescriptorCriterion;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.saml2.metadata.Endpoint;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;

/* loaded from: input_file:com/appiancorp/security/auth/saml/IdpMetadataService.class */
public class IdpMetadataService {
    private static final AppianLogger LOG = AppianLogger.getLogger(IdpMetadataService.class);
    private final MetadataResolverFactory metadataResolverFactory;
    private final Map<String, MetadataResolver> metadataResolverMap = Maps.newHashMap();

    public IdpMetadataService(MetadataResolverFactory metadataResolverFactory) {
        this.metadataResolverFactory = metadataResolverFactory;
    }

    public MetadataResolver getIdpMetadataResolver(String str) {
        try {
            if (Strings.isNullOrEmpty(str)) {
                LOG.debug("Received null or empty metadata uuid.");
                return null;
            }
            MetadataResolver metadataResolver = this.metadataResolverMap.get(str);
            if (metadataResolver != null) {
                return metadataResolver;
            }
            LOG.debug("Metadata provider not found in cache for " + str);
            MetadataResolver create = this.metadataResolverFactory.create(str);
            this.metadataResolverMap.put(str, create);
            return create;
        } catch (Exception e) {
            LOG.error(e, "Failed to fetch Metadata from source.");
            return null;
        }
    }

    public <T extends Endpoint> T getIdpEndpointService(EndpointType endpointType, String str) {
        try {
            MetadataResolver idpMetadataResolver = getIdpMetadataResolver(str);
            if (idpMetadataResolver != null) {
                return (T) CastUtil.cast(new IdpEndpointResolver(idpMetadataResolver).resolve(getIdpEntityId(str), endpointType.getQName()));
            }
            LOG.debug("Received null metadata resolver.");
            return null;
        } catch (Exception e) {
            LOG.error(e, "Could not resolve endpoint.");
            return null;
        }
    }

    public String getIdpEntityId(String str) {
        return getIdpEntityId(getIdpMetadataResolver(str));
    }

    private String getIdpEntityId(MetadataResolver metadataResolver) {
        if (metadataResolver == null) {
            LOG.debug("Metadata Resolver is null, returning empty string.");
            return "";
        }
        try {
            EntityDescriptor entityDescriptor = (EntityDescriptor) metadataResolver.resolveSingle(new CriteriaSet(new Criterion[]{new EvaluableEntityRoleEntityDescriptorCriterion(new QName("urn:oasis:names:tc:SAML:2.0:metadata", "IDPSSODescriptor", "md"))}));
            return entityDescriptor != null ? entityDescriptor.getEntityID() : "";
        } catch (ResolverException e) {
            LOG.error(e, "Failed to fetch Metadata from resolver.");
            return "";
        }
    }

    public String getIdpLogoutUrl(String str) {
        SingleLogoutService idpEndpointService = getIdpEndpointService(EndpointType.SINGLE_LOG_OUT_SERVICE, str);
        if (idpEndpointService != null) {
            return idpEndpointService.getLocation();
        }
        LOG.warn("Single Logout Service is null, returning empty string.");
        return "";
    }

    public String getIdpLoginUrl(String str) {
        SingleSignOnService idpEndpointService = getIdpEndpointService(EndpointType.SINGLE_SIGN_ON_SERVICE, str);
        if (idpEndpointService != null) {
            return idpEndpointService.getLocation();
        }
        LOG.warn("Single SignOn Service is null, returning empty string.");
        return "";
    }
}
