package org.opensaml.saml.common.profile.logic;

import java.util.Iterator;
import java.util.Objects;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.saml2.metadata.AffiliateMember;
import org.opensaml.saml.saml2.metadata.AffiliationDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:repository/org/opensaml/opensaml-saml-api/3.3.0/opensaml-saml-api-3.3.0.jar:org/opensaml/saml/common/profile/logic/AffiliationNameIDPolicyPredicate.class */
public class AffiliationNameIDPolicyPredicate extends DefaultNameIDPolicyPredicate {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) AffiliationNameIDPolicyPredicate.class);

    @NonnullAfterInit
    private MetadataResolver metadataResolver;

    public void setMetadataResolver(@Nonnull MetadataResolver metadataResolver) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.metadataResolver = (MetadataResolver) Constraint.isNotNull(metadataResolver, "MetadataResolver cannot be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate, net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.metadataResolver == null) {
            throw new ComponentInitializationException("MetadataResolver cannot be null");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml.common.profile.logic.DefaultNameIDPolicyPredicate, org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate
    public boolean doApply(@Nullable String str, @Nullable String str2, @Nullable String str3, @Nullable String str4, @Nullable String str5) {
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        if (super.doApply(str, str2, str3, str4, str5) || str5 == null) {
            return true;
        }
        try {
            EntityDescriptor resolveSingle = this.metadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(str5)));
            if (resolveSingle != null) {
                AffiliationDescriptor affiliationDescriptor = resolveSingle.getAffiliationDescriptor();
                if (affiliationDescriptor != null) {
                    Iterator<AffiliateMember> it = affiliationDescriptor.getMembers().iterator();
                    while (it.hasNext()) {
                        if (Objects.equals(it.next().getID(), str)) {
                            this.log.debug("Entity {} is authorized as a member of Affiliation {}", str, str5);
                            return true;
                        }
                    }
                    this.log.warn("Entity {} was not a member of Affiliation {}", str, str5);
                } else {
                    this.log.warn("Affiliation entity {} found, but did not contain an AffiliationDescriptor", str5);
                }
            } else {
                this.log.warn("No metadata found for affiliation {}", str5);
            }
            return false;
        } catch (ResolverException e) {
            this.log.error("Error resolving metadata for affiliation {}", str5, e);
            return false;
        }
    }
}
