package org.elasticsearch.xpack.idp.saml.sp;

import java.io.IOException;
import java.io.UncheckedIOException;
import java.time.Instant;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.xcontent.LoggingDeprecationHandler;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.script.ScriptService;
import org.elasticsearch.xcontent.ConstructingObjectParser;
import org.elasticsearch.xcontent.NamedXContentRegistry;
import org.elasticsearch.xcontent.ParseField;
import org.elasticsearch.xcontent.XContentBuilder;
import org.elasticsearch.xcontent.XContentParser;
import org.elasticsearch.xcontent.XContentType;
import org.elasticsearch.xcontent.json.JsonXContent;
import org.elasticsearch.xpack.core.security.support.MustacheTemplateEvaluator;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/elasticsearch/xpack/idp/saml/sp/WildcardServiceProvider.class */
public class WildcardServiceProvider {
    private static final ConstructingObjectParser<WildcardServiceProvider, Void> PARSER = new ConstructingObjectParser<>("wildcard_service", objArr -> {
        return new WildcardServiceProvider((String) objArr[0], (String) objArr[1], (Collection<String>) objArr[2], (Map<String, Object>) objArr[3]);
    });
    private final Pattern matchEntityId;
    private final Pattern matchAcs;
    private final Set<String> tokens;
    private final BytesReference serviceTemplate;

    /* loaded from: input_file:org/elasticsearch/xpack/idp/saml/sp/WildcardServiceProvider$Fields.class */
    public interface Fields {
        public static final ParseField ENTITY_ID = new ParseField("entity_id", new String[0]);
        public static final ParseField ACS = new ParseField("acs", new String[0]);
        public static final ParseField TOKENS = new ParseField("tokens", new String[0]);
        public static final ParseField TEMPLATE = new ParseField("template", new String[0]);
    }

    private WildcardServiceProvider(Pattern pattern, Pattern pattern2, Set<String> set, BytesReference bytesReference) {
        this.matchEntityId = (Pattern) Objects.requireNonNull(pattern);
        this.matchAcs = (Pattern) Objects.requireNonNull(pattern2);
        this.tokens = (Set) Objects.requireNonNull(set);
        this.serviceTemplate = (BytesReference) Objects.requireNonNull(bytesReference);
    }

    WildcardServiceProvider(String str, String str2, Collection<String> collection, Map<String, Object> map) {
        this(Pattern.compile((String) Objects.requireNonNull(str, "EntityID to match cannot be null")), Pattern.compile((String) Objects.requireNonNull(str2, "ACS to match cannot be null")), (Set<String>) Collections.unmodifiableSet(new HashSet((Collection) Objects.requireNonNull(collection, "Tokens collection may not be null"))), toMustacheScript((Map) Objects.requireNonNull(map, "Service definition may not be null")));
    }

    public static WildcardServiceProvider parse(XContentParser xContentParser) throws IOException {
        return (WildcardServiceProvider) PARSER.parse(xContentParser, (Object) null);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        WildcardServiceProvider wildcardServiceProvider = (WildcardServiceProvider) obj;
        return this.matchEntityId.pattern().equals(wildcardServiceProvider.matchEntityId.pattern()) && this.matchAcs.pattern().equals(wildcardServiceProvider.matchAcs.pattern()) && this.tokens.equals(wildcardServiceProvider.tokens) && this.serviceTemplate.equals(wildcardServiceProvider.serviceTemplate);
    }

    public int hashCode() {
        return Objects.hash(this.matchEntityId.pattern(), this.matchAcs.pattern(), this.tokens, this.serviceTemplate);
    }

    private static BytesReference toMustacheScript(Map<String, Object> map) {
        try {
            XContentBuilder contentBuilder = JsonXContent.contentBuilder();
            contentBuilder.startObject();
            contentBuilder.field("source");
            contentBuilder.map(map);
            contentBuilder.endObject();
            return BytesReference.bytes(contentBuilder);
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    @Nullable
    public SamlServiceProviderDocument apply(ScriptService scriptService, String str, String str2) {
        Map<String, Object> extractTokens = extractTokens(str, str2);
        if (extractTokens == null) {
            return null;
        }
        try {
            SamlServiceProviderDocument serviceProviderDocument = toServiceProviderDocument(evaluateTemplate(scriptService, extractTokens));
            Instant now = Instant.now();
            serviceProviderDocument.setEntityId(str);
            serviceProviderDocument.setAcs(str2);
            serviceProviderDocument.setCreated(now);
            serviceProviderDocument.setLastModified(now);
            return serviceProviderDocument;
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    Map<String, Object> extractTokens(String str, String str2) {
        Matcher matcher = this.matchEntityId.matcher(str);
        if (!matcher.matches()) {
            return null;
        }
        Matcher matcher2 = this.matchAcs.matcher(str2);
        if (!matcher2.matches()) {
            return null;
        }
        HashMap hashMap = new HashMap();
        for (String str3 : this.tokens) {
            String extractGroup = extractGroup(matcher, str3);
            String extractGroup2 = extractGroup(matcher2, str3);
            if (extractGroup != null) {
                if (extractGroup2 != null && !extractGroup.equals(extractGroup2)) {
                    throw new IllegalArgumentException("Extracted token [" + str3 + "] values from EntityID ([" + extractGroup + "] from [" + str + "]) and ACS ([" + extractGroup2 + "] from [" + str2 + "]) do not match");
                }
                hashMap.put(str3, extractGroup);
            } else if (extractGroup2 != null) {
                hashMap.put(str3, extractGroup2);
            }
        }
        hashMap.putIfAbsent("entity_id", str);
        hashMap.putIfAbsent("acs", str2);
        return hashMap;
    }

    private String evaluateTemplate(ScriptService scriptService, Map<String, Object> map) throws IOException {
        XContentParser parser = parser(this.serviceTemplate);
        try {
            String evaluate = MustacheTemplateEvaluator.evaluate(scriptService, parser, map);
            if (parser != null) {
                parser.close();
            }
            return evaluate;
        } catch (Throwable th) {
            if (parser != null) {
                try {
                    parser.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private SamlServiceProviderDocument toServiceProviderDocument(String str) throws IOException {
        XContentParser parser = parser(new BytesArray(str));
        try {
            SamlServiceProviderDocument fromXContent = SamlServiceProviderDocument.fromXContent(null, parser);
            if (parser != null) {
                parser.close();
            }
            return fromXContent;
        } catch (Throwable th) {
            if (parser != null) {
                try {
                    parser.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static XContentParser parser(BytesReference bytesReference) throws IOException {
        return XContentHelper.createParser(NamedXContentRegistry.EMPTY, LoggingDeprecationHandler.INSTANCE, bytesReference, XContentType.JSON);
    }

    private String extractGroup(Matcher matcher, String str) {
        try {
            return matcher.group(str);
        } catch (IllegalArgumentException e) {
            return null;
        }
    }

    static {
        PARSER.declareString(ConstructingObjectParser.constructorArg(), Fields.ENTITY_ID);
        PARSER.declareString(ConstructingObjectParser.constructorArg(), Fields.ACS);
        PARSER.declareStringArray(ConstructingObjectParser.constructorArg(), Fields.TOKENS);
        PARSER.declareObject(ConstructingObjectParser.constructorArg(), (xContentParser, r3) -> {
            return xContentParser.map();
        }, Fields.TEMPLATE);
    }
}
