package net.shibboleth.idp.profile.impl;

import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.attribute.context.AttributeContext;
import net.shibboleth.idp.attribute.filter.AttributeFilter;
import net.shibboleth.idp.attribute.filter.AttributeFilterException;
import net.shibboleth.idp.attribute.filter.context.AttributeFilterContext;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.authn.context.navigate.SubjectContextPrincipalLookupFunction;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.profile.IdPEventIds;
import net.shibboleth.profile.context.RelyingPartyContext;
import net.shibboleth.profile.context.navigate.IssuerLookupFunction;
import net.shibboleth.profile.context.navigate.RelyingPartyIdLookupFunction;
import net.shibboleth.shared.annotation.constraint.NonnullBeforeExec;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.service.ReloadableService;
import net.shibboleth.shared.service.ServiceException;
import net.shibboleth.shared.service.ServiceableComponent;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.messaging.context.navigate.RootContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.ProxiedRequesterContext;
import org.opensaml.profile.context.navigate.InboundMessageContextLookup;
import org.opensaml.saml.common.messaging.context.SAMLMetadataContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.slf4j.Logger;

/* loaded from: input_file:WEB-INF/lib/idp-profile-impl-5.1.0.jar:net/shibboleth/idp/profile/impl/FilterAttributes.class */
public class FilterAttributes extends AbstractProfileAction {

    @Nonnull
    private final ReloadableService<AttributeFilter> attributeFilterService;

    @Nullable
    private MetadataResolver metadataResolver;

    @Nonnull
    private Function<ProfileRequestContext, AttributeFilterContext> filterContextCreationStrategy;

    @Nonnull
    private Function<ProfileRequestContext, AttributeContext> attributeContextLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, String> principalNameLookupStrategy;

    @Nonnull
    private Function<AttributeFilterContext, ProfileRequestContext> profileRequestContextFromFilterLookupStrategy;

    @Nullable
    private Function<ProfileRequestContext, SAMLMetadataContext> issuerMetadataContextLookupStrategy;

    @Nullable
    private Function<AttributeFilterContext, SAMLMetadataContext> issuerMetadataFromFilterLookupStrategy;

    @Nonnull
    private Function<AttributeFilterContext, SAMLMetadataContext> metadataFromFilterLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, ProxiedRequesterContext> proxiedRequesterContextLookupStrategy;

    @Nonnull
    private Function<AttributeFilterContext, ProxiedRequesterContext> proxiesFromFilterLookupStrategy;

    @Nullable
    private Function<ProfileRequestContext, SAMLMetadataContext> proxiedRequesterMetadataLookupStrategy;

    @Nullable
    private Function<AttributeFilterContext, SAMLMetadataContext> proxiedMetadataFromFilterLookupStrategy;
    private boolean maskFailures;

    @NonnullBeforeExec
    private AttributeContext attributeContext;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) FilterAttributes.class);

    @Nullable
    private Function<ProfileRequestContext, String> issuerLookupStrategy = new IssuerLookupFunction();

    @Nullable
    private Function<ProfileRequestContext, String> recipientLookupStrategy = new RelyingPartyIdLookupFunction();

    public FilterAttributes(@Nonnull ReloadableService<AttributeFilter> reloadableService) {
        this.attributeFilterService = (ReloadableService) Constraint.isNotNull(reloadableService, "Service cannot be null");
        Function<ProfileRequestContext, AttributeContext> compose = new ChildContextLookup(AttributeContext.class).compose(new ChildContextLookup(RelyingPartyContext.class));
        if (!$assertionsDisabled && compose == null) {
            throw new AssertionError();
        }
        this.attributeContextLookupStrategy = compose;
        Function<ProfileRequestContext, String> compose2 = new SubjectContextPrincipalLookupFunction().compose(new ChildContextLookup(SubjectContext.class));
        if (!$assertionsDisabled && compose2 == null) {
            throw new AssertionError();
        }
        this.principalNameLookupStrategy = compose2;
        this.profileRequestContextFromFilterLookupStrategy = new RootContextLookup(ProfileRequestContext.class);
        Function compose3 = new ChildContextLookup(SAMLMetadataContext.class).compose(new ChildContextLookup(SAMLPeerEntityContext.class).compose(new InboundMessageContextLookup()));
        if (!$assertionsDisabled && compose3 == null) {
            throw new AssertionError();
        }
        Function<AttributeFilterContext, SAMLMetadataContext> compose4 = compose3.compose(this.profileRequestContextFromFilterLookupStrategy);
        if (!$assertionsDisabled && compose4 == null) {
            throw new AssertionError();
        }
        this.metadataFromFilterLookupStrategy = compose4;
        Function<ProfileRequestContext, ProxiedRequesterContext> compose5 = new ChildContextLookup(ProxiedRequesterContext.class).compose(new InboundMessageContextLookup());
        if (!$assertionsDisabled && compose5 == null) {
            throw new AssertionError();
        }
        this.proxiedRequesterContextLookupStrategy = compose5;
        Function compose6 = this.proxiedRequesterContextLookupStrategy.compose(this.profileRequestContextFromFilterLookupStrategy);
        if (!$assertionsDisabled && compose6 == null) {
            throw new AssertionError();
        }
        this.proxiesFromFilterLookupStrategy = compose6;
        Function<ProfileRequestContext, AttributeFilterContext> compose7 = new ChildContextLookup(AttributeFilterContext.class, true).compose(new ChildContextLookup(RelyingPartyContext.class));
        if (!$assertionsDisabled && compose7 == null) {
            throw new AssertionError();
        }
        this.filterContextCreationStrategy = compose7;
        this.maskFailures = true;
    }

    public void setMetadataResolver(@Nullable MetadataResolver metadataResolver) {
        checkSetterPreconditions();
        this.metadataResolver = metadataResolver;
    }

    public void setIssuerLookupStrategy(@Nullable Function<ProfileRequestContext, String> function) {
        checkSetterPreconditions();
        this.issuerLookupStrategy = function;
    }

    public void setRecipientLookupStrategy(@Nullable Function<ProfileRequestContext, String> function) {
        checkSetterPreconditions();
        this.recipientLookupStrategy = function;
    }

    public void setFilterContextCreationStrategy(@Nonnull Function<ProfileRequestContext, AttributeFilterContext> function) {
        checkSetterPreconditions();
        this.filterContextCreationStrategy = (Function) Constraint.isNotNull(function, "AttributeContext creation strategy cannot be null");
    }

    public void setAttributeContextLookupStrategy(@Nonnull Function<ProfileRequestContext, AttributeContext> function) {
        checkSetterPreconditions();
        this.attributeContextLookupStrategy = (Function) Constraint.isNotNull(function, "AttributeContext lookup strategy cannot be null");
    }

    public void setPrincipalNameLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        checkSetterPreconditions();
        this.principalNameLookupStrategy = (Function) Constraint.isNotNull(function, "Principal name lookup strategy cannot be null");
    }

    public void setIssuerMetadataContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SAMLMetadataContext> function) {
        checkSetterPreconditions();
        this.issuerMetadataContextLookupStrategy = function;
        this.issuerMetadataFromFilterLookupStrategy = function != null ? this.issuerMetadataContextLookupStrategy.compose(this.profileRequestContextFromFilterLookupStrategy) : null;
    }

    public void setMetadataContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SAMLMetadataContext> function) {
        checkSetterPreconditions();
        Function compose = function.compose(this.profileRequestContextFromFilterLookupStrategy);
        if (!$assertionsDisabled && compose == null) {
            throw new AssertionError();
        }
        this.metadataFromFilterLookupStrategy = compose;
    }

    public void setProxiedRequesterContextLookupStrategy(@Nonnull Function<ProfileRequestContext, ProxiedRequesterContext> function) {
        checkSetterPreconditions();
        this.proxiedRequesterContextLookupStrategy = function;
        Function compose = function.compose(this.profileRequestContextFromFilterLookupStrategy);
        if (!$assertionsDisabled && compose == null) {
            throw new AssertionError();
        }
        this.proxiesFromFilterLookupStrategy = compose;
    }

    public void setProxiedRequesterMetadataContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SAMLMetadataContext> function) {
        checkSetterPreconditions();
        this.proxiedRequesterMetadataLookupStrategy = function;
        this.proxiedMetadataFromFilterLookupStrategy = function != null ? this.proxiedRequesterMetadataLookupStrategy.compose(this.profileRequestContextFromFilterLookupStrategy) : null;
    }

    public void setMaskFailures(boolean z) {
        checkSetterPreconditions();
        this.maskFailures = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.profile.action.AbstractConditionalProfileAction, org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        AttributeContext apply = this.attributeContextLookupStrategy.apply(profileRequestContext);
        this.attributeContext = apply;
        if (apply == null) {
            this.log.debug("{} No attribute context, no attributes to filter", getLogPrefix());
            return false;
        }
        if (!apply.getIdPAttributes().isEmpty()) {
            return true;
        }
        this.log.debug("{} No attributes to filter", getLogPrefix());
        return false;
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        AttributeFilterContext apply = this.filterContextCreationStrategy.apply(profileRequestContext);
        if (apply == null) {
            this.log.error("{} Unable to locate or create AttributeFilterContext", getLogPrefix());
            if (!this.maskFailures) {
                ActionSupport.buildEvent(profileRequestContext, IdPEventIds.UNABLE_FILTER_ATTRIBS);
                return;
            } else {
                this.log.warn("Filter error masked, clearing resolved attributes");
                this.attributeContext.setIdPAttributes(null);
                return;
            }
        }
        populateFilterContext(profileRequestContext, apply);
        try {
            ServiceableComponent<AttributeFilter> serviceableComponent = this.attributeFilterService.getServiceableComponent();
            try {
                serviceableComponent.getComponent().filterAttributes(apply);
                apply.removeFromParent();
                this.attributeContext.setIdPAttributes(apply.getFilteredIdPAttributes().values());
                if (serviceableComponent != null) {
                    serviceableComponent.close();
                }
            } catch (Throwable th) {
                if (serviceableComponent != null) {
                    try {
                        serviceableComponent.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (AttributeFilterException e) {
            this.log.error("{} Error encountered while filtering attributes", getLogPrefix(), e);
            if (!this.maskFailures) {
                ActionSupport.buildEvent(profileRequestContext, IdPEventIds.UNABLE_FILTER_ATTRIBS);
            } else {
                this.log.warn("Filter error masked, clearing resolved attributes");
                this.attributeContext.setIdPAttributes(CollectionSupport.emptySet());
            }
        } catch (ServiceException e2) {
            this.log.error("{} Invalid Attribute Filter service configuration", getLogPrefix(), e2);
            if (!this.maskFailures) {
                ActionSupport.buildEvent(profileRequestContext, IdPEventIds.UNABLE_FILTER_ATTRIBS);
            } else {
                this.log.warn("Filter error masked, clearing resolved attributes");
                this.attributeContext.setIdPAttributes(null);
            }
        }
    }

    private void populateFilterContext(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AttributeFilterContext attributeFilterContext) {
        attributeFilterContext.setDirection(AttributeFilterContext.Direction.OUTBOUND).setMetadataResolver(this.metadataResolver).setPrincipal(this.principalNameLookupStrategy.apply(profileRequestContext)).setAttributeRecipientID(this.recipientLookupStrategy != null ? this.recipientLookupStrategy.apply(profileRequestContext) : null).setAttributeIssuerID(this.issuerLookupStrategy != null ? this.issuerLookupStrategy.apply(profileRequestContext) : null).setIssuerMetadataContextLookupStrategy(this.issuerMetadataFromFilterLookupStrategy).setRequesterMetadataContextLookupStrategy(this.metadataFromFilterLookupStrategy).setProxiedRequesterContextLookupStrategy(this.proxiesFromFilterLookupStrategy).setProxiedRequesterMetadataContextLookupStrategy(this.proxiedMetadataFromFilterLookupStrategy);
        if (attributeFilterContext.getPrefilteredIdPAttributes().isEmpty()) {
            if (!$assertionsDisabled && this.attributeContext == null) {
                throw new AssertionError();
            }
            attributeFilterContext.setPrefilteredIdPAttributes(this.attributeContext.getIdPAttributes().values());
        }
    }

    static {
        $assertionsDisabled = !FilterAttributes.class.desiredAssertionStatus();
    }
}
