package net.shibboleth.idp.authn;

import com.google.common.base.MoreObjects;
import java.security.Principal;
import java.time.Instant;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.BiPredicate;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.security.auth.Subject;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.principal.PrincipalSupportingComponent;
import net.shibboleth.idp.authn.principal.ProxyAuthenticationPrincipal;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import net.shibboleth.utilities.java.support.annotation.constraint.Live;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.annotation.constraint.NotLive;
import net.shibboleth.utilities.java.support.annotation.constraint.Unmodifiable;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.profile.context.ProfileRequestContext;

/* loaded from: input_file:WEB-INF/lib/idp-authn-api-4.3.2.jar:net/shibboleth/idp/authn/AuthenticationResult.class */
public class AuthenticationResult implements PrincipalSupportingComponent, Predicate<ProfileRequestContext> {

    @Nonnull
    private final Subject subject;

    @NotEmpty
    @Nonnull
    private final String authenticationFlowId;

    @Nonnull
    private Instant authenticationInstant;

    @Nonnull
    private Instant lastActivityInstant;
    private boolean previousResult;

    @NonnullElements
    @Nonnull
    private final Map<String, String> additionalData;

    @Nonnull
    private Predicate<ProfileRequestContext> reuseCondition;

    @Nonnull
    private BiPredicate<ProfileRequestContext, AuthenticationResult> revocationCondition;

    /* loaded from: input_file:WEB-INF/lib/idp-authn-api-4.3.2.jar:net/shibboleth/idp/authn/AuthenticationResult$DescriptorReusePredicate.class */
    class DescriptorReusePredicate extends ProxyRestrictionReusePredicate {
        DescriptorReusePredicate() {
            super();
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // net.shibboleth.idp.authn.AuthenticationResult.ProxyRestrictionReusePredicate, java.util.function.Predicate
        public boolean test(@Nullable ProfileRequestContext profileRequestContext) {
            AuthenticationContext authenticationContext;
            AuthenticationFlowDescriptor authenticationFlowDescriptor;
            if (profileRequestContext == null || (authenticationContext = (AuthenticationContext) profileRequestContext.getSubcontext(AuthenticationContext.class)) == null || (authenticationFlowDescriptor = authenticationContext.getAvailableFlows().get(AuthenticationResult.this.authenticationFlowId)) == null || !authenticationFlowDescriptor.getReuseCondition().test(profileRequestContext) || !authenticationFlowDescriptor.isProxyRestrictionsEnforced()) {
                return false;
            }
            return super.test(profileRequestContext);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/idp-authn-api-4.3.2.jar:net/shibboleth/idp/authn/AuthenticationResult$DescriptorRevocationPredicate.class */
    class DescriptorRevocationPredicate implements BiPredicate<ProfileRequestContext, AuthenticationResult> {
        DescriptorRevocationPredicate() {
        }

        @Override // java.util.function.BiPredicate
        public boolean test(@Nullable ProfileRequestContext profileRequestContext, @Nullable AuthenticationResult authenticationResult) {
            AuthenticationContext authenticationContext;
            AuthenticationFlowDescriptor authenticationFlowDescriptor;
            if (profileRequestContext == null || (authenticationContext = (AuthenticationContext) profileRequestContext.getSubcontext(AuthenticationContext.class)) == null || (authenticationFlowDescriptor = authenticationContext.getAvailableFlows().get(AuthenticationResult.this.authenticationFlowId)) == null) {
                return true;
            }
            if (authenticationFlowDescriptor.getRevocationCondition() != null) {
                return authenticationFlowDescriptor.getRevocationCondition().test(profileRequestContext, authenticationResult);
            }
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/idp-authn-api-4.3.2.jar:net/shibboleth/idp/authn/AuthenticationResult$ProxyRestrictionReusePredicate.class */
    public class ProxyRestrictionReusePredicate implements Predicate<ProfileRequestContext> {
        /* JADX INFO: Access modifiers changed from: package-private */
        public ProxyRestrictionReusePredicate() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Predicate
        public boolean test(@Nullable ProfileRequestContext profileRequestContext) {
            Set principals = AuthenticationResult.this.subject.getPrincipals(ProxyAuthenticationPrincipal.class);
            if (principals == null || principals.isEmpty()) {
                return true;
            }
            Iterator it = principals.iterator();
            while (it.hasNext()) {
                if (!((ProxyAuthenticationPrincipal) it.next()).test(profileRequestContext)) {
                    return false;
                }
            }
            return true;
        }
    }

    public AuthenticationResult(@NotEmpty @Nonnull String str, @Nonnull Subject subject) {
        this.authenticationFlowId = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Authentication flow ID cannot be null nor empty");
        this.subject = (Subject) Constraint.isNotNull(subject, "Subject list cannot be null or empty");
        this.authenticationInstant = Instant.now();
        this.lastActivityInstant = this.authenticationInstant;
        this.additionalData = new HashMap();
        this.reuseCondition = new DescriptorReusePredicate();
        this.revocationCondition = new DescriptorRevocationPredicate();
    }

    public AuthenticationResult(@NotEmpty @Nonnull String str, @Nonnull Principal principal) {
        this(str, new Subject(false, Collections.singleton((Principal) Constraint.isNotNull(principal, "Principal cannot be null")), Collections.emptySet(), Collections.emptySet()));
    }

    @Nonnull
    public Predicate<ProfileRequestContext> getReuseCondition() {
        return this.reuseCondition;
    }

    public void setReuseCondition(@Nonnull Predicate<ProfileRequestContext> predicate) {
        this.reuseCondition = (Predicate) Constraint.isNotNull(predicate, "Predicate cannot be null");
    }

    public void setRevocationCondition(@Nullable BiPredicate<ProfileRequestContext, AuthenticationResult> biPredicate) {
        this.revocationCondition = biPredicate;
    }

    @Override // java.util.function.Predicate
    public boolean test(@Nullable ProfileRequestContext profileRequestContext) {
        if (this.reuseCondition.test(profileRequestContext)) {
            return this.revocationCondition == null || !this.revocationCondition.test(profileRequestContext, this);
        }
        return false;
    }

    @Nonnull
    public Subject getSubject() {
        return this.subject;
    }

    @Override // net.shibboleth.idp.authn.principal.PrincipalSupportingComponent
    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public <T extends Principal> Set<T> getSupportedPrincipals(@Nonnull Class<T> cls) {
        return this.subject.getPrincipals(cls);
    }

    @NotEmpty
    @Nonnull
    public String getAuthenticationFlowId() {
        return this.authenticationFlowId;
    }

    @Nonnull
    public Instant getAuthenticationInstant() {
        return this.authenticationInstant;
    }

    public void setAuthenticationInstant(@Nonnull Instant instant) {
        this.authenticationInstant = (Instant) Constraint.isNotNull(instant, "Authentication instant cannot be null");
    }

    @Nonnull
    public Instant getLastActivityInstant() {
        return this.lastActivityInstant;
    }

    public void setLastActivityInstant(@Nonnull Instant instant) {
        this.lastActivityInstant = (Instant) Constraint.isNotNull(instant, "Last activity instant cannot be null");
    }

    public void setLastActivityInstantToNow() {
        this.lastActivityInstant = Instant.now();
    }

    public boolean isPreviousResult() {
        return this.previousResult;
    }

    public void setPreviousResult(boolean z) {
        this.previousResult = z;
    }

    @NonnullElements
    @Live
    @Nonnull
    public Map<String, String> getAdditionalData() {
        return this.additionalData;
    }

    public int hashCode() {
        return this.authenticationFlowId.hashCode();
    }

    public boolean equals(Object obj) {
        if (obj == null) {
            return false;
        }
        if (this == obj) {
            return true;
        }
        return (obj instanceof AuthenticationResult) && Objects.equals(getAuthenticationFlowId(), ((AuthenticationResult) obj).getAuthenticationFlowId()) && getAuthenticationInstant().equals(((AuthenticationResult) obj).getAuthenticationInstant());
    }

    public String toString() {
        return MoreObjects.toStringHelper(this).add("authenticationFlowId", this.authenticationFlowId).add("authenticatedPrincipal", getSubjectName()).add("authenticationInstant", this.authenticationInstant).add("lastActivityInstant", this.lastActivityInstant).add(ExternalAuthentication.PREVIOUSRESULT_KEY, this.previousResult).toString();
    }

    @Nullable
    private String getSubjectName() {
        Set principals = getSubject().getPrincipals(UsernamePrincipal.class);
        if (!principals.isEmpty()) {
            return ((UsernamePrincipal) principals.iterator().next()).getName();
        }
        Set<Principal> principals2 = getSubject().getPrincipals();
        if (principals2.isEmpty()) {
            return null;
        }
        return principals2.iterator().next().getName();
    }
}
