package net.shibboleth.idp.saml.saml2.profile.impl;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Objects;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.attribute.AttributeEncodingException;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.transcoding.AttributeTranscoderRegistry;
import net.shibboleth.idp.profile.IdPEventIds;
import net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion;
import net.shibboleth.idp.saml.saml2.profile.config.logic.RandomizeFriendlyNameProfileConfigPredicate;
import net.shibboleth.shared.annotation.constraint.NullableElements;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.service.ServiceException;
import net.shibboleth.shared.service.ServiceableComponent;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.profile.SAML2ActionSupport;
import org.slf4j.Logger;

/* loaded from: input_file:WEB-INF/lib/idp-saml-impl-5.1.0.jar:net/shibboleth/idp/saml/saml2/profile/impl/AddAttributeStatementToAssertion.class */
public class AddAttributeStatementToAssertion extends BaseAddAttributeStatementToAssertion<Attribute> {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) AddAttributeStatementToAssertion.class);

    @Nonnull
    private Function<ProfileRequestContext, Assertion> assertionLookupStrategy = new AssertionStrategy();
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:WEB-INF/lib/idp-saml-impl-5.1.0.jar:net/shibboleth/idp/saml/saml2/profile/impl/AddAttributeStatementToAssertion$AssertionStrategy.class */
    private class AssertionStrategy implements Function<ProfileRequestContext, Assertion> {
        private AssertionStrategy() {
        }

        @Override // java.util.function.Function
        @Nullable
        public Assertion apply(@Nullable ProfileRequestContext profileRequestContext) {
            MessageContext outboundMessageContext = profileRequestContext != null ? profileRequestContext.getOutboundMessageContext() : null;
            if (outboundMessageContext == null) {
                return null;
            }
            Object message = outboundMessageContext.getMessage();
            if (message == null) {
                Assertion buildAssertion = SAML2ActionSupport.buildAssertion(AddAttributeStatementToAssertion.this, AddAttributeStatementToAssertion.this.getIdGenerator(), AddAttributeStatementToAssertion.this.getIssuerId());
                outboundMessageContext.setMessage(buildAssertion);
                return buildAssertion;
            }
            if (message instanceof Assertion) {
                return (Assertion) message;
            }
            if (message instanceof Response) {
                return (AddAttributeStatementToAssertion.this.isStatementInOwnAssertion() || ((Response) message).getAssertions().isEmpty()) ? SAML2ActionSupport.addAssertionToResponse(AddAttributeStatementToAssertion.this, (Response) message, AddAttributeStatementToAssertion.this.getIdGenerator(), AddAttributeStatementToAssertion.this.getIssuerId()) : ((Response) message).getAssertions().get(0);
            }
            return null;
        }
    }

    public void setAssertionLookupStrategy(@Nonnull Function<ProfileRequestContext, Assertion> function) {
        checkSetterPreconditions();
        this.assertionLookupStrategy = (Function) Constraint.isNotNull(function, "Assertion lookup strategy cannot be null");
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        try {
            AttributeStatement buildAttributeStatement = buildAttributeStatement(profileRequestContext, getAttributeContext().getIdPAttributes().values());
            if (buildAttributeStatement == null) {
                this.log.debug("{} No AttributeStatement was built, nothing to do", getLogPrefix());
                return;
            }
            Assertion apply = this.assertionLookupStrategy.apply(profileRequestContext);
            if (apply == null) {
                this.log.error("Unable to obtain Assertion to modify");
                ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
                return;
            }
            apply.getAttributeStatements().add(buildAttributeStatement);
            boolean test = new RandomizeFriendlyNameProfileConfigPredicate().test(profileRequestContext);
            String id = apply.getID();
            if (test && id != null) {
                this.log.debug("{} Will randomize FriendlyName attributes", getLogPrefix());
                for (Attribute attribute : buildAttributeStatement.getAttributes()) {
                    String friendlyName = attribute.getFriendlyName();
                    attribute.setFriendlyName(friendlyName != null ? friendlyName + id : id);
                }
            }
            this.log.debug("{} Adding constructed AttributeStatement to Assertion {} ", getLogPrefix(), id);
        } catch (AttributeEncodingException e) {
            ActionSupport.buildEvent(profileRequestContext, IdPEventIds.UNABLE_ENCODE_ATTRIBUTE);
        }
    }

    @Nullable
    private AttributeStatement buildAttributeStatement(@Nonnull ProfileRequestContext profileRequestContext, @Nullable @NullableElements Collection<IdPAttribute> collection) throws AttributeEncodingException {
        if (collection == null || collection.isEmpty()) {
            this.log.debug("{} No attributes available to be encoded, nothing to do", getLogPrefix());
            return null;
        }
        ArrayList arrayList = new ArrayList(collection.size());
        try {
            ServiceableComponent<AttributeTranscoderRegistry> serviceableComponent = getTranscoderRegistry().getServiceableComponent();
            try {
                for (IdPAttribute idPAttribute : collection) {
                    if (collection != null && !idPAttribute.getValues().isEmpty()) {
                        encodeAttribute(serviceableComponent.getComponent(), profileRequestContext, idPAttribute, arrayList);
                    }
                }
                if (serviceableComponent != null) {
                    serviceableComponent.close();
                }
                if (arrayList.isEmpty()) {
                    this.log.debug("{} No attributes were encoded as SAML 2 Attributes, nothing to do", getLogPrefix());
                    return null;
                }
                AttributeStatement attributeStatement = (AttributeStatement) ((SAMLObjectBuilder) XMLObjectProviderRegistrySupport.getBuilderFactory().ensureBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME)).buildObject();
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    Attribute attribute = (Attribute) it.next();
                    if (!$assertionsDisabled && attribute == null) {
                        throw new AssertionError();
                    }
                    Attribute findExistingAttribute = findExistingAttribute(attributeStatement, attribute);
                    if (findExistingAttribute != null) {
                        Iterator<XMLObject> it2 = attribute.getAttributeValues().iterator();
                        while (it2.hasNext()) {
                            XMLObject next = it2.next();
                            it2.remove();
                            findExistingAttribute.getAttributeValues().add(next);
                        }
                    } else {
                        attributeStatement.getAttributes().add(attribute);
                    }
                }
                return attributeStatement;
            } finally {
            }
        } catch (ServiceException e) {
            throw new AttributeEncodingException("Attribute transoding service unavailable", e);
        }
    }

    @Nullable
    private Attribute findExistingAttribute(@Nonnull AttributeStatement attributeStatement, @Nonnull Attribute attribute) {
        for (Attribute attribute2 : attributeStatement.getAttributes()) {
            if (Objects.equals(attribute2.getName(), attribute.getName()) && Objects.equals(attribute2.getNameFormat(), attribute.getNameFormat())) {
                return attribute2;
            }
        }
        return null;
    }

    private void encodeAttribute(@Nonnull AttributeTranscoderRegistry attributeTranscoderRegistry, @Nonnull ProfileRequestContext profileRequestContext, @Nonnull IdPAttribute idPAttribute, @Nonnull Collection<Attribute> collection) throws AttributeEncodingException {
        this.log.debug("{} Attempting to encode attribute {} as a SAML 2 Attribute", getLogPrefix(), idPAttribute.getId());
        if (super.encodeAttribute(attributeTranscoderRegistry, profileRequestContext, idPAttribute, Attribute.class, collection) == 0) {
            this.log.debug("{} Attribute {} did not have usable SAML 2 Attribute transcoder rules", getLogPrefix(), idPAttribute.getId());
        }
    }

    static {
        $assertionsDisabled = !AddAttributeStatementToAssertion.class.desiredAssertionStatus();
    }
}
