package net.shibboleth.idp.authn.impl;

import java.security.Principal;
import java.util.Set;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AuthenticationFlowDescriptor;
import net.shibboleth.idp.authn.AuthenticationResult;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.shared.annotation.ParameterName;
import net.shibboleth.shared.logic.Constraint;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;

/* loaded from: input_file:WEB-INF/lib/idp-authn-impl-5.1.0.jar:net/shibboleth/idp/authn/impl/DefaultPrincipalDeterminationStrategy.class */
public class DefaultPrincipalDeterminationStrategy<T extends Principal> implements Function<ProfileRequestContext, T> {

    @Nonnull
    private final Class<T> principalType;

    @Nonnull
    private final T defaultPrincipal;

    @Nonnull
    private Function<ProfileRequestContext, AuthenticationContext> authnContextLookupStrategy = new ChildContextLookup(AuthenticationContext.class, false);
    static final /* synthetic */ boolean $assertionsDisabled;

    public DefaultPrincipalDeterminationStrategy(@ParameterName(name = "type") @Nonnull Class<T> cls, @ParameterName(name = "principal") @Nonnull T t) {
        this.principalType = (Class) Constraint.isNotNull(cls, "Class type cannot be null");
        this.defaultPrincipal = (T) Constraint.isNotNull(t, "Default Principal cannot be null");
    }

    public void setAuthenticationContextLookupStrategy(@Nonnull Function<ProfileRequestContext, AuthenticationContext> function) {
        this.authnContextLookupStrategy = (Function) Constraint.isNotNull(function, "Lookup strategy cannot be null");
    }

    @Override // java.util.function.Function
    @Nullable
    public T apply(@Nullable ProfileRequestContext profileRequestContext) {
        AuthenticationContext apply = this.authnContextLookupStrategy.apply(profileRequestContext);
        if (apply == null || apply.getAuthenticationResult() == null) {
            return this.defaultPrincipal;
        }
        AuthenticationResult authenticationResult = apply.getAuthenticationResult();
        if (!$assertionsDisabled && authenticationResult == null) {
            throw new AssertionError();
        }
        AuthenticationFlowDescriptor authenticationFlowDescriptor = apply.getAvailableFlows().get(authenticationResult.getAuthenticationFlowId());
        if (authenticationFlowDescriptor == null) {
            return this.defaultPrincipal;
        }
        Set<T> supportedPrincipals = authenticationResult.getSupportedPrincipals(this.principalType);
        return supportedPrincipals.isEmpty() ? this.defaultPrincipal : (T) authenticationFlowDescriptor.getHighestWeighted(supportedPrincipals);
    }

    static {
        $assertionsDisabled = !DefaultPrincipalDeterminationStrategy.class.desiredAssertionStatus();
    }
}
