package edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.principalConnector;

import edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethResolutionContext;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.TransientIdEntry;
import edu.internet2.middleware.shibboleth.common.profile.provider.SAMLProfileRequestContext;
import org.opensaml.saml1.core.NameIdentifier;
import org.opensaml.saml2.core.NameID;
import org.opensaml.util.storage.StorageService;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/attribute/resolver/provider/principalConnector/TransientPrincipalConnector.class */
public class TransientPrincipalConnector extends BasePrincipalConnector {
    private StorageService<String, TransientIdEntry> identifierStore;
    private String partition;

    public TransientPrincipalConnector(StorageService<String, TransientIdEntry> storageService) {
        if (storageService == null) {
            throw new IllegalArgumentException("Identifier store may not be null");
        }
        this.identifierStore = storageService;
        this.partition = "transientId";
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ResolutionPlugIn
    public String resolve(ShibbolethResolutionContext shibbolethResolutionContext) throws AttributeResolutionException {
        SAMLProfileRequestContext attributeRequestContext = shibbolethResolutionContext.getAttributeRequestContext();
        String str = null;
        if (attributeRequestContext.getSubjectNameIdentifier() instanceof NameIdentifier) {
            NameIdentifier subjectNameIdentifier = attributeRequestContext.getSubjectNameIdentifier();
            if (subjectNameIdentifier != null) {
                str = subjectNameIdentifier.getNameIdentifier();
            }
        } else {
            if (!(attributeRequestContext.getSubjectNameIdentifier() instanceof NameID)) {
                throw new AttributeResolutionException("Subject name identifier is not of a supported type");
            }
            NameID subjectNameIdentifier2 = attributeRequestContext.getSubjectNameIdentifier();
            if (subjectNameIdentifier2 != null) {
                str = subjectNameIdentifier2.getValue();
            }
        }
        if (str == null) {
            throw new AttributeResolutionException("Invalid subject name identifier");
        }
        TransientIdEntry transientIdEntry = (TransientIdEntry) this.identifierStore.get(this.partition, str);
        if (transientIdEntry == null || transientIdEntry.isExpired()) {
            throw new AttributeResolutionException("No information associated with transient identifier: " + str);
        }
        if (transientIdEntry.getRelyingPartyId().equals(attributeRequestContext.getInboundMessageIssuer())) {
            return transientIdEntry.getPrincipalName();
        }
        throw new AttributeResolutionException("Transient identifier was issued to " + transientIdEntry.getRelyingPartyId() + " but is being used by " + attributeRequestContext.getInboundMessageIssuer());
    }

    @Override // edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ResolutionPlugIn
    public void validate() throws AttributeResolutionException {
    }
}
