package net.shibboleth.idp.authn.impl;

import com.google.common.base.Function;
import com.google.common.base.Functions;
import com.google.common.collect.Lists;
import java.util.Collections;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.ScopedStringAttributeValue;
import net.shibboleth.idp.attribute.StringAttributeValue;
import net.shibboleth.idp.attribute.context.AttributeContext;
import net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction;
import net.shibboleth.idp.authn.SubjectCanonicalizationException;
import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/authn/impl/AttributeSourcedSubjectCanonicalization.class */
public class AttributeSourcedSubjectCanonicalization extends AbstractSubjectCanonicalizationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AttributeSourcedSubjectCanonicalization.class);
    private char delimiter = '@';

    @NonnullElements
    @Nonnull
    private List<String> attributeSourceIds = Collections.emptyList();

    @Nonnull
    private Function<ProfileRequestContext, AttributeContext> attributeContextLookupStrategy = Functions.compose(new ChildContextLookup(AttributeContext.class), new ChildContextLookup(SubjectCanonicalizationContext.class));

    @Nullable
    private AttributeContext attributeCtx;

    public void setScopedDelimiter(char c) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.delimiter = c;
    }

    public void setAttributeSourceIds(@NonnullElements @Nonnull List<String> list) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.attributeSourceIds = Lists.newArrayList(StringSupport.normalizeStringCollection(list));
    }

    public void setAttributeContextLookupStrategy(@Nonnull Function<ProfileRequestContext, AttributeContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.attributeContextLookupStrategy = (Function) Constraint.isNotNull(function, "AttributeContext lookup strategy cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.attributeSourceIds.isEmpty()) {
            throw new ComponentInitializationException("Attribute source ID list cannot be empty");
        }
    }

    protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext) {
        this.attributeCtx = (AttributeContext) this.attributeContextLookupStrategy.apply(profileRequestContext);
        if (this.attributeCtx != null && !this.attributeCtx.getIdPAttributes().isEmpty()) {
            return super.doPreExecute(profileRequestContext, subjectCanonicalizationContext);
        }
        this.log.warn("{} No attributes found, canonicalization not possible", getLogPrefix());
        subjectCanonicalizationContext.setException(new SubjectCanonicalizationException("No attributes were found"));
        ActionSupport.buildEvent(profileRequestContext, "InvalidSubject");
        return false;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext) {
        for (String str : this.attributeSourceIds) {
            IdPAttribute idPAttribute = (IdPAttribute) this.attributeCtx.getIdPAttributes().get(str);
            if (idPAttribute != null) {
                for (ScopedStringAttributeValue scopedStringAttributeValue : idPAttribute.getValues()) {
                    if (scopedStringAttributeValue instanceof StringAttributeValue) {
                        this.log.debug("{} Using attribute {} string value {} as input to transforms", new Object[]{getLogPrefix(), str, scopedStringAttributeValue.getValue()});
                        subjectCanonicalizationContext.setPrincipalName(applyTransforms(((StringAttributeValue) scopedStringAttributeValue).getValue()));
                        return;
                    } else {
                        if (scopedStringAttributeValue instanceof ScopedStringAttributeValue) {
                            ScopedStringAttributeValue scopedStringAttributeValue2 = scopedStringAttributeValue;
                            String str2 = scopedStringAttributeValue2.getValue() + this.delimiter + scopedStringAttributeValue2.getScope();
                            this.log.debug("{} Using attribute {} scoped value {} as input to transforms", new Object[]{getLogPrefix(), str, str2});
                            subjectCanonicalizationContext.setPrincipalName(applyTransforms(str2));
                            return;
                        }
                        this.log.warn("{} Unsupported attribute value type: {}", getLogPrefix(), scopedStringAttributeValue.getClass().getName());
                    }
                }
            }
        }
        this.log.info("{} Attribute sources {} did not produce a usable identifier", getLogPrefix(), this.attributeSourceIds);
        subjectCanonicalizationContext.setException(new SubjectCanonicalizationException("No usable attribute values were found"));
        ActionSupport.buildEvent(profileRequestContext, "InvalidSubject");
    }
}
