package net.shibboleth.idp.authn.impl;

import java.security.Principal;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.security.auth.Subject;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.annotation.constraint.NotLive;
import net.shibboleth.shared.annotation.constraint.Unmodifiable;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.logic.ConstraintViolationException;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/authn/impl/ValidateFunctionResult.class */
public class ValidateFunctionResult extends AbstractAuditingValidationAction {

    @Nonnull
    @NotEmpty
    private static final String DEFAULT_METRIC_NAME = "net.shibboleth.idp.authn.function";

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ValidateFunctionResult.class);

    @NonnullAfterInit
    private Function<ProfileRequestContext, ?> resultLookupStrategy;

    @Nullable
    private Object result;
    static final /* synthetic */ boolean $assertionsDisabled;

    public ValidateFunctionResult() {
        setMetricName(DEFAULT_METRIC_NAME);
    }

    public void setResultLookupStrategy(@Nonnull Function<ProfileRequestContext, ?> function) {
        checkSetterPreconditions();
        this.resultLookupStrategy = (Function) Constraint.isNotNull(function, "Result lookup strategy cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.resultLookupStrategy == null) {
            throw new ComponentInitializationException("Result lookup strategy cannot be null");
        }
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        try {
            this.result = this.resultLookupStrategy.apply(profileRequestContext);
            if (this.result == null) {
                this.log.info("{} Authentication by function failed", getLogPrefix());
                handleError(profileRequestContext, authenticationContext, "NoCredentials", "NoCredentials");
                recordFailure(profileRequestContext);
                return;
            }
            if (this.result instanceof String) {
                this.log.info("{} Validated user via name '{}'", getLogPrefix(), this.result);
                recordSuccess(profileRequestContext);
                buildAuthenticationResult(profileRequestContext, authenticationContext);
            } else if (this.result instanceof Principal) {
                this.log.info("{} Validated user via Principal '{}'", getLogPrefix(), this.result);
                recordSuccess(profileRequestContext);
                buildAuthenticationResult(profileRequestContext, authenticationContext);
            } else if (this.result instanceof Subject) {
                this.log.info("{} Validated user via Subject", getLogPrefix());
                recordSuccess(profileRequestContext);
                buildAuthenticationResult(profileRequestContext, authenticationContext);
            } else {
                this.log.info("{} Authentication by function failed, result type was invalid", getLogPrefix());
                handleError(profileRequestContext, authenticationContext, "NoCredentials", "NoCredentials");
                recordFailure(profileRequestContext);
            }
        } catch (Exception e) {
            this.log.info("{} Authentication by function failed with exception", getLogPrefix(), e);
            handleError(profileRequestContext, authenticationContext, e, "AuthenticationException");
            recordFailure(profileRequestContext);
        }
    }

    @Nonnull
    protected Subject populateSubject(@Nonnull Subject subject) {
        Object obj = this.result;
        if (!$assertionsDisabled && obj == null) {
            throw new AssertionError();
        }
        if (obj instanceof String) {
            subject.getPrincipals().add(new UsernamePrincipal((String) obj));
            return subject;
        }
        if (obj instanceof Principal) {
            subject.getPrincipals().add((Principal) obj);
            return subject;
        }
        if (!(obj instanceof Subject)) {
            throw new ConstraintViolationException("Result type was unexpected");
        }
        ((Subject) obj).getPrincipals().addAll(subject.getPrincipals());
        return (Subject) obj;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.authn.impl.AbstractAuditingValidationAction
    @Unmodifiable
    @NotLive
    @Nullable
    public Map<String, String> getAuditFields(@Nonnull ProfileRequestContext profileRequestContext) {
        String username;
        return this.result instanceof String ? CollectionSupport.singletonMap("u", (String) this.result) : this.result instanceof UsernamePrincipal ? CollectionSupport.singletonMap("u", ((UsernamePrincipal) this.result).getName()) : (!(this.result instanceof Subject) || (username = getUsername((Subject) this.result)) == null) ? super.getAuditFields(profileRequestContext) : CollectionSupport.singletonMap("u", username);
    }

    @Nullable
    private String getUsername(@Nonnull Subject subject) {
        Set principals = subject.getPrincipals(UsernamePrincipal.class);
        if (principals == null || principals.isEmpty()) {
            return null;
        }
        return ((UsernamePrincipal) principals.iterator().next()).getName();
    }

    static {
        $assertionsDisabled = !ValidateFunctionResult.class.desiredAssertionStatus();
    }
}
