package net.shibboleth.idp.saml.saml2.profile.impl;

import com.google.common.base.Function;
import com.google.common.base.Functions;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AbstractAuthenticationAction;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.RequestedPrincipalContext;
import net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal;
import net.shibboleth.idp.saml.authn.principal.AuthnContextDeclRefPrincipal;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.messaging.context.navigate.MessageLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.InboundMessageContextLookup;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml.saml2.core.AuthnContextDeclRef;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/saml/saml2/profile/impl/ProcessRequestedAuthnContext.class */
public class ProcessRequestedAuthnContext extends AbstractAuthenticationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ProcessRequestedAuthnContext.class);

    @Nonnull
    private Function<ProfileRequestContext, AuthnRequest> authnRequestLookupStrategy = Functions.compose(new MessageLookup(AuthnRequest.class), new InboundMessageContextLookup());

    @Nullable
    private AuthnRequest authnRequest;

    public void setAuthnRequestLookupStrategy(@Nonnull Function<ProfileRequestContext, AuthnRequest> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.authnRequestLookupStrategy = (Function) Constraint.isNotNull(function, "AuthnRequest lookup strategy cannot be null");
    }

    protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        this.authnRequest = (AuthnRequest) this.authnRequestLookupStrategy.apply(profileRequestContext);
        if (this.authnRequest != null) {
            return super.doPreExecute(profileRequestContext, authenticationContext);
        }
        this.log.debug("{} AuthnRequest message was not returned by lookup strategy", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, "InvalidMessageContext");
        return false;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        RequestedAuthnContext requestedAuthnContext = this.authnRequest.getRequestedAuthnContext();
        if (requestedAuthnContext == null) {
            this.log.debug("{} AuthnRequest did not contain a RequestedAuthnContext, nothing to do", getLogPrefix());
            return;
        }
        ArrayList newArrayList = Lists.newArrayList();
        if (!requestedAuthnContext.getAuthnContextClassRefs().isEmpty()) {
            for (AuthnContextClassRef authnContextClassRef : requestedAuthnContext.getAuthnContextClassRefs()) {
                if (authnContextClassRef.getAuthnContextClassRef() != null) {
                    newArrayList.add(new AuthnContextClassRefPrincipal(authnContextClassRef.getAuthnContextClassRef()));
                }
            }
        } else if (!requestedAuthnContext.getAuthnContextDeclRefs().isEmpty()) {
            for (AuthnContextDeclRef authnContextDeclRef : requestedAuthnContext.getAuthnContextDeclRefs()) {
                if (authnContextDeclRef.getAuthnContextDeclRef() != null) {
                    newArrayList.add(new AuthnContextDeclRefPrincipal(authnContextDeclRef.getAuthnContextDeclRef()));
                }
            }
        }
        if (newArrayList.isEmpty()) {
            this.log.debug("{} RequestedAuthnContext did not contain any requested contexts, nothing to do", getLogPrefix());
            return;
        }
        RequestedPrincipalContext requestedPrincipalContext = new RequestedPrincipalContext();
        if (requestedAuthnContext.getComparison() != null) {
            requestedPrincipalContext.setOperator(requestedAuthnContext.getComparison().toString());
        } else {
            requestedPrincipalContext.setOperator(AuthnContextComparisonTypeEnumeration.EXACT.toString());
        }
        requestedPrincipalContext.setRequestedPrincipals(newArrayList);
        authenticationContext.addSubcontext(requestedPrincipalContext, true);
        this.log.debug("{} RequestedPrincipalContext created with operator {} and {} custom principal(s)", new Object[]{getLogPrefix(), requestedPrincipalContext.getOperator(), Integer.valueOf(newArrayList.size())});
    }
}
