package net.shibboleth.idp.saml.profile.impl;

import com.google.common.base.Function;
import com.google.common.base.Functions;
import com.google.common.base.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.saml.profile.config.logic.ForceAuthnProfileConfigPredicate;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.messaging.context.navigate.MessageLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.InboundMessageContextLookup;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/saml/profile/impl/InitializeAuthenticationContext.class */
public class InitializeAuthenticationContext extends AbstractProfileAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(InitializeAuthenticationContext.class);

    @Nonnull
    private Predicate<ProfileRequestContext> forceAuthnPredicate = new ForceAuthnProfileConfigPredicate();

    @Nonnull
    private Function<ProfileRequestContext, AuthnRequest> requestLookupStrategy = Functions.compose(new MessageLookup(AuthnRequest.class), new InboundMessageContextLookup());

    @Nullable
    private AuthnRequest authnRequest;

    public void setForceAuthnPredicate(@Nonnull Predicate<ProfileRequestContext> predicate) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.forceAuthnPredicate = (Predicate) Constraint.isNotNull(predicate, "Forced authentication predicate cannot be null");
    }

    public void setRequestLookupStrategy(@Nonnull Function<ProfileRequestContext, AuthnRequest> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.requestLookupStrategy = (Function) Constraint.isNotNull(function, "AuthnRequest lookup strategy cannot be null");
    }

    protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        this.authnRequest = (AuthnRequest) this.requestLookupStrategy.apply(profileRequestContext);
        if (this.authnRequest != null) {
            return true;
        }
        this.log.debug("{} No inbound AuthnRequest, passive flag will be off", getLogPrefix());
        return true;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        AuthenticationContext authenticationContext = new AuthenticationContext();
        if (this.authnRequest != null) {
            authenticationContext.setForceAuthn(this.authnRequest.isForceAuthn().booleanValue());
            authenticationContext.setIsPassive(this.authnRequest.isPassive().booleanValue());
        }
        AuthenticationContext subcontext = profileRequestContext.getSubcontext(AuthenticationContext.class);
        if (subcontext != null) {
            authenticationContext.setInitialAuthenticationResult(subcontext.getAuthenticationResult());
        }
        if (!authenticationContext.isForceAuthn()) {
            authenticationContext.setForceAuthn(this.forceAuthnPredicate.apply(profileRequestContext));
        }
        profileRequestContext.addSubcontext(authenticationContext, true);
        this.log.debug("{} Created authentication context: {}", getLogPrefix(), authenticationContext);
    }
}
