package net.shibboleth.idp.saml.attribute.principalconnector.impl;

import com.google.common.base.Predicates;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.util.Collection;
import java.util.Collections;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.attribute.resolver.LegacyPrincipalDecoder;
import net.shibboleth.idp.attribute.resolver.ResolutionException;
import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import net.shibboleth.idp.saml.authn.principal.NameIDPrincipal;
import net.shibboleth.idp.saml.authn.principal.NameIdentifierPrincipal;
import net.shibboleth.idp.saml.nameid.NameDecoderException;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NullableElements;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.saml.saml1.core.NameIdentifier;
import org.opensaml.saml.saml1.profile.SAML1ObjectSupport;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.profile.SAML2ObjectSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/saml/attribute/principalconnector/impl/PrinicpalConnectorCanonicalizer.class */
public class PrinicpalConnectorCanonicalizer implements LegacyPrincipalDecoder {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(PrinicpalConnectorCanonicalizer.class);

    @NonnullElements
    @Nonnull
    private Collection<PrincipalConnector> principalConnectors = Collections.emptySet();

    public void setConnectors(@Nullable @NullableElements Collection<PrincipalConnector> collection) {
        if (null != collection) {
            this.principalConnectors = ImmutableSet.copyOf(Iterables.filter(collection, Predicates.notNull()));
        } else {
            this.principalConnectors = Collections.emptySet();
        }
    }

    public boolean hasValidConnectors() {
        return !this.principalConnectors.isEmpty();
    }

    @Nullable
    public String canonicalize(@Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext) throws ResolutionException {
        Constraint.isNotNull(subjectCanonicalizationContext, "Context cannot be null");
        if (subjectCanonicalizationContext.getSubject() == null) {
            return null;
        }
        Set principals = subjectCanonicalizationContext.getSubject().getPrincipals(NameIdentifierPrincipal.class);
        if (principals != null && !principals.isEmpty()) {
            if (principals.size() <= 1) {
                return canonicalize(((NameIdentifierPrincipal) principals.iterator().next()).getNameIdentifier(), subjectCanonicalizationContext);
            }
            this.log.debug("Legacy Principal Decoder: too many NameIdentifierPrincipals");
        }
        Set principals2 = subjectCanonicalizationContext.getSubject().getPrincipals(NameIDPrincipal.class);
        if (principals2 == null || principals2.isEmpty()) {
            return null;
        }
        if (principals2.size() <= 1) {
            return canonicalize(((NameIDPrincipal) principals2.iterator().next()).getNameID(), subjectCanonicalizationContext);
        }
        this.log.debug("Legacy Principal Decoder: too many NameIDPrincipals");
        return null;
    }

    @Nullable
    protected String canonicalize(@Nonnull NameIdentifier nameIdentifier, @Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext) throws ResolutionException {
        for (PrincipalConnector principalConnector : this.principalConnectors) {
            this.log.trace("Legacy Principal Decoder: looking at connector {}", principalConnector.getId());
            if (principalConnector.requesterMatches(subjectCanonicalizationContext.getRequesterId()) && SAML1ObjectSupport.areNameIdentifierFormatsEquivalent(principalConnector.getFormat(), nameIdentifier.getFormat())) {
                try {
                    String decode = principalConnector.decode(subjectCanonicalizationContext, nameIdentifier);
                    if (null != decode) {
                        this.log.trace("Legacy Principal Decoder: decoded to {}", decode);
                        return decode;
                    }
                    this.log.trace("Legacy Principal Decoder: decode provided no result");
                } catch (NameDecoderException e) {
                    throw new ResolutionException(e);
                }
            } else {
                this.log.trace("Legacy Principal Decoder: format or relying party mismatch");
            }
        }
        return null;
    }

    @Nullable
    protected String canonicalize(@Nonnull NameID nameID, @Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext) throws ResolutionException {
        for (PrincipalConnector principalConnector : this.principalConnectors) {
            this.log.trace("Legacy Principal Decoder: looking at connector {}", principalConnector.getId());
            if (principalConnector.requesterMatches(subjectCanonicalizationContext.getRequesterId()) && SAML2ObjectSupport.areNameIDFormatsEquivalent(principalConnector.getFormat(), nameID.getFormat())) {
                try {
                    String decode = principalConnector.decode(subjectCanonicalizationContext, nameID);
                    if (null != decode) {
                        this.log.trace("Legacy Principal Decoder: decoded to {}", decode);
                        return decode;
                    }
                    this.log.trace("Legacy Principal Decoder: decode provided no result");
                } catch (NameDecoderException e) {
                    throw new ResolutionException(e);
                }
            } else {
                this.log.trace("Legacy Principal Decoder: format or relying party mismatch");
            }
        }
        return null;
    }
}
