package net.shibboleth.idp.saml.audit.impl;

import com.google.common.base.Function;
import com.google.common.base.Functions;
import java.security.NoSuchAlgorithmException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.authn.context.navigate.SubjectContextPrincipalLookupFunction;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.profile.context.AuditContext;
import net.shibboleth.idp.profile.context.navigate.RelyingPartyIdLookupFunction;
import net.shibboleth.idp.profile.context.navigate.ResponderIdLookupFunction;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.codec.StringDigester;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.messaging.context.navigate.MessageLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.OutboundMessageContextLookup;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml1.core.StatusCode;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/saml/audit/impl/WriteFTICKSLog.class */
public class WriteFTICKSLog extends AbstractProfileAction {

    @NotEmpty
    @Nonnull
    public static final String FTICKS_LOG_CATEGORY = "Shibboleth-FTICKS";

    @Nonnull
    private Function<ProfileRequestContext, AuditContext> auditContextLookupStrategy;

    @NonnullAfterInit
    @NotEmpty
    private String federationId;

    @NotEmpty
    @Nonnull
    private String digestAlgorithm;

    @Nullable
    private String salt;

    @Nonnull
    private Function<ProfileRequestContext, String> relyingPartyLookupStrategy = new RelyingPartyIdLookupFunction();

    @Nonnull
    private Function<ProfileRequestContext, String> responderLookupStrategy = new ResponderIdLookupFunction();

    @Nonnull
    private Function<ProfileRequestContext, String> usernameLookupStrategy = Functions.compose(new SubjectContextPrincipalLookupFunction(), new ChildContextLookup(SubjectContext.class));

    @Nonnull
    private Function<ProfileRequestContext, String> authenticationMethodLookupStrategy = new AuthnContextAuditExtractor(Functions.compose(new MessageLookup(SAMLObject.class), new OutboundMessageContextLookup()));

    @Nonnull
    private Function<ProfileRequestContext, String> statusCodeLookupStrategy = new StatusCodeAuditExtractor(Functions.compose(new MessageLookup(SAMLObject.class), new OutboundMessageContextLookup()));

    @NonnullAfterInit
    private StringDigester digester;

    public void setFederationId(@NotEmpty @Nonnull String str) {
        this.federationId = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Federation ID cannot be null or empty");
    }

    public void setDigestAlgorithm(@NotEmpty @Nonnull String str) {
        this.digestAlgorithm = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Digest algorithm cannot be null or empty");
    }

    public void setSalt(@Nullable String str) {
        if (str == null || str.isEmpty()) {
            this.salt = null;
        } else {
            this.salt = str;
        }
    }

    public void setRelyingPartyLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.relyingPartyLookupStrategy = (Function) Constraint.isNotNull(function, "Relying Party ID lookup strategy cannot be null");
    }

    public void setResponderLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.responderLookupStrategy = (Function) Constraint.isNotNull(function, "Responder ID lookup strategy cannot be null");
    }

    public void setUsernameLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.usernameLookupStrategy = (Function) Constraint.isNotNull(function, "Username lookup strategy cannot be null");
    }

    public void setAuthenticationMethodLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.authenticationMethodLookupStrategy = (Function) Constraint.isNotNull(function, "Authentication method lookup strategy cannot be null");
    }

    public void setStatusCodeLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.statusCodeLookupStrategy = (Function) Constraint.isNotNull(function, "StatusCode lookup strategy cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.federationId == null) {
            throw new ComponentInitializationException("Federation ID cannot be null or empty.");
        }
        try {
            this.digester = new StringDigester(this.digestAlgorithm, StringDigester.OutputFormat.HEX_LOWER);
            this.digester.setSalt(this.salt);
            this.digester.setRequireSalt(true);
        } catch (NoSuchAlgorithmException e) {
            throw new ComponentInitializationException(e);
        }
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        String apply;
        StringBuilder sb = new StringBuilder("F-TICKS/");
        sb.append(this.federationId).append("/1.0#TS=").append(System.currentTimeMillis() / 1000);
        String str = (String) this.relyingPartyLookupStrategy.apply(profileRequestContext);
        if (str != null && !str.isEmpty()) {
            sb.append("#RP=").append(str);
        }
        String str2 = (String) this.responderLookupStrategy.apply(profileRequestContext);
        if (str2 != null && !str2.isEmpty()) {
            sb.append("#AP=").append(str2);
        }
        String str3 = (String) this.usernameLookupStrategy.apply(profileRequestContext);
        if (str3 != null && !str3.isEmpty() && (apply = this.digester.apply(str3)) != null && !apply.isEmpty()) {
            sb.append("#PN=").append(apply);
        }
        String str4 = (String) this.authenticationMethodLookupStrategy.apply(profileRequestContext);
        if (str4 != null && !str4.isEmpty()) {
            sb.append("#AM=").append(str4);
        }
        String str5 = (String) this.statusCodeLookupStrategy.apply(profileRequestContext);
        if (str5 == null || !(StatusCode.SUCCESS.getLocalPart().equals(str5) || "urn:oasis:names:tc:SAML:2.0:status:Success".equals(str5))) {
            sb.append("#RESULT=FAIL");
        } else {
            sb.append("#RESULT=OK");
        }
        sb.append("#");
        LoggerFactory.getLogger(FTICKS_LOG_CATEGORY).info(sb.toString());
    }
}
