package net.shibboleth.idp.saml.audit.impl;

import java.security.NoSuchAlgorithmException;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.authn.context.navigate.SubjectContextPrincipalLookupFunction;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.profile.context.navigate.IssuerLookupFunction;
import net.shibboleth.profile.context.navigate.RelyingPartyIdLookupFunction;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.codec.StringDigester;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.StringSupport;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.messaging.context.navigate.MessageLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.OutboundMessageContextLookup;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml1.core.StatusCode;

/* loaded from: input_file:net/shibboleth/idp/saml/audit/impl/WriteFTICKSLog.class */
public class WriteFTICKSLog extends AbstractProfileAction {

    @Nonnull
    @NotEmpty
    public static final String FTICKS_LOG_CATEGORY = "Shibboleth-FTICKS";

    @NotEmpty
    @NonnullAfterInit
    private String federationId;

    @NotEmpty
    @NonnullAfterInit
    private String digestAlgorithm;

    @Nullable
    private String salt;

    @Nonnull
    private Function<ProfileRequestContext, String> relyingPartyLookupStrategy = new RelyingPartyIdLookupFunction();

    @Nonnull
    private Function<ProfileRequestContext, String> responderLookupStrategy = new IssuerLookupFunction();

    @Nonnull
    private Function<ProfileRequestContext, String> usernameLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, String> authenticationMethodLookupStrategy;

    @Nonnull
    private Function<ProfileRequestContext, String> statusCodeLookupStrategy;

    @NonnullAfterInit
    private StringDigester digester;
    static final /* synthetic */ boolean $assertionsDisabled;

    public WriteFTICKSLog() {
        Function<ProfileRequestContext, String> compose = new SubjectContextPrincipalLookupFunction().compose(new ChildContextLookup(SubjectContext.class));
        if (!$assertionsDisabled && compose == null) {
            throw new AssertionError();
        }
        this.usernameLookupStrategy = compose;
        Function compose2 = new MessageLookup(SAMLObject.class).compose(new OutboundMessageContextLookup());
        if (!$assertionsDisabled && compose2 == null) {
            throw new AssertionError();
        }
        this.authenticationMethodLookupStrategy = new AuthnContextAuditExtractor(compose2);
        Function compose3 = new MessageLookup(SAMLObject.class).compose(new OutboundMessageContextLookup());
        if (!$assertionsDisabled && compose3 == null) {
            throw new AssertionError();
        }
        this.statusCodeLookupStrategy = new StatusCodeAuditExtractor(compose3);
    }

    public void setFederationId(@Nonnull @NotEmpty String str) {
        this.federationId = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Federation ID cannot be null or empty");
    }

    public void setDigestAlgorithm(@Nonnull @NotEmpty String str) {
        this.digestAlgorithm = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Digest algorithm cannot be null or empty");
    }

    public void setSalt(@Nullable String str) {
        if (str == null || str.isEmpty()) {
            this.salt = null;
        } else {
            this.salt = str;
        }
    }

    public void setRelyingPartyLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        checkSetterPreconditions();
        this.relyingPartyLookupStrategy = (Function) Constraint.isNotNull(function, "Relying Party ID lookup strategy cannot be null");
    }

    public void setResponderLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        checkSetterPreconditions();
        this.responderLookupStrategy = (Function) Constraint.isNotNull(function, "Responder ID lookup strategy cannot be null");
    }

    public void setUsernameLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        checkSetterPreconditions();
        this.usernameLookupStrategy = (Function) Constraint.isNotNull(function, "Username lookup strategy cannot be null");
    }

    public void setAuthenticationMethodLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        checkSetterPreconditions();
        this.authenticationMethodLookupStrategy = (Function) Constraint.isNotNull(function, "Authentication method lookup strategy cannot be null");
    }

    public void setStatusCodeLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        checkSetterPreconditions();
        this.statusCodeLookupStrategy = (Function) Constraint.isNotNull(function, "StatusCode lookup strategy cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.federationId == null) {
            throw new ComponentInitializationException("Federation ID cannot be null or empty.");
        }
        if (this.digestAlgorithm == null) {
            throw new ComponentInitializationException("Digest Algorithm cannot be null or empty.");
        }
        try {
            if (!$assertionsDisabled && this.digestAlgorithm == null) {
                throw new AssertionError();
            }
            this.digester = new StringDigester(this.digestAlgorithm, StringDigester.OutputFormat.HEX_LOWER);
            this.digester.setSalt(this.salt);
            this.digester.setRequireSalt(true);
        } catch (NoSuchAlgorithmException e) {
            throw new ComponentInitializationException(e);
        }
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        String apply;
        StringBuilder sb = new StringBuilder("F-TICKS/");
        sb.append(this.federationId).append("/1.0#TS=").append(System.currentTimeMillis() / 1000);
        String apply2 = this.relyingPartyLookupStrategy.apply(profileRequestContext);
        if (apply2 != null && !apply2.isEmpty()) {
            sb.append("#RP=").append(apply2);
        }
        String apply3 = this.responderLookupStrategy.apply(profileRequestContext);
        if (apply3 != null && !apply3.isEmpty()) {
            sb.append("#AP=").append(apply3);
        }
        String apply4 = this.usernameLookupStrategy.apply(profileRequestContext);
        if (apply4 != null && !apply4.isEmpty() && (apply = this.digester.apply(apply4)) != null && !apply.isEmpty()) {
            sb.append("#PN=").append(apply);
        }
        String apply5 = this.authenticationMethodLookupStrategy.apply(profileRequestContext);
        if (apply5 != null && !apply5.isEmpty()) {
            sb.append("#AM=").append(apply5);
        }
        String apply6 = this.statusCodeLookupStrategy.apply(profileRequestContext);
        if (apply6 == null || !(StatusCode.SUCCESS.getLocalPart().equals(apply6) || "urn:oasis:names:tc:SAML:2.0:status:Success".equals(apply6))) {
            sb.append("#RESULT=FAIL");
        } else {
            sb.append("#RESULT=OK");
        }
        sb.append("#");
        LoggerFactory.getLogger(FTICKS_LOG_CATEGORY).info(sb.toString());
    }

    static {
        $assertionsDisabled = !WriteFTICKSLog.class.desiredAssertionStatus();
    }
}
