package net.shibboleth.idp.session.impl;

import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.xml.namespace.QName;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.profile.context.MultiRelyingPartyContext;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.session.SPSession;
import net.shibboleth.idp.session.SPSessionEx;
import net.shibboleth.idp.session.context.LogoutContext;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.messaging.context.SAMLMetadataContext;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.criterion.ProtocolCriterion;
import org.opensaml.saml.metadata.resolver.RoleDescriptorResolver;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/session/impl/PopulateMultiRPContextFromLogoutContext.class */
public class PopulateMultiRPContextFromLogoutContext extends AbstractProfileAction {

    @NotEmpty
    @Nonnull
    private static final String LABEL = "logout";

    @NonnullAfterInit
    private RoleDescriptorResolver metadataResolver;

    @Nullable
    private LogoutContext logoutCtx;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(PopulateMultiRPContextFromLogoutContext.class);

    @Nonnull
    private Function<ProfileRequestContext, LogoutContext> logoutContextLookupStrategy = new ChildContextLookup(LogoutContext.class);

    @NonnullAfterInit
    private QName role = SPSSODescriptor.DEFAULT_ELEMENT_NAME;

    public void setRoleDescriptorResolver(@Nonnull RoleDescriptorResolver roleDescriptorResolver) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.metadataResolver = (RoleDescriptorResolver) Constraint.isNotNull(roleDescriptorResolver, "RoleDescriptorResolver cannot be null");
    }

    public void setLogoutContextLookupStrategy(@Nonnull Function<ProfileRequestContext, LogoutContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.logoutContextLookupStrategy = (Function) Constraint.isNotNull(function, "LogoutContext lookup strategy cannot be null");
    }

    public void setRole(@Nonnull QName qName) {
        this.role = (QName) Constraint.isNotNull(qName, "Role cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.metadataResolver == null) {
            throw new ComponentInitializationException("RoleDescriptorResolver cannot be null");
        }
    }

    protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        this.logoutCtx = this.logoutContextLookupStrategy.apply(profileRequestContext);
        if (this.logoutCtx != null) {
            return true;
        }
        this.log.debug("{} No LogoutContext found, nothing to do", getLogPrefix());
        return false;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        MultiRelyingPartyContext multiRelyingPartyContext = new MultiRelyingPartyContext();
        profileRequestContext.addSubcontext(multiRelyingPartyContext, true);
        for (String str : this.logoutCtx.getSessionMap().keySet()) {
            RelyingPartyContext relyingPartyContext = new RelyingPartyContext();
            relyingPartyContext.setRelyingPartyId(str);
            multiRelyingPartyContext.addRelyingPartyContext(LABEL, relyingPartyContext);
            Criterion entityIdCriterion = new EntityIdCriterion(relyingPartyContext.getRelyingPartyId());
            Criterion entityRoleCriterion = new EntityRoleCriterion(this.role);
            SPSessionEx sPSessionEx = (SPSession) this.logoutCtx.getSessions(str).iterator().next();
            String protocol = sPSessionEx instanceof SPSessionEx ? sPSessionEx.getProtocol() : null;
            ProtocolCriterion protocolCriterion = protocol != null ? new ProtocolCriterion(protocol) : null;
            try {
                RoleDescriptor roleDescriptor = (RoleDescriptor) this.metadataResolver.resolveSingle(new CriteriaSet(new Criterion[]{entityIdCriterion, protocolCriterion, entityRoleCriterion}));
                if (roleDescriptor != null) {
                    SAMLMetadataContext subcontext = relyingPartyContext.getSubcontext(SAMLMetadataContext.class, true);
                    subcontext.setEntityDescriptor(roleDescriptor.getParent());
                    subcontext.setRoleDescriptor(roleDescriptor);
                    this.log.debug("{} SAMLMetadataContext added to RelyingPartyContext for {}", getLogPrefix(), relyingPartyContext.getRelyingPartyId());
                } else if (protocolCriterion != null) {
                    this.log.info("{} No metadata returned for {} in role {} with protocol {}", new Object[]{getLogPrefix(), entityIdCriterion.getEntityId(), this.role, protocol});
                } else {
                    this.log.info("{} No metadata returned for {} in role {}", new Object[]{getLogPrefix(), entityIdCriterion.getEntityId(), this.role});
                }
            } catch (ResolverException e) {
                this.log.error("{} ResolverException thrown during metadata lookup", getLogPrefix(), e);
            }
        }
    }
}
