package net.shibboleth.idp.session.impl;

import com.google.common.base.Predicates;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AbstractAuthenticationAction;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.session.IdPSession;
import net.shibboleth.idp.session.SessionException;
import net.shibboleth.idp.session.SessionManager;
import net.shibboleth.idp.session.context.SessionContext;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/session/impl/UpdateSessionWithAuthenticationResult.class */
public class UpdateSessionWithAuthenticationResult extends AbstractAuthenticationAction {

    @NonnullAfterInit
    private SessionManager sessionManager;

    @Nullable
    private SessionContext sessionCtx;

    @Nullable
    private SubjectContext subjectCtx;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(UpdateSessionWithAuthenticationResult.class);

    @Nonnull
    private Function<ProfileRequestContext, SessionContext> sessionContextCreationStrategy = new ChildContextLookup(SessionContext.class, true);

    @Nonnull
    private Function<ProfileRequestContext, SubjectContext> subjectContextLookupStrategy = new ChildContextLookup(SubjectContext.class);

    public void setSessionManager(@Nonnull SessionManager sessionManager) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.sessionManager = (SessionManager) Constraint.isNotNull(sessionManager, "SessionManager cannot be null");
    }

    public void setSessionContextCreationStrategy(@Nonnull Function<ProfileRequestContext, SessionContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.sessionContextCreationStrategy = (Function) Constraint.isNotNull(function, "SessionContext lookup/creation strategy cannot be null");
    }

    public void setSubjectContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SubjectContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.subjectContextLookupStrategy = (Function) Constraint.isNotNull(function, "SubjectContext lookup strategy cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (!getActivationCondition().equals(Predicates.alwaysFalse()) && this.sessionManager == null) {
            throw new ComponentInitializationException("SessionManager cannot be null");
        }
    }

    protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        if (!super.doPreExecute(profileRequestContext, authenticationContext) || authenticationContext.getAuthenticationResult() == null) {
            return false;
        }
        this.subjectCtx = this.subjectContextLookupStrategy.apply(profileRequestContext);
        this.sessionCtx = this.sessionContextCreationStrategy.apply(profileRequestContext);
        if (this.sessionCtx != null) {
            return (this.sessionCtx.getIdPSession() == null && (this.subjectCtx == null || this.subjectCtx.getPrincipalName() == null)) ? false : true;
        }
        this.log.error("{} SessionContext creation failed", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
        return false;
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        IdPSession idPSession = this.sessionCtx.getIdPSession();
        if (idPSession != null) {
            try {
                updateIdPSession(authenticationContext, idPSession);
                return;
            } catch (SessionException e) {
                this.log.error("{} Error updating session {}", new Object[]{getLogPrefix(), idPSession.getId(), e});
                ActionSupport.buildEvent(profileRequestContext, "InputOutputError");
                return;
            }
        }
        try {
            createIdPSession(authenticationContext);
        } catch (SessionException e2) {
            this.log.error("{} Error creating session for principal {}", new Object[]{getLogPrefix(), this.subjectCtx.getPrincipalName(), e2});
            ActionSupport.buildEvent(profileRequestContext, "InputOutputError");
        }
    }

    private void updateIdPSession(@Nonnull AuthenticationContext authenticationContext, @Nonnull IdPSession idPSession) throws SessionException {
        if (authenticationContext.getAttemptedFlow() == null) {
            this.log.debug("{} Updating activity time on reused AuthenticationResult for flow {} in existing session {}", new Object[]{getLogPrefix(), authenticationContext.getAuthenticationResult().getAuthenticationFlowId(), idPSession.getId()});
            idPSession.updateAuthenticationResultActivity(authenticationContext.getAuthenticationResult());
        } else if (authenticationContext.isResultCacheable()) {
            this.log.debug("{} Adding new AuthenticationResult for flow {} to existing session {}", new Object[]{getLogPrefix(), authenticationContext.getAuthenticationResult().getAuthenticationFlowId(), idPSession.getId()});
            idPSession.addAuthenticationResult(authenticationContext.getAuthenticationResult());
        }
    }

    private void createIdPSession(@Nonnull AuthenticationContext authenticationContext) throws SessionException {
        this.log.debug("{} Creating new session for principal {}", getLogPrefix(), this.subjectCtx.getPrincipalName());
        this.sessionCtx.setIdPSession(this.sessionManager.createSession(this.subjectCtx.getPrincipalName()));
        if (authenticationContext.isResultCacheable()) {
            this.sessionCtx.getIdPSession().addAuthenticationResult(authenticationContext.getAuthenticationResult());
        }
    }
}
