package net.shibboleth.idp.authn.impl;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction;
import net.shibboleth.idp.authn.AuthnEventIds;
import net.shibboleth.idp.authn.SubjectCanonicalizationFlowDescriptor;
import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/idp-authn-impl-4.3.2.jar:net/shibboleth/idp/authn/impl/SelectSubjectCanonicalizationFlow.class */
public class SelectSubjectCanonicalizationFlow extends AbstractSubjectCanonicalizationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) SelectSubjectCanonicalizationFlow.class);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext) {
        if (subjectCanonicalizationContext.getAttemptedFlow() != null) {
            this.log.info("{} Moving incomplete flow {} to intermediate set, reselecting a different one", getLogPrefix(), subjectCanonicalizationContext.getAttemptedFlow().getId());
            subjectCanonicalizationContext.getIntermediateFlows().put(subjectCanonicalizationContext.getAttemptedFlow().getId(), subjectCanonicalizationContext.getAttemptedFlow());
        }
        return super.doPreExecute(profileRequestContext, subjectCanonicalizationContext);
    }

    @Override // net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext) {
        SubjectCanonicalizationFlowDescriptor selectUnattemptedFlow = selectUnattemptedFlow(profileRequestContext, subjectCanonicalizationContext);
        if (selectUnattemptedFlow == null) {
            this.log.error("{} No potential flows left to choose from, canonicalization will fail", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_POTENTIAL_FLOW);
        } else {
            this.log.debug("{} Selecting canonicalization flow {}", getLogPrefix(), selectUnattemptedFlow.getId());
            ActionSupport.buildEvent(profileRequestContext, selectUnattemptedFlow.getId());
        }
    }

    @Nullable
    private SubjectCanonicalizationFlowDescriptor selectUnattemptedFlow(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext) {
        for (SubjectCanonicalizationFlowDescriptor subjectCanonicalizationFlowDescriptor : subjectCanonicalizationContext.getPotentialFlows().values()) {
            if (!subjectCanonicalizationContext.getIntermediateFlows().containsKey(subjectCanonicalizationFlowDescriptor.getId())) {
                this.log.debug("{} Checking canonicalization flow {} for applicability...", getLogPrefix(), subjectCanonicalizationFlowDescriptor.getId());
                subjectCanonicalizationContext.setAttemptedFlow(subjectCanonicalizationFlowDescriptor);
                if (subjectCanonicalizationFlowDescriptor.test(profileRequestContext)) {
                    return subjectCanonicalizationFlowDescriptor;
                }
                Logger logger = this.log;
                Object[] objArr = new Object[3];
                objArr[0] = getLogPrefix();
                objArr[1] = subjectCanonicalizationFlowDescriptor.getId();
                objArr[2] = subjectCanonicalizationContext.getException() != null ? subjectCanonicalizationContext.getException().getMessage() : "reason unknown";
                logger.debug("{} Canonicalization flow {} was not applicable: {}", objArr);
                subjectCanonicalizationContext.setException(null);
            }
        }
        return null;
    }
}
