package net.shibboleth.idp.authn.impl;

import java.util.Collection;
import java.util.Collections;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.idp.authn.AbstractExtractionAction;
import net.shibboleth.idp.authn.AuthnEventIds;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.UsernameContext;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/idp-authn-impl-4.3.3.jar:net/shibboleth/idp/authn/impl/ExtractRemoteUser.class */
public class ExtractRemoteUser extends AbstractExtractionAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) ExtractRemoteUser.class);
    private boolean checkRemoteUser = true;

    @NonnullElements
    @Nonnull
    private Collection<String> checkAttributes = Collections.emptyList();

    @NonnullElements
    @Nonnull
    private Collection<String> checkHeaders = Collections.emptyList();

    public void setCheckRemoteUser(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.checkRemoteUser = z;
    }

    public void setCheckAttributes(@NonnullElements @Nullable Collection<String> collection) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.checkAttributes = StringSupport.normalizeStringCollection(collection);
    }

    public void setCheckHeaders(@NonnullElements @Nullable Collection<String> collection) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.checkHeaders = StringSupport.normalizeStringCollection(collection);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (!this.checkRemoteUser && this.checkAttributes.isEmpty() && this.checkHeaders.isEmpty()) {
            this.log.debug("{} Configuration contains no headers or attributes to check", getLogPrefix());
            throw new ComponentInitializationException("ExtractRemoteUser action configuration is invalid");
        }
    }

    @Override // net.shibboleth.idp.authn.AbstractAuthenticationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        String remoteUser;
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        if (httpServletRequest == null) {
            this.log.debug("{} Profile action does not contain an HttpServletRequest", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_CREDENTIALS);
            return;
        }
        if (this.checkRemoteUser && (remoteUser = httpServletRequest.getRemoteUser()) != null && !remoteUser.isEmpty()) {
            this.log.debug("{} User identity extracted from REMOTE_USER: {}", getLogPrefix(), remoteUser);
            ((UsernameContext) authenticationContext.getSubcontext(UsernameContext.class, true)).setUsername(applyTransforms(remoteUser));
            return;
        }
        for (String str : this.checkAttributes) {
            Object attribute = httpServletRequest.getAttribute(str);
            if (attribute != null && !attribute.toString().isEmpty()) {
                this.log.debug("{} User identity extracted from attribute {}: {}", getLogPrefix(), str, attribute);
                ((UsernameContext) authenticationContext.getSubcontext(UsernameContext.class, true)).setUsername(applyTransforms(attribute.toString()));
                return;
            }
        }
        for (String str2 : this.checkHeaders) {
            String header = httpServletRequest.getHeader(str2);
            if (header != null && !header.isEmpty()) {
                this.log.debug("{} User identity extracted from header {}: {}", getLogPrefix(), str2, header);
                ((UsernameContext) authenticationContext.getSubcontext(UsernameContext.class, true)).setUsername(applyTransforms(header));
                return;
            }
        }
        this.log.debug("{} No user identity found in request", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_CREDENTIALS);
    }
}
