package net.shibboleth.idp.saml.saml2.profile.delegation.impl;

import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AuthnEventIds;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.saml.saml2.profile.delegation.LibertySSOSContext;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.saml2.wssecurity.SAML20AssertionToken;
import org.opensaml.soap.wssecurity.messaging.Token;
import org.opensaml.soap.wssecurity.messaging.WSSecurityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/idp-saml-impl-4.3.3.jar:net/shibboleth/idp/saml/saml2/profile/delegation/impl/PopulateLibertyContext.class */
public class PopulateLibertyContext extends AbstractProfileAction {

    @Nonnull
    private Logger log = LoggerFactory.getLogger((Class<?>) PopulateLibertyContext.class);

    @Nonnull
    private Function<ProfileRequestContext, SAML20AssertionToken> assertionTokenStrategy = new TokenStrategy();

    @Nonnull
    private Function<ProfileRequestContext, LibertySSOSContext> libertyContextLookupStrategy = new ChildContextLookup(LibertySSOSContext.class, true);
    private SAML20AssertionToken assertionToken;
    private LibertySSOSContext ssosContext;

    /* loaded from: input_file:WEB-INF/lib/idp-saml-impl-4.3.3.jar:net/shibboleth/idp/saml/saml2/profile/delegation/impl/PopulateLibertyContext$TokenStrategy.class */
    public class TokenStrategy implements Function<ProfileRequestContext, SAML20AssertionToken> {
        public TokenStrategy() {
        }

        @Override // java.util.function.Function
        @Nullable
        public SAML20AssertionToken apply(@Nullable ProfileRequestContext profileRequestContext) {
            if (profileRequestContext == null) {
                return null;
            }
            WSSecurityContext wSSecurityContext = (WSSecurityContext) profileRequestContext.getInboundMessageContext().getSubcontext(WSSecurityContext.class);
            if (wSSecurityContext == null) {
                PopulateLibertyContext.this.log.info("{} No WSSecurityContext available within inbound message context", PopulateLibertyContext.this.getLogPrefix());
                return null;
            }
            for (Token<?> token : wSSecurityContext.getTokens()) {
                if (token.getValidationStatus().equals(Token.ValidationStatus.VALID) && (token instanceof SAML20AssertionToken)) {
                    return (SAML20AssertionToken) token;
                }
            }
            return null;
        }
    }

    public void setLibertyContextLookupStrategy(@Nonnull Function<ProfileRequestContext, LibertySSOSContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.libertyContextLookupStrategy = (Function) Constraint.isNotNull(function, "Assertion token strategy may not be null");
    }

    public void setAssertionTokenStrategy(@Nonnull Function<ProfileRequestContext, SAML20AssertionToken> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.assertionTokenStrategy = (Function) Constraint.isNotNull(function, "Assertion token strategy may not be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.profile.action.AbstractConditionalProfileAction, org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        this.assertionToken = this.assertionTokenStrategy.apply(profileRequestContext);
        if (this.assertionToken != null) {
            this.ssosContext = this.libertyContextLookupStrategy.apply(profileRequestContext);
            return true;
        }
        this.log.info("{} No valid SAML20AssertionToken available within inbound WSSecurityContext", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_CREDENTIALS);
        return false;
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        this.ssosContext = (LibertySSOSContext) profileRequestContext.getSubcontext(LibertySSOSContext.class, true);
        this.ssosContext.setAttestedToken(this.assertionToken.getWrappedToken());
        this.ssosContext.setAttestedSubjectConfirmationMethod(this.assertionToken.getSubjectConfirmation().getMethod());
    }
}
