package net.shibboleth.idp.authn.impl;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.security.auth.Subject;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.IdPAttributeValue;
import net.shibboleth.idp.attribute.ScopedStringAttributeValue;
import net.shibboleth.idp.attribute.StringAttributeValue;
import net.shibboleth.idp.attribute.context.AttributeContext;
import net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction;
import net.shibboleth.idp.authn.AuthnEventIds;
import net.shibboleth.idp.authn.SubjectCanonicalizationException;
import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import net.shibboleth.idp.authn.principal.IdPAttributePrincipal;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.StringSupport;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:WEB-INF/lib/idp-authn-impl-5.0.0.jar:net/shibboleth/idp/authn/impl/AttributeSourcedSubjectCanonicalization.class */
public class AttributeSourcedSubjectCanonicalization extends AbstractSubjectCanonicalizationAction {
    private boolean resolveFromSubject;

    @Nullable
    private AttributeContext attributeCtx;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) AttributeSourcedSubjectCanonicalization.class);
    private char delimiter = '@';

    @Nonnull
    private List<String> attributeSourceIds = CollectionSupport.emptyList();

    @Nonnull
    private Map<String, IdPAttribute> subjectSourcedAttributes = CollectionSupport.emptyMap();

    @Nonnull
    private Function<ProfileRequestContext, AttributeContext> attributeContextLookupStrategy = new ChildContextLookup(AttributeContext.class).compose(new ChildContextLookup(SubjectCanonicalizationContext.class));

    public void setScopedDelimiter(char c) {
        checkSetterPreconditions();
        this.delimiter = c;
    }

    public void setResolveFromSubject(boolean z) {
        checkSetterPreconditions();
        this.resolveFromSubject = z;
    }

    public void setAttributeSourceIds(@Nonnull List<String> list) {
        checkSetterPreconditions();
        this.attributeSourceIds = new ArrayList(StringSupport.normalizeStringCollection(list));
    }

    public void setAttributeContextLookupStrategy(@Nonnull Function<ProfileRequestContext, AttributeContext> function) {
        checkSetterPreconditions();
        this.attributeContextLookupStrategy = (Function) Constraint.isNotNull(function, "AttributeContext lookup strategy cannot be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.shared.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.attributeSourceIds.isEmpty()) {
            throw new ComponentInitializationException("Attribute source ID list cannot be empty");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext) {
        Set principals;
        if (!super.doPreExecute(profileRequestContext, subjectCanonicalizationContext)) {
            return false;
        }
        if (this.resolveFromSubject && (principals = ((Subject) Constraint.isNotNull(subjectCanonicalizationContext.getSubject(), "Expected a non-null Subject")).getPrincipals(IdPAttributePrincipal.class)) != null && !principals.isEmpty()) {
            this.subjectSourcedAttributes = new HashMap(principals.size());
            principals.forEach(idPAttributePrincipal -> {
                this.subjectSourcedAttributes.put(idPAttributePrincipal.getAttribute().getId(), idPAttributePrincipal.getAttribute());
            });
        }
        AttributeContext apply = this.attributeContextLookupStrategy.apply(profileRequestContext);
        this.attributeCtx = apply;
        if (!this.subjectSourcedAttributes.isEmpty()) {
            return true;
        }
        if (apply != null && !apply.getIdPAttributes().isEmpty()) {
            return true;
        }
        this.log.warn("{} No attributes found, canonicalization not possible", getLogPrefix());
        subjectCanonicalizationContext.setException(new SubjectCanonicalizationException("No attributes were found"));
        ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT);
        return false;
    }

    @Override // net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext) {
        IdPAttribute idPAttribute;
        String findValue;
        for (String str : this.attributeSourceIds) {
            IdPAttribute idPAttribute2 = this.subjectSourcedAttributes.get(str);
            if (idPAttribute2 != null) {
                String findValue2 = findValue(idPAttribute2);
                if (findValue2 != null) {
                    subjectCanonicalizationContext.setPrincipalName(findValue2);
                    return;
                }
            } else if (this.attributeCtx != null && (idPAttribute = this.attributeCtx.getIdPAttributes().get(str)) != null && (findValue = findValue(idPAttribute)) != null) {
                subjectCanonicalizationContext.setPrincipalName(findValue);
                return;
            }
        }
        this.log.info("{} Attribute sources {} did not produce a usable identifier", getLogPrefix(), this.attributeSourceIds);
        subjectCanonicalizationContext.setException(new SubjectCanonicalizationException("No usable attribute values were found"));
        ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.INVALID_SUBJECT);
    }

    @Nullable
    private String findValue(@Nonnull IdPAttribute idPAttribute) {
        for (IdPAttributeValue idPAttributeValue : idPAttribute.getValues()) {
            if (idPAttributeValue instanceof ScopedStringAttributeValue) {
                ScopedStringAttributeValue scopedStringAttributeValue = (ScopedStringAttributeValue) idPAttributeValue;
                String str = scopedStringAttributeValue.getValue() + this.delimiter + scopedStringAttributeValue.getScope();
                this.log.debug("{} Using attribute {} scoped value {} as input to transforms", getLogPrefix(), idPAttribute.getId(), str);
                return applyTransforms(str);
            }
            if (idPAttributeValue instanceof StringAttributeValue) {
                StringAttributeValue stringAttributeValue = (StringAttributeValue) idPAttributeValue;
                if (stringAttributeValue.getValue() != null && !stringAttributeValue.getValue().isEmpty()) {
                    this.log.debug("{} Using attribute {} string value {} as input to transforms", getLogPrefix(), idPAttribute.getId(), stringAttributeValue.getValue());
                    return applyTransforms(stringAttributeValue.getValue());
                }
                this.log.debug("{} Ignoring null/empty string value", getLogPrefix());
            } else {
                this.log.warn("{} Unsupported attribute value type: {}", getLogPrefix(), idPAttributeValue.getClass().getName());
            }
        }
        return null;
    }
}
