package net.shibboleth.idp.session.impl;

import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.function.Function;
import javax.annotation.Nonnull;
import net.shibboleth.idp.authn.AbstractAuthenticationAction;
import net.shibboleth.idp.authn.AuthenticationFlowDescriptor;
import net.shibboleth.idp.authn.AuthenticationResult;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.session.IdPSession;
import net.shibboleth.idp.session.context.SessionContext;
import net.shibboleth.shared.annotation.constraint.NonnullBeforeExec;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:WEB-INF/lib/idp-session-impl-5.0.0.jar:net/shibboleth/idp/session/impl/ExtractActiveAuthenticationResults.class */
public class ExtractActiveAuthenticationResults extends AbstractAuthenticationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) ExtractActiveAuthenticationResults.class);

    @Nonnull
    private Function<ProfileRequestContext, SessionContext> sessionContextLookupStrategy = new ChildContextLookup(SessionContext.class);

    @NonnullBeforeExec
    private IdPSession session;

    public void setSessionContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SessionContext> function) {
        checkSetterPreconditions();
        this.sessionContextLookupStrategy = (Function) Constraint.isNotNull(function, "SessionContext lookup strategy cannot be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.authn.AbstractAuthenticationAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        SessionContext apply = this.sessionContextLookupStrategy.apply(profileRequestContext);
        if (apply == null) {
            return false;
        }
        this.session = apply.getIdPSession();
        return this.session != null;
    }

    @Override // net.shibboleth.idp.authn.AbstractAuthenticationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        if (authenticationContext.getHintedName() == null) {
            authenticationContext.setHintedName(this.session.getPrincipalName());
        }
        Instant now = Instant.now();
        Duration maxAge = authenticationContext.getMaxAge();
        ArrayList arrayList = new ArrayList();
        for (AuthenticationResult authenticationResult : this.session.getAuthenticationResults()) {
            AuthenticationFlowDescriptor authenticationFlowDescriptor = authenticationContext.getPotentialFlows().get(authenticationResult.getAuthenticationFlowId());
            if (authenticationFlowDescriptor == null) {
                this.log.debug("{} Authentication result {} has no corresponding flow descriptor, considering inactive", getLogPrefix(), authenticationResult.getAuthenticationFlowId());
            } else if (!authenticationFlowDescriptor.isResultActive(authenticationResult)) {
                this.log.debug("{} Authentication result {} is inactive, skipping it", getLogPrefix(), authenticationResult.getAuthenticationFlowId());
            } else if (maxAge == null || !authenticationResult.getAuthenticationInstant().plus((TemporalAmount) maxAge).isBefore(now)) {
                this.log.debug("{} Authentication result {} is active, copying from session", getLogPrefix(), authenticationResult.getAuthenticationFlowId());
                arrayList.add(authenticationResult);
            } else {
                this.log.debug("{} Authentication result {} exceeds maxAge setting, skipping it", getLogPrefix(), authenticationResult.getAuthenticationFlowId());
            }
        }
        if (arrayList.isEmpty()) {
            this.log.debug("{} No active authentication results, SSO will not be possible", getLogPrefix());
        }
        authenticationContext.setActiveResults(arrayList);
    }
}
