package org.opensaml.saml.saml1.profile.impl;

import com.google.common.base.Function;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.profile.action.AbstractProfileAction;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.SAMLException;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy;
import org.opensaml.saml.saml1.core.Assertion;
import org.opensaml.saml.saml1.core.NameIdentifier;
import org.opensaml.saml.saml1.core.Response;
import org.opensaml.saml.saml1.core.Statement;
import org.opensaml.saml.saml1.core.Subject;
import org.opensaml.saml.saml1.core.SubjectStatement;
import org.opensaml.saml.saml1.profile.SAML1NameIdentifierGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-371-04.zip:modules/system/layers/fuse/org/opensaml/3.1/opensaml-saml-impl-3.1.1.jar:org/opensaml/saml/saml1/profile/impl/AddNameIdentifierToSubjects.class */
public class AddNameIdentifierToSubjects extends AbstractProfileAction {

    @NonnullAfterInit
    private SAML1NameIdentifierGenerator generator;

    @NonnullElements
    @Nonnull
    private List<Assertion> assertions;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AddNameIdentifierToSubjects.class);

    @Nonnull
    private final SAMLObjectBuilder<Subject> subjectBuilder = (SAMLObjectBuilder) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(Subject.DEFAULT_ELEMENT_NAME);

    @Nonnull
    private final SAMLObjectBuilder<NameIdentifier> nameIdentifierBuilder = (SAMLObjectBuilder) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(NameIdentifier.DEFAULT_ELEMENT_NAME);
    private boolean overwriteExisting = true;

    @Nonnull
    private Function<ProfileRequestContext, List<Assertion>> assertionsLookupStrategy = new AssertionStrategy();

    @Nonnull
    private Function<ProfileRequestContext, List<String>> formatLookupStrategy = new MetadataNameIdentifierFormatStrategy();

    @NonnullElements
    @Nonnull
    private List<String> formats = Collections.emptyList();

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-371-04.zip:modules/system/layers/fuse/org/opensaml/3.1/opensaml-saml-impl-3.1.1.jar:org/opensaml/saml/saml1/profile/impl/AddNameIdentifierToSubjects$AssertionStrategy.class */
    private class AssertionStrategy implements Function<ProfileRequestContext, List<Assertion>> {
        private AssertionStrategy() {
        }

        @Override // com.google.common.base.Function
        @Nullable
        public List<Assertion> apply(@Nullable ProfileRequestContext profileRequestContext) {
            Object message;
            if (profileRequestContext == null || profileRequestContext.getOutboundMessageContext() == null || (message = profileRequestContext.getOutboundMessageContext().getMessage()) == null) {
                return null;
            }
            if (message instanceof Assertion) {
                return Collections.singletonList((Assertion) message);
            }
            if (message instanceof Response) {
                return ((Response) message).getAssertions();
            }
            return null;
        }
    }

    public void setOverwriteExisting(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.overwriteExisting = z;
    }

    public void setAssertionsLookupStrategy(@Nonnull Function<ProfileRequestContext, List<Assertion>> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.assertionsLookupStrategy = (Function) Constraint.isNotNull(function, "Assertions lookup strategy cannot be null");
    }

    public void setFormatLookupStrategy(@Nonnull Function<ProfileRequestContext, List<String>> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.formatLookupStrategy = (Function) Constraint.isNotNull(function, "Format lookup strategy cannot be null");
    }

    public void setNameIdentifierGenerator(@Nonnull SAML1NameIdentifierGenerator sAML1NameIdentifierGenerator) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.generator = (SAML1NameIdentifierGenerator) Constraint.isNotNull(sAML1NameIdentifierGenerator, "SAML1NameIdentifierGenerator cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.generator == null) {
            throw new ComponentInitializationException("SAML1NameIdentifierGenerator cannot be null");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        this.log.debug("{} Attempting to add NameIdentifier to statements in outgoing Assertions", getLogPrefix());
        this.assertions = this.assertionsLookupStrategy.apply(profileRequestContext);
        if (this.assertions == null || this.assertions.isEmpty()) {
            this.log.debug("{} No assertions returned, nothing to do", getLogPrefix());
            return false;
        }
        this.formats = this.formatLookupStrategy.apply(profileRequestContext);
        if (this.formats == null || this.formats.isEmpty()) {
            this.log.debug("{} No candidate NameIdentifier formats, nothing to do", getLogPrefix());
            return false;
        }
        this.log.debug("{} Candidate NameIdentifier formats: {}", getLogPrefix(), this.formats);
        return true;
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        NameIdentifier generateNameIdentifier = generateNameIdentifier(profileRequestContext);
        if (generateNameIdentifier == null) {
            this.log.debug("{} Unable to generate a NameIdentifier, leaving empty", getLogPrefix());
            return;
        }
        int i = 0;
        Iterator<Assertion> it = this.assertions.iterator();
        while (it.hasNext()) {
            for (Statement statement : it.next().getStatements()) {
                if (statement instanceof SubjectStatement) {
                    Subject statementSubject = getStatementSubject((SubjectStatement) statement);
                    if (statementSubject.getNameIdentifier() == null || this.overwriteExisting) {
                        statementSubject.setNameIdentifier(i > 0 ? cloneNameIdentifier(generateNameIdentifier) : generateNameIdentifier);
                        i++;
                    }
                }
            }
        }
        if (i > 0) {
            this.log.debug("{} Added NameIdentifier to {} statement subject(s)", getLogPrefix(), Integer.valueOf(i));
        }
    }

    @Nullable
    private NameIdentifier generateNameIdentifier(@Nonnull ProfileRequestContext profileRequestContext) {
        NameIdentifier generate;
        for (String str : this.formats) {
            this.log.debug("{} Trying to generate NameIdentifier with Format {}", getLogPrefix(), str);
            try {
                generate = this.generator.generate(profileRequestContext, str);
            } catch (SAMLException e) {
                this.log.error("{} Error while generating NameIdentifier", getLogPrefix(), e);
            }
            if (generate != null) {
                this.log.debug("{} Successfully generated NameIdentifier with Format {}", getLogPrefix(), str);
                return generate;
            }
            continue;
        }
        return null;
    }

    @Nonnull
    private Subject getStatementSubject(@Nonnull SubjectStatement subjectStatement) {
        if (subjectStatement.getSubject() != null) {
            return subjectStatement.getSubject();
        }
        Subject mo15107buildObject = this.subjectBuilder.mo15107buildObject();
        subjectStatement.setSubject(mo15107buildObject);
        return mo15107buildObject;
    }

    @Nonnull
    private NameIdentifier cloneNameIdentifier(@Nonnull NameIdentifier nameIdentifier) {
        NameIdentifier mo15107buildObject = this.nameIdentifierBuilder.mo15107buildObject();
        mo15107buildObject.setFormat(nameIdentifier.getFormat());
        mo15107buildObject.setNameQualifier(nameIdentifier.getNameQualifier());
        mo15107buildObject.setValue(nameIdentifier.getValue());
        return mo15107buildObject;
    }
}
