package org.opensaml.saml.saml2.profile.impl;

import com.google.common.base.Function;
import com.google.common.base.Functions;
import java.io.IOException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.messaging.context.navigate.MessageLookup;
import org.opensaml.profile.action.AbstractProfileAction;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.InboundMessageContextLookup;
import org.opensaml.profile.context.navigate.OutboundMessageContextLookup;
import org.opensaml.saml.common.binding.artifact.SAMLArtifactMap;
import org.opensaml.saml.common.messaging.context.navigate.SAMLMessageContextIssuerFunction;
import org.opensaml.saml.common.profile.SAMLEventIds;
import org.opensaml.saml.saml2.core.ArtifactResolve;
import org.opensaml.saml.saml2.core.ArtifactResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-396-02.zip:modules/system/layers/fuse/org/opensaml/3.1/opensaml-saml-impl-3.1.1.jar:org/opensaml/saml/saml2/profile/impl/ResolveArtifact.class */
public class ResolveArtifact extends AbstractProfileAction {

    @NonnullAfterInit
    private Function<ProfileRequestContext, String> issuerLookupStrategy;

    @NonnullAfterInit
    private SAMLArtifactMap artifactMap;

    @Nullable
    private ArtifactResolve request;

    @Nullable
    private ArtifactResponse response;

    @Nullable
    private String issuerId;

    @Nullable
    private String requesterId;

    @Nonnull
    private Logger log = LoggerFactory.getLogger(ResolveArtifact.class);

    @Nonnull
    private Function<ProfileRequestContext, ArtifactResolve> requestLookupStrategy = Functions.compose(new MessageLookup(ArtifactResolve.class), new InboundMessageContextLookup());

    @Nonnull
    private Function<ProfileRequestContext, ArtifactResponse> responseLookupStrategy = Functions.compose(new MessageLookup(ArtifactResponse.class), new OutboundMessageContextLookup());

    @Nonnull
    private Function<ProfileRequestContext, String> requesterLookupStrategy = Functions.compose(new SAMLMessageContextIssuerFunction(), new InboundMessageContextLookup());

    public void setRequestLookupStrategy(@Nonnull Function<ProfileRequestContext, ArtifactResolve> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.requestLookupStrategy = (Function) Constraint.isNotNull(function, "Request lookup strategy cannot be null");
    }

    public void setResponseLookupStrategy(@Nonnull Function<ProfileRequestContext, ArtifactResponse> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.responseLookupStrategy = (Function) Constraint.isNotNull(function, "Response lookup strategy cannot be null");
    }

    public void setIssuerLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.issuerLookupStrategy = (Function) Constraint.isNotNull(function, "Issuer lookup strategy cannot be null");
    }

    public void setRequesterLookupStrategy(@Nonnull Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.requesterLookupStrategy = (Function) Constraint.isNotNull(function, "Requester lookup strategy cannot be null");
    }

    public void setArtifactMap(@Nonnull SAMLArtifactMap sAMLArtifactMap) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.artifactMap = (SAMLArtifactMap) Constraint.isNotNull(sAMLArtifactMap, "SAMLArtifactMap cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.artifactMap == null) {
            throw new ComponentInitializationException("SAMLArtifactMap cannot be null");
        }
        if (this.issuerLookupStrategy == null) {
            throw new ComponentInitializationException("Issuer lookup strategy cannot be null");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        this.request = this.requestLookupStrategy.apply(profileRequestContext);
        if (this.request == null) {
            this.log.debug("{} No request located", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
            return false;
        }
        if (this.request.getArtifact() == null || this.request.getArtifact().getArtifact() == null) {
            this.log.debug("{} No Artifact element found in request, nothing to do", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
            return false;
        }
        this.response = this.responseLookupStrategy.apply(profileRequestContext);
        if (this.response == null) {
            this.log.debug("{} No response located", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
            return false;
        }
        this.issuerId = this.issuerLookupStrategy.apply(profileRequestContext);
        if (this.issuerId == null) {
            this.log.debug("{} No issuer identity located", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
            return false;
        }
        this.requesterId = this.requesterLookupStrategy.apply(profileRequestContext);
        if (this.requesterId != null) {
            return super.doPreExecute(profileRequestContext);
        }
        this.log.debug("{} No requester identity located", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
        return false;
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        String artifact = this.request.getArtifact().getArtifact();
        try {
            SAMLArtifactMap.SAMLArtifactMapEntry sAMLArtifactMapEntry = this.artifactMap.get(artifact);
            if (sAMLArtifactMapEntry == null) {
                this.log.warn("{} Unresolvable Artifact '{}' from relying party '{}'", new Object[]{getLogPrefix(), artifact, this.requesterId});
                ActionSupport.buildEvent(profileRequestContext, SAMLEventIds.UNABLE_RESOLVE_ARTIFACT);
                return;
            }
            try {
                this.artifactMap.remove(artifact);
                if (!sAMLArtifactMapEntry.getIssuerId().equals(this.issuerId)) {
                    this.log.warn("{} Artifact issuer mismatch, issued by '{}' but IdP has entityID of '{}'", new Object[]{getLogPrefix(), sAMLArtifactMapEntry.getIssuerId(), this.issuerId});
                    ActionSupport.buildEvent(profileRequestContext, SAMLEventIds.UNABLE_RESOLVE_ARTIFACT);
                } else if (sAMLArtifactMapEntry.getRelyingPartyId().equals(this.requesterId)) {
                    this.response.setMessage(sAMLArtifactMapEntry.getSamlMessage());
                } else {
                    this.log.warn("{} Artifact relying party mismatch, issued to '{}' but requested by '{}'", new Object[]{getLogPrefix(), sAMLArtifactMapEntry.getRelyingPartyId(), this.requesterId});
                    ActionSupport.buildEvent(profileRequestContext, SAMLEventIds.UNABLE_RESOLVE_ARTIFACT);
                }
            } catch (IOException e) {
                this.log.error("{} Error removing artifact from map", getLogPrefix(), e);
                ActionSupport.buildEvent(profileRequestContext, SAMLEventIds.UNABLE_RESOLVE_ARTIFACT);
            }
        } catch (IOException e2) {
            this.log.error("{} Error resolving artifact", getLogPrefix(), e2);
            ActionSupport.buildEvent(profileRequestContext, SAMLEventIds.UNABLE_RESOLVE_ARTIFACT);
        }
    }
}
